Új hozzászólás Aktív témák
-
Z_A_P
addikt
You can easily get around this issue in a number of ways. Here's an example -- prepend a directory to the user's $PATH variable (eg, ~/.pwn) by exporting a new PATH and adding it to their ~/.profile, create a program called "sudo" in there which acts as a man-in-the-middle between the user and the true sudo in the ~/.pwn directory, now when the user next runs sudo, they will run your sudo.
You take their password, pass it through to the real sudo so they can gain escalated privilege without noticing anything awry, and now you have the ability to sudo yourself and have full permission to modify /etc/resolv.conf, change network settings via ifconfig, etc. You can even then lay a suid-bit backdoor owned by root somewhere on the filesystem so if they ever change their password, your software still maneuvers with uid 0.
OK
-
bambano
titán
az, hogy berak az user crontabjába egy backdoort, az simán megvan egy másodpercen belül.
utána távolról bemegy a backdooron és szórakozik a rendszerrel.
az is hamar van, hogy felrak egy ál-sudót. az tart sokáig, míg ráveszi a júzert, hogy használja.Egy átlagos héten négy hétfő és egy péntek van (C) Diabolis