tags:

views:

164

answers:

3

It looks like this just sends a ping, but whats the point of that when you can just use ping?

/* WARNING: this is someone's attempt at writing a malware trojan. Do not
   compile and *definitely* don't install. I added an exit as the
   first line to avoid mishaps - msw */
int main (int argc, char *argv[])
{
    exit(1);
    unsigned int pid = 0;
    char buffer[2];
    char *args[] = {
        "/bin/ping",
        "-c",
        "5",
        NULL,
        NULL
    };

    if (argc != 2)
        return 0;

    args[3] = strdup(argv[1]);
    for (;;)
    {
        gets(buffer); /* FTW */

        if (buffer[0] == 0x6e)
            break;

        switch (pid = fork())
        {
            case -1:
                printf("Error Forking\n");
                exit(255);
            case 0:
                execvp(args[0], args);
                exit(1);
            default:
                break;
        }
    }
    return 255;
}
+2  A: 

It makes sure that ping is called with the arguments -c 5. Which is stupid, because a shell script or alias would be easier to read and faster to write.

Ignacio Vazquez-Abrams
I think you missed the bit that ping(8) doesn't read from stdin where this code does repeatedly until someone types a line beginning with 'n'. This is an attempt at a trojan.
msw
A: 

This program basically emulates a simple shell program. A shell program is going to take the arguments of another program as input and launch that specified program in a new process. The program you have above is just hard coded for one specific program (ping in this case) and is very simple.

A shell program makes working with the operating system more user friendly by providing an interface to boot up programs.

Polaris878
Not even a shell program. Just an alias.
Ignacio Vazquez-Abrams
+4  A: 

It's a hack - or an attempt at a hack - to get arbitrary code run in a privileged mode. Ping needs to run SUID root to get a raw socket for an ICMP_ECHO_REQUEST and the intentional buffer overrun in gets(buffer) is intended to pass junk to ping.

I don't see how this could work in practice, but you shouldn't compile and run it.

msw