A critical part of establishing persistence on a system is to leave a “backdoor” that allows the hacker access to the system at a later date, without exploiting the same vulnerabilities (t
编程辅导 C C++ Java Python MIPS Processing 网络家教 在线辅导
编程家教 远程写代码 Debug 讲解答疑 课后答疑 不是中介,本人直接答疑
微信: ittutor QQ: 14061936 Email: ittutor@qq.com
A critical part of establishing persistence on a system is to leave a “backdoor” that allows the hacker access to the system at a later date, without exploiting the same vulnerabilities (they may be fixed in the meantime). In this assignment, you’ll explore writing a backdoor that pretends to be a web server. A web server makes a great pretense for a backdoor, because web traffic is so prevalent it does not raise red flags and ports 80 and 443 are frequently permitted through firewalls.
Your goal is to create, in C, a minimal HTTP 1.1 server, based on RFC 2616 from scratch, without using any libraries except for the C standard library.
The name of your backdoor executable will be normal_web_server
Interface
You must implement the following command-line interface for your server:
./normal_web_server <port> Your server should listen for incoming connections to the given port, and respond to most requests with a valid HTTP 1.1 response with the 404 HTTP response code.
It is important that your server support valid HTTP 1.1 requests from HTTP clients (otherwise your backdoor will be detected), and your server should not cause the client to hang or otherwise malfunction.
The backdoor functionality is that when your server receives a GET request for a URL in the form of /exec/<command>, then your server should take <command> and execute it using the system libc function and the HTTP response will be the stdout of the executed command. The HTTP status code of the response should be 200. Note that there are no limitations to the characters in <command>, in other words, your program should capture the rest of the requested URL from the / after /exec to the end of the URL.
For instance, an HTTP GET of /exec/ls will return an HTTP response with the body of the output of the execution of the ls command on the server. An HTTP GET of /exec/ls%20-la will return an HTTP response with the body of the output of ls -la.
When the server is killed (Control-C via command prompt or the SIGINT signal is sent to the program), the server should release the port and safely terminate.
Implementation
Your program must work on Ubuntu 16.04 64-bit with the default packages installed. You’ll probably need to set up a virtual machine to do your development.
Network Server Programming Resources
These are some resources that prior years have found to help in writing networked server application: