segunda-feira, 31 de agosto de 2020

Rootkit Umbreon / Umreon - X86, ARM Samples



Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
Research: Trend Micro


There are two packages
one is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package)






Download

Download Email me if you need the password  



File information

Part one (full package)

#File NameHash ValueFile Size (on Disk)Duplicate?
1.umbreon-ascii0B880E0F447CD5B6A8D295EFE40AFA376085 bytes (5.94 KiB)
2autoroot1C5FAEEC3D8C50FAC589CD0ADD0765C7281 bytes (281 bytes)
3CHANGELOGA1502129706BA19667F128B44D19DC3C11 bytes (11 bytes)
4cli.shC846143BDA087783B3DC6C244C2707DC5682 bytes (5.55 KiB)
5hideportsD41D8CD98F00B204E9800998ECF8427E0 bytes ( bytes)Yes, of file promptlog
6install.sh9DE30162E7A8F0279E19C2C30280FFF85634 bytes (5.5 KiB)
7Makefile0F5B1E70ADC867DD3A22CA62644007E5797 bytes (797 bytes)
8portchecker006D162A0D0AA294C85214963A3D3145113 bytes (113 bytes)
9promptlogD41D8CD98F00B204E9800998ECF8427E0 bytes ( bytes)
10readlink.c42FC7D7E2F9147AB3C18B0C4316AD3D81357 bytes (1.33 KiB)
11ReadMe.txtB7172B364BF5FB8B5C30FF528F6C51252244 bytes (2.19 KiB)
12setup694FFF4D2623CA7BB8270F5124493F37332 bytes (332 bytes)
13spytty.sh0AB776FA8A0FBED2EF26C9933C32E97C1011 bytes (1011 bytes)Yes, of file spytty.sh
14umbreon.c91706EF9717176DBB59A0F77FE95241C1007 bytes (1007 bytes)
15access.c7C0A86A27B322E63C3C29121788998B8713 bytes (713 bytes)
16audit.cA2B2812C80C93C9375BFB0D7BFCEFD5B1434 bytes (1.4 KiB)
17chown.cFF9B679C7AB3F57CFBBB852A13A350B22870 bytes (2.8 KiB)
18config.h980DEE60956A916AFC9D2997043D4887967 bytes (967 bytes)
19config.h.dist980DEE60956A916AFC9D2997043D4887967 bytes (967 bytes)Yes, of file config.h
20dirs.c46B20CC7DA2BDB9ECE65E36A4F987ABC3639 bytes (3.55 KiB)
21dlsym.c796DA079CC7E4BD7F6293136604DC07B4088 bytes (3.99 KiB)
22exec.c1935ED453FB83A0A538224AFAAC71B214033 bytes (3.94 KiB)
23getpath.h588603EF387EB617668B00EAFDAEA393183 bytes (183 bytes)
24getprocname.hF5781A9E267ED849FD4D2F5F3DFB8077805 bytes (805 bytes)
25includes.hF4797AE4B2D5B3B252E0456020F58E59629 bytes (629 bytes)
26kill.cC4BD132FC2FFBC84EA5103ABE6DC023D555 bytes (555 bytes)
27links.c898D73E1AC14DE657316F084AADA58A02274 bytes (2.22 KiB)
28local-door.c76FC3E9E2758BAF48E1E9B442DB98BF8501 bytes (501 bytes)
29lpcap.hEA6822B23FE02041BE506ED1A182E5CB1690 bytes (1.65 KiB)
30maps.c9BCD90BEA8D9F9F6270CF2017F9974E21100 bytes (1.07 KiB)
31misc.h1F9FCC5D84633931CDD77B32DB1D50D02728 bytes (2.66 KiB)
32netstat.c00CF3F7E7EA92E7A954282021DD72DC41113 bytes (1.09 KiB)
33open.cF7EE88A523AD2477FF8EC17C9DCD7C028594 bytes (8.39 KiB)
34pam.c7A947FDC0264947B2D293E1F4D69684A2010 bytes (1.96 KiB)
35pam_private.h2C60F925842CEB42FFD639E7C763C7B012480 bytes (12.19 KiB)
36pam_vprompt.c017FB0F736A0BC65431A25E1A9D393FE3826 bytes (3.74 KiB)
37passwd.cA0D183BBE86D05E3782B5B24E2C964132364 bytes (2.31 KiB)
38pcap.cFF911CA192B111BD0D9368AFACA03C461295 bytes (1.26 KiB)
39procstat.c7B14E97649CD767C256D4CD6E4F8D452398 bytes (398 bytes)
40procstatus.c72ED74C03F4FAB0C1B801687BE200F063303 bytes (3.23 KiB)
41readwrite.cC068ED372DEAF8E87D0133EAC0A274A82710 bytes (2.65 KiB)
42rename.cC36BE9C01FEADE2EF4D5EA03BD2B3C05535 bytes (535 bytes)
43setgid.c5C023259F2C244193BDA394E2C0B8313667 bytes (667 bytes)
44sha256.h003D805D919B4EC621B800C6C239BAE0545 bytes (545 bytes)
45socket.c348AEF06AFA259BFC4E943715DB5A00B579 bytes (579 bytes)
46stat.cE510EE1F78BD349E02F47A7EB001B0E37627 bytes (7.45 KiB)
47syslog.c7CD3273E09A6C08451DD598A0F18B5701497 bytes (1.46 KiB)
48umbreon.hF76CAC6D564DEACFC6319FA167375BA54316 bytes (4.21 KiB)
49unhide-funcs.c1A9F62B04319DA84EF71A1B091434C644729 bytes (4.62 KiB)
50cryptpass.py2EA92D6EC59D85474ED7A91C8518E7EC192 bytes (192 bytes)
51environment.sh70F467FE218E128258D7356B7CE328F11086 bytes (1.06 KiB)
52espeon-connect.shA574C885C450FCA048E79AD6937FED2E247 bytes (247 bytes)
53espeon-shell9EEF7E7E3C1BEE2F8591A088244BE0CB2167 bytes (2.12 KiB)
54espeon.c499FF5CF81C2624B0C3B0B7E9C6D980D14899 bytes (14.55 KiB)
55listen.sh69DA525AEA227BE9E4B8D59ACFF4D717209 bytes (209 bytes)
56spytty.sh0AB776FA8A0FBED2EF26C9933C32E97C1011 bytes (1011 bytes)
57ssh-hidden.shAE54F343FE974302F0D31776B72D0987127 bytes (127 bytes)
58unfuck.c457B6E90C7FA42A7C46D464FBF1D68E2384 bytes (384 bytes)
59unhide-self.pyB982597CEB7274617F286CA80864F499986 bytes (986 bytes)
60listen.shF5BD197F34E3D0BD8EA28B182CCE7270233 bytes (233 bytes)

