Simple Backdoor presentation – On the right side of the screen is a server machine. On the left, a client. Let’s check the server’s IP. The client is able to ping the machine. Until the administrator incorrectly applies a firewall rule… All flows are now blocked by the firewall; the machine does not accept any communication. The client will use a simple backdoor to take back control of the server. The client is sending one “magic” packet which will provide a new tunnel access to the server. It seems that the access is now back. A reverse tunnel had been created between the client and the server. We can see that the backdoor created two firewall rules to open communication with the client. PuTTY closed its connection with the server (because of timeout) We will remove the firewall created by the administrator. We can try the PuTTY connection again It seems that we are able to reconnect to our server. Let’s try a last ping to be sure that everything is fine… For more details about the implementation of the backdoor, you can read our blog article (see link down below).