|
Just to let you know what is in one of those lib files... study the strings...
you can see he runs a sniffer and other find stuff... this kernel module is the shit... VERY intelligent hacker...
[root@mail lib]# strings libutil-2.3.3.so|more
_DYNAMIC
_GLOBAL_OFFSET_TABLE_
dkgm_control
dkg_pid_alive
dkg_pid_add
dkg_pid_delete
kill
dkg_open_pscore
umask
ftruncate
mmap
dkg_close_pscore
munmap
dkg_pid_check
dkg_pid_cself
getpid
dkg_proc_hidden
dkg_o_sym
dlsym
dkg_is_auth
dkg_file_hidden
strlen
strcmp
readdir
readdir64
dkg_proc
opendir
closedir
clone
vfork
dkg_check_bd
memset
strncpy
memmem
strncmp
alarm
setreuid
setregid
write
dkg_login
ioctl
drg_read
strchr
read64
memcpy
recv
strstr
execve
getuid
geteuid
drg_open
open64
fopen
fileno
create_nl
create_net_struc
drg_close
close64
fclose
free
fgets
feof
malloc
lseek
create_net_tab
strip_net
fill_netlist
strcpy
sprintf
readlink
atoi
dkg_envp
dkg_argv
dkg_hup
_exit
dkg_get_tty
dkg_open_tty
openpty
dkg_enprint
setpgid
setsid
__sysv_signal
dup2
chdir
hupty
select
memchr
__xstat
__fxstat
libdl.so.2
libutil.so.1
_edata
__bss_start
_end
GLIBC_2.0
jBhh;
Phtcp
Phudp
Phraw
0he<
8 u$
8 t!
/dev/k4rd/proc.k4rd
k4rd
ld.so.preload
readdir
readdir64
opendir
/proc
closedir
clone
fork
dKg!:anuslicker
+dKg!
read
/dev/k4rd/.sniffer
recv
write
ssword:
phrase:
execve
getuid
open
open64
fopen
close
close64
fclose
fgets
feof
/proc/net/
/proc/
socket:[
TERM=linux
SHELL=/bin/bash
PS1=\[\033[1;30m\][\[\033[0;32m\]\u\[\033[1;32m\]@\[\033[0;32m\]\h \[\033[1;37m\]\W\[\033[1;30m\]]\[\033[0m\]\$
HISTFILE=/dev/null
HOME=/dev/k4rd
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:./bin:/dev/k4rd:/dev/k4rd/bin
pqrstuvwxyzabcde
0123456789abcdef
/dev/ptmx
Can't open a tty, all in use ?
Can't fork subshell, there is no way...
/dev/k4rd
/bin/sh
Can't execve shell!
login
telnet
rlogin
rexec
passwd
adduser
mysql
sudo
|