Re: R: Re: Korea (was RE: ?)

[fygrave () EPR0 ORG (CyberPsychotic)]

~:> Why such primitive backdoors are used is somewhat
~:> of a mystery.
~:
~:Pretty simple. Almost all the outdated "beginner guides to hacking" and
~:similar out there list copying /bin/sh to another location and adding a line
~:to inetd.conf as a rule of thumb in creating backdoors.
~:

 The other reason is plain simplicity. It's somewhat more painful (and for
regular skript kiddie -- impossible) to embed more sophisticated backdoor
into shellcode. (and as you noticed most of recent `sploits have some sort
of `echo "... /bin/sh" > /tmp/.foo; /usr/sbin/inetd /tmp/.foo' as
shellcodes instead of plain execs (which only makes sense with
tcp-servicing daemons if exec'ed shell inherits socket descriptors .. blah blah ;-)).