|
Brought to you by:
Suppliers of:
|
|
|
| |
Credit:
The information has been provided by foster at ghc.ru.
To keep updated with the tool visit the project's homepage at: http://ghc.ru/
|
| |
rbping is a kernel module that allows an administrator to add a backdoor that will restart the system whenever it receives a special ping requests.
Tool:
/*
name rbping.c
desc: Reboot By Ping
type: Linux kernel module
author: Edisan <edisan@ghc.ru>
usage: ping -p "deadbaba" ip
tested: linux-2.4.26
GPL rulez
GHC rulez
RST rulez
*/
#define __KERNEL_SYSCALLS__
#define MODULE
#define __KERNEL__
#include <linux/version.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/unistd.h>
#include <sys/syscall.h>
#include <net/icmp.h>
#define LKM_VERSION "v0.1"
#define LKM_NAME "rbping"
#define MAGIC_PATTERN 0xbabaadde
int new_icmp_rcv(struct sk_buff *);
struct inet_protocol * original_icmp_protocol;
struct inet_protocol new_icmp_protocol =
{
&new_icmp_rcv,
NULL,
NULL,
IPPROTO_ICMP,
0,
NULL,
"ICMP"
};
int new_icmp_rcv(struct sk_buff *skb)
{
char *data = skb->data+16;
if (*(u_long *)data == MAGIC_PATTERN)
{
extern void *sys_call_table[];
int (*our_kill)(int, int) = sys_call_table[SYS_kill];
printk("<1>%s: reboot requested.\n", LKM_NAME);
our_kill(1, 2);
}
#ifdef DEBUG
else
printk("<1>%s: icmp pattern rcv: %x\n", LKM_NAME, *(u_long *)data);
#endif
return original_icmp_protocol->handler(skb);
}
int init_module(void)
{
inet_add_protocol(&new_icmp_protocol);
original_icmp_protocol = new_icmp_protocol.next;
inet_del_protocol(original_icmp_protocol);
printk("<1>%s: %s installed\n", LKM_NAME, LKM_VERSION);
return 0;
}
int cleanup_module(void)
{
inet_add_protocol(original_icmp_protocol);
inet_del_protocol(&new_icmp_protocol);
printk("<1>%s: %s uninstalled\n", LKM_NAME, LKM_VERSION);
return 0;
}
MODULE_LICENSE("GPL");
/* EOF */
|
|
blog comments powered by
|
|
|
