API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 16th, 2013
1,238
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.05 KB | None | 0 0
raw download clone embed print report
  1. static char data [] =
  2. #define shll_z 8
  3. #define shll ((&data[2]))
  4. "\025\011\130\016\001\157\174\214\266\207\305"
  5. #define chk2_z 19
  6. #define chk2 ((&data[15]))
  7. "\157\014\306\146\274\343\051\224\344\123\303\253\102\204\375\133"
  8. "\226\341\231\073\067\366\021\201\337"
  9. #define inlo_z 3
  10. #define inlo ((&data[36]))
  11. "\047\031\063"
  12. #define tst2_z 19
  13. #define tst2 ((&data[43]))
  14. "\220\153\001\155\202\024\350\017\237\261\045\075\171\152\117\240"
  15. "\252\360\066\314\012\046\101\341"
  16. #define msg1_z 42
  17. #define msg1 ((&data[70]))
  18. "\020\142\301\220\052\330\236\342\132\325\103\042\071\172\113\272"
  19. "\311\112\146\373\372\136\002\005\360\001\124\217\007\114\135\024"
  20. "\073\332\170\216\361\332\370\340\154\025\042\261\141\054\127\074"
  21. "\240\020"
  22. #define rlax_z 1
  23. #define rlax ((&data[113]))
  24. "\054"
  25. #define pswd_z 256
  26. #define pswd ((&data[121]))
  27. "\114\064\222\035\200\322\303\124\142\273\247\204\176\025\252\030"
  28. "\326\051\036\075\151\022\335\073\227\200\104\143\300\160\370\044"
  29. "\152\045\145\361\045\065\276\234\376\340\373\250\353\163\061\171"
  30. "\271\071\127\356\220\221\065\372\353\366\115\276\154\027\020\227"
  31. "\026\303\325\120\315\241\047\052\152\306\260\262\162\010\243\207"
  32. "\143\275\341\310\072\075\364\044\173\375\102\266\361\144\020\377"
  33. "\273\162\355\362\303\300\171\120\152\002\137\055\035\310\120\172"
  34. "\025\174\352\262\137\131\131\270\070\117\105\110\072\361\075\177"
  35. "\302\022\351\176\350\077\133\077\036\356\015\136\312\263\302\304"
  36. "\000\163\102\113\255\166\224\003\222\231\217\110\225\203\164\350"
  37. "\066\200\276\376\031\255\025\241\337\177\160\133\277\066\351\367"
  38. "\172\273\320\104\233\332\354\130\062\133\162\046\170\076\020\014"
  39. "\051\313\121\222\013\117\206\062\377\054\217\176\250\175\354\266"
  40. "\264\157\167\220\123\116\136\300\270\143\071\047\373\266\352\155"
  41. "\311\042\103\101\044\364\327\022\016\323\102\360\366\116\350\113"
  42. "\011\054\031\172\151\021\140\031\302\311\327\311\304\211\134\075"
  43. "\235\351\345\141\301\343\003\035\013\267\132\033\221\144\211\310"
  44. "\346\254\322\221\241\260\210\237\141\145\371\125\071\076\122\113"
  45. "\054\032\170\015\061\210\213\230\126\272\246\014\075\002\116\172"
  46. "\252\147\150\370\072\347\372\015\372\242\237"
  47. #define opts_z 1
  48. #define opts ((&data[429]))
  49. "\226"
  50. #define msg2_z 19
  51. #define msg2 ((&data[431]))
  52. "\107\177\154\341\240\023\214\033\145\332\330\206\202\123\343\335"
  53. "\133\101\266\270\221\333\341\250"
  54. #define tst1_z 22
  55. #define tst1 ((&data[456]))
  56. "\133\236\173\317\105\303\020\202\277\105\237\326\214\045\345\275"
  57. "\224\323\260\335\261\276\267\140\147\114\044\127\163"
  58. #define text_z 41
  59. #define text ((&data[485]))
  60. "\072\162\057\162\141\046\323\223\026\030\161\341\142\310\143\163"
  61. "\254\104\342\234\363\075\201\377\356\351\107\000\046\300\063\120"
  62.  
  63. "\303\116\154\232\225\223\150\343\067\251\241\356\320\170\070\220"
  64. "\356\235\002\155"
  65. #define date_z 1
  66. #define date ((&data[535]))
  67. "\035"
  68. #define xecc_z 15
  69. #define xecc ((&data[539]))
  70. "\051\232\220\173\146\167\173\113\326\222\102\341\040\012\074\354"
  71. "\260\330\321\346\377"
  72. #define lsto_z 1
  73. #define lsto ((&data[557]))
  74. "\361"
  75. #define chk1_z 22
  76. #define chk1 ((&data[561]))
  77. "\332\024\326\034\051\111\266\001\147\104\024\200\120\257\353\255"
  78. "\137\112\012\266\375\317\320\360\014\077\241\167\237"/* End of data[] */;
  79. #define hide_z 4096
  80. #define DEBUGEXEC 0 /* Define as 1 to debug execvp calls */
  81. #define TRACEABLE 0 /* Define as 1 to enable ptrace the executable */
  82.  
