A Framework For Reverse Tcp Backdoor Attack And Computer Forensic On Linux Os
MetadataShow full item record
Type of WorkText
DepartmentElectrical and Computer Engineering
ProgramMaster of Science
RightsThis item is made available by Morgan State University for personal, educational, and research purposes in accordance with Title 17 of the U.S. Copyright Law. Other uses may require permission from the copyright owner.
In this work, a framework for launching a reverse TCP attack and performing computer forensic examination on the image of the attacked host was implemented, this was conducted and tested on an isolated cybersecurity network testbed. It involves implementing a reverse TCP backdoor targeting a Linux Ubuntu operating system (OS) making use of Metasploit framework (penetration testing tool) payloads embedded within Kali Linux. Once the attack is successful, a malicious file was planted on the target host which gives a persistent logon access to the attacker machine using the backdoor. To investigate the attack event, Wireshark tool (a network sniffer) was used to analyze the communication between the two computers and computer forensic examination was carried out to analyze the image of the target host. The image file of the compromised machine was collected remotely over a network using another host serving as a collection host. Afterwards, several libraries and forensic tools were used to perform forensic analysis on the image.