Full Disclosure mailing list archives
Re: Plague Proof of Concept Linux backdoor
From: Rik Bobbaers <Rik.Bobbaers () cc kuleuven be>
Date: Mon, 23 Oct 2006 13:03:19 +0200
hijacker () oldum net wrote:
Are you saying I just injected my system with an account with root access hiding somewhere? Please, clarify.
as you can tell by the subject, this is a BACKDOOR, you run it as root, and yes, than it works and creates a "new root" account you ran it as a normal user, so it won't work (you can't read /etc/shadow as normal user (du'uh)) grtz, -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers () cc kuleuven be -=- http://harry.ulyssis.org thinking always leads to conclusions... and those can be extremely dangerous -- me ;) Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Plague Proof of Concept Linux backdoor J. Oquendo (Oct 21)
- Re: Plague Proof of Concept Linux backdoor Dude VanWinkle (Oct 22)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 22)
- Re: Plague Proof of Concept Linux backdoor Andrew Farmer (Oct 22)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 23)
- Re: Plague Proof of Concept Linux backdoor Rik Bobbaers (Oct 23)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 23)
- Re: Plague Proof of Concept Linux backdoor Rik Bobbaers (Oct 23)
- Re: Plague Proof of Concept Linux backdoor hijacker (Oct 22)
- Re: Plague Proof of Concept Linux backdoor Dude VanWinkle (Oct 22)
- <Possible follow-ups>
- Re: Plague Proof of Concept Linux backdoor cdejrhymeswithgay (Oct 22)
- Re: Plague Proof of Concept Linux backdoor Dude VanWinkle (Oct 22)
- Re: Plague Proof of Concept Linux backdoor daylasoul (Oct 22)
- Re: Plague Proof of Concept Linux backdoor virus (Oct 23)