WEB开发网
开发学院网络安全黑客技术 一个su后门程序 阅读

一个su后门程序

 2006-07-03 20:27:34 来源:WEB开发网   
核心提示:本代码为假冒的su,用于捕获以root身份登陆的非授权用户,两刃剑,一个su后门程序, /** From:CERT Tools* To:cert-tools@cert.org* Subject: Quiet list* Date:Wed, 31 Aug 1994 10:37:16 -0400** Its been qu

本代码为假冒的su,用于捕获以root身份登陆的非授权用户。两刃剑。

/*
* From:  CERT Tools
* To:   cert-tools@cert.org
* Subject: Quiet list
* Date:  Wed, 31 Aug 1994 10:37:16 -0400
*
* Its been quiet, here is something to stir things up a little :-)
*
*  - Shawn
* Shawn F. Mckay    phone: 617-253-2583
* Dept. of Electrical Eng. & Computer Science  email: shawn@eddie.mit.edu
* M.I.T. / room 38-388 / Cambridge, MA 02139 / USA
* ** PGP Key available on request **
*
*/

/*
* Dummy "su" program. Intended to help an intruder who does not
* know the system (many work from "cheat sheets") to trip alarms
* so the rightful sysadmin folks can charge to the rescue.
*
* Author: Shawn F. Mckay (shawn@aradia.uucp)
* Revision Date: 94-08-29
* Version: 1.1
* Copyright (c) 1989-1994 Shawn F. Mckay, All Rights Reserved.
* May not be sold for profit without written concent of author.
* No warranty of ANY KIND is implied, use at your own risk!
*
* Installation Notes:
*  a) Create a directory in a secret place mode 770 (group whlcp)
*  b) Move your real copy of "su" to this new location
*   Make it also group whlcp and mode 4510
*  c) Now, install this here su into the old location of your
*   systems su program. (mode 4511) (usually /bin or /usr/bin).
*   This program needs to be setuid root to be beleived, but as
*   you can see, it does NOT run as root, it runs as daemon as
*   soon as its run.
*  d) Finally, make sure to add yourself to whlcp group as needed.
*  e) Act quickly if you detect a violation of any kind
*
*  Also note, you will probably need to modify /etc/crontab to
*  advise any system shell Scripts where the "real" su went. You
*  should probably try and ensure these places are also non-world
*  readable.
*
* The above should work for almost ANY UNIX system. As always, use
* your judgement.
*/

1 2 3  下一页

Tags:一个 su 后门

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接