- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
Cross-platform backdoor using dns txt records.
What is ddor?
ddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines.
Features
- Allows a single txt record to have seperate commands for both linux and windows machines
- List of around 10 public DNS servers that it randomly chooses from
- Unpredictable call back times
- Encrypts txt record using xor with custom password
- Anti-Debugging, if ptrace is detected as being attached to the process it will exit.
- Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program.
- Automatically Daemonizes
- Tries to set GUID/UID to 0 (root)
- Hides Console Window
- Stub Size of around 20kb