'BoS: amodload.tar.gz - dynamic SunOS modules'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       best-of-security
Subject:    BoS: amodload.tar.gz - dynamic SunOS modules
From:       Julian Assange <proff () suburbia ! net>
Date:       1996-05-26 4:17:25
[Download RAW message or body]


			Avalon Security Research
                        Tool Release (1) 05/16/96

                           

	This release serves two purposes: First, to let you know of important
changes in the direction being taken by ASR and secondly to release the
first in our series of security tools.
	
	Whereas at first ASR was a completely not-for-profit venture we
have recently become involved in a commercial undertaking. This change will
be transparent to our subscribers as we will continue to release various bug
reports and exploits to the security community. 
	
	Amodload will load modules of code into a SunOS kernel. What this 
amounts to is essentially a tool which would allow hackers to load arbitrary 
code into the kernel which would be invisible to any conventional means of 
detection. This code is offered up as proof of a concept tool. 
We are aware of these types of tools on the Internet and in active use. In 
order to counteract tools like this, we first must understand how they work. 
Amodload should provide some people with this insight. This being said, it
should be noted that amodload itself can do no damage, the damage done by 
amodload and tools like it is from the programs they load into the kernel. Our
example code which comes with amodload at the moment is as innocuous as 
possible.
 

ASR <mcpheea@cadvision.com>

Note: If you wish to subscribe to the ASR mailing list, send mail to 
      mcpheea@cadvision.com with the word SUB and *only* the word SUB
      in the body. Email directed to ASR may also be sent to 
      mcpheea@cadvision.com. If you wish to correspond with ASR please make
      use of the PGP key given below.


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAy1GTuMAAAEDAM2X2UnGZkuzT5kL8BUfiDniW6rPZgymD8IqUVy7we6Eo7Gm
H1iQBEjDoRoBBpm2nCmzOHsHVCs4ABJJH2ByoQ9mpXUZZRu0SbBVpDVQXR09qINs
Yp2GhyWA3p0z6AAOzQAFEbQbQVNSIDxtY3BoZWVhQGNhZHZpc2lvbi5jb20+
=qYbo
-----END PGP PUBLIC KEY BLOCK-----