  83. /* rtc.c */
  84.  
  85. #include <sys/stat.h>
  86. #include <sys/types.h>
  87.  
  88. #include <errno.h>
  89. #include <stdio.h>
  90. #include <stdlib.h>
  91. #include <string.h>
  92. #include <time.h>
  93. #include <unistd.h>
  94.  
  95. /* 'Alleged RC4' */
  96.  
  97. static unsigned char stte[256], indx, jndx, kndx;
  98.  
  99. /*
  100. * Reset arc4 stte.
  101. */
  102. void stte_0(void)
  103.  
  104. {
  105. indx = jndx = kndx = 0;
  106. do {
  107. stte[indx] = indx;
  108. } while (++indx);
  109. }
  110.  
  111. /*
  112. * Set key. Can be used more than once.
  113. */
  114. void key(void * str, int len)
  115. {
  116. unsigned char tmp, * ptr = (unsigned char *)str;
  117. while (len > 0) {
  118. do {
  119. tmp = stte[indx];
  120. kndx += tmp;
  121. kndx += ptr[(int)indx % len];
  122. stte[indx] = stte[kndx];
  123. stte[kndx] = tmp;
  124. } while (++indx);
  125. ptr += 256;
  126. len -= 256;
  127. }
  128. }
  129.  
  130. /*
  131. * Crypt data.
  132. */
  133. void arc4(void * str, int len)
  134. {
  135. unsigned char tmp, * ptr = (unsigned char *)str;
  136. while (len > 0) {
  137. indx++;
  138. tmp = stte[indx];
  139.  
  140. jndx += tmp;
  141. stte[indx] = stte[jndx];
  142. stte[jndx] = tmp;
  143. tmp += stte[indx];
  144. *ptr ^= stte[tmp];
  145. ptr++;
  146. len--;
  147. }
  148. }
  149.  
  150. /* End of ARC4 */
  151.  
  152. /*
  153. * Key with file invariants.
  154. */
  155. int key_with_file(char * file)
  156. {
  157. struct stat statf[1];
  158. struct stat control[1];
  159.  
  160. if (stat(file, statf) < 0)
  161. return -1;
  162.  
  163. /* Turn on stable fields */
  164. memset(control, 0, sizeof(control));
  165. control->st_ino = statf->st_ino;
  166. control->st_dev = statf->st_dev;
  167. control->st_rdev = statf->st_rdev;
  168. control->st_uid = statf->st_uid;
  169. control->st_gid = statf->st_gid;
  170. control->st_size = statf->st_size;
  171. control->st_mtime = statf->st_mtime;
  172. control->st_ctime = statf->st_ctime;
  173. key(control, sizeof(control));
  174. return 0;
  175.  
  176. }
  177.  
  178. #if DEBUGEXEC
  179. void debugexec(char * sh11, int argc, char ** argv)
  180. {
  181. int i;
  182. fprintf(stderr, "shll=%s\n", sh11 ? sh11 : "<null>");
  183. fprintf(stderr, "argc=%d\n", argc);
  184. if (!argv) {
  185. fprintf(stderr, "argv=<null>\n");
  186. } else {
  187. for (i = 0; i <= argc ; i++)
  188. fprintf(stderr, "argv[%d]=%.60s\n", i, argv[i] ? argv[i] : "<null>");
  189. }
  190. }
  191. #endif /* DEBUGEXEC */
  192.  
  193. void rmarg(char ** argv, char * arg)
  194. {
  195. for (; argv && *argv && *argv != arg; argv++);
  196. for (; argv && *argv; argv++)
  197. *argv = argv[1];
  198. }
  199.  
  200. int chkenv(int argc)
  201. {
  202. char buff[512];
  203. unsigned long mask, m;
  204. int l, a, c;
  205. char * string;
  206. extern char ** environ;
  207.  
  208. mask = (unsigned long)&chkenv;
  209. mask ^= (unsigned long)getpid() * ~mask;
  210. sprintf(buff, "x%lx", mask);
  211. string = getenv(buff);
  212. #if DEBUGEXEC
  213. fprintf(stderr, "getenv(%s)=%s\n", buff, string ? string : "<null>");
  214. #endif
  215. l = strlen(buff);
  216.  
  217. if (!string) {
  218. /* 1st */
  219. sprintf(&buff[l], "=%lu %d", mask, argc);
  220. putenv(strdup(buff));
  221. return 0;
  222. }
  223. c = sscanf(string, "%lu %d%c", &m, &a, buff);
  224. if (c == 2 && m == mask) {
  225. /* 3rd */
  226. rmarg(environ, &string[-l - 1]);
  227. return 1 + (argc - a);
  228. }
  229. return -1;
  230. }
  231.  
  232. #if !TRACEABLE
  233.  
  234. #define _LINUX_SOURCE_COMPAT
  235. #include <sys/ptrace.h>
  236. #include <sys/types.h>
  237. #include <sys/wait.h>
  238. #include <fcntl.h>
  239. #include <signal.h>
  240. #include <stdio.h>
  241. #include <unistd.h>
  242.  
