I'd like to announce in addition to the two THC articles covering Linux and FreeBSD loadable kernel module backdoors the first public loadable kernel module backdoor for Solaris. The module features: - File hiding - File content and directory hiding - Switch to toggle file content and directory hiding - Process hiding (structured proc) - Promiscous flag hiding - Converting magic uid to root uid - Execution redirecting It has been successfully tested on the following operating systems: Solaris7 x86 / sparc / ultrasparc Solaris 2.6 ultrasparc The module can be directly downloaded from --- http://www.infowar.co.uk/thc/files/thc/slkm-1.0.tar.gz A complete documentation of the kernel module's functions can be found in my article "Attacking Solaris with loadable kernel modules" at --- http://www.infowar.co.uk/thc Regards, Plasmoid / THC http://www.infowar.co.uk/thc http://www.pimmel.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:05 PDT