part 2 (those listed in the Trend Micro article)
#File NameHash ValueFile Size (on Disk)
1015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28acA47E38464754289C0F4A55ED7BB556489375 bytes (9.16 KiB)
20751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53aF9BA2429EAE5471ACDE820102C5B81597512 bytes (7.34 KiB)
30a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f0AB776FA8A0FBED2EF26C9933C32E97C1011 bytes (1011 bytes)
40ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ffB982597CEB7274617F286CA80864F499986 bytes (986 bytes)
5122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e86709EEF7E7E3C1BEE2F8591A088244BE0CB2167 bytes (2.12 KiB)
6409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64aB4746BB5E697F23A5842ABCAED36C9146149 bytes (6 KiB)
74fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234D0D97899131C29B3EC9AE89A6D49A23E65160 bytes (63.63 KiB)
88752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784E7E82D29DFB1FC484ED277C70218781855564 bytes (54.26 KiB)
9991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b730885222B1863ACDC0068ED5D50590CF792DF057664 bytes (7.48 KiB)
10a378b85f8f41de164832d27ebf7006370c1fb8eda23bb09a3586ed29b5dbdddfA977F68C59040E40A822C384D1CEDEB6176 bytes (176 bytes)
11aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809bDF320ED7EE6CCF9F979AEFE451877FFC26 bytes (26 bytes)
12acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa452584D552B5D22E40BDA23E6587B1BC532D6852 bytes (6.69 KiB)
13c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480087DD79515D37F7ADA78FF5793A42B7B11184 bytes (10.92 KiB)
14e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853BBEB18C0C3E038747C78FCAB3E0444E371940 bytes (70.25 KiB)

