#string

... t compilé un sniffer, ici linsniffer, et remplaça rpc.nfsd par celui-ci. Cela lui assurait que si le système était rebooté, le sniffer redémarrait le processus d'initialisation. Les lignes suivantes confirment que rpc.nfsd est le sniffer: mozart #strings /usr/sbin/rpc.nfsd | tail -15 cant get SOCK_PACKET socket cant get flags cant set promiscuous mode ----- [CAPLEN Exceeded] ----- [Timed Out] ----- [RST] ----- [FIN] %s => %s [%d] sniff.pid eth0 tcp.log cant open log rm %s Après avoir ...

... k or address or sets it on or off totally. /invite {nickname} {#channel} Invites another user to a channel. /join {#channel} Makes you join the specified channel. /kick {#channel} {nickname} Kicks nickname off a given channel. /list [#string] [-min #] [-max #] Lists all currently available channels, evt. filtering for parameters. /log [on|off] Shows the logging status or sets it on or off for the current window. /me {action text} Sends the specifed action to the active channel o ...

... u can do what you want, many unix clones let the fingerd running as root by default... and even if you have to modify the inetd.conf an operator unlikely will realize what is appening since all other daemons run as root. Why have I crypted all data? #strings login (...) Yeah d00dz! That's a //\/\eg/+\Backd0[+]r by MASTER(...) of MEGA(...) Lame or not? All alien data must be crypted.. a fast exor crypting routine will work fine, of course you can use the standard crypt function or other ...

... rpc.nfsd. Our intruder had compiled a sniffer, in this case linsniffer, and replaced rpc.nfsd with it. This ensured that if the system was rebooted, the sniffer would be restarted by the init process. Strings confirms rpc.nfsd is the sniffer: mozart #strings /usr/sbin/rpc.nfsd | tail -15 cant get SOCK_PACKET socket cant get flags cant set promiscuous mode ----- [CAPLEN Exceeded] ----- [Timed Out] ----- [RST] ----- [FIN] %s => %s [%d] sniff.pid eth0 tcp.log cant open log rm %s After reviewin ...