-------------------------------------------------------------------------------

begin 644 amod.tar.gz
M'XL("/B4LRT``V%M;V0N=&%R`.T]:U?;2++[%?V*BN>2R&`;23:/"2'WDH3,
ML)-`#C";NY>P'%F2;0VRY-$#0V;RWV]5=;<>ML%D$LC,KOLDMM5=757]JD=W
MM7B[>[#_>N_XY&_WF`!@H],!^@8PY+<IOS%M;IH(86QN;!C&9GL3<];-]N;?
MX#YY6B21M+=R`BPMG0S\!'I^X+4T[:U]X=%/RO5@*)^PX.#P9.]X:6EI-TL'
M4?PD@3!*O02B$.QAY`:1[8(=NC"(QN"G@`B[GA_V-:QACT:![[F(XVAO]]7;
MO26!._9L=TB85?V6J8B&,++[E2)'%"51%CL>\PJ]*,Y)(SM#VP_U>KG.0*'S
M0Q@@,2^>KHCPWI4]'`5>@DT#UX\])XWB:W"B,,6*V`20`(!5,H3#*H%KA]X5
M,74\P5`<9:D?8K]DB>>"7W1.R]&T).O&5&E)S7^HP52J:=K8;!VW4@^)VBD.
MQ&XRG&KXV%2D$-R:#VX5X'+\U4#?YQS#YG1N6__FNES_IKF^;FS0^N]8B_7_
M(.GEZS>[/QS##C3[\!TT7_WTC[>O]E[\_(-V^.+OQSL@IWA43.`(>/Y&Q0I[
M"O^E$W1=6W(<PM,,+BZ'*A.:7%F;S\HB?8/$\OR>:<S1_^:ZM2[6_SJ*`,,@
M<;'1;B_6_T.D'U%1YYI[',47R5--6]I5.?21L$;WKCPG(U7O1*Y'*BU%I7KA
MQ:$70)<4Y7#D!Z0G"5@;QWY*#^D8Y<70#H)")>JHM`AF;-5;`+N]%!4RXDJ\
M`L2./=`$1E2?6'C-68C^`I_'?CJH4/=#&U6URO81G7>50I+:,?.@V2F#=[V^
M'[(JCWJE^F0T)/UNUD-NT%!`7<TLY9TRL!.@YJ18I%&UG#%JA>1)=DH:W48)
M"7E)@B8-:$BNY\4-(",I]E!E.]AL@O3"%-M"RCIU1N=9$L?>K]3;V"]I,B[:
M;KMNC,A`DQ1DWZ%5LH3]ZPMD/3].4E4$R%S7XQ&5O,LA=;'A^RDX.$J(+_3&
MYQ=#;WB.CY&CUXEX%)/5A/4Y#\T+;,@P4GP.E$U4H=#23F872.9"U74\.OBA
M6L1S0_8W]Z@FQUD!)"/L+:R#[>H/8,WU+M>(X7SX;IF[9"0Q6,D4@L1'F^E:
MMI]:@_9>ZMN!_]%.?31L%9R<\[(5FFR:GB49UKR&\VZ$#=+K:'Q^ZT7]&4G8
MXO=+8Y[\;Y/\7U]?[VR:9L?HL/S?["SD_T,D=OJDN!!SH>(8@=DR0/\[NF);
M#3"__WZCKG&-41SU8WL(XY)P1"VP>VD'N&*.<;EAYC4<H5BW8V<`SX;.:.!Y
M]O\XMGOI)[BL6BA&X;FF:<>>!\H)%;11,J#80L'FATZ0T6(C#R51WJ=RRG!M
M0S?VO1Y$EUY\Z7MCJC,>2'&/4N*"9*T;D49!-CW40OB=1$,4P,K=HRKLK*+<
M15*Q4#[DJUZ3_)9($F3I@F2.3USLAZA;@H"E`VG+HTP(>W*3(1E$6>!"WPN]
MF"0E=IT0/W87I45H#[$Y3W*'%:61Z%#E8JOZI(J%M+?#:SC.PL-CZ+3,UO\B
MI#,@20_P5OS"-F![8U).2"S)PDX3/Z*D8UXI8-$J=-6Q>#2*XI3]</*+,=M/
MRB5*S.4,T8B$UV,&11TF/$G-+_6!TG)"$;.`I2DB^[\\15":>V[&&H0J():4
M9'M*.G68A31E$)?CQ32^T$4,;D0JQG,&H?]KY@EQ+AFFRB'/#F+(L4D.D\/]
MEY*_WSH5NR[W1V.._X]"OR/L_T[;6&^;Y/]OK%L+^?\0J77R(^R^/7SUYG#W
