Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
A linux meat chicken invasion examination(4)
  Add date: 08/13/2008   Publishing date: 08/13/2008   Hits: 21
Total 10 pages, Current page:4, Jump to page:
 

    We the result which and a moment ago comparison obtained, chkrootkit to the elf examination have not reported to the police, the hideaway advancement also did not have, we might judge the method which approximately the drug addict hid to be quite preliminary, but remembered that suckit the warning. . . . Does not dare the general idea at heart. Had not known that does not have module anything.
    For a clearer spot, we analyze the /var/log/rkhunter.log this journal file to have a look. Read the diary, why we will be clear the rkhunter two time examination report to try same, because he will be verifies with md5, he will have a database, but chkrootkit examines the produce information.
[11:20:04] /bin/ls Hash NOT valid (My MD5: 0a07cf554c1a74ad974416f60916b78d, expected: dbc1a18b2e447e0e0f7c139b1cc79454)

We make SHV and the suckit related information have a look
[11:20:53] *** Start scan SHV4 ***
[11:20:53]   - File /lib/lidps1.so.. WARNING! Exists.

[11:21:12] *** Start scan SHV5 ***
[11:21:12]   - File /etc/sh.conf.. WARNING! Exists.
[11:21:12]   - File /dev/srd0.. WARNING! Exists.
[11:21:12]   - Directory /usr/lib/libsh.. WARNING! Exists.

[11:21:15] *** Start scan Suckit Rootkit ***
[11:21:15]   - File /usr/share/locale/sk/.sk12/sk.. WARNING! Exists.
[11:21:15]   - Directory /usr/share/locale/sk/.sk12.. WARNING! Exists.
Sees here, basically knew its reason why. We continue looking at one by one
[root@victim root] # file /lib/lidps1.so
/lib/lidps1.so: ASCII text
[root@victim root] # cat /lib/lidps1.so
ttyload
shsniff
shp
shsb
hide
ttymon
scanner
Sees here, I could not bear ps and netstat, has discovered these two things
root      1584 0.0 0.0 1852   68?        S    Nov17   0:00 /sbin/ttyload - q
root      1586 0.0 0.0 1500 168?        S    Nov17   0:26 ttymon tymon
[root@victim root] # netstat - anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
tcp        0      0 0.0.0.0: 31338           0.0.0.0: *               LISTEN      1584/ttyload        
tcp        0      0 0.0.0.0: 80              0.0.0.0: *               LISTEN      1702/httpd          
tcp        0      0 0.0.0.0: 22              0.0.0.0: *               LISTEN      1516/sshd          
tcp        0      0 127.0.0.1: 25            0.0.0.0: *               LISTEN      1540/                              

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:Omni-directional examination based on JSP website Next:Perspective of wireless invasion examination system network security

Comment:

Category: Home > invades the examination
Home