Logo Search packages:      
Sourcecode: unhide version File versions  Download package

unhide.c

/* Unhide yjesus@security-projects.com */

#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/resource.h>
#include <errno.h>
#include <stdlib.h>


// Linux
#define COMMAND "ps -eLf | awk '{ print $2 }' | grep -v PID"

// CentOS / RHEL linux (thanks  unspawn@rootshell.be and Martin.Bowers@freescale.com )
// #define COMMAND "ps -emf --no-headers| awk '{ print $2 }'"

// Old Linux (without threads)
// #define COMMAND "ps -ax | awk '{ print $1 }' | grep -v PID"

//OpenBSD
// #define COMMAND "ps -axk | awk '{ print $1 }' | grep -v PID"

// Solaris 
// #define COMMAND "ps -elf | awk '{ print $4 }' | grep -v PID"


int maxpid= 999999;

void checkps(int tmppid) {
      
      int statusfile;
      int statcommand;
      int ok = 0;
      char pids[30];
      char compare[100];
      
      FILE *fich_tmp ;
      
      fich_tmp=popen (COMMAND, "r") ;
      
      
      while (!feof(fich_tmp) && ok == 0) {
            
            fgets(pids, 30, fich_tmp);
            
            sprintf(compare,"%i\n",tmppid);
            
            if (strcmp(pids, compare) == 0) {ok = 1;}
            
            
        }
      
      pclose(fich_tmp);
      
      if ( ok == 0 ) {
            
            int statuscmd ;
            int posicion;
            char cmd[100] ;

            struct stat buffer;
                  
            printf ("Found HIDDEN PID: %i\n", tmppid) ;
            
            sprintf(cmd,"/proc/%i/cmdline",tmppid);
            
            statuscmd = stat(cmd, &buffer);
            
            if (statuscmd == 0) {
                  
                  FILE *cmdfile ;
                  char cmdcont[1000];
                  
                  cmdfile=fopen (cmd, "r") ;
                  
                  
                  while (!feof (cmdfile)) {
                        
                        fgets (cmdcont, 1000, cmdfile);
                        printf ("Command: %s\n\n", cmdcont);
                        
                  }
            }
                  
      }           
      
}

void checkproc() {
      
      int procpids ;
      char sendto[100];
      
      int statusproc;
      struct stat buffer;
      
      printf ("[*]Searching for Hidden processes through /proc scanning\n\n") ;
            
      for ( procpids = 1; procpids <= maxpid; procpids = procpids +1 ) {
            
            char directory[100] ;
            
            
            sprintf(directory,"/proc/%d",procpids);
            
            
            statusproc = stat(directory, &buffer) ;
            
            if (statusproc == 0) {
                  
                  checkps(procpids);
                  
            }
            
      }
}

void checkgetpriority() {
      
      int syspids ;

      char sendto[100];
      
      printf ("[*]Searching for Hidden processes through getpriority() scanning\n\n") ;
      
      
      for ( syspids = 1; syspids <= maxpid; syspids = syspids +1 ) {
            
            int which = PRIO_PROCESS;
            
            int ret;
            
            errno= 0 ;
            
            ret = getpriority(which, syspids);
            
            if ( errno == 0) {
                  
                  checkps(syspids);
            }
      }
}
            
void checkgetpgid() {
      
      int syspids ;

      char sendto[100];
      
      
      printf ("[*]Searching for Hidden processes through getpgid() scanning\n\n") ;
      
      
      
      for ( syspids = 1; syspids <= maxpid; syspids = syspids +1 ) {
            
            int ret;
            
            errno= 0 ;
            
            ret = getpgid(syspids);
            
            if ( errno == 0) {
                  
                  checkps(syspids);
            }
      }
}           
            

void checkgetsid() {
      
      int syspids ;

      char sendto[100];
      
      
      printf ("[*]Searching for Hidden processes through getsid() scanning\n\n") ;
      
      
      for ( syspids = 1; syspids <= maxpid; syspids = syspids +1 ) {
            
            int ret;
            
            errno= 0 ;
            
            ret = getsid(syspids);
            
            if ( errno == 0) {
                  
                  checkps(syspids);
            }
      }
}           



int main (int argc, char *argv[]) {
      
      printf ("Unhide 20100201\n") ;
      printf ("http://www.security-projects.com/?Unhide\n\n\n") ;
      
      
      if(argc != 2) {
            
            printf("usage: %s proc | sys\n\n", argv[0]);
            exit (1);
            
      } 
      
      if (strcmp(argv[1], "proc") == 0) {checkproc();}
      
      else if (strcmp(argv[1], "sys") == 0) {
            checkgetpriority();
            checkgetpgid() ;
            checkgetsid();
            
      }
      
      else {
            printf("uso: %s proc | sys\n\n", argv[0]);
            exit (1);
      }
      
}

Generated by  Doxygen 1.6.0   Back to index