Related news


  1. Hacking Tools Pc
  2. Hack Website Online Tool
  3. Underground Hacker Sites
  4. New Hack Tools
  5. Hacking Tools Free Download
  6. Pentest Tools Website
  7. Hacker Tool Kit
  8. Hack App
  9. Pentest Tools List
  10. Easy Hack Tools
  11. Nsa Hack Tools
  12. Hacker
  13. Pentest Tools Github
  14. Pentest Tools List
  15. Hacking Tools
  16. Bluetooth Hacking Tools Kali
  17. Hacker Search Tools
  18. Pentest Tools Download
  19. Pentest Tools Apk
  20. New Hack Tools
  21. Pentest Tools Kali Linux
  22. Tools Used For Hacking
  23. Hacking Tools And Software
  24. Pentest Tools Apk
  25. Install Pentest Tools Ubuntu
  26. Usb Pentest Tools
  27. Hack Tools For Ubuntu
  28. Install Pentest Tools Ubuntu
  29. World No 1 Hacker Software
  30. Termux Hacking Tools 2019
  31. Easy Hack Tools
  32. Best Hacking Tools 2020
  33. Hack Apps
  34. Hacking Tools Windows 10
  35. Hacking Tools 2020
  36. Hacking Tools For Beginners
  37. Hack Tools
  38. Hacking Tools Windows
  39. Hacker Tools List
  40. Pentest Tools Bluekeep
  41. Pentest Tools Github
  42. Hacking Tools Github
  43. Hack App
  44. Pentest Tools Free
  45. Hackrf Tools
  46. Nsa Hack Tools Download
  47. Hacker Tool Kit
  48. Hacking Apps
  49. Hacking Apps
  50. Hack App
  51. Hack Apps
  52. Pentest Tools Android
  53. Hackrf Tools
  54. Hacker Techniques Tools And Incident Handling
  55. Pentest Tools Apk
  56. Hacker Tools
  57. Hack Tools
  58. Hacker Tool Kit
  59. Hacking Tools Windows
  60. Hacking Tools For Kali Linux
  61. Hack Rom Tools
  62. Hackers Toolbox
  63. Blackhat Hacker Tools
  64. Physical Pentest Tools
  65. Hacking App
  66. Hacker Tools Apk Download
  67. Hacker Tools Windows
  68. Pentest Tools Url Fuzzer
  69. Pentest Tools Framework
  70. Hackers Toolbox
  71. Hacker Tools Hardware
  72. Hacking Tools Name
  73. Hack Tools
  74. Hacking Tools 2019
  75. Underground Hacker Sites
  76. Nsa Hack Tools Download
  77. Pentest Recon Tools
  78. Hacking Tools For Windows Free Download
  79. Hacker Tools Apk Download
  80. Hacker Security Tools
  81. Hacking App
  82. Hacking Tools For Games
  83. Hacker Tools Apk Download
  84. New Hacker Tools
  85. Hacker Tools Mac
  86. Hack Apps
  87. Hacker Tools For Mac
  88. Hacker Security Tools
  89. Ethical Hacker Tools
  90. Hacker Security Tools
  91. Hack Tool Apk
  92. Hacker Tools 2019
  93. Hack Website Online Tool
  94. Hacking Tools For Mac
  95. Best Hacking Tools 2020
  96. Hacker Tools Windows
  97. Pentest Tools Nmap
  98. Pentest Tools Subdomain
  99. Free Pentest Tools For Windows
  100. Pentest Tools Bluekeep
  101. Hacker Tools Windows
  102. Nsa Hacker Tools
  103. Hackers Toolbox
  104. Nsa Hack Tools Download
  105. Pentest Tools Download
  106. Hack Tools For Mac
  107. Hack Tool Apk No Root
  108. Beginner Hacker Tools
  109. Wifi Hacker Tools For Windows
  110. Blackhat Hacker Tools
  111. Hacking Tools Download
  112. Pentest Reporting Tools
  113. Pentest Automation Tools
  114. Hacker Tool Kit
  115. Hacking Tools 2019
  116. Hacker Security Tools
  117. Physical Pentest Tools
  118. Ethical Hacker Tools
  119. Hacker Tools List
  120. Black Hat Hacker Tools
  121. New Hacker Tools
  122. Hack Tools For Pc
  123. Pentest Tools Free
  124. Pentest Tools Alternative
  125. Pentest Tools For Ubuntu
  126. Easy Hack Tools
  127. Hacker Tools Windows
  128. Hacker Tools Software
  129. Hacking Tools Mac
  130. Nsa Hack Tools
  131. Hacker Tools Windows
  132. Hack Tools For Ubuntu
  133. Pentest Tools List
  134. Hacking Tools For Beginners
  135. Pentest Tools Online
  136. Pentest Tools Kali Linux
  137. Hack Tools For Mac
  138. Growth Hacker Tools
  139. Pentest Tools Port Scanner
  140. Blackhat Hacker Tools
  141. Hack Tools
  142. Hacking Tools For Beginners
  143. Pentest Tools Open Source
  144. Wifi Hacker Tools For Windows
  145. Computer Hacker
  146. Hack Apps

domingo, 30 de agosto de 2020

Router-Exploit-Shovel: An Automated Application Generator For Stack Overflow Types On Wireless Routers

About Router-Exploit-Shovel
   Router-Exploit-Shovel is an automated application generation for Stack Overflow types on Wireless Routers.

   Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded shellcode, and finally assemble them into a complete attack code. The user only needs to attach the attack code to the overflow location of the POC to complete the Exploit of the remote code execution.

   The tool supports MIPSel and MIPSeb.Run on Ubuntu 16.04 64bit.

Router-Exploit-Shovel's Installation
   Open your Terminal and enter these commands:
Usage

   Example: python3 Router_Exploit_Shovel.py -b test_binaries/mipseb-httpd -l test_binaries/libuClibc-0.9.30.so -o 0x00478584

Router-Exploit-Shovel's screenshot

Code structure

ROP chain generation
   This tool uses pattern to generate ROP chains. Extract patterns from common ROP exploitation procedure. Use regex matching to find available gadgets to fill up chain strings. Base64 encoding is to avoid duplicate character escapes. For example:

Attackblocks
   You can get attackblocks generated in results/attackBlocks.txt. Such as:

You might like these similar tools:

Continue reading


Linux Command Line Hackery Series - Part 5



Welcome back to the Linux Command Line Hackery series, this is Part-V of the series. Today we are going to learn how to monitor and control processes on our Linux box, so wrap your sleeves up and let's get started.

Command:    ps
Syntax:           ps [options]
Description:  ps displays information about the currently running processes. Some of the common flags of ps are described briefly below
Flags: 
  -A or -e -> select all processes
  -a -> select all processes except both session leaders and processes not associated with a terminal.
  T -> select all processes associated with current terminal
  -u <username or id> -> select all processes of a given user or userlist

Open up a terminal and type ps:

ps

what you'll see is a list of processes currently running in your terminal. One important thing to notice in the output is what's called as PID which stands for process ID. It is the number that uniquely identifies a process. Just keep that PID concept in mind we'll use it soon.

OK I know that's not really what you want to see rather you want to see all the processes that are currently running on your box. Don't worry we have flags to rescue, in order to see all the processes you can use the -e flag like this:

ps -e

Boom! you get a long list of processes currently running on your machine (don't stare at me like that, you asked and I gave you that). If you want to see processes of a particular user you can type the following command in your terminal:

ps -u bob

here "bob" is a username. This command will list all processes of the user with effective user name of bob.

You can do a full-format listing of the processes using the -f flag like this:

ps -fu bob

But the output of the ps command is a snapshot not really a live preview of what is going on in your box. I know your next question is going to be something like this, Isn't there a command in Linux that gives me a live updating information of the processes? Yes, there is a command called top that we'll learn about next.

Command:    top
Syntax:           top [options]
Description:  top gives a dynamic real-time view of a running system. That is, it gives the up-to-date information about all the processes running on your Linux box (sounds fun!). Besides giving information about current processes and threads top also provides a brief system summary.

To start top just type this command:

top

and you'll get a nice and cute looking ugly display :). Well what the heck is going on here you might ask, right? What you get is information about what is going on with your computer. To see what more can you do with top just type <h> within the program window and you'll be given list of options that you can play with.

OK looking at what processes are going on in your box is cool but what if you want to terminate (or close) a process, is there a command line utility for that? Yes, there is and that's what we are going to look at next.

Command:   kill
Syntax:          kill [options] <pid> [...]
Description:  kill is used to send a signal to process which by default is a TERM signal meaning kill by default sends a signal of termination to process (Cruel guy). To list the available signals we can use the -l or -L flag of the kill command.


To simply terminate a process we provide kill command a PID (process ID) and it will send the TERM signal to the process. So to kill a process first we'll list the running processes and then we'll keep the PID of the process in mind that we want to terminate. After that we'll issue the kill command with the PID that we just found.

ps -ax
kill 1153

the above command will send a TERM signal to the process whose PID is 1153, as simple as that.

We can also use our already learned skills to refine the output of ps command. Say we have a xterm terminal running on our box and we want to terminate it. By using ps command all alone we'll get a long listing of all processes running on our box. But we can limit the output of ps command to just those processes that we're interested in by piping ps command with the grep command like this:

ps -ax | grep xterm

wow! that's amazing, we're able to pull out only those results from the ps command that contained xterm in them. Isn't that a cool trick? But what is that vertical bar ( ) doing in the middle, you may be thinking, right? Remember we learned about the input and output re-directors previously, the vertical bar (pipe in geeky terms) is another re-director whose task is to redirect the output of one command as input to another command. Here the pipe redirects the output of ps -ax command as input to grep command and of-course from the previous article you know that grep is used to search for a PATTERN in the given input. That means the above command searches for the xterm word in the output of ps -ax command and then displays just those lines of ps -ax command which contain xterm. Now get that PID and kill that process.

