Announcement: Solaris loadable kernel module backdoor

From: plasmoid (plasmoidat_private)
Date: Mon Dec 20 1999 - 14:43:46 PST

Next message: Brian: "Re: Groupwise Web Interface"

Previous message: Richard M. Smith: "The money: protocol in Internet Explorer"
Next in thread: pedwardat_private: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: pedwardat_private: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Rainer Link: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Marc Esipovich: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Keith Owens: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Steven Alexander: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Ralf-Philipp Weinmann: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Kragen Sitaker: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Pavel Kankovsky: "Re: Announcement: Solaris loadable kernel module backdoor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd like to announce in addition to the two THC articles covering Linux
and FreeBSD loadable kernel module backdoors the first public loadable
kernel module backdoor for Solaris.

The module features:
        - File hiding
        - File content and directory hiding
        - Switch to toggle file content and directory hiding
        - Process hiding (structured proc)
        - Promiscous flag hiding
        - Converting magic uid to root uid
        - Execution redirecting

It has been successfully tested on the following operating systems:
Solaris7 x86 / sparc / ultrasparc
Solaris 2.6 ultrasparc

The module can be directly downloaded from
--- http://www.infowar.co.uk/thc/files/thc/slkm-1.0.tar.gz

A complete documentation of the kernel module's functions can be found in
my article "Attacking Solaris with loadable kernel modules" at
--- http://www.infowar.co.uk/thc

Regards,
Plasmoid / THC
http://www.infowar.co.uk/thc
http://www.pimmel.com

Next message: Brian: "Re: Groupwise Web Interface"
Previous message: Richard M. Smith: "The money: protocol in Internet Explorer"
Next in thread: pedwardat_private: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: pedwardat_private: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Rainer Link: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Marc Esipovich: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Keith Owens: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Steven Alexander: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Ralf-Philipp Weinmann: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Kragen Sitaker: "Re: Announcement: Solaris loadable kernel module backdoor"
Reply: Pavel Kankovsky: "Re: Announcement: Solaris loadable kernel module backdoor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:05 PDT