Linux backdoor in Centos 6

Support for security such as Firewalls and securing linux
Dat
Posts: 7
Joined: 2015/07/07 15:02:57

Linux backdoor in Centos 6

Post by Dat » 2015/07/07 15:19:11

Hi everyone,

This morning, at my company, my team lead did a demonstration on creating a backdoor in Linux.
He used ssh to connect to my computer (with IP and password I provided); then he copied a program that he had prepared and ran it on my computer; and since that time he had had the ability do things such as shutting down my computer, killing running process (eclipse and thunderbird). Even when I changed my password and root password, he could control my computer.

He has not revealed his technique yet

Could any show tell me what technique did he use or what security hole did he exploit?
If I encounter such attach in real life, how can I remove the software?

Thanks

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Linux backdoor in Centos 6

Post by gerald_clark » 2015/07/07 15:32:45

He used the gullible user exploit.
What is the output of 'uname -a' on this machine?

Dat
Posts: 7
Joined: 2015/07/07 15:02:57

Re: Linux backdoor in Centos 6

Post by Dat » 2015/07/07 15:39:51

I don't know, and now I cannot access to the machine, it is at my company; but it is is installed Centos 6.6 (I myself installed it, and I did not upgrade kernel manually).

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Linux backdoor in Centos 6

Post by gerald_clark » 2015/07/07 15:49:07

If you never updated, there are several possible exploits.
Once compromised, the only safe thing to do is backup your data, format, and reinstall.
Then immediately 'yum update'.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Linux backdoor in Centos 6

Post by TrevorH » 2015/07/07 15:50:49

However, if this was done by your team leader then you should just need to ask him to undo the changes he made.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Dat
Posts: 7
Joined: 2015/07/07 15:02:57

Re: Linux backdoor in Centos 6

Post by Dat » 2015/07/07 16:05:33

Of course, it is ok because he is my team lead.
But I wonder how can his program by pass the root password.
He gave me a hint that the program uses "system()" function.

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: Linux backdoor in Centos 6

Post by aks » 2015/07/08 18:05:13

Who did he run as? Was he root? Was the binary suid?

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: Linux backdoor in Centos 6

Post by Whoever » 2015/07/09 04:17:54

Dat wrote:Hi everyone,

This morning, at my company, my team lead did a demonstration on creating a backdoor in Linux.
He used ssh to connect to my computer (with IP and password I provided); then he copied a program that he had prepared and ran it on my computer; and since that time he had had the ability do things such as shutting down my computer, killing running process (eclipse and thunderbird). Even when I changed my password and root password, he could control my computer.

He has not revealed his technique yet

Could any show tell me what technique did he use or what security hole did he exploit?
If I encounter such attach in real life, how can I remove the software?

Thanks

Did you give him the root password?

Dat
Posts: 7
Joined: 2015/07/07 15:02:57

Re: Linux backdoor in Centos 6

Post by Dat » 2015/07/10 15:50:55

Yes, I did gave him root password.

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Linux backdoor in Centos 6

Post by gerald_clark » 2015/07/10 15:53:20

So there was no backdoor used.

Post Reply