A Framework For Reverse Tcp Backdoor Attack And Computer Forensic On Linux Os

No Thumbnail Available

Links to Files

Author/Creator

Author/Creator ORCID

Date

2016

Type of Work

Department

Electrical and Computer Engineering

Program

Master of Science

Citation of Original Publication

Rights

This item is made available by Morgan State University for personal, educational, and research purposes in accordance with Title 17 of the U.S. Copyright Law. Other uses may require permission from the copyright owner.

Abstract

In this work, a framework for launching a reverse TCP attack and performing computer forensic examination on the image of the attacked host was implemented, this was conducted and tested on an isolated cybersecurity network testbed. It involves implementing a reverse TCP backdoor targeting a Linux Ubuntu operating system (OS) making use of Metasploit framework (penetration testing tool) payloads embedded within Kali Linux. Once the attack is successful, a malicious file was planted on the target host which gives a persistent logon access to the attacker machine using the backdoor. To investigate the attack event, Wireshark tool (a network sniffer) was used to analyze the communication between the two computers and computer forensic examination was carried out to analyze the image of the target host. The image file of the compromised machine was collected remotely over a network using another host serving as a collection host. Afterwards, several libraries and forensic tools were used to perform forensic analysis on the image.