lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040104161145.GA609@team-teso.net>
Date: Sun, 4 Jan 2004 17:11:45 +0100
From: Stealth <stealth@...m-teso.net>
To: teso-announce@...m-teso.net, bugtraq@...urityfocus.com
Subject: Announcing adore-ng 0.31


hi,

At

http://stealth.7350.org/rootkits/adore-ng-0.31.tgz

you can find the latest Adore-ng. Since the new version supports
various new features as previously braindumped in Phrack #61
(evil-log-tagging, LKM infection, reboot residency) I announce
this version.

If you never used adore before, here's a list of supported
things:

 o runs on kernel 2.4.x UP and SMP systems
 o first test-versions successfully run on 2.6.0
 o file and directory hiding
 o process hiding
 o socket-hiding (no matter whether LISTENing, CONNECTED etc)
 o full-capability back door
 o does not utilize sys_call_table but VFS layer
 o KISS principle, to have as less things in there as possible
   but also being as much powerful as possible
		   
new since adore-ng 0.30:

 o syslog filtering: logs generated by hidden processes never appear
   on the syslog UNIX socket anymore
 o wtmp/utmp/lastlog filtering: writing of xtmp entries by hidden
   processes
   do not appear in the file, except you force it by using special
   hidden AND authenticated process (a sshd back door is usually only
   hidden thus xtmp entries written by sshd don't make it to disk)
 o (optional) relinking of LKMs as described in phrack #61 aka
   LKM infection to make it possible to be automatically reloaded after
   reboot

  The build and installation process is usually as easy as
  './configure && make && ./startadore' and/or
  './configure && make && ./relink' so you can set up your honey-pot
  test-environment very easily.

regards,
Stealth



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