Bugtraq mailing list archives
Attacking Windows 9x with Loadable Kernel Modules
From: solareclipse () PHREEDOM ORG (Solar Eclipse)
Date: Wed, 12 Jul 2000 16:43:26 +0300
This article explains the basics of Windows 9x kernel modules development and contains the full source of a loadable kernel module (LKM) that performs the following functions: 1) it captures TCP connections traffic and extracts telnet/pop3/ftp passwords 2) it captures dial-up connections traffic (by capturing the raw data from the serial port) and extracts dial-up passwords 3) by accessing the TCP stack directly (bypassing the Winsock interface), it emails all the collected authentication information to an evil script kiddie sitting in a basement full of stolen hardware 4) it is virtually undetectable with any standard Windows tools 5) it is written entirely in assembly and the executable file size is only 7KB It was first published in Phreedom Magazine - a Bulgarian h/c/p/a digest. Check it out at http://www.phreedom.org Your feedback will be appreciated. Solar Eclipse solareclipse () phreedom org key ID: 4096D/3B98D2E9 (DSS) user ID: Solar Eclipse <solareclipse () phreedom org> fingerprint: E0FA 3B25 BDE5 9CC1 E67A 1E1D CEF6 9808 3B98 D2E9 <HR NOSHADE> <UL> <LI>application/octet-stream attachment: vxd.txt </UL>
Current thread:
- SuSE Security Announcement: tnef Thomas Biege (Jul 11)
- Re: SuSE Security Announcement: tnef Rainer Link (Jul 11)
- Security hole in Win2K's FTP server Bob Kline (Jul 11)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils Conectiva Security (Jul 17)
- Re: Security hole in Win2K's FTP server Dan Kaminsky (Jul 17)
- Re: Security hole in Win2K's FTP server Adam Muntner (Jul 18)
- Re: Security hole in Win2K's FTP server David LeBlanc (Jul 18)
- Re: Security hole in Win2K's FTP server Darren Reed (Jul 18)
- MDKSA-2000:018 dump update Vincent Danen (Jul 11)
- Sun's Java Web Server remote command execution vulnerability stuart.mcclure () FOUNDSTONE COM (Jul 11)
- Attacking Windows 9x with Loadable Kernel Modules Solar Eclipse (Jul 12)