Item Bin see each other using remote overflow vulnerability that adds two system user accounts: r and rt, so that you can come up tel. Item Bin clearly see each other to create a second account in the wrong when a command, may be due to too excited. The two account password is abcdef, intruder records all keystrokes are recorded. Now, the intruder already has the system account, then he can always come in with these two accounts tel.
Then, the other in the system creates a hidden directory, and then he began to download the tools from other systems package to this directory, spent a little time to transfer files, download the toolkit was successfully down items found his tools Bin package is not big, a little more than four trillion. Install the kit, he only execute a file, it is a simple script file to the batch system as windows (extension. Bat) files, can automatically perform many commands.
Ha ha! Item Bin smile, it seems that the other party is not a passer, but plan to this server as a base for his long-term use. Item Bin sneer to see you have the ability of the.
Kit installed, the intruder began to clean up the log file, and his invasion and installation of related behaviors toolkit will be recorded in the log file, so in order to avoid getting caught, this step is certainly unavoidable.
Cleaned up log files, the placement of the system of his own back door, he casually browse it in the system, along with some changes to the command and some strange moves, while starting a service, while they Kill off the process, item Bin all feel a little strange. But soon, he will understand, the original system, the other in finding other vulnerabilities, Bin items because the other side started to help reinforce the system.
No comments:
Post a Comment