Forside

  Antivirus

  Firewall

  Spam

  Spyware

DOWNLOAD GRATIS SPAM PROGRAM

STREAMER
T-SHIRTS

INDHOLD

  Forside

  Artikler

  Guides

  Nyheder

  Support

  Logfiler

  Tools

  Download

  Litteratur

  Hacker Games

  Hardware firewalls

  Software firewalls

  Gratis WLAN Guide

  Software

ANBEFALING:

INFORMATION SECURITY MANAGEMENT HANDBOOK

 

ONLINE VIRUSSCAN

Gratis online viruscanner 

LOGFILER 

Logfiler:

Linux hack
PHP attack mod ghost-recon.nu
PHP attack mod Kriminalitet.dk
Formmail attack mod Kriminalitet.dk
PHP attack mod DK-Force.dk

Exploit mod Kriminalitet.dk
UNIX og Nimda
ISA og Code Red

LINUX HACK 

Her vist et eksempel på en Linux Red Hat 6.2 der er blevet hacket.

Der blev oprettet to nye konti samt installeret en sniffer der logger passwords i en fil der kan læses gennem en bagdør på port 1212.

/var/log/secure

May 25 05:50:55 [servernavn] in.ftpd[1166]: connect from [hackers ip]

May 25 05:54:38 [servernavn] in.telnetd[1177]: connect from 127.0.0.1

May 25 05:54:45 [servernavn] login: LOGIN ON 0 BY gabi FROM localhost.localdomain

/var/log/messages

May 25 03:51:01 [servernavn]ftpd[1166]: ANONYMOUS FTP LOGIN FROM [hackers ip] [xxx.xx.x.xxx]

May 25 04:19:23 [servernavn]ftpd[1265]: ANONYMOUS FTP LOGIN FROM [servernavn].dk [hackers ip], [servernavn].dk

May 25 05:53:11 [servernavn]adduser[1171]: new group: name=r00t, gid=503

May 25 05:53:11 [servernavn]adduser[1171]: new user: name=r00t, uid=0, gid=503, home=/home/r00t, shell=/bin/bash

May 25 05:53:54 [servernavn]PAM_pwdb[1172]: password for (r00t/0) changed by ((null)/0)

May 25 05:53:56 [servernavn]adduser[1173]: new group: name=gabi, gid=504

May 25 05:53:56 [servernavn]adduser[1173]: new user: name=gabi, uid=503, gid=504, home=/home/gabi, shell=/bin/bash

May 25 05:54:13 [servernavn]PAM_pwdb[1174]: password for (gabi/503) changed by ((null)/0)

May 25 05:54:45 [servernavn]PAM_pwdb[1178]: (login) session opened for user gabi by (uid=0)

May 25 05:54:54 [servernavn]PAM_pwdb[1198]: (su) session opened for user r00t by gabi(uid=503)

May 25 05:58:33 [servernavn]kernel: znif uses obsolete (PF_INET,SOCK_PACKET)

May 25 05:58:33 [servernavn]kernel: device eth0 entered promiscuous mode

May 25 05:58:34 [servernavn]port[1235]: log: Server listening on port 1212.

May 25 05:58:34 [servernavn]port[1235]: log: Generating 768 bit RSA key.

May 25 05:58:34 [servernavn]port[1235]: log: RSA key generation complete.

May 25 06:01:49 [servernavn]PAM_pwdb[1198]: (su) session closed for user r00t

May 25 06:01:53 [servernavn]PAM_pwdb[1178]: (login) session closed for user gabi

May 25 06:01:53 [servernavn]inetd[438]: pid 1177: exit status 1

May 25 06:25:37 [servernavn]PAM_pwdb[1295]: password for (root/0) changed by (root/0)

May 25 06:27:03 [servernavn]userdel[1315]: delete user `gabi'

May 25 06:27:03 [servernavn]userdel[1315]: remove group `gabi'

May 25 06:27:10 [servernavn]userdel[1316]: delete user `r00t'

May 25 06:27:10 [servernavn]userdel[1316]: remove group `r00t'

/etc/rc.d/rc.local

echo >> /etc/issuefi

/usr/sbin/squid-start

/usr/sbin/squid-start cd /usr/local/info./znif & /usr/sbin/port -p 1212 &

Copyright © KRIMINALITET.DK