Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
A linux meat chicken invasion examination(6)
  Add date: 08/13/2008   Publishing date: 08/13/2008   Hits: 21
Total 10 pages, Current page:6, Jump to page:
 

ttymon 1586 root    3u   raw                    1799 00000000:0001 - >00000000: 0000 st=07
Confirms that two back doors:
[root@victim root] # nc localhost 31338
SSH-1.5-2.0.13
Obvious, this ssh back door, estimated that reads that /etc/sh.conf to take the password. raw socket that I cannot think of us to confirm temporarily, as soon as because comes not to know he grasps any package, icmp or tcp, two come not to know he grasps package's characteristic. The overlord braces the bow hardly. Carries out first.
[root@victim root] # /sbin/ttymon
[root@victim root] # /sbin/ttymon --help
[root@victim root] # /sbin/ttymon - h
Such is not obedient? strings you. My here leaves out some useless information
[root@victim root] # strings /sbin/ttymon
Usage: %s <dst> <src> <size> <number>
Ports are set to send and receive on port 179
dst:    Destination Address
src:    Source Address
size:   Size of packet which should be no larger than 1024 should allow for xtra header info thru routes
num:    packets
Could not resolve %s fucknut
ICMP
jess
tc: unknown host
3.3.3.3
mservers
lamersucks
skillz
ttymon
./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
Look through his key words, is not difficult to discover that ttymon should be has revised ddos the procedure, is one hits the router the thing, looks like this brothers the heart to be very big.
Dameonic.c is a theoretical router based denial of service attack that exploits a weakness within the Border Gateway Protocol (BGP). If a malicious user sends spoofed malformed packets to a neighboring router, the peer will ignore it and possibly kill the session entirely. Written on a Ultra 5 running Linux Zoot, this has been compiled on Linux, OpenBSD, Solaris without problems.
Procedure in
http://packetstormsecurity.org/0008-exploits/daemonic.c
Stemming from to this drug addict ambition's curiosity, I got down this procedure to come back to translate
[fatb@baoz ~] $ ./a
Daemonic - BGP Killer [Theories in DoS] www.AntiOffline.com/TID/
Usage: ./a <radd> <sradd> <bgsize> <number>
Ports are set to send and receive on port 179
radd:   Address of router running BGP [victim]
sradd:  Source address of neighbor router running BGP [attacker]
bgsize: Size of packet which should be no larger than 1024 should allow for xtra header info thru routes
num:    pulverizations per second
Contrasts two places, one is the direct execution procedure returns information, the former does not demonstrate any information, the latter demonstration help, second is the strings output, the obvious the former output content are many, I guessed that behind the part contains the control password. Also has more importantly, this ttymon had raw socket to listen to the package, this raw socket was surely uses for to receive the master instruction, and carried out a corresponding ddos operation channel, following matter everybody imagined, ha-ha.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:Omni-directional examination based on JSP website Next:Perspective of wireless invasion examination system network security

Comment:

Category: Home > invades the examination
Home