Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)
From: khaalel <khaalel () gmail com>
Date: Fri, 6 May 2005 20:07:01 +0200

For the sophistication, KSpynix is not the right code, but the
directory are hardcoded because, unlikely windows where regedit and
other tool exist, under BSD for knowing the installed ports there is
only one path :  /var/db/pkg/, for the emails i scan all the files
from /home/<username>/, for the password there is only one path :
/etc/passwd , and for opera to obtain informations about the user,
there are only the files i gave:: here are the only hardcoded
directories, but how  would I have  to make  to obtain the
informations i quoted whithout openning the files i quoted?

I writed KSpynix because i didn't find an unix spyware, do you have
one? i am interesting by seeing its code. And do you have a better
code for KSpynix,  I do not say not to see it i  will surely learn
something if you have a better mean to obtain the informations i
quoted.

khaalel

On 5/6/05, Day Jay <d4yj4y () yahoo com> wrote:
That's gotta be the most half assed piece of code
offered as something for spyware I've ever seen! All
of the directories are like hardcoded and statically
linked! that is no where near any spyware
sophistication I have seen in windows spyware
programs.

d
--- khaalel <khaalel () gmail com> wrote:
Since KSpyware was on the net, i received some mails
of people who
wanted to know if spywares under Unix systems could
be coded.  I did
some search on the net to find an unix spyware, but
i found nothing.
So i launch my freebsd box and i started to code an
unix spyware :
like under windows systems, spywares under Unix
systems can be easily
coded but its long (i coded KSpynix during 5 hours)
because we have to
find the right conf files.

So KSpynix is only a proof of concept but it work
well : i tested it
under FreeBSD 5.3 (like i don't use Linux i can't
tell you if all the
code work under Linux but i know it will work well
under Gentoo Linux
that use the system of ports like the BSD systems).

For the moment, KSpynix can  list all the installed
programs, can spy
the web sites the victim visited, can obtain a list
of e-mail
adresses, cookies, can hijack Opera's main page and
can do the things
you want if the victim have root powers (like copy
the /etc/htpasswd
file).

All the glaned informations are put in a repertory,
to send the
repertory, the spyware could create a shell script
that would use sftp
or other tools.

Well, here is KSpynix's code cource (in Python) :
http://nzeka-labs.com/hacking/KSpynix.htm

KSpynix is under GPL so:
"You may copy and distribute verbatim copies of the
Program's source
code as you receive it, in any medium, provided that
you conspicuously
and appropriately publish on each copy an
appropriate copyright notice
and disclaimer of warranty; keep intact all the
notices that refer to
this License and to the absence of any warranty; and
give any other
recipients of the Program a copy of this License
along with the
Program." BUT DON'T TRY IT ON THE WEB.


- Nzeka Gilbert aka Khaalel
- www.nzeka-labs.com
- Author of the french security book: "La protection
des sites
informatique face au hacking".
_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]