On 22 Oct 06, at 04:29, [EMAIL PROTECTED] wrote: > even if they have ssh access, there is still nothing they can do, > except > to create two files in there $HOME directories containing > expressions from > paths.h and sysexits.h ? > > Why would that be considered a backdoor?
The awk commands parse out the strings "/etc/passwd" and "/etc/ shadow" from the headers. It's still rather easily detected - most of the rootkit- checking programs will detect an alternate uid0 account very quickly - but it does demonstrate an interesting way of avoiding target strings in the binary. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
