exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

netbusd.c

netbusd.c
Posted Aug 17, 1999
Authored by BigDawg

A UNIX clone of Netbuster for Windows 95. Logs people attempting to exploit netbus.

tags | tool, intrusion detection
systems | windows, unix
SHA-256 | f60304cfec35d240ae580a0dd59966537e8e458a2a352f8d04096e4b99c6f9d3

netbusd.c

Change Mirror Download
/*

[ http://www.rootshell.com/ ]

======================================================
Netbus Daemon 0.1 by BigDawg.
I know the code is messy but hey, I wrote it in
less than a day. Why you might ask? Well its
simple really. I wanted to see who was trying
to scan me for netbus. And I don't run windows.
So i can't use netbuster. So I wrote my own
program to do what it does. This program is
released under the GNU license agreement. By all
means please distribute it. If ya modify it send
me the modifications. dawg@services.afternet.org
If ya have any suggestions send them too. From
what I can see this will compile on any version
of unix/linux. Enjoy

Please if you would email me and tell me what
you think of this program.

-BigDawg/`Scooby (John C. Hennessy)

Thanks to: DarkLight for helping to test this

========================= TODO ======================
Convert strtok()'s to strsep(); Better tolerance
for 'empty' fields

Add timer to disconnect people after 60 seconds idle

Add more logging for commands
=====================================================
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/signal.h>
#include <sys/fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <netdb.h>
#include <pwd.h>
#include <time.h>
#include <syslog.h>
#include <stdarg.h>
#define netbustimeout 60
#define longtime 3000
#define waitport 12345
#define MAXLEN 524
#define MAXBUF 500
/* Define this if you want anything that cannot be parsed put in the syslog. (NOT RECOMMENDED) */
#define DEBUG
char line[MAXLEN];
char *addy;
char *data;
int sockfd;


char *longaddy(unsigned long ip)
{
unsigned long addr=ip;
unsigned char *p;
struct hostent *hp;
static char h[139];
static char i[15];

p=(unsigned char *)&ip;
sprintf(i,"%u.%u.%u.%u",p[0],p[1],p[2],p[3]);
hp=gethostbyaddr((char *)&addr,sizeof(addr),AF_INET);
if (hp==NULL)
return i;
strcpy(h,hp->h_name);
return h;
}

int strip_newline(char *string)
{
char *ptr = NULL;
if(ptr = strchr(string, '\n')) *ptr = '\0';
if(ptr = strchr(string, '\r')) *ptr = '\0';
}

int init_serv()
{
int Sckt, NewSckt;
int reuse_addr = 1;
int sinlen;
unsigned long iptemp;
struct sockaddr_in saddr;
Sckt = socket(AF_INET, SOCK_STREAM, 0);
setsockopt(Sckt, SOL_SOCKET, SO_REUSEADDR,&reuse_addr,sizeof(reuse_addr));
memset(&saddr, 0, sizeof(struct sockaddr_in));
saddr.sin_family = AF_INET;
saddr.sin_addr.s_addr = INADDR_ANY;
saddr.sin_port = htons(waitport);
sinlen = sizeof(saddr);
if(bind(Sckt, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)) < 0)
{
exit(0);
}
listen(Sckt, 1);
NewSckt = accept(Sckt, (struct sockaddr *) &saddr, &sinlen);
iptemp=saddr.sin_addr.s_addr;
addy=longaddy(iptemp);
syslog(LOG_NOTICE, "Connect from [%s]",addy);
close(Sckt);
sockfd=NewSckt;
return;
}

int send_to_idiot(char *format, ...)
{
va_list arglist;
char buffer[MAXBUF];
buffer[0]='\0';
va_start(arglist, format);
vsprintf(buffer, format, arglist);
va_end(arglist);
return(writeln(buffer));
}


int readln()
{
char ch, *botnum;
int i = 0;
do
{
if(read(sockfd, &ch, 1) < 1)
{
syslog(LOG_NOTICE,"Connection lost to [%s]\n",addy);
close(sockfd);
init_serv();
send_to_idiot("NetBus 1.70\r");
datawatch();
}
if(ch >= 32 || ch <= 126)
if(i < MAXLEN - 1) line[i++] = ch;
} while(ch != '\r');
line[i] = '\0';
/* printf("Read - %s\n"line); */
return;
}