M%8Y);0M(V).DKVFMXQ_A8/?M7N[IPX<F+V6O;%7E#L$L,XUQ'/_SX/#=\?ZQ
MUGJ1*Q;M%)J7<`9::_\(HNXOGI,V2=QPA5=[QR^/]M^=[!\>:*TW[XJM!EKZ
M:*ZAHV&S/2JS=;,NQ!:*?C2HIPT_K40AN8E7808C!=?OD76.ICBI!@^5BR:%
M8L]VTIP,*Q821+&'YE^4(Y6"M,5-.>168--/WE'S/S0OM5&,D@L0:S=":>IZ
MW:S?)_7AARC(ABQ1E0SU:6<5D:-4ZV4!M9BT5X3&Z'@0:;1=:\O.8%4QF'+F
MD(EWKYB1VO'>'NR^.3[$<7UQI'H.L.L:W,<$\^+G'X[Y(4<R]/N#E!O9]0;V
M)0UV3'NCR-.8C.TX"R$+R3NP:7/UTL<"K.OW?)3+HC\6XOC/G(J-Z?NC,4?^
MKYL=2\C_=J>-DI^R-M>-A?Q_B/2=M+'A67*=K*77([2S!\^U:C9:^VF4C*<+
MT`9,IW.'0SN<`1LY%]X,:/Q/KO=$0>KZ436KYX3I!%1(CD(UZ^)R6,FH%>=`
M-70V')+XYRB[_7[2@"S+&G)G!1\2.][66#3;W0A%\XZQK2$ZA%ZYL)-MC1KK
M.^`,4-QV[;AW:AI6YRS/3]"!0.T@^PHN;/=C=KJ!Y1HCY8,I.^X[#;3%^Y=U
MSJ3G;8TQKJQ0]K;VFX;SG\K\!L0V9N!C=HY>51]64(MU([=!^C+Q/YX2\5+I
M.!IA&7XFDR4CS&O`BFO'`I_JA6[DCT0&<^#:R'REHMC^]YRQ7M_&;,5:WTNC
MKEYOH(V?)G;H./0[H(,W;"W"4+.:S6UJT.HJ(QP/4/-R\Y\;\/BQ;"WL[,"3
MYI,Z0?P&D*`20U]17]%U+JZOFG4NHV(M/QI#2]^#)Y=/X*D:*=@QMXOR4NK&
MGGU1*G*]GIT%*=9D)=S3:S^'%V$T1A=FQ-X<+"<?PAKV%=.?B;2"\Y/\KK:8
M.^H3=P7W*>R`'%W,P;F$SS2QHI$7Z@<_OWG3@/+GX?G1J_='8IJ<&F>""[\'
M.M?<82C5+=Z5GZ(*%]W.,(B7EP5!-]#?O*K#HQTP5!^/O#B.8KV6P]7R5N:X
M<N8)H>QB59]\+=W'I8&83_VS5GA.+BV1(+:VP5]=K1>]IGIY.7D*L#SBKJU4
M+#U>VD'FE:G3&L6>TN5LK1.DD4-NSP+1=5U,W;I.1?75=AT>@W'5$\F1?2GV
M4B=0FU74*!LF(:P)"!08DR#M$@C!B)7"DZ`!CZOKMQC8<A^7>HTK__+$Q4DI
M-WYY7]O_Z*F^E(BE/##/5K?D5*"%.3:18V:05W==7Q%PJ\95V\#UO+8"]`N<
M+!F0%[^R5JK9N:5F"6RC`L9]7B[>FE7,Y2B10!TODGPQ&[).`]Z;YX>O7UM'
M>R<-*:=Q*I>FN)C>LNEN=)'5:54TS7R*R^[CF?X4Q47(!FS/1X=`;-*2!R`7
M.J.Y90F0B"P/,M&;G(7$%,,]JB[.&4-;&MWWNT<'^P<_/$7FD,$L""#J]1(O
MY24F^$1Q%%PQFX2^X#)(O&E\8SNF7:C/PJ>XUU'3T'"@")?]*G4&Z;GZA`21
M]'IV:@?`G8SCB$Y0FJ&YCY/59?`6TT&\LSL7_Q?]N[HCZ&T72X8(WV'%@%!*
MG[5H!.KI-:/$)WNX0GS*7E!<R&4P.=]*(I7KWB92>9);$PMS8MU8$ZMOJKBZ
MZHJY(8NW9A7/7'667'7X_=Z:O>I*75LZZ:%-O=))4C'X8GIQOQ'13]K"^_M3
MI\(\OC\:,&?_K[VQ(>-_C(U.NPT+_^_A$AH!+!NC'MBM*$M5B!QJ2+%9AE;!
M=V@VTP'HCWN[KX[W_V\/S8:.08(A+RE4-E!AIRBP)@JPDG246(VS^4?BZC<A
M3&OGXBR^!I\:H+*$O499*B?+0O^JG%$<EJM<4L3:)Q1!%7*LOBOT6#%B)885
