Security Incidents mailing list archives
Re: R: Re: Korea (was RE: ?)
From: fygrave () EPR0 ORG (CyberPsychotic)
Date: Sat, 5 Feb 2000 14:31:19 +0500
~:> Why such primitive backdoors are used is somewhat ~:> of a mystery. ~: ~:Pretty simple. Almost all the outdated "beginner guides to hacking" and ~:similar out there list copying /bin/sh to another location and adding a line ~:to inetd.conf as a rule of thumb in creating backdoors. ~: The other reason is plain simplicity. It's somewhat more painful (and for regular skript kiddie -- impossible) to embed more sophisticated backdoor into shellcode. (and as you noticed most of recent `sploits have some sort of `echo "... /bin/sh" > /tmp/.foo; /usr/sbin/inetd /tmp/.foo' as shellcodes instead of plain execs (which only makes sense with tcp-servicing daemons if exec'ed shell inherits socket descriptors .. blah blah ;-)).
Current thread:
- Re: Korea (was RE: ?) Russell Fulton (Jan 31)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Jon Lewis (Jan 31)
- Re: Korea (was RE: ?) Joe User (Feb 01)
- R: Re: Korea (was RE: ?) Raistlin (Feb 03)
- Re: R: Re: Korea (was RE: ?) CyberPsychotic (Feb 05)
- Re: Korea (was RE: ?) Paul Kincaid (Feb 01)
- Re: Korea (was RE: ?) Douglas Cho (Feb 08)