lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2d7da927050506110713d89181@mail.gmail.com>
Date: Fri May  6 19:07:06 2005
From: khaalel at gmail.com (khaalel)
Subject: KSpynix ::: the Unix version of KSpyware?
	(Proof Of Concept)

For the sophistication, KSpynix is not the right code, but the
directory are hardcoded because, unlikely windows where regedit and
other tool exist, under BSD for knowing the installed ports there is
only one path :  /var/db/pkg/, for the emails i scan all the files
from /home/<username>/, for the password there is only one path :
/etc/passwd , and for opera to obtain informations about the user,
there are only the files i gave:: here are the only hardcoded
directories, but how  would I have  to make  to obtain the
informations i quoted whithout openning the files i quoted?

I writed KSpynix because i didn't find an unix spyware, do you have
one? i am interesting by seeing its code. And do you have a better
code for KSpynix,  I do not say not to see it i  will surely learn
something if you have a better mean to obtain the informations i
quoted.

khaalel

On 5/6/05, Day Jay <d4yj4y@...oo.com> wrote:
> That's gotta be the most half assed piece of code
> offered as something for spyware I've ever seen! All
> of the directories are like hardcoded and statically
> linked! that is no where near any spyware
> sophistication I have seen in windows spyware
> programs.
> 
> d
> --- khaalel <khaalel@...il.com> wrote:
> > Since KSpyware was on the net, i received some mails
> > of people who
> > wanted to know if spywares under Unix systems could
> > be coded.  I did
> > some search on the net to find an unix spyware, but
> > i found nothing.
> > So i launch my freebsd box and i started to code an
> > unix spyware :
> > like under windows systems, spywares under Unix
> > systems can be easily
> > coded but its long (i coded KSpynix during 5 hours)
> > because we have to
> > find the right conf files.
> >
> > So KSpynix is only a proof of concept but it work
> > well : i tested it
> > under FreeBSD 5.3 (like i don't use Linux i can't
> > tell you if all the
> > code work under Linux but i know it will work well
> > under Gentoo Linux
> > that use the system of ports like the BSD systems).
> >
> > For the moment, KSpynix can  list all the installed
> > programs, can spy
> > the web sites the victim visited, can obtain a list
> > of e-mail
> > adresses, cookies, can hijack Opera's main page and
> > can do the things
> > you want if the victim have root powers (like copy
> > the /etc/htpasswd
> > file).
> >
> > All the glaned informations are put in a repertory,
> > to send the
> > repertory, the spyware could create a shell script
> > that would use sftp
> > or other tools.
> >
> > Well, here is KSpynix's code cource (in Python) :
> > http://nzeka-labs.com/hacking/KSpynix.htm
> >
> > KSpynix is under GPL so:
> > "You may copy and distribute verbatim copies of the
> > Program's source
> > code as you receive it, in any medium, provided that
> > you conspicuously
> > and appropriately publish on each copy an
> > appropriate copyright notice
> > and disclaimer of warranty; keep intact all the
> > notices that refer to
> > this License and to the absence of any warranty; and
> > give any other
> > recipients of the Program a copy of this License
> > along with the
> > Program." BUT DON'T TRY IT ON THE WEB.
> >
> >
> > - Nzeka Gilbert aka Khaalel
> > - www.nzeka-labs.com
> > - Author of the french security book: "La protection
> > des sites
> > informatique face au hacking".
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> >
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia -
> > http://secunia.com/
> >
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