Announcing adore-ng 0.31
From: Stealth (stealth_at_team-teso.net)
Date: 01/04/04
- Previous message: Paul Starzetz: "Re: Linux kernel mremap vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 4 Jan 2004 17:11:45 +0100 To: teso-announce@team-teso.net, bugtraq@securityfocus.com
hi,
At
http://stealth.7350.org/rootkits/adore-ng-0.31.tgz
you can find the latest Adore-ng. Since the new version supports
various new features as previously braindumped in Phrack #61
(evil-log-tagging, LKM infection, reboot residency) I announce
this version.
If you never used adore before, here's a list of supported
things:
o runs on kernel 2.4.x UP and SMP systems
o first test-versions successfully run on 2.6.0
o file and directory hiding
o process hiding
o socket-hiding (no matter whether LISTENing, CONNECTED etc)
o full-capability back door
o does not utilize sys_call_table but VFS layer
o KISS principle, to have as less things in there as possible
but also being as much powerful as possible
new since adore-ng 0.30:
o syslog filtering: logs generated by hidden processes never appear
on the syslog UNIX socket anymore
o wtmp/utmp/lastlog filtering: writing of xtmp entries by hidden
processes
do not appear in the file, except you force it by using special
hidden AND authenticated process (a sshd back door is usually only
hidden thus xtmp entries written by sshd don't make it to disk)
o (optional) relinking of LKMs as described in phrack #61 aka
LKM infection to make it possible to be automatically reloaded after
reboot
The build and installation process is usually as easy as
'./configure && make && ./startadore' and/or
'./configure && make && ./relink' so you can set up your honey-pot
test-environment very easily.
regards,
Stealth
- Previous message: Paul Starzetz: "Re: Linux kernel mremap vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
