Bugtraq mailing list archives
Anti Hijacking tools
From: shipley () merde dis org (Pete Shipley)
Date: Fri, 27 Jan 1995 19:33:33 -0800
------- =_aaaaaaaaaa0 Content-Type: text/x-pgp; charset="us-ascii" Content-ID: <22906.791264012.1 () merde dis org> Content-Description: Pgp signed cleartext -----BEGIN PGP SIGNED MESSAGE----- Here is a program that does some of what der Mouse's device driver does but runs as program that edits /dev/kmem to disable the device /dev/vd. I did what can to bullet proof the code so that it does not stomp on the wrong device driver. Written and tested under 4.1.3u1 -Pete shipley () dis org -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLym6sXynuL1gkffFAQG7FAH+MJ/fdxXDHsppsWTaBWJ78EnKlCRglK8w x1VF5tudzrqYPcc5alrulZJAUCNM3GTLReerHucxeROOqYjVKmAzCQ== =5xve -----END PGP SIGNATURE----- ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <22906.791264012.2 () merde dis org> Content-Description: noload.shar #! /bin/sh mkdir Noload cd Noload #! /bin/sh echo x - Makefile cat >Makefile <<'!E!O!F!' CC=gcc -Wall #CC=cc CFLAGS=-g -pipe noload: noload.o $(CC) -g -pipe -o $@ $@.o -lkvm yesload: yesload.o $(CC) -g -pipe -o $@ $@.o -lkvm clean: /bin/rm -f noload noload.o !E!O!F! #! /bin/sh echo x - README cat >README <<'!E!O!F!' noload.c by Peter Shipley <shipley () complete dis org> Fri Jan 27 03:02:59 PST 1995 inspired by a device driver by der Mouse <mouse () Collatz McRCIM McGill EDU> This program disables and open and ioctl of /dev/vd thus blocking modload and modstat from from funtioning. The use of this is to disable people (crackers) from installing "unwanted" drivers. !E!O!F! #! /bin/sh echo x - noload.c cat >noload.c <<'!E!O!F!' /* noload.c by Peter Shipley */ /* Fri Jan 27 03:02:59 PST 1995 */ /* this program disables and open and ioctl of /dev/vd */ /* thus blocking modload from funtioning. */ /* inspired by a device driver by der Mouse <mouse () Collatz McRCIM McGill EDU> */ #include <stdio.h> #include <kvm.h> #include <fcntl.h> #include <nlist.h> #include <sys/conf.h> static struct nlist nl[] = { { "_cdevsw" }, #define CDEVSW 0 { "_vdopen" }, #define VDOPEN 1 { "_vdclose" }, #define VDCLOSE 2 { "_nodev" }, #define NODEV 3 { "" }, }; #define nlsize (sizeof (nl) / sizeof (struct nlist)) #define VD 57 static char *kmemf, *swapf, *nlistf; static kvm_t *kvmp; static struct cdevsw cd; static struct cdevsw *cd_p; extern errno; int printf(); int fprintf(); void exit(); static debug=0; int main(ac, av) int ac; char *av[]; { int i; /* open the kmem device */ kvmp = kvm_open(nlistf, kmemf, swapf, O_RDWR, av[0]); /* if kvm_open had failed it would have printed at error string for us */ if(kvmp == NULL) { exit(1); } /* get the name list from the kernal */ i = kvm_nlist(kvmp, nl); /* test that we obtained the namelist we wanted */ if ( i > 0 ) { (void) fprintf(stderr, "%s: kvm_nlist failed to read all symbols, aborting...\n", av[0]); exit(1); } if (debug) { (void) printf("n_name = %s n_type=%x n_value=%x\n", nl[CDEVSW].n_name, nl[CDEVSW].n_type, nl[CDEVSW].n_value); (void) printf("n_name = %s n_type=%x n_value=%x\n", nl[VDOPEN].n_name, nl[VDOPEN].n_type, nl[VDOPEN].n_value); (void) printf("n_name = %s n_type=%x n_value=%x\n", nl[NODEV].n_name, nl[NODEV].n_type, nl[NODEV].n_value); } /* calc the address the the 57'th array index */ cd_p = &( ((struct cdevsw *) nl[0].n_value)[VD]); if(debug) { (void) printf("%x %x\n", (int) nl[0].n_value, (int) cd_p); } /* read in the 57'th index if cdevsw */ (void) kvm_read(kvmp, cd_p, &cd, sizeof(struct cdevsw)); /* test that we got the right one */ if( (caddr_t) cd.d_close != (caddr_t) nl[VDCLOSE].n_value ) { (void) fprintf(stderr, "%s: Error loadable modules interface driver no at index %d, aborting...\n", av[0], VD); exit(1); } /* test that we have not done this already */ if( (caddr_t) cd.d_open == (caddr_t) nl[NODEV].n_value ) { (void) fprintf(stderr, "%s: loadable modules interface driver has already been disabled, exiting..\n", av[0]); exit(1); } cd.d_open = (caddr_t) nl[NODEV].n_value; cd.d_ioctl = (caddr_t) nl[NODEV].n_value; /* update the entery in the character device table */ i = kvm_write(kvmp, cd_p, &cd, sizeof(struct cdevsw)); /* report the sucess of the write */ if (i == sizeof(struct cdevsw) ) { (void) printf("%s: loadable modules interface driver is now disabled\n", av[0]); } else { (void) printf("%s: write error occored while updating the character device table\n", av[0]); } /* it is safe to ignore the result of this operation */ (void) kvm_close(kvmp); exit(0); } !E!O!F! cd .. ------- =_aaaaaaaaaa0--
Current thread:
- Re: Hijacking tool, (continued)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Eric Conrad (Jan 24)
- Re: Hijacking tool Jim Duncan (Jan 24)
- Re: Hijacking tool John Evans (Jan 24)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool jim () Tadpole COM (Jan 23)
- Re: Hijacking tool Darren Reed (Jan 23)
- CIAC Advisory F-08: IP Address Spoofing and Hijacked Session Attacks (fwd) Mark Crother (Jan 23)
- Re: Hijacking tool Patrick Horgan (Jan 23)
- Re: Hijacking tool der Mouse (Jan 24)
- Anti Hijacking tools Pete Shipley (Jan 27)
- Re: Anti Hijacking tools jsz (Jan 28)
- Re: Anti Hijacking tools Karl Strickland (Jan 28)
- Re: Anti Hijacking tools Darren Reed (Jan 28)
- Anti Hijacking tools Pete Shipley (Jan 27)
- Re: Hijacking tool Timothy Newsham (Jan 25)
- Re: Hijacking tool Harold van Aalderen (Jan 25)
- Re: Hijacking tool Aleph One (Jan 25)
- Re: Hijacking tool Jonathan M. Bresler (Jan 26)