| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 4 Jan 2004 17:11:45 +0100 From: Stealth <stealth@...m-teso.net> To: teso-announce@...m-teso.net, bugtraq@...urityfocus.com Subject: Announcing adore-ng 0.31 hi, At http://stealth.7350.org/rootkits/adore-ng-0.31.tgz you can find the latest Adore-ng. Since the new version supports various new features as previously braindumped in Phrack #61 (evil-log-tagging, LKM infection, reboot residency) I announce this version. If you never used adore before, here's a list of supported things: o runs on kernel 2.4.x UP and SMP systems o first test-versions successfully run on 2.6.0 o file and directory hiding o process hiding o socket-hiding (no matter whether LISTENing, CONNECTED etc) o full-capability back door o does not utilize sys_call_table but VFS layer o KISS principle, to have as less things in there as possible but also being as much powerful as possible new since adore-ng 0.30: o syslog filtering: logs generated by hidden processes never appear on the syslog UNIX socket anymore o wtmp/utmp/lastlog filtering: writing of xtmp entries by hidden processes do not appear in the file, except you force it by using special hidden AND authenticated process (a sshd back door is usually only hidden thus xtmp entries written by sshd don't make it to disk) o (optional) relinking of LKMs as described in phrack #61 aka LKM infection to make it possible to be automatically reloaded after reboot The build and installation process is usually as easy as './configure && make && ./startadore' and/or './configure && make && ./relink' so you can set up your honey-pot test-environment very easily. regards, Stealth
Powered by blists - more mailing lists