|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: Miff - Backhoe. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
Miff - Backhoe by Lost at 5:41 pm EDT, Oct 20, 2008 |
Your Very Own Backhoe by miff 1.) what is it? backhoe is a backdoor daemon that copies a rootshell into /tmp periodically, then deletes it. You set the frequency that you want rootshells to appear, and you set the amount of time that they will persist before backhoe deletes them. This gives the user who knows what to look for a convenient backdoor without having to modify any system binaries or otherwise fuck someone's box. OK, so what? It puts a rootshell in /tmp every so often, BFD. Well, to make things more interesting, it also spawns multiple copies of itself, you know, in case root sees some strange process or behavior and decides to kill -9 the bitch. The separate copies (you pick how many you want) actually monitor each other using signals to make sure that all is well with the backdoor. If any of the copies of backhoe find that any of the other copies are missing or not functioning, backhoe goes into defense mode. In defense mode, backhoe kills all root sessions, spawns a new set of daemons (in addition to the ones already running), and reinitializes all of them. Normal operation continues, with a few more instances of backhoe in memory. In order to make backhoe harder to kill all at once, I added a disguise routine which makes backhoe appear to be one of any number of normal processes (at random), or joke processes, if you prefer to fuck with the admin.
I rewrote this in C, but was too embarrassed by my C to release the code. Was just looking it up to find out how to rename a pid with... $0 it turns out. |
|
|