Back door synopsis
After intruder completely control system, will enter one kind of technology which next time for the convenience uses.
Generally realizes through the revision system configuration files and the installment third party back door tool.
Has the confidentiality, can go round the system log, is not easily characteristics and so on manager discovery.
Commonly used back door technology
Increases the super user account
Explains/smells searches the user password
Lays aside SUID Shell
rhosts + +
Using system service routine
TCP/UDP/ICMP Shell
Crontab fixed time duty
Sharing storehouse document
Tool bag rootkit
May load essence module (LKM)
Increases the super user
# echo “e4gle:x:0:0::/:/bin/sh” >>
/etc/passwd
# echo “e4gle::-1:-1:-1:-1:-1:-1:500” >>
/etc/shadow
If the system does not permit uid=0 user remote login,
Also needs to increase an average consumer account number.
Explains/smells searches the user password
After obtaining the shadow document, with John the Ripper
The tool explains the weak user password.
Installs sniffit and so on to smell searches the tool, monitors telnet, ftp and so on
Port, collection user password.
Lays aside SUID Shell
# cp /bin/bash /dev/.rootshell
# chmod u+s /dev/.rootshell
The average consumer moves /dev/.rootshell in this aircraft, namely
May obtain root jurisdiction shell.
rhosts + +
# echo “+ +” > /.rhosts
# rsh - l root victim.com csh - i
Long-distance may obtain rootshell.
Using system service routine
Revises /etc/inetd.conf,
daytime stream tcp nowait /bin/sh sh - I
Replaces.telnetd.rexecd with the trojan procedure and so on
inted service routine
Heavy directional login procedure
TCP/UDP/ICMP Shell
BindShell, majority is based on the TCP/UDP agreement
The network service routine, in the high port monitor, is very easy
Was discovered.
Ping Backdoor, through ICMP package of activation back door,
Forms a Shell channel.
TCP the ACK data packet back door, can pass through the fire protection
Wall.
Crontab fixed time duty
Through the Crontab program schedule already the back door procedure which installs
Fixed time the movement, generally in the night time interval, is the system administration
Not online time.
Sharing storehouse document
Inserts the back door function in the sharing storehouse
Other pages: : 1 * 2 * 3 * Next>>
|