Share
## https://sploitus.com/exploit?id=FF6FF878-09CC-57EF-ACAC-4DDF380A6B32
# Ansible Role: xz backdoor (CVE-2024-3094) (for [Ludus](https://ludus.cloud))

An Ansible Role that installs the [xz backdoor (CVE-2024-3094)](https://www.openwall.com/lists/oss-security/2024/03/29/4) on a Debian host and optionally installs the [xzbot](https://github.com/amlweems/xzbot) tool.

> [!WARNING]
> This role deploys malware on purpose!
> Without exposing the host to the internet you *should* be safe, but it's still malware. Be careful.

![demo](demo.jpeg)

## Requirements

Debian based OS

## Role Variables

Available variables are listed below, along with default values (see `defaults/main.yml`):

    # Install the xzbot cli tool used to send commands to the backdoor. It is installed to /usr/bin/xzbot
    ludus_xz_backdoor_install_xzbot: true
    # Install the xz backdoor library by linking it to liblzma.so.5 used by the system and rebooting
    ludus_xz_backdoor_install_backdoor: true
    # Remove the backdoor by replacing the symlink to liblzma.so.5 with the original and rebooting
    ludus_xz_backdoor_uninstall_backdoor: false

## Dependencies

None.

## Example Playbook

```yaml
- hosts: xz_backdoor_hosts
  roles:
    - badsectorlabs.ludus_xz_backdoor
  vars:
    ludus_xz_backdoor_install_xzbot: true
    ludus_xz_backdoor_install_backdoor: true
```

## Example Ludus Range Config

```yaml
ludus:
  - vm_name: "{{ range_id }}-xz-backdoor"
    hostname: "{{ range_id }}-xz-backdoor"
    template: debian-12-x64-server-template
    vlan: 10
    ip_last_octet: 2
    ram_gb: 2
    cpus: 2
    linux: true
    roles:
      - badsectorlabs.ludus_xz_backdoor
    role_vars:
      ludus_xz_backdoor_install_xzbot: true
      ludus_xz_backdoor_install_backdoor: true
```

## License

GPLv3

## Author Information

This role was created by [Bad Sector Labs](https://github.com/badsectorlabs), for [Ludus](https://ludus.cloud/).