awoodworth/callbacks.sh

## callbacks.sh
#!/bin/bash

# searching for callbacks
cd /etc
grep -ErHn "10.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" * >> ~/callbacks.txt

## checksum.sh
#!/bin/bash

# makes a checksum file and checks direcotries for changes,
# copies known backup folders back over changed directories

httpd="/var/www/"
tomcat="/etc/tomcat5/"
backup="/home/administrator/backup2"

mkdir /home/administrator/fucked

find $httpd -type f -exec md5sum {} \; | md5sum > ~/httpdck1.txt
find $tomcat -type f -exec md5sum {} \; | md5sum > ~/tomcatck1.txt

while(true); do
  find $httpd -type f -exec md5sum {} \; | md5sum > ~/httpdck2.txt
  cmp -s ~/httpdck1.txt ~/httpdck2.txt > /dev/null
  if [ $? -eq 1 ]; then
    # rewrite automatically
    mkdir /home/administrator/fucked/`date +"%H%M%S"`
    dir=`date +"%H%M%S"`
    cp -Rp $httpd /home/administrator/fucked/$dir
    rm -rf $httpd
    cp -Rp $backup/www/ /var/
    printf "httpd changed - ";date
  fi

  find $tomcat -type f -exec md5sum {} \; | md5sum > ~/tomcatck2.txt
  cmp -s ~/tomcatck1.txt ~/tomcatck2.txt > /dev/null
  if [ $? -eq 1 ]; then
    # rewrite automatically
    mkdir /home/administrator/fucked/`date +"%H%M%S"`
    dir=`date +"%H%M%S"`
    cp -Rp $tomcat /home/administrator/fucked/$dir
    rm -rf $tomcat
    cp -Rp $backup/tomcat5/ /etc/
    printf "tomcat changed - ";date
  fi

  sleep 5
done

## ddossh.sh
# dd over ssh
sudo dd if=/dev/sda# | gzip -1 - | ssh user@remoteip dd of=image.gz

## getusers.sh
awk -F : '{printf $1"\n"}' /etc/shadow

## remotesessions.sh
#!/bin/bash

# logs out any remote sessions
while(true); do
  who -u | grep -E "10.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" > loggedin.txt
  awk '{printf $2"\n"}' loggedin.txt > shell.txt
  awk '{printf $1"\n"}' loggedin.txt > who.txt
  while read shell; do
    fuser -k /dev/$shell
    date
    while read who; do
      echo $who
      echo "" > eval echo ~$who/.ssh/authorized_keys
    done <who.txt
    printf "CHANGE PASSWORD\n=================================="
  done <shell.txt
  sleep 5
done

## systeminfo.sh
#! /bin/bash

OPSYS=$(uname -o)
HNAME=$(uname -n)
HARDWARE=$(uname -i)
MSG=$(dmesg)
STG=

echo 'Operating system: ' $OPSYS  >> results
echo '\nHostname: ' $HNAME >> results
echo '\nHardware platform: ' $HARDWARE >> results
echo '\nDmesg: ' >> results

for i in "${MSG[@]}"
do
  echo $i >> results
done
	#!/bin/bash

	# searching for callbacks
	cd /etc
	grep -ErHn "10.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)" * >> ~/callbacks.txt
	#!/bin/bash

	# makes a checksum file and checks direcotries for changes,
	# copies known backup folders back over changed directories

	httpd="/var/www/"
	tomcat="/etc/tomcat5/"
	backup="/home/administrator/backup2"

	mkdir /home/administrator/fucked

	find $httpd -type f -exec md5sum {} \; \| md5sum > ~/httpdck1.txt
	find $tomcat -type f -exec md5sum {} \; \| md5sum > ~/tomcatck1.txt

	while(true); do
	find $httpd -type f -exec md5sum {} \; \| md5sum > ~/httpdck2.txt
	cmp -s ~/httpdck1.txt ~/httpdck2.txt > /dev/null
	if [ $? -eq 1 ]; then
	# rewrite automatically
	mkdir /home/administrator/fucked/`date +"%H%M%S"`
	dir=`date +"%H%M%S"`
	cp -Rp $httpd /home/administrator/fucked/$dir
	rm -rf $httpd
	cp -Rp $backup/www/ /var/
	printf "httpd changed - ";date
	fi

	find $tomcat -type f -exec md5sum {} \; \| md5sum > ~/tomcatck2.txt
	cmp -s ~/tomcatck1.txt ~/tomcatck2.txt > /dev/null
	if [ $? -eq 1 ]; then
	# rewrite automatically
	mkdir /home/administrator/fucked/`date +"%H%M%S"`
	dir=`date +"%H%M%S"`
	cp -Rp $tomcat /home/administrator/fucked/$dir
	rm -rf $tomcat
	cp -Rp $backup/tomcat5/ /etc/
	printf "tomcat changed - ";date
	fi

	sleep 5
	done
	# dd over ssh
	sudo dd if=/dev/sda# \| gzip -1 - \| ssh user@remoteip dd of=image.gz
	#!/bin/bash

	# logs out any remote sessions
	while(true); do
	who -u \| grep -E "10.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)" > loggedin.txt
	awk '{printf $2"\n"}' loggedin.txt > shell.txt
	awk '{printf $1"\n"}' loggedin.txt > who.txt
	while read shell; do
	fuser -k /dev/$shell
	date
	while read who; do
	echo $who
	echo "" > eval echo ~$who/.ssh/authorized_keys
	done <who.txt
	printf "CHANGE PASSWORD\n=================================="
	done <shell.txt
	sleep 5
	done
	#! /bin/bash

	OPSYS=$(uname -o)
	HNAME=$(uname -n)
	HARDWARE=$(uname -i)
	MSG=$(dmesg)
	STG=

	echo 'Operating system: ' $OPSYS >> results
	echo '\nHostname: ' $HNAME >> results
	echo '\nHardware platform: ' $HARDWARE >> results
	echo '\nDmesg: ' >> results

	for i in "${MSG[@]}"
	do
	echo $i >> results
	done