[VulnWatch] KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)

From: khaalel (khaalel_at_gmail.com)
Date: 05/06/05

  • Next message: David Remahl: "[VulnWatch] Advisories for 4 vulnerabilities addressed by Apple SU 2005-005"
    Date: Fri, 6 May 2005 11:27:58 +0200
    To: full-disclosure@lists.grok.org.uk, vulnwatch@vulnwatch.org
    
    

    Since KSpyware was on the net, i received some mails of people who
    wanted to know if spywares under Unix systems could be coded. I did
    some search on the net to find an unix spyware, but i found nothing.
    So i launch my freebsd box and i started to code an unix spyware :
    like under windows systems, spywares under Unix systems can be easily
    coded but its long (i coded KSpynix during 5 hours) because we have to
    find the right conf files.

    So KSpynix is only a proof of concept but it work well : i tested it
    under FreeBSD 5.3 (like i don't use Linux i can't tell you if all the
    code work under Linux but i know it will work well under Gentoo Linux
    that use the system of ports like the BSD systems).

    For the moment, KSpynix can list all the installed programs, can spy
    the web sites the victim visited, can obtain a list of e-mail
    adresses, cookies, can hijack Opera's main page and can do the things
    you want if the victim have root powers (like copy the /etc/htpasswd
    file).

    All the glaned informations are put in a repertory, to send the
    repertory, the spyware could create a shell script that would use sftp
    or other tools.

    Well, here is KSpynix's code cource (in Python) :
    http://nzeka-labs.com/hacking/KSpynix.htm

    KSpynix is under GPL so:
    "You may copy and distribute verbatim copies of the Program's source
    code as you receive it, in any medium, provided that you conspicuously
    and appropriately publish on each copy an appropriate copyright notice
    and disclaimer of warranty; keep intact all the notices that refer to
    this License and to the absence of any warranty; and give any other
    recipients of the Program a copy of this License along with the
    Program." BUT DON'T TRY IT ON THE WEB.

    - Nzeka Gilbert aka Khaalel
    - www.nzeka-labs.com
    - Author of the french security book: "La protection des sites
    informatique face au hacking".


  • Next message: David Remahl: "[VulnWatch] Advisories for 4 vulnerabilities addressed by Apple SU 2005-005"