Security and privacy is becoming a hot topic not only for the people in the field but also at social and family gatherings. It looks like attackers are finding sensational ways to gain access to systems and networks. On the other side, white hatters are developing new ways to block and protect customers from these attacks, and it feels like this process will never come to an end. However, it is important to have eyes open wide for our own safety. Knowledge is power. In this paper we introduce backdoors as a mean of attacking and gaining access over a system. We do that by using some tools in Ubuntu, a set of commands that will be explained in next sessions. We give a demonstration of how to inspect hidden backdoors. Finally, we introduce a way to stop backdoor attack.
Nowadays, the knowledge required to keep networks and systems well-protected, need to be regularly updated. A strong reason for that is that attackers are becoming more and more sophisticated, by using a wide diversity of ways to achieve an approach to a system or a network. All those working in the field, need to roll up their sleeves and be equipped with the proper background so that next time when a sensational attack is reported on the news, they won’t consider themselves blessed that their company weren’t the objective. However, no matter how much secured a system is, there will be a manner to crack it. We should take in consideration, that even if a system is not vulnerable today, it may be in danger at some point in the future. Setting “night terrors” apart, delightedly, there are only a few highly developed aggressors especially in our country, against which our defence will fail. In this paper, we introduce backdoors as a mean of gaining access to a specific technology. We put emphasis that backdoors aren’t only used for dreadful purposes; those of the non-criminal category are used to help clients who are desperately outside of their devices or for damage assessment and dealing with software concerns. Also, we will demonstrate in Linux Ubuntu how to find hidden backdoors, by using a set of commands and tools. Finally, we will show a way how to stop a backdoor attack.
There are different types of backdoors that accomplish attacks when systems have vulnerabilities. In [1], there are treated vulnerabilities of the authentication system and how attackers can establish malicious backdoors to bypass authentication logic. They describe three types of backdoors and propose their elimination. In [2], there are given some statistics about methods used by actors to hack and crack systems, and the result is that even one may say that backdoors are old, they are still one of the most used methods to gain unauthorized access in a system or network.
In the cybersecurity world, the backdoor is a method where unauthorized and authorized users have the capability to get security measures and earn the most important access level which is root access. So gaining this access on a software application, network or computer system is very dangerous because they can steal your personal data, financial information and install more and more malware to control everything they have hacked. Backdoor malwares are generally mentioned as a Trojan. A Trojan is a malicious computer program that acts to be something different for the purposes of delivering malware, stealing your data, or opening up a backdoor on your computer system. Much like the Trojan horse in Greece history, computer Trojans always contain a really bad surprise. Trojans sometimes have the ability to recreate themselves and spread to other computer systems without any additional commands from the cyber “criminal” who created them. An attacker can gain control of your computer using a backdoor to: ▪ Upload or Download files ▪ Fulfill DDoS attacks on further devices ▪ Adjust device settings as he wants, including user credentials or even passwords. ▪ Steal data ▪ Install other malware on the system ▪ Shut down or restart the machine ▪ Download extra files ▪ Run processes and tasks ▪ Control the device on remote
Backdoors are of different types and not all of them have malicious intent.
Administrative backdoors are created hardware and software makers themselves. by the
Unlike backdoor malware, administrative backdoors aren't necessarily thought up with an illegitimate purpose in mind. Most of the times, built-in or administrative backdoors exist as artifacts of the process of software creation.
We chose to do our experiments in Ubuntu. Initially, we need to install Virtual Box in order to plant Ubuntu on it. We are using Ubuntu because it is userfriendly and is compatible with Debian packages.
Setting up Virtual Box on Windows platform.
To install Virtual Box first and foremost, Windows Installer must “live” in our system.
▪ Start Oracle VM VirtualBox installation by double clicking on the executable file.
▪ Welcome dialog enables us to choose where to install Oracle VM VirtualBox and which components to install.
In the end, the installer will construct an Oracle VM VirtualBox gather in the Windows Start menu, which facilitates you to start the app and entry its dossier.
▪ With basic settings, Oracle VM VirtualBox will be planted for all customers on the regional device. [5]
▪ Open the just installed VirtualBox and choose New. At this moment new window will appear.
▪ Select the architecture (32 or 64 bit) and the guest OS.
▪ Apply the Base Memory (RAM) ▪ Hit “Next” until it displays the VM storage size. Decide how much space we need determined by our hard disk and finish the wizard by hitting thecreate button.
▪ Next on VirtualBox window, select “Start” and choose the “media source”. In our situation, select the “.iso” on the desktop. ▪ Accomplish the installation.[6]
How to find strongly hidden backdoor, rootkit and port?
Proccedings of RTA-CSIT 2021, May 2021, Tirana, Albania EMAIL: eylli@yahoo.com (A. 1); julian.fejzaj@fshn.edu.al (A. 2); itafaj@gmail.com (A. 3) sudo gedit /var/log/rkhunter.log sudo netstat -antu –p The 3rd step List of processes: sudo ps –e The 2nd step – Port Scan [7]: The 4th step - List of hidden processes [4]: sudo apt-get install unhide sudo unhide-posix proc
sudo gedit /var/log/dpkg.log sudo gedit /var/log/daemon.log sudo gedit /var/log/user.log
grep ^ /etc/apt/sources.list /etc/apt/sources.list.d/* Finally, we are giving some commands what to do in case of a backdoor attack.
We block outgoing traffic to prevent backdoor damage. We can use iptables to contain further damage if a malware has been able to infect our host. By applying iptables filters with ‘OUTPUT’ option we block any unwanted traffic coming out from the host.
Commands [9]: Iptables –A OUTPUT –o eth1 –j DROP We can add extra rules for logging and analyzing.
Build a new link named LOGGING: iptables -N LOGGING Then add outgoing traffic to LOGGING link: iptables -A OUTPUT -j LOGGING Decline packets iptables -A LOGGING -j DROP
To conclude, security is an important topic and everyone should have some basic information in order to protect themselves from possible attacks. Remember that if your system is safe today it can be a target tomorrow. One of most popular ways even in 2020 are backdoors. We learned that backdoors are used from good guys and bad guys too. Through the sections of this paper we learned what backdoors are and how attackers use them to gain access over a computer. In the experimental section, we demonstrated a simple way how to detect hidden processes. Finally, we gave a solution what to do in case of a backdoor attack. We blocked traffic to prevent damage.
[2] “Data breach investigation report”, 2019 [7]http://manpages.ubuntu.com/manpages/trusty/man8/ netstat.8.html [9]https://www.thegeekstuff.com/2011/06/iptablesrules-examples/