Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Plague Proof of Concept Linux backdoor
From: hijacker () oldum net
Date: Mon, 23 Oct 2006 14:39:50 +0300 (EEST)

Hello Rik,
and how on earth can you make "root" run that piece of code? Do you have
to specify it in the README section that it is mandatory to run that as
root in order the "new" application root will be installing to run as
expected?

Indeed, it is hard to tell what it actually does... unless you open your
eyes and see sed 's/root/something/g' somewhere.

Either way, installing from hundreds of source files, can make even the
best sys admin to not notice that part of the source code of the
BACKDOOR-contagious application!

bad PLAGUE! bad intentions! bad people possibly putting that where root is
messing.

cheers,
-nik


hijacker () oldum net wrote:
Are you saying I just injected my system with an account with root
access
hiding somewhere? Please, clarify.

as you can tell by the subject, this is a BACKDOOR, you run it as root,
and yes, than it works and creates a "new root" account

you ran it as a normal user, so it won't work (you can't read
/etc/shadow as normal user (du'uh))

grtz,

--
harry
aka Rik Bobbaers

K.U.Leuven - LUDIT          -=- Tel: +32 485 52 71 50
Rik.Bobbaers () cc kuleuven be -=- http://harry.ulyssis.org

thinking always leads to conclusions... and those can be extremely
dangerous
-- me ;)

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]