====== exe ======
Cas d'un binaire exécutable qui tourne mais donc le fichier n'existe plus
# ps aux | grep cron
toto 25643 0.0 0.0 145924 1228 ? S 09:01 0:01 ./cron.php -e0.0.0.0 -p31756
# ls -l /proc/25643/exe
lrwxrwxrwx 1 toto toto 0 janv. 23 22:51 /proc/25643/exe -> /var/www/toto/plugins/xmap/com_mtree/cron.php (deleted)
Le fichier n'existe plus car il a été effacé, mais comme il tourne en mémoire, on peut encore le copier simplement avec la commande **cp**
# cp /proc/25643/exe cron.php
# ls -l cron.php
-rwxr-xr-x 1 root root 44136 janv. 23 22:55 cron.php
# ./cron.php --help
./cron.php of 3proxy-0.8.8 (161213011647)
Usage: ./cron.php options
Available options are:
-I inetd mode (requires real socket, doesn't work with TTY)
-l@IDENT log to syslog IDENT
-d go to background (daemon)
-fFORMAT logging format (see documentation)
-l log to stderr
-lFILENAME log to FILENAME
-b(BUFSIZE) size of network buffer (default 4096 for TCP, 16384 for UDP)
-S(STACKSIZE) value to add to default client thread stack size
-t be silent (do not log service start/stop)
-iIP ip address or internal interface (clients are expected to connect)
-eIP ip address or external interface (outgoing connection will have this)
-rHOST:PORT Use IP:port for connect back proxy instead of listen port
-RHOST:PORT Use PORT to listen connect back proxy connection to pass data to
-4 Use IPv4 for outgoing connections
-6 Use IPv6 for outgoing connections
-46 Prefer IPv4 for outgoing connections, use both IPv4 and IPv6
-64 Prefer IPv6 for outgoing connections, use both IPv4 and IPv6
-pPORT - service port to accept connections
-RIP:PORT - connect back IP:PORT to listen and accept connections
-rIP:PORT - connect back IP:PORT to establish connect back connection
Example: ./cron.php -i127.0.0.1
(c)3APA3A, Vladimir Dubrovin & 3proxy.ru
Documentation and sources: http://3proxy.ru/
Please read license agreement in 'copying' file.
You may not use this program without accepting license agreement
Et voila un beau script de proxy permettant à des pirates de se connecter à des sites web en utilisant votre adresse ip...