Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Malware-Backdoors"

Revision as of 19:58, 9 February 2024

Backdoors

Netstat

Netstat lets you see which ports are being used by which programs. This is valuable because backdoors may be waiting for a remote hacker to connect to it on your computer.

Install netstat with sudo apt install net-tools
sudo netstat -tlnp to run netstat.
- sudo is required so that you have the permission to the see which process is using each port
- -t only shows processes using tcp, which is common for backdoors
- -l only shows listening processes, which backdoors will most likely be doing
- -n shows each process's address
- -p displays the process's name
If you find a process you don't recognize (cupsd and sshd are safe), first Google (or DuckDuckGo) the name to see if it seems like a regular linux thing or something related to the scoring software.
If it seems potentially dangerous, use a program called htop to inspect it.
- sudo apt install htop
- htop
- press '/' to start searching for a process, and type in the process name you're suspicious of.
- the command column will tell you where the program or script is located on your computer. This may be useful if a forensics question asks you to locate a backdoor.
- After any forensics question, try to stop the process if you're confidant that it's a malicious program. leave htop (ctrl-c) and run kill <process>. If you lose point, try to figure out how to start the process again (rebooting might work). If you don't lose points you can remove the program or script from the location found with htop, using sudo rm <program path>

Exploits

LinEnum

LinEnum is an extremely useful program for hackers to find exploits, such as unsafe permissions or unsafe settings in configuration files. This is of course helpful for us to find exploits that have to be fixed as well as for hackers.

Installation:
- sudo apt install git
- git clone https://github.com/rebootuser/LinEnum
Run it:
- bash LinEnum/LinEnum.sh
It will spit out a ton of information on things that may be useful to you. It's recommended that you scroll through the whole thing yourself, but here are some especially important sections, in order from top of the output to bottom:
- The USER/GROUP section is technically very useful, but those exploits should be fixed with a user script.
- Path information: This shows the path, which determines which directory the commands you run come from. This should only include bin directories, like /usr/bin.
- Password and storage information: This displays how often passwords must change, the encryption method, and more. This should be changed with a script.
- [in progress]

@@ Line 4: / Line 4: @@
 # Install netstat with <code>sudo apt install net-tools</code>
 # <code>sudo netstat -tlnp</code> to run netstat.
-#*sudo is required to see the name of all processes using each port
+#*sudo is required so that you have the permission to the see which process is using each port
 #*-t only shows processes using tcp, which is common for backdoors
 #*-l only shows listening processes, which backdoors will most likely be doing
 #*-n shows each process's address
 #*-p displays the process's name
-# If you find a process you don't recognize (cupsd and sshd are safe), first Google (or DuckDuckGo) the name to see if it seems like a regular linux thing, or something related to the CyberPatriot competition
+# If you find a process you don't recognize (cupsd and sshd are safe), first Google (or DuckDuckGo) the name to see if it seems like a regular linux thing or something related to the scoring software.
-# If it seems potentially dangerous, use a program called htop to inspect or kill it.
+# If it seems potentially dangerous, use a program called htop to inspect it.
 #* <code>sudo apt install htop</code>
 #* <code>htop</code>
@@ Line 16: / Line 16: @@
 #* the command column will tell you where the program or script is located on your computer. This may be useful if a forensics question asks you to locate a backdoor.
 #* After any forensics question, try to stop the process if you're confidant that it's a malicious program. leave htop (ctrl-c) and run <code>kill <process></code>. If you lose point, try to figure out how to start the process again (rebooting might work). If you don't lose points you can remove the program or script from the location found with htop, using <code>sudo rm <program path></code>
+==Exploits==
+===LinEnum===
+LinEnum is an extremely useful program for hackers to find exploits, such as unsafe permissions or unsafe settings in configuration files. This is of course helpful for us to find exploits that have to be fixed as well as for hackers.
+# Installation:
+#* <code>sudo apt install git</code>
+#* <code>git clone https://github.com/rebootuser/LinEnum</code>
+# Run it:
+#* <code>bash LinEnum/LinEnum.sh</code>
+# It will spit out a ton of information on things that may be useful to you. It's recommended that you scroll through the whole thing yourself, but here are some especially important sections, in order from top of the output to bottom:
+#* The USER/GROUP section is technically very useful, but those exploits should be fixed with a user script.
+#* Path information: This shows the path, which determines which directory the commands you run come from. This should only include bin directories, like /usr/bin.
+#* Password and storage information: This displays how often passwords must change, the encryption method, and more. This should be changed with a script.
+#* [in progress]

Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Malware-Backdoors"

Revision as of 19:58, 9 February 2024

Contents

Backdoors

Netstat

Exploits

LinEnum

Navigation menu

Search