  243. #if !defined(PTRACE_ATTACH) && defined(PT_ATTACH)
  244. # define PTRACE_ATTACH PT_ATTACH
  245. #endif
  246. void untraceable(char * argv0)
  247. {
  248. char proc[80];
  249. int pid, mine;
  250.  
  251. switch(pid = fork()) {
  252. case 0:
  253. pid = getppid();
  254. /* For problematic SunOS ptrace */
  255. #if defined(__FreeBSD__)
  256. sprintf(proc, "/proc/%d/mem", (int)pid);
  257.  
  258. #else
  259. sprintf(proc, "/proc/%d/as", (int)pid);
  260. #endif
  261. close(0);
  262. mine = !open(proc, O_RDWR|O_EXCL);
  263. if (!mine && errno != EBUSY)
  264. mine = !ptrace(PTRACE_ATTACH, pid, 0, 0);
  265. if (mine) {
  266. kill(pid, SIGCONT);
  267. } else {
  268. perror(argv0);
  269. kill(pid, SIGKILL);
  270. }
  271. _exit(mine);
  272. case -1:
  273. break;
  274. default:
  275. if (pid == waitpid(pid, 0, 0))
  276. return;
  277. }
  278. perror(argv0);
  279. _exit(1);
  280. }
  281. #endif /* !TRACEABLE */
  282.  
  283. char * xsh(int argc, char ** argv)
  284. {
  285. char * scrpt;
  286. int ret, i, j;
  287. char ** varg;
  288. char * me = getenv("_");
  289. if (me == NULL) { me = argv[0]; }
  290.  
  291. stte_0();
  292. key(pswd, pswd_z);
  293.  
  294. arc4(msg1, msg1_z);
  295. arc4(date, date_z);
  296. if (date[0] && (atoll(date)<time(NULL)))
  297. return msg1;
  298. arc4(shll, shll_z);
  299. arc4(inlo, inlo_z);
  300. arc4(xecc, xecc_z);
  301. arc4(lsto, lsto_z);
  302. arc4(tst1, tst1_z);
  303. key(tst1, tst1_z);
  304. arc4(chk1, chk1_z);
  305. if ((chk1_z != tst1_z) || memcmp(tst1, chk1, tst1_z))
  306. return tst1;
  307. ret = chkenv(argc);
  308. arc4(msg2, msg2_z);
  309. if (ret < 0)
  310. return msg2;
  311. varg = (char **)calloc(argc + 10, sizeof(char *));
  312. if (!varg)
  313. return 0;
  314. if (ret) {
  315. arc4(rlax, rlax_z);
  316. if (!rlax[0] && key_with_file(shll))
  317. return shll;
  318. arc4(opts, opts_z);
  319. arc4(text, text_z);
  320. arc4(tst2, tst2_z);
  321. key(tst2, tst2_z);
  322. arc4(chk2, chk2_z);
  323. if ((chk2_z != tst2_z) || memcmp(tst2, chk2, tst2_z))
  324. return tst2;
  325. /* Prepend hide_z spaces to script text to hide it. */
  326. scrpt = malloc(hide_z + text_z);
  327. if (!scrpt)
  328. return 0;
  329.  
  330. memset(scrpt, (int) ' ', hide_z);
  331. memcpy(&scrpt[hide_z], text, text_z);
  332. } else { /* Reexecute */
  333. if (*xecc) {
  334. scrpt = malloc(512);
  335. if (!scrpt)
  336. return 0;
  337. sprintf(scrpt, xecc, me);
  338. } else {
  339. scrpt = me;
  340. }
  341. }
  342. j = 0;
  343. varg[j++] = argv[0]; /* My own name at execution */
  344. if (ret && *opts)
  345. varg[j++] = opts; /* Options on 1st line of code */
  346. if (*inlo)
  347. varg[j++] = inlo; /* Option introducing inline code */
  348. varg[j++] = scrpt; /* The script itself */
  349. if (*lsto)
  350. varg[j++] = lsto; /* Option meaning last option */
  351. i = (ret > 1) ? ret : 0; /* Args numbering correction */
  352. while (i < argc)
  353. varg[j++] = argv[i++]; /* Main run-time arguments */
  354. varg[j] = 0; /* NULL terminated array */
  355. #if DEBUGEXEC
  356. debugexec(shll, j, varg);
  357. #endif
  358. execvp(shll, varg);
  359. return shll;
  360. }
  361.  
  362. int main(int argc, char ** argv)
  363. {
  364. #if DEBUGEXEC
  365. debugexec("main", argc, argv);
  366. #endif
  367. #if !TRACEABLE
  368. untraceable(argv[0]);
  369. #endif
  370. argv[1] = xsh(argc, argv);
  371. fprintf(stderr, "%s%s%s: %s\n", argv[0],
  372. errno ? ": " : "",
  373. errno ? strerror(errno) : "",
  374. argv[1] ? argv[1] : "<null>"
  375. );
  376. return 1;
  377. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!