DDoor : Cross Platform Backdoor Using DNS txt Records

From kalilinuxtutorials.com

DDoor : Cross Platform Backdoor Using DNS txt Records

DDoor is a cross platform backdoor using dns txt records. It is a cross platform light weight backdoor that uses txt records to execute commands on infected machines.

Features

  • Allows a single txt record to have seperate commands for both linux and windows machines
  • List of around 10 public DNS servers that it randomly chooses from
  • Unpredictable call back times
  • Encrypts txt record using xor with custom password

Linux Features:

  • Anti-Debugging, if ptrace is detected as being attached to the process it will exit.
  • Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program.
  • Automatically Daemonizes
  • Tries to set GUID/UID to 0 (root)

Windows Features:

  • Hides Console Window
  • Stub Size of around 20kb

Read more…