一个su后门程序
2006-07-03 20:27:34 来源:WEB开发网本代码为假冒的su,用于捕获以root身份登陆的非授权用户。两刃剑。
/*
* From: CERT Tools
* To: cert-tools@cert.org
* Subject: Quiet list
* Date: Wed, 31 Aug 1994 10:37:16 -0400
*
* Its been quiet, here is something to stir things up a little :-)
*
* - Shawn
* Shawn F. Mckay phone: 617-253-2583
* Dept. of Electrical Eng. & Computer Science email: shawn@eddie.mit.edu
* M.I.T. / room 38-388 / Cambridge, MA 02139 / USA
* ** PGP Key available on request **
*
*/
/*
* Dummy "su" program. Intended to help an intruder who does not
* know the system (many work from "cheat sheets") to trip alarms
* so the rightful sysadmin folks can charge to the rescue.
*
* Author: Shawn F. Mckay (shawn@aradia.uucp)
* Revision Date: 94-08-29
* Version: 1.1
* Copyright (c) 1989-1994 Shawn F. Mckay, All Rights Reserved.
* May not be sold for profit without written concent of author.
* No warranty of ANY KIND is implied, use at your own risk!
*
* Installation Notes:
* a) Create a directory in a secret place mode 770 (group whlcp)
* b) Move your real copy of "su" to this new location
* Make it also group whlcp and mode 4510
* c) Now, install this here su into the old location of your
* systems su program. (mode 4511) (usually /bin or /usr/bin).
* This program needs to be setuid root to be beleived, but as
* you can see, it does NOT run as root, it runs as daemon as
* soon as its run.
* d) Finally, make sure to add yourself to whlcp group as needed.
* e) Act quickly if you detect a violation of any kind
*
* Also note, you will probably need to modify /etc/crontab to
* advise any system shell Scripts where the "real" su went. You
* should probably try and ensure these places are also non-world
* readable.
*
* The above should work for almost ANY UNIX system. As always, use
* your judgement.
*/
更多精彩
赞助商链接