Knark

From SOFTICE

Jump to: navigation, search

Status

in progress...

see also

knark-2.2-source

Synopsis

we want to use knark as base for a LKM-oriented series of exercises on Linux kernel 2.6.x series for an undergraduate Operating Systems lab.

From a pedagofical point of view, we want to lead students to modify the code so that they get practice with the following items:

running through the list of struct task_struct
handling files and hiding some
opening a directory in /proc to communicate with user land
juggling with eUID rUID sUID

References

A link to the ID section of a debian security document showing the sources for adore, knark & probably other rootkits

http://www.linuxsecurity.com/resource_files/host_security/securing-debian-howto/ch6.en.html

Paper on detecting knark and others http://www.s0ftpj.org/docs/lkm.htm

Here are the knark sources we'll be working with http://packetstormsecurity.com/UNIX/penetration/rootkits/knark-0.59.tar.gz

Page on knark internal http://www.spoonix.com/software/alamo/2001-whitepaper/internals.html

Updated version of Knark for kernels 2.4.x http://packetstorm.icx.fr/UNIX/penetration/rootkits/index3.html

Retrieved from "http://softice.lakeland.usf.edu/wiki/index.php/Knark"

Category: Operating Systems Concepts

Views

Personal tools

Search

Toolbox