Outils pour utilisateurs

Outils du site


hack:exe (lu 4188 fois)

exe

Cas d’un binaire exécutable qui tourne mais donc le fichier n’existe plus

# ps aux | grep cron
toto 25643  0.0  0.0 145924  1228 ?        S    09:01   0:01 ./cron.php -e0.0.0.0 -p31756

# ls -l /proc/25643/exe
lrwxrwxrwx 1 toto toto 0 janv. 23 22:51 /proc/25643/exe -> /var/www/toto/plugins/xmap/com_mtree/cron.php (deleted)

Le fichier n’existe plus car il a été effacé, mais comme il tourne en mémoire, on peut encore le copier simplement avec la commande cp

# cp /proc/25643/exe cron.php
# ls -l cron.php
-rwxr-xr-x 1 root root 44136 janv. 23 22:55 cron.php

# ./cron.php --help
./cron.php of 3proxy-0.8.8 (161213011647)
Usage: ./cron.php options
Available options are:
 -I inetd mode (requires real socket, doesn't work with TTY)
 -l@IDENT log to syslog IDENT
 -d go to background (daemon)
 -fFORMAT logging format (see documentation)
 -l log to stderr
 -lFILENAME log to FILENAME
 -b(BUFSIZE) size of network buffer (default 4096 for TCP, 16384 for UDP)
 -S(STACKSIZE) value to add to default client thread stack size
 -t be silent (do not log service start/stop)
 -iIP ip address or internal interface (clients are expected to connect)
 -eIP ip address or external interface (outgoing connection will have this)
 -rHOST:PORT Use IP:port for connect back proxy instead of listen port
 -RHOST:PORT Use PORT to listen connect back proxy connection to pass data to
 -4 Use IPv4 for outgoing connections
 -6 Use IPv6 for outgoing connections
 -46 Prefer IPv4 for outgoing connections, use both IPv4 and IPv6
 -64 Prefer IPv6 for outgoing connections, use both IPv4 and IPv6
 -pPORT - service port to accept connections
 -RIP:PORT - connect back IP:PORT to listen and accept connections
 -rIP:PORT - connect back IP:PORT to establish connect back connection
        Example: ./cron.php -i127.0.0.1

(c)3APA3A, Vladimir Dubrovin & 3proxy.ru
Documentation and sources: http://3proxy.ru/
Please read license agreement in 'copying' file.
You may not use this program without accepting license agreement

Et voila un beau script de proxy permettant à des pirates de se connecter à des sites web en utilisant votre adresse ip…

hack/exe.txt · Dernière modification: 23-01-2020 22:58 de edmc73