rwxbo.c

rwxbo.c: Posted Aug 17, 1999; Authored by KByte; RWX Back Orifice Sweep Scanner - RWXBO is a simple program that will log attempts to scan your ip range, and logs some commands that the attacker might type.; systems | unix; MD5 | 88d5fe7bb1063a45a2ca784185d39328; Download | Favorite | Comments (0)

rwxbo.c

/*                ------------------------------
                       RWX PROUDLY PRESENTS:
                  ------------------------------
               RwXBO v. 0.0.0.2 beta 127.0.0.1

Visit http://rwx.ml.org - RwX Security Zine in Portuguese

Now using syslog!

RWX Back Orifice Sweep Scanner

Authors: [0x5002](xsatanic@rwx.ml.org) 'n KByte(kbyte@rwx.ml.org)
Help by lrk0rx
[ Issues, Programs, Mail List => http://rwx.ml.org ]

RWXBO eh um programa simples nascido da ide'ia de pegar os engracadinhos
que ficam destruindo o computador de pobres mulheres indefesas.

RWXBO is a simple program that will log attemps to scan your ip range, and
logs some commands that the attacker might type.
Look at your syslog file for the logs (Usually /var/log/messages)

Tested on RedHat 5.1 Linux and SlackWare 3.5 Linux

*/
#include   <syslog.h>
#include        <sys/types.h>
#include        <sys/socket.h>
#include        <netinet/in.h>
#include        <arpa/inet.h>
#include        <stdio.h>
#include        <stdlib.h>
#include        <string.h>
#include        <unistd.h>

#define  DIR      0
#define  INFO     1
#define  HTTPON80 2

char scanstr[1024]="ÎcÑÒçÏ9¥¥†MŠ´fª2";
char dir[1024]="ÎcÑÒçÏ<¥¥†";
char info[1024]="ÎcÑÒçÏ8¥¥†";
char httpon80[1024]="ÎcÑÒçÏ>";

char buffer[1024]="ÎcÑÒçÏ¥¥†¼uK™ªxÄãÖ¦eQuQë*?í0|[ˆÑæ§Á";

char *host;

int main()          
{
  struct sockaddr_in  serv, cli;
  char      request[400], reply[400];
  int      sockfd, n, clilen;
      if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
    perror("socket error");

        openlog("rwxbo", LOG_PID|LOG_CONS, LOG_WARNING);

  memset(&serv, 0, sizeof(serv));

  serv.sin_family      = AF_INET;
  serv.sin_addr.s_addr = htonl(INADDR_ANY);
  serv.sin_port        = htons(31337);

  if (bind(sockfd, (struct sockaddr_in *) &serv, sizeof(serv)) < 0)
                 perror("bind");

        while(fork()==0) {
  for ( ; ; ) {
    clilen = sizeof(cli);
    if ( (n = recvfrom(sockfd, request, 400, 0,
           (struct sockaddr_in *) &cli, &clilen)) < 0)
      syslog(LOG_ERR, "fake reply");
        
        host = inet_ntoa(cli.sin_addr);
        
        if (strstr(request,scanstr)) 
           syslog(LOG_WARNING, "-----(%s) is scanning you------\n", host);

        if (strstr(request,dir))  
           syslog(LOG_WARNING, "RwXBO:%s>dir\n", host);

        if (strstr(request,info)) 
           syslog(LOG_WARNING, "RwXBO:%s>passes or info\n", host);

        if (strstr(request,httpon80)) 
           syslog(LOG_WARNING, "RwXBO:%s>httpon 80\n", host);

        fflush(stdout);
        
 sendto(sockfd, buffer, sizeof(buffer), 0, (struct sockaddr *)&cli,sizeof(cli));
}
}
}

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Torben Jensen 29 files
Heine Pedersen 29 files
Ubuntu 26 files
Farbod Mahini 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
Am!r 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

rwxbo.c

rwxbo.c

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

rwxbo.c

Share This

rwxbo.c

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems