Coder Social home page Coder Social logo

spacecase123 / iis-raid Goto Github PK

View Code? Open in Web Editor NEW

This project forked from 0x09al/iis-raid

0.0 0.0 0.0 88 KB

A native backdoor module for Microsoft IIS (Internet Information Services)

License: Apache License 2.0

C++ 66.58% Python 25.89% C 7.54%

iis-raid's Introduction

IIS-Raid

IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry out custom actions defined by an attacker.

Documentation

When installed, IIS-Raid will process every request and method, check if the X-Password header exists and compare it against the hardcoded value. In case the value specified by the header doesn't match the password, the request will continue normally without giving any indications of the backdoor. If the header value matches the password, it will search for the communication header and extract its content. Additionally, it will base64 decode it, compare it against the predefined commands and process the instructions if any.

Four arguments are implemented on the script:

  • --url : The URL that will be used to communicate with the backdoor. [Required]
  • --password - The pre-shared password on the backdoor [Required]
  • --header - The header to use for communication in case it was changed from the default one.
  • --method - Change the method to either GET or POST.

Some of the features that are currently implemented in this version are:

  • Interactive Command Execution - Allows the execution of commands and retrieve the output.
  • Shellcode Injection - Extend functionality by injecting custom shellcode.
  • Web Password Extractor - Extract passwords from Web Forms in clear-text.

Customisation

Before using and compiling the module, you need to change some of the options. To authenticate to the backdoor, the controller uses a pre-shared password with the module. As this is the only mechanism preventing someone else from accessing the backdoor, the default password must be changed.

Apart from the password, other backdoor options can be modified on the Functions.h file:

options

The COM_HEADER definition is the header name used to perform the communication between the backdoor and the controller. The PASS_FILE definition is the file path where the extracted credentials from the web forms will be saved. The PASSWORD definition is the password that will be used to authenticate to the backdoor.

More info

For more information refer to https://www.mdsec.co.uk/2020/02/iis-raid-backdooring-iis-using-native-modules/

Demo Video

https://www.youtube.com/watch?v=jbxEWOXecuU&feature=youtu.be

Screenshot

options

iis-raid's People

Contributors

0x09al avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.