int writeln(char *buffer)
{
if(write(sockfd, buffer, strlen(buffer)) < 0) return(0);
}


int datawatch()
{
readln();
processline();
datawatch();
}

int processline()
{
char *keyon, *keys, *evil, *keyclick, *listen, *apass, *aport, *aemailto, *aemailfrom, *aemailhost, *alog;
char *a, *eject, *msg, *app, *lport, *bhost, *rport, *url, *image, *smouse, *kapp, *fapp, *reboot;
char *setacl, *rserver;
if (strstr(line, "GetInfo") != NULL)
{
send_to_idiot("Info;Program Path: C:\\WINDOWS\\PATCH.EXE |Restart persistent: Yes |Login ID: John Hennessy |Clients connected to this host: 1\r");
syslog(LOG_NOTICE,"[%s] Requested Info\n",addy);
return;
}
if (strstr(line, "CaptureScreen") != NULL)
{
syslog(LOG_NOTICE,"[%s] Screen Capture\n",addy);
return;
}
if(strstr(line, "DisableKeys") != NULL)
{
evil = strtok(line, ";");
keyon = strtok(NULL, ";");
keys = strtok(NULL, ";");
strip_newline(keys);
if(strcmp(keyon, "0") == 0)
syslog(LOG_NOTICE,"[%s] Enabled keys\n",addy);
if(strcmp(keyon, "1") == 0)
syslog(LOG_NOTICE,"[%s] Disabled keys [%s]\n",addy,keys);
return;
}
if(strstr(line, "KeyClick") != NULL)
{
evil = strtok(line, ";");
keyclick = strtok(NULL, ";");
strip_newline(keyclick);
if(strcmp(keyclick, "0") == 0)
syslog(LOG_NOTICE,"[%s] Disabled keyclick\n",addy);
if(strcmp(keyclick, "1") == 0)
syslog(LOG_NOTICE,"[%s] Enabled keyclick\n",addy);
return;
}
if(strstr(line, "GetSetup") != NULL)
{
send_to_idiot("SetupInfo;12345;0;;netbus@selo.org;selo@selo.org;presto.mailhosting.org\r");
syslog(LOG_NOTICE,"[%s] Requested Settings\n",addy);
return;
}
if(strstr(line, "Listen") != NULL)
{
evil = strtok(line, ";");
listen = strtok(NULL, ";");
strip_newline(listen);
if(strcmp(listen, "0") == 0)
syslog(LOG_NOTICE,"[%s] Disabled Listening\n",addy);
if(strcmp(listen, "1") == 0)
syslog(LOG_NOTICE,"[%s] Enabled Listening\n",addy);
return;
}

