I'd like to announce in addition to the two THC articles covering Linux
and FreeBSD loadable kernel module backdoors the first public loadable
kernel module backdoor for Solaris.
The module features:
- File hiding
- File content and directory hiding
- Switch to toggle file content and directory hiding
- Process hiding (structured proc)
- Promiscous flag hiding
- Converting magic uid to root uid
- Execution redirecting
It has been successfully tested on the following operating systems:
Solaris7 x86 / sparc / ultrasparc
Solaris 2.6 ultrasparc
The module can be directly downloaded from
--- http://www.infowar.co.uk/thc/files/thc/slkm-1.0.tar.gz
A complete documentation of the kernel module's functions can be found in
my article "Attacking Solaris with loadable kernel modules" at
--- http://www.infowar.co.uk/thc
Regards,
Plasmoid / THC
http://www.infowar.co.uk/thc
http://www.pimmel.com
