Paolo Ardoino - ideas, programming, web and more…

ksb26 ( Kernel Socks Bouncer ) is a Linux Kernel 2.6.x Loadable Kernel Module that hijacks tcp connections (to user-defined target hosts) through socks 5 servers chains.
ksb26 works as an hidden layer that adds anonymity to software that doesn’t support anonymous connections.

ksb26 is divided into a lkm ( Linux Loadable Kernel Module ) and a userspace manager which communicate via a character device.
- ksb26 lkm intercepts and redirects tcp connections.
- ksb26manager keeps updated socks and target-hosts lists.

Version: 0.0.4
Website: http://ksb.sourceforge.net

Learn more about hijacking system calls in Linux 2.6 kernel.

In Linux-2.4.x kernel it was very simple create an lkm to hijack the sys_connect system call using the exported symbol:

1

extern void *sys_call_table[];

So, it is very simple to substitute the pointer to another system call, the one we have created!

1
2
3
4
5
6

static inline _syscall1(int,close,int,fd);
int ( * o_socketcall) (int, unsigned long *);
int my_socketcall (int, unsigned long *);
o_socketcall = sys_call_table[SYS_socketcall]; //saving original pointer
sys_call_table[SYS_socketcall] = (void *)my_socketcall; //hijacking system call
sys_call_table[SYS_socketcall] = (void *)o_socketcall; //restoring original syscall

( Read Phrack n.50 to learn more about system call hijacking in Linux-2.4.x kernels )

In Linux-2.6.x kernels the sys_call_table symbol is no more exported for security and stability reasons. So how can we hijack connections? Read more »

UNISFED is a simple file encrypter / decrypter that supports DES / Blowfish / IDEA / MD5 / RSA algorithms based on OpenSSL libraries.

Read more »