Full Disclosure mailing list archives
Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)
From: khaalel <khaalel () gmail com>
Date: Fri, 6 May 2005 20:07:01 +0200
For the sophistication, KSpynix is not the right code, but the directory are hardcoded because, unlikely windows where regedit and other tool exist, under BSD for knowing the installed ports there is only one path : /var/db/pkg/, for the emails i scan all the files from /home/<username>/, for the password there is only one path : /etc/passwd , and for opera to obtain informations about the user, there are only the files i gave:: here are the only hardcoded directories, but how would I have to make to obtain the informations i quoted whithout openning the files i quoted? I writed KSpynix because i didn't find an unix spyware, do you have one? i am interesting by seeing its code. And do you have a better code for KSpynix, I do not say not to see it i will surely learn something if you have a better mean to obtain the informations i quoted. khaalel On 5/6/05, Day Jay <d4yj4y () yahoo com> wrote:
That's gotta be the most half assed piece of code offered as something for spyware I've ever seen! All of the directories are like hardcoded and statically linked! that is no where near any spyware sophistication I have seen in windows spyware programs. d --- khaalel <khaalel () gmail com> wrote:Since KSpyware was on the net, i received some mails of people who wanted to know if spywares under Unix systems could be coded. I did some search on the net to find an unix spyware, but i found nothing. So i launch my freebsd box and i started to code an unix spyware : like under windows systems, spywares under Unix systems can be easily coded but its long (i coded KSpynix during 5 hours) because we have to find the right conf files. So KSpynix is only a proof of concept but it work well : i tested it under FreeBSD 5.3 (like i don't use Linux i can't tell you if all the code work under Linux but i know it will work well under Gentoo Linux that use the system of ports like the BSD systems). For the moment, KSpynix can list all the installed programs, can spy the web sites the victim visited, can obtain a list of e-mail adresses, cookies, can hijack Opera's main page and can do the things you want if the victim have root powers (like copy the /etc/htpasswd file). All the glaned informations are put in a repertory, to send the repertory, the spyware could create a shell script that would use sftp or other tools. Well, here is KSpynix's code cource (in Python) : http://nzeka-labs.com/hacking/KSpynix.htm KSpynix is under GPL so: "You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program." BUT DON'T TRY IT ON THE WEB. - Nzeka Gilbert aka Khaalel - www.nzeka-labs.com - Author of the french security book: "La protection des sites informatique face au hacking". _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) Day Jay (May 06)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) khaalel (May 06)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 06)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) me (May 10)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) James Tucker (May 10)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 11)
- Message not available
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) khaalel (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) James Tucker (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) Valdis . Kletnieks (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 06)
- Message not available
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) khaalel (May 06)