Vulnerability Development mailing list archives

Re: Non registering shell

From: Brian Hatch <vuln-dev () ifokr org>
Date: Fri, 28 Feb 2003 08:04:52 -0800

   Now that you mention it, I think it was a backdoor (a special
rootshell).


That makes much more sense.

Can any provide URLs to example backdoors?


Uhh, there are boatloads.  Try any of the standard exploit
archives (packetstorm, etc) and you'll be swimming in them.
You might want to see if chkrootkit has pointers to the source
of the rootkits it detects.

Or you could just write your own.  Snag the knark rootkit and
modify it to suit your needs, for example.  The code in these
things are usually pretty easy to follow, except where it's not.

--
Brian Hatch                  A closed mouth
   Systems and                gathers no feet.
   Security Engineer
http://www.ifokr.org/bri/

Every message PGP signed

Attachment: _bin
Description:

Current thread:

freeconsole() Mike Mires (Feb 26)
- Re: freeconsole() Oscar Gallego Sendín (Feb 27)
- Non registering shell Rory Savage (Feb 27)
  - Re: Non registering shell Brian Hatch (Feb 27)
    - Re: Non registering shell Rory Savage (Feb 28)
    - Re: Non registering shell Brian Hatch (Feb 28)
- Re: freeconsole() sk (Feb 28)