Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Re: [VulnDiscuss] Re: [VulnWatch] KSpynix ::: the Unix

from [khaalel] Network Security [Permanent Link]
Subject: [Full-disclosure] Re: [VulnDiscuss] Re: [VulnWatch] KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)
Date: Sat, 7 May 2005 07:40:22 +0200 
 If the user is non-priviledge the spyware will work too without using
 the function ifroot.

 khaalel


On 5/6/05, William Warren <hescominsoon@emmanuelcomputerconsulting.com> wrote:

ok that is as rot.  What if the user is non-privledged?

khaalel wrote:


Since KSpyware was on the net, i received some mails of people who
wanted to know if spywares under Unix systems could be coded.  I did
some search on the net to find an unix spyware, but i found nothing.
So i launch my freebsd box and i started to code an unix spyware :
like under windows systems, spywares under Unix systems can be easily
coded but its long (i coded KSpynix during 5 hours) because we have to
find the right conf files.

So KSpynix is only a proof of concept but it work well : i tested it
under FreeBSD 5.3 (like i don't use Linux i can't tell you if all the
code work under Linux but i know it will work well under Gentoo Linux
that use the system of ports like the BSD systems).

For the moment, KSpynix can  list all the installed programs, can spy
the web sites the victim visited, can obtain a list of e-mail
adresses, cookies, can hijack Opera's main page and can do the things
you want if the victim have root powers (like copy the /etc/htpasswd
file).

All the glaned informations are put in a repertory, to send the
repertory, the spyware could create a shell script that would use sftp
or other tools.

Well, here is KSpynix's code cource (in Python) :
http://nzeka-labs.com/hacking/KSpynix.htm

KSpynix is under GPL so:
"You may copy and distribute verbatim copies of the Program's source
code as you receive it, in any medium, provided that you conspicuously
and appropriately publish on each copy an appropriate copyright notice
and disclaimer of warranty; keep intact all the notices that refer to
this License and to the absence of any warranty; and give any other
recipients of the Program a copy of this License along with the
Program." BUT DON'T TRY IT ON THE WEB.


- Nzeka Gilbert aka Khaalel
- www.nzeka-labs.com
- Author of the french security book: "La protection des sites
informatique face au hacking".



--
Computer House Calls, Networks, Security, Web Design:
http://www.emmanuelcomputerconsulting.com
What businesses are in Brunswick, Maryland?  Check Brunswick First!
http://www.checkbrunswickfirst.com
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee shall prosper;
and every tongue that shall rise against thee in judgment thou
shalt condemn. This is the heritage of the servants of the LORD,
and their righteousness is of me, saith the LORD.

-- carpe ductum -- "Grab the tape"
CDTT (Certified Duct Tape Technician)

Linux user #322099
Machines:
206822
256638
276825
http://counter.li.org/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Re: [VulnWatch] KSpynix ::: the Unix version of KSpyware? (Proof Of Concept), William Warren
Next by Date:  [Full-disclosure] phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski
Previous by Thread:  [Full-disclosure] Re: [VulnWatch] KSpynix ::: the Unix version of KSpyware? (Proof Of Concept), William Warren
Next by Thread:  [VulnWatch] [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Gary O'leary-Steele
Indexes:  [Date] [Thread] [Top] [All Lists]