Logo Search packages:      
Sourcecode: unhide version File versions  Download package

unhide-tcp.c

/* 
          http://www.unhide-forensics.info
*/

/*
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <errno.h>

#include <string.h>
#include <unistd.h>


/* thx aramosf@unsec.net for the nice regexp! */

// Linux
char tcpcommand[]= "netstat -tan | sed -e '/[\\.:][0-9]/!d' -e 's/.*[\\.:]\\([0-9]*\\) .*[\\.:].*/\\1/'" ;
char udpcommand[]= "netstat -uan | sed -e '/[\\.:][0-9]/!d' -e 's/.*[\\.:]\\([0-9]*\\) .*[\\.:].*/\\1/'" ;



// OpenBSD
// char tcpcommand[]= "netstat -an -p tcp | sed -e '/[\\.:][0-9]/!d' -e 's/.*[\\.:]\\([0-9]*\\) .*[\\.:].*/\\1/'" ;
// char udpcommand[]= "netstat -an -p udp| sed -e '/[\\.:][0-9]/!d' -e 's/.*[\\.:]\\([0-9]*\\) .*[\\.:].*/\\1/'" ;


// Solaris
// char tcpcommand[]= "netstat -an -P tcp | sed -e '/[\\.:][0-9]/!d' -e 's/.*[\\.:]\\([0-9]*\\) .*[\\.:].*/\\1/'" ;
// char udpcommand[]= "netstat -an -P udp| sed -e '/[\\.:][0-9]/!d' -e 's/.*[\\.:]\\([0-9]*\\) .*[\\.:].*/\\1/'" ;



void checkport(int port, char command[]) {

      int statusfile;
      int statcommand;
      int ok = 0;
      char ports[30];
      char compare[100];

      FILE *fich_tmp ;

      fich_tmp=popen (command, "r") ;


      while (!feof(fich_tmp) && ok == 0) {

            fgets(ports, 30, fich_tmp);

            sprintf(compare,"%i\n",port);

            if (strcmp(ports, compare) == 0) {ok = 1;}


        }

      pclose(fich_tmp);

      if ( ok == 0 ) {

            printf ("Found Hidden port that not appears in netstat: %i\n", port) ;

      }

}


int main() {


      int i ;
      int u ;

      printf ("Unhide 20110113\n") ;
        printf ("http://www.unhide-forensics.info\n\n\n") ;

      printf ("Starting TCP checking\n\n") ;

      for (i =1; i < 65535; i++) {

            int socket_desc;
            struct sockaddr_in address;


            socket_desc=socket(AF_INET,SOCK_STREAM,0);

            address.sin_family = AF_INET;
            address.sin_addr.s_addr = INADDR_ANY;
            address.sin_port = htons(i);
            errno= 0 ;
            bind(socket_desc,(struct sockaddr *)&address,sizeof(address));
            listen(socket_desc,1);

            if ( errno != 0) {

                  close(socket_desc);

                  checkport(i, tcpcommand);

            }

            close(socket_desc);
      }

      printf ("Starting UDP checking\n\n") ;


      for (u =1; u < 65535; u++) {

            int socket_desc;
            struct sockaddr_in address;


            socket_desc=socket(AF_INET,SOCK_DGRAM,0);

            address.sin_family = AF_INET;
            address.sin_addr.s_addr = INADDR_ANY;
            address.sin_port = htons(u);
            errno= 0 ;
            bind(socket_desc,(struct sockaddr *)&address,sizeof(address));

            if ( errno != 0) {

                  close(socket_desc);

                  checkport(u, udpcommand);

            }

            close(socket_desc);
      }

}


Generated by  Doxygen 1.6.0   Back to index