That's it for today, try these commands up on your own box and remember practice is gonna make you master the Linux command line. :)

More articles


  1. Hacking Tools For Windows Free Download
  2. Android Hack Tools Github
  3. Hack Tools For Mac
  4. Hack Tools For Pc
  5. Hacker Tools Software
  6. Hack Tools 2019
  7. Hack App
  8. Hacker Tools Free
  9. Hack App
  10. Hack Tool Apk
  11. Hacker Tools Windows
  12. Hack Tools Github
  13. World No 1 Hacker Software
  14. Pentest Tools Linux
  15. Pentest Tools For Android
  16. Hacker Security Tools
  17. Beginner Hacker Tools
  18. Hacker Tool Kit
  19. Pentest Tools Linux
  20. Hackers Toolbox
  21. Hacker Tools 2019
  22. Hack Tools Online
  23. Hack Tools
  24. Pentest Tools Online
  25. Pentest Tools Port Scanner
  26. Hacker
  27. Hacking Tools Pc
  28. Physical Pentest Tools
  29. Pentest Tools Open Source
  30. Hack Tools 2019
  31. Hacks And Tools
  32. Hacking Tools For Kali Linux
  33. Kik Hack Tools
  34. Hacker Tools Github
  35. Hacker Tools
  36. Hacking Tools Windows 10
  37. Android Hack Tools Github
  38. Hacking Tools And Software
  39. Pentest Tools List
  40. Pentest Tools Framework
  41. Hacking Tools For Kali Linux
  42. Tools For Hacker
  43. Pentest Reporting Tools
  44. Nsa Hack Tools Download
  45. New Hacker Tools
  46. Pentest Tools For Ubuntu
  47. Hacker Hardware Tools
  48. Hacking Tools Mac
  49. Hacking Tools Mac
  50. Pentest Tools Url Fuzzer
  51. Nsa Hacker Tools
  52. Easy Hack Tools
  53. Pentest Tools Tcp Port Scanner
  54. Hacking Tools Mac
  55. Hacker Tools
  56. Hacker Tools Github
  57. Hacking Tools 2020
  58. Hacker Tools Free Download
  59. Hackers Toolbox
  60. Hacking Tools For Mac
  61. Pentest Tools Framework
  62. Hacker Tools For Ios
  63. Hacking Tools Pc
  64. How To Hack
  65. Tools For Hacker
  66. Hack Tools For Games
  67. Computer Hacker
  68. Hacking Tools Kit
  69. Tools 4 Hack
  70. Install Pentest Tools Ubuntu
  71. Hacker Tools For Ios
  72. Android Hack Tools Github
  73. Hacker Tools 2019
  74. Pentest Tools Bluekeep
  75. Hacking Tools Mac
  76. Best Hacking Tools 2019
  77. Pentest Tools Bluekeep
  78. Ethical Hacker Tools
  79. Hacker Tool Kit
  80. Hack Tools For Games
  81. Hacker Techniques Tools And Incident Handling
  82. Hacking Apps
  83. Pentest Reporting Tools
  84. Pentest Reporting Tools
  85. Hack Tool Apk No Root
  86. Pentest Tools Online
  87. Hacker Security Tools
  88. Best Hacking Tools 2019
  89. Physical Pentest Tools
  90. Pentest Tools Kali Linux
  91. Hacker Tools For Pc
  92. Hacking Tools For Windows 7
  93. Pentest Automation Tools
  94. Github Hacking Tools
  95. Hack Tool Apk No Root
  96. Pentest Tools Android
  97. Hack Tools Download
  98. Hacking Tools For Kali Linux
  99. Hacker Tools Mac
  100. Hacking Tools For Mac
  101. Pentest Tools Website
  102. Game Hacking
  103. Hacking Tools 2020
  104. Pentest Tools Open Source
  105. How To Hack
  106. Pentest Tools Website
  107. Beginner Hacker Tools
  108. Pentest Tools Bluekeep
  109. Tools For Hacker
  110. Nsa Hack Tools Download
  111. Hacker Tools Apk Download
  112. Easy Hack Tools
  113. Best Hacking Tools 2019
  114. Top Pentest Tools
  115. Nsa Hack Tools
  116. Easy Hack Tools
  117. Pentest Tools Review
  118. What Are Hacking Tools
  119. Pentest Tools Github
  120. New Hack Tools
  121. Pentest Tools Framework
  122. Pentest Tools Online
  123. Hacking Tools 2020
  124. Hack Tools For Windows
  125. Pentest Tools Port Scanner