Attacking Linux with malicious packages
Attacking Linux with malicious installer packages is common these days. We can combine Metasploit payloads into various installer packages.
We download a package of the latest freesweep, which is a text-based equivalent of Minesweeper. Minesweeper is a common game, and more information about Minesweeper is available at http://en.wikipedia.org/wiki/Minesweeper_(video_game).
We can download the latest copy of freesweep from https://packages.debian.org/sid/freesweep. The next step to follow after the download is complete is to extract the package into a workable folder.
Create a folder named DEBIAN
in the extracted package. This is important, as this folder is mandatory in a Debian-based package because it contains control and scripts for installation.
Next, we'll create two different scripts for control and post-installation named control
and postint
, respectively as shown in the following screenshot:
Open the control
file and define the information about...