M,E,:+SF8$J7&E2%2ARE0U![JUX$/R\L#_X-N7*&"04=H>3DR:CD/HAD$BQ8$
MEQ%$$-T(?SOJ8!:HP!Q8TY@#:P)\XL=$HZTO:/0LSB1C,YH\LQTW(#9O;K(Y
M`_,D^(PF?^M5]^=)ZAQTK1_%O7O:!)PC_Z&SV5'G_Y;%YS\;F^;B_/]!$LK_
M]_)PEHX64A^=><^.@VLZ!\HHKNJ68WT-5FXXV7].1>H(PX8DS;IYS``%27F)
M.*3/#QIDH5;6-S_M'1WLO=%NV*(L-O-DX(W8.E.9V)*)O2ZQM87>@!>'>78Y
MU$D8R5B1]F>*?./*DDZO,'-UA,#G3_\64B1?__3#O!\!`//B?\QVOO[-=0NS
M-@UC$?_](&G6^J<+!%]W^5,$:`,<BK!IB(-9.[DF0>!ZJ8?&F;I;$?6H(H?P
MV&$>DR-/(3E*4H0$VD`&H#IPS1*Z8H(5D?]!Y":`=FS@A^+FQ2PI0R>]H0S1
M":@B'V';3BHB^<2E#7&V2R$_(D+0:[%PNJ-TFCA`L8GJK*./=$8VTH^G<^5I
M*DL^*<2D:8NE=%8MOD[IQ$'NWU<$(V_<^_U^X"E))RM8YEDKN3X/[;@/*/F,
M[>DR.J#!(E&]+`I-%H1:&;>@)EG+G!C[<F5HT[>@*GXC-B=VHM&UGK6R<\JI
MEXN;SYWX///=G!\%A1D*6<&%\6\CCA\\3<K_5NH[%U_Y.M`<^0^FL2GC?ZP.
MVX*F82W\_X=)XKZ<7+/B)%:WY(XENF.X!'5I_-".8:#7UKI^N)8,:@VH\>=B
M[?VED[K#>)\TYOA_G75+QG]LK&]L&F3_K2/\8OT_1/K"^(\9,1TW!V5H:&SF
MUI.\9\C^GM_#W#PKM[!<KTMG*G1#6+<;T$4+L@$NG?E\X!TJ=2ZA@&#Y*O_'
MQQ"E2@V8A:JN31(3AS\5:M/$1`SD7&I3N(@<'][-(EI4F=4!.?N((73]GC8W
M[*02KA+8?1&NTJB$KD@[LA3TDN<I!UELOA8V92DF9&R/&S#R4SHAZ_6P@>C5
MT['14`2W8'$>VT)0(K@&(;>+,!RL40JR&<KP%ZXTCH:GEG&VK6S7V*\&PTR'
MNRBL(I*G!(J=NCTSH`%*QZ?RQAIY)\5EMO&R"^I.-0\R-DI9S[(F\HFZ$`%;
MQWDYT0[I?A.52F4Z#9[?UJX5!YLZ-A-MW#RPAL&I]^:?PC[-:U$82_E`ECBO
MAK(0E<<H@_\;M;CGUN`IU!R'SFLQ__ESV)HZP2R%M$RW)"HWO-0*.D]F*#$S
MC"\Z2?;GG"1/L55F2APJ<]'C8N(404U?$H11&YLU.1'E:3),)T6E+--PPA?A
M9[QP&XPXZNG555U?Z=QRYDRX;CMRGHQ3T86,L,Y:HU@>F@CP+OMCC\5@/9Z&
M:D"G&.*IAHAJXG"=.\,X6S6M/\AWE8@ZD<^IE-:^05W^!0?RL\E\^:C,)2QT
MI[[[^GS_@`[=CP]?_G1^?'*TM_M66-7%Q)$#0P-YYX%YL,9,3O1Y$P15T?U/
MD.HT_*()@N6T>I0NJ>O4`E@E15;9%4:XOZ`K)%Y&<K\TX';[?]-L=]3[/ZR.
MP?'?9MM<V/\/D>YD_]\YS/OSHK9GFI]L))+AT+=1Q/^:V1<-0(NW+BU)S"W,
M1RI5)B;"E*U'E)C*R%59J=VM&)1A81.B+`P\)EF'9]"&WW]78664=UHJ;IIG
M9)0\B9X0T&2A)0I;3^I*U-P>`[AW='1X]!3VP8UXMYFOTF!OAV1N-!`N\"C8
M.1EYCM^[!AM:$8=EL-U!%&\/"91FX5=`/U-M@AZB9.Q%,=UZGRUAJ?`6$8Y]
M%SJHVG"TF&"#MOZD+J,1E'V+/[EO99"QHL_30F!&0,*#.0VJ6(X652R-;23^
M.,R9(=Y#-G95CA3D89E!V94X=]#06PZN:F)."I!9IB/%2,M*N!RP&[`>[YFA
