Re: Non registering shell

From: Brian Hatch (vuln-devat_private)
Date: Fri Feb 28 2003 - 08:04:52 PST

Next message: kim0: "Re: Security contact for Bank Of America"

Previous message: jesat_private: "Security contact for Bank Of America"
In reply to: Rory Savage: "Re: Non registering shell"
Next in thread: sk: "Re: freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>    Now that you mention it, I think it was a backdoor (a special
> rootshell).

That makes much more sense.

> Can any provide URLs to example backdoors?

Uhh, there are boatloads.  Try any of the standard exploit
archives (packetstorm, etc) and you'll be swimming in them.
You might want to see if chkrootkit has pointers to the source
of the rootkits it detects.

Or you could just write your own.  Snag the knark rootkit and
modify it to suit your needs, for example.  The code in these
things are usually pretty easy to follow, except where it's not.

--
Brian Hatch                  A closed mouth
   Systems and                gathers no feet.
   Security Engineer
http://www.ifokr.org/bri/

Every message PGP signed

application/pgp-signature attachment: stored

Next message: kim0: "Re: Security contact for Bank Of America"
Previous message: jesat_private: "Security contact for Bank Of America"
In reply to: Rory Savage: "Re: Non registering shell"
Next in thread: sk: "Re: freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 28 2003 - 08:46:52 PST