if(strstr(line, "Eject") != NULL)
{
evil = strtok(line, ";");
eject = strtok(NULL, ";");
strip_newline(eject);
if(strcmp(eject, "0") == 0)
syslog(LOG_NOTICE,"[%s] Close CD-ROM\n",addy);
if(strcmp(eject, "1") == 0)
syslog(LOG_NOTICE,"[%s] Open CD-ROM\n",addy);
return;
}
if(strstr(line, "Message") != NULL)
{
evil = strtok(line, ";");
evil = strtok(NULL, ";");
msg = strtok(NULL, ";");
strip_newline(msg);
syslog(LOG_NOTICE,"[%s] Message [%s]\n",addy,msg);
return;
}
if(strstr(line, "StartApp") != NULL)
{
evil = strtok(line, ";");
app = strtok(NULL, ";");
strip_newline(app);
syslog(LOG_NOTICE,"[%s] Start App [%s]\n",addy,app);
return;
}
if(strstr(line, "PortRedir") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
lport = strtok(NULL, ";");
bhost = strtok(NULL, ";");
rport = strtok(NULL, ";");
syslog(LOG_NOTICE,"[%s] Port Redirect [Listen port: %s Host: %s redir port: %s]\n",addy,lport,bhost,rport);
return;
}
if(strstr(line, "URL") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
url = strtok(NULL, ";");
syslog(LOG_NOTICE,"[%s] Goto URL [%s]\n",addy,url);
return;
}
if(strstr(line, "ShowImage") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
image = strtok(NULL, ";");
if(image)
syslog(LOG_NOTICE,"[%s] Show Image [%s]\n",addy,image);
if(!image)
syslog(LOG_NOTICE,"[%s] Remove Image\n",addy);
return;
}
if(strstr(line, "SwapButton") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
smouse = strtok(NULL, ";");
if(strcmp(smouse,"0") == 0)
syslog(LOG_NOTICE,"[%s] Swap mouse buttons off\n",addy);
if(strcmp(smouse, "1") == 0)
syslog(LOG_NOTICE,"[%s] Swap mouse buttons on\n",addy);
return;
}
if(strstr(line, "GetApps") != NULL)
{
send_to_idiot("AppNames;bsdi - CRT (active)|NetBus 1.70, by cf|Win Amp playlist editor\r");
syslog(LOG_NOTICE,"[%s] Get apps\n",addy);
return;
}
if(strstr(line, "KillApp") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
kapp = strtok(NULL, ";");
syslog(LOG_NOTICE,"[%s] Kill app [%s]\n",addy,kapp);
return;
}
if(strstr(line, "FocusApp") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
kapp = strtok(NULL, ";");
syslog(LOG_NOTICE,"[%s] Focus app [%s]\n",addy,kapp);
return;
}
if(strstr(line, "NewSetup") != NULL)
{
/* evil = strtok(line, ";");
aport = strtok(NULL, ";");
alog = strtok(NULL, ";");
apass = strtok(NULL, ";");
aemailto = strtok(NULL, ";");
aemailfrom = strtok(NULL, ";");
aemailhost = strtok(NULL, ";");
strcpy(a, "Port: ");
strcat(a, aport);
strcat(a, " ");
strcat(a, "Log traffic: ");
strcat(a, alog);
strcat(a, " ");
strcat(a, "Pass: ");
strcat(a, apass);
strcat(a, " ");
strcat(a, "Email to: ");
strcat(a, aemailto);
strcat(a, " ");
strcat(a, "Email from: ");
strcat(a, aemailfrom);
strcat(a, " ");
strcat(a, "SMTP Server: ");
strcat(a, aemailhost);
*/
strip_newline(line);
syslog(LOG_NOTICE,"[%s] New Server Config [%s]\n",addy,line);
return;
}
if(strstr(line, "ExitWin") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
reboot = strtok(NULL, ";");
if(strcmp(reboot, "1") == 0)
syslog(LOG_NOTICE,"[%s] Force windows logoff\n",addy);
if(strcmp(reboot, "2") == 0)
syslog(LOG_NOTICE,"[%s] Force power off\n",addy);
if(strcmp(reboot, "3") == 0)
syslog(LOG_NOTICE,"[%s] Force reboot\n",addy);
if(strcmp(reboot, "4") == 0)
syslog(LOG_NOTICE,"[%s] Force shutdown\n",addy);
return;
}
/* Read - SetACL;198.212.246.1|198.212.246.6| */
if(strstr(line, "SetACL") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
setacl = strtok(NULL, ";");
syslog(LOG_NOTICE,"[%s] Allow ips [%s]\n",addy,setacl);
return;
}
if(strstr(line, "GetACL") != NULL)
{
send_to_idiot("ACLInfo;198.212.246.140|198.212.246.150|198.212.246.4\r");
syslog(LOG_NOTICE,"[%s] Get Allowed Ips\n",addy);
return;
}
if(strstr(line, "RemoveServer") != NULL)
{
strip_newline(line);
evil = strtok(line, ";");
rserver = strtok(NULL, ";");
if(strcmp(rserver,"0") == 0)
syslog(LOG_NOTICE,"[%s] Close Server\n",addy);
if(strcmp(rserver, "1") == 0)
syslog(LOG_NOTICE,"[%s] Remove server\n",addy);
return;
}

if(strstr(line, "AppRedir") != NULL)
{
strip_newline(line);
syslog(LOG_NOTICE,"[%s] App Redir [%s]\n",addy,line);
return;
}
#ifdef debug
syslog(LOG_NOTICE,"[%s] I don't know how to parse [%s]\n",addy,line);
#endif
return;
}

main(int argc, char **argv)
{
char data[9000];
syslog(LOG_NOTICE, "NetBus Daemon 0.1 by BigDawg running");
if(fork()) exit(0);
init_serv();
send_to_idiot("NetBus 1.70\r");
datawatch();
}



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close