name
====
rubilyn
description
===========
64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the
BSD subsystem in all OS-X Lion & below. It uses a combination of syscall
hooking and DKOM to hide activity on a host. String resolution of
symbols no longer works on Mountain Lion as symtab is destroyed during
load, this code is portable on all Lion & below but requires re-working
for hooking under Mountain Lion.
currently supports:
* works across multiple kernel versions (tested 11.0.0+)
* give root privileges to pid
* hide files / folders
* hide a process
* hide a user from 'who'/'w'
* hide a network port from netstat
* sysctl interface for userland control
* execute a binary with root privileges via magic ICMP ping
link
====
http://www.nullsecurity.net/backdoor.html
md5
===
4e8726f077ff7d1b0a761ab15d4d8bc9
cheers,
noptrix & prdelka
--
Name: Levon 'noptrix' Kayan
E-Mail: noptrix () nullsecurity net
GPG key: 0xDCA45D42
Key fingerprint: 250A 573C CA93 01B3 7A34 7860 4D48 E33A DCA4 5D42
Homepage: http://www.nullsecurity.net/
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum