How to Set rootkit on a vro Intranet

Introduction to rootkit

Generally, attackers obtain root access permissions through remote attacks, or obtain system access permissions by means of password guesses or forced password deciphering. After entering the system, if he has not yet obtained the root permission, then he can obtain the root permission of the system through some security vulnerabilities. Then, the attacker will install the rootkit In the compromised host, and then he will often use the rootkit backdoor to check whether other users have logged on to the system, the attacker began to clean up the relevant information in the log. Attackers can exploit this information to access other systems after obtaining the users and passwords of other systems through the rootkit sniffer.

Rootkit was first used for good intentions, but later Rootkit was also used by hackers to intrude into and attack others' computer systems. computer viruses and spyware often use Rootkit to hide traces, therefore, Rootkit has been classified as harmful malware by most anti-virus software. Linux, Windows, Mac OS, and other operating systems all have the opportunity to become the victim of Rootkit.

Vrorootsetting rootkit

Q: Can I access the internal network in the following circumstances?

A Cisco Internet border router runs TFTP without SSH, while a malicious person obtains the certificate and owns the router, then uploads a new configuration to open the communication port. Is the only possible attack a Denial of Service (DoS), or can rootkit be placed on an internal network?

A: without knowing how DMZ protects the internal network, it is hard to say how difficult the damage is. However, in this case, it may sound insecure.

TFTP is an insecure protocol, most of the time it is used to transfer configuration files between network routers. It is insecure because it does not transmit data in plaintext encrypted mode, and does not require authentication and is based on UDP. In terms of security, the first two issues are the most important. If the configuration files are not encrypted during transmission, they can be intercepted, read, and processed. If their transfer is not authenticated, anyone can access it.

So why can anyone use TFTP? TFTP is located on the server accessed by the Cisco router, and the Cisco router can update their configuration files. Some networks still need to run TFTP for the backward compatibility of old network hard disks. However, you should replace it with SSH, which can encrypt traffic and require authentication.

Again, if you do not know whether the Intranet is protected by DMZ, it is difficult to determine whether the VBR can attack the entire network. Attacks on any vro that can access the network cannot predict the impact on enterprise security. For example, if someone controls access to the vro in the system and can change the configuration file by operating the weak TFTP server, he or she can access the network in depth. Denial of service (DoS) attacks are only possible. Attackers can release a series of malware, including the key recorder to obtain account certificates.

VroAttackers can gain necessary access and control the servers or hosts on the network. With access to the server, installRoootkitThis is not a problem.