forked from juanschallibaum/Nuk3Gh0st
-
Notifications
You must be signed in to change notification settings - Fork 0
/
disable-nuk3gh0st
153 lines (133 loc) · 4.29 KB
/
disable-nuk3gh0st
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/bin/bash
green='\e[0;32m'
red='\e[0;31m'
purple='\e[0;35m'
cyan='\e[0;36m'
endColor='\e[0m'
item=${green}[*]${endColor}
function print_banner {
echo ""
echo -e "${green}##################################${endColor}"
echo -e "${green}# Disabling nuk3gh0st at startup #${endColor}"
echo -e "${green}##################################${endColor}"
echo ""
}
function enable_selinux {
echo -e "${item} Reenabling SELINUX"
echo -e " ${purple} cmd: setenforce 1${endColor}"
setenforce 1
echo ""
}
function disable_selinux {
echo -e "${item} Disabling SELINUX temporarily"
echo -e " ${purple} cmd: setenforce 0${endColor}"
setenforce 0
echo ""
}
function disable_systemd_service {
#echo -e "${item} Stopping nuk3gh0st.service"
#echo -e " ${purple} cmd: service nuk3gh0st stop${endColor}"
#echo -n -e "${cyan}"
#service nuk3gh0st stop
#echo -n -e "${endColor}"
#echo ""
echo -e "${item} Disabling nuk3gh0st.service"
echo -e " ${purple} cmd: systemctl disable nuk3gh0st.service${endColor}"
echo -n -e "${cyan}"
systemctl disable nuk3gh0st.service
echo -n -e "${endColor}"
echo ""
}
function remove_systemd_service {
echo -e "${item} Removing nuk3gh0st.service"
echo -e " ${purple} cmd: rm /lib/systemd/system/nuk3gh0st.service${endColor}"
rm /lib/systemd/system/nuk3gh0st.service
echo ""
}
function remove_rc_symlinks {
#echo -e "${item} Removing symbolic links of nuk3gh0st.startup for run levels from 1 to 5"
#echo -e " ${purple} cmd: rm /etc/rc1.d/S98nuk3gh0st.startup${endColor}"
#rm /etc/rc1.d/S98nuk3gh0st.startup
#echo -e " ${purple} cmd: rm /etc/rc2.d/S98nuk3gh0st.startup${endColor}"
#rm /etc/rc2.d/S98nuk3gh0st.startup
#echo -e " ${purple} cmd: rm /etc/rc3.d/S98nuk3gh0st.startup${endColor}"
#rm /etc/rc3.d/S98nuk3gh0st.startup
#echo -e " ${purple} cmd: rm /etc/rc4.d/S98nuk3gh0st.startup${endColor}"
#rm /etc/rc4.d/S98nuk3gh0st.startup
#echo -e " ${purple} cmd: rm /etc/rc5.d/S98nuk3gh0st.startup${endColor}"
#rm /etc/rc5.d/S98nuk3gh0st.startup
#echo ""
echo -e "${item} Removing symbolic links to nuk3gh0st.startup"
echo -e " ${purple} cmd: update-rc.d -f nuk3gh0st.startup remove${endColor}"
echo -n -e "${cyan}"
update-rc.d -f nuk3gh0st.startup remove
echo -n -e "${endColor}"
echo ""
}
function remove_init_service {
echo -e "${item} Removing nuk3gh0st.startup from /etc/init.d/ (sysv-init startup script directory)"
echo -e " ${purple} cmd: rm /etc/init.d/nuk3gh0st.startup${endColor}"
rm /etc/init.d/nuk3gh0st.startup
echo ""
}
function remove_upstart_service {
echo -e "${item} Removing nuk3gh0st.conf from /etc/init/ (Upstart startup script directory)"
echo -e " ${purple} cmd: rm /etc/init/nuk3gh0st.conf${endColor}"
rm /etc/init/nuk3gh0st.conf
echo ""
}
function disable_startup_service {
echo -e "${item} Detecting init system..."
echo -n -e "${cyan}"
if [[ `/sbin/init --version` =~ upstart ]]; then
echo -n -e "${endColor}"
echo -e "${item} Init system is upstart"
remove_upstart_service
elif [[ `systemctl` =~ -\.mount ]]; then
echo -n -e "${endColor}"
echo -e "${item} Init system is systemd"
disable_systemd_service
remove_systemd_service
elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
echo -n -e "${endColor}"
echo -e "${item} Init system is sysv-init"
remove_rc_symlinks
remove_init_service
else
echo -n -e "${endColor}"
echo -e "${item} Init system is unrecognized. Trying with sysv-init"
remove_rc_symlinks
remove_init_service
fi
}
function unload_rootkit {
echo -e "${item} Unhiding nuk3gh0st LKM rootkit (making visible with lsmod)"
echo -e " ${purple} cmd: nuk3gh0st --unhide${endColor}"
nuk3gh0st --unhide
echo ""
echo -e "${item} Unprotecting nuk3ghost LKM rootkit"
echo -e " ${purple} cmd: nuk3gh0st --unprotect${endColor}"
nuk3gh0st --unprotect
echo ""
echo -e "${item} Unloading nuk3gh0st LKM rootkit"
echo -e " ${purple} cmd: rmmod rootkit.ko${endColor}"
echo -n -e "${cyan}"
rmmod rootkit.ko
#sleep 3
echo -n -e "${endColor}"
echo ""
}
print_banner
echo -e "${item} Checking if SELINUX is enabled"
if [ -f /usr/sbin/semanage ]; then
echo -e "${item} SELINUX is enabled"
#semanage permissive -d insmod_t
disable_selinux
disable_startup_service
unload_rootkit
enable_selinux
else
echo -e "${item} SELINUX is disabled"
disable_startup_service
unload_rootkit
fi