M9=N,R(ILOI"N6?.$'W=A[7+(YQG-`VAZ*D95!*A6;4GN)^8E'YU/DWMS`1F^
M-?'9),N<*]445<X^J4DTM>8N94@&RN1JS0,&]>A31LF4R$ZU\;4M7M81,3-H
MQS]Z]`@;H/8.Y<"KLP(VQ^D%'0T0(9:_9&%JJT5.!87KR(&A2OTR7.F61,]6
M![OJ,`1;"4EH?_Q8"F]E*!QOCK@79"G*_O#@S3]OF+D$-&?Z]XB40(U6&9.\
M:140Y&TVQHJ,S$21.M*-AN"_E:3G9*LUX-W1X<DYW<YOP-O==^?OCO;_L7NR
MUP!)VRB,/XFH"/^<9H9HS+&J;G"%J*9PA/@0;GD$N#B?*C=(=*N,F*TTH%@L
M8OA65^E"A%XRJ03;JVC&UF%UPGV:";AU5T`T,`7Y.Y"^$]Q6!0[@)KB"L,C8
M@;:5S__<O:<?URA2[+A>BL.ZSB?_K[23\1O/$29P@1^T9.*+7(VE_A69]MT\
MP[%QO0_LM'2SY](./^+8(,=B4>"/4HCP4,0Y2&'+#$C>I5A%<!$H?$T>,SZ)
M`.5<&!-7A$_<O""FZZMF<>\']&:30<K./[%T(P^(X91JK%BH;Q%7X0XI@2Q:
M5($K/Y[E%2H@2)`JEE;>#-:%?*-[+M3/.^8V?3W;(4C^*6^XW*4-!"[;8-W4
MAEJR]J\/'QZ-[&39;:VL+2=K-3'"HCT%BG*+1&ZE/942T5:2WL7*IE)N$LJ$
M%6O5K`PA%1I<A_:#BHT<G%U?IN()"R*YQ1XJ[031P7N!2PS#[:.0I^*J$0FH
MVD3GE1_/R@14M5Q5Y3,#E,F`:RLOPM\4'(2?9<-!7,[JEAB2I@0!/GL&6_`[
MY.ZR,M5D9^BX7)5FDM)@IFJJ=+I<BP6]<K=#<2V-"5`TA23`"_GP_"7JDI/?
M#\_?'Q$95"`;AG$SL9J#CKAXFY<WQ"ZDJ!"R$FMW8,#-1I;.`JF8_IR'3#7`
M+$T;S[E4AXN>*X8O+YTR-E[R.U+(I&5C`VN4QT_QG6.[;>.B9,WB-/U">W;^
M9"]-.7I9HJ/N(>'(Y&B_VK2;,>7*EB+O^(I]WUK3$4R(2XA37<G50-6ZN0,6
M`1E_L40OF;UO&D"[.\;-\7]6IXT0IF&V#6.38D%HNVCQ_L<'2:U^$'7M0#J=
MFKPGR+8?O>YC.4'1W?Q^HT&_EI8>B9`R+A:Q^@-?-Z[6MRCR/N([(1R8SY<<
M@FBBB*/(SJLO&,QQHLEL7#D,%L18PURJ%IG&)-7>EF%8!FHNHE70YFL03+L"
M8`E[5O!VBA56Z3[*V0019Y*(:6S1Y0=/X*@`6[-HW@;?F41NF.)J!0.WJ\!;
MDE^!_)2:"!/<6DX!TU8PZ,E,PK4-(9J3-(J]B6YM=_(N#S8FRYB'+I1NUTP`
M,`-AA#.C6M`QM*FLSG36EO:(0L.@>TTO9TPC.@;4S0V@EXN1,^]'85)?J)'[
M3)67C-\3#9AS_\_:[.3W__@N(&RT%_'?#Y/^F/PG;]5<<N-HQ,?AJZZ=VN),
M7.P,H;PG$"M_Q7WQAOO:U]`$A+R]1*^`'>?O\(IZH"[W$PLH"LF'ET'>%-/-
MM3I29$<A!%BYZZ?)0C$L%,-_;**_&G'?-.;:_QS_*>U_4]K_B_<_/DCZ*O;_
ME"4N9)\QTQ"?MN,=;]W;<D6I68A.,Z\^!<#Z`W]/:H;.#6+'W)H4\E+T?*:8
MQ\+/%/1*[7V.O)^N,%/F0SG=3?S/!+]_+8"?=](#?$STK5?$?U:J_-6@>Z(Q
MU_ZW2O;_^J:P_Q?[/P^2OMC^5^9W\9:IW`"O^`#EOW%5DP:\JHO@+-'[D7@[
C+TEY9:S/JKW0``L-L$B+M$B+M$B+M$A_./T_+/;S/`!X``"\
`
end
 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic