开发者

what does this attempted trojan horse code do?

It looks like this just sends a ping, but whats the point of that when you can just use ping?

/* WARNING开发者_StackOverflow社区: this is someone's attempt at writing a malware trojan. Do not
   compile and *definitely* don't install. I added an exit as the
   first line to avoid mishaps - msw */
int main (int argc, char *argv[])
{
    exit(1);
    unsigned int pid = 0;
    char buffer[2];
    char *args[] = {
        "/bin/ping",
        "-c",
        "5",
        NULL,
        NULL
    };

    if (argc != 2)
        return 0;

    args[3] = strdup(argv[1]);
    for (;;)
    {
        gets(buffer); /* FTW */

        if (buffer[0] == 0x6e)
            break;

        switch (pid = fork())
        {
            case -1:
                printf("Error Forking\n");
                exit(255);
            case 0:
                execvp(args[0], args);
                exit(1);
            default:
                break;
        }
    }
    return 255;
}


It's a hack - or an attempt at a hack - to get arbitrary code run in a privileged mode. Ping needs to run SUID root to get a raw socket for an ICMP_ECHO_REQUEST and the intentional buffer overrun in gets(buffer) is intended to pass junk to ping.

I don't see how this could work in practice, but you shouldn't compile and run it.


It makes sure that ping is called with the arguments -c 5. Which is stupid, because a shell script or alias would be easier to read and faster to write.


This program basically emulates a simple shell program. A shell program is going to take the arguments of another program as input and launch that specified program in a new process. The program you have above is just hard coded for one specific program (ping in this case) and is very simple.

A shell program makes working with the operating system more user friendly by providing an interface to boot up programs.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