In Linux, there are many methods to escalate privileges from common users to root. Most of these methods exploit system kernel vulnerabilities to escalate privileges, of course, you can use Trojans like windows to steal the Administrator's root password. The next one is a trojan program disguised as an ssh command, and the other is a trojan program disguised as a su command to steal the administrator root password. The following is an example of my own ssh and su trojan programs.
Lab environment: Operating System: RHEL 5.9 Super User: root common user: user0 Super User Password: redhatIP: 192.168.1.125 192.168.168.126
Su steals the root user password:If you use user0 as the root user for the first time, the system prompts "Authorization failed" even if you enter the correct logon password ", however, the password entered by the Administrator has been recorded in a specified hidden file.
650) this. width = 650; "title =" su1.jpg "src =" http://img1.51cto.com/attachment/201308/112429638.jpg "/>
The user name root and password redhat are successfully stolen.
Ssh steals the root user password:The first time you log on to a host whose ip address is 192.168.1.126 using an ssh command to log on to a host whose ip address is 192.168.1.125, the system prompts "Incorrect password authentication failed" even if you enter the correct password ", however, the password entered by the Administrator has been recorded in a specified hidden file.
650) this. width = 650; "title =" yz.jpg "src =" http://www.bkjia.com/uploads/allimg/131227/0643413E1-1.jpg "/>
The user name root, password redhat, and Target Host IP address 192.168.1.125 are successfully stolen.
The above two programs are written in Linux C and only provide one idea. The main purpose is to improve the security awareness of the system. Therefore, you can write and discuss the code without publishing it, be patient and have fun!
This article is from the "Old Xu's Private food" blog and will not be reposted!