Problems with crackers/shitheads
Roger Oberholtzer
roger
Mon Sep 19 01:54:21 PDT 2005
On Mon, 2005-09-19 at 02:40, David Bandel wrote:
> Folks,
>
> Can anyone here reverse engineer an ELF-32 binary?
Only to assembly code, as I would be quite surprised if they left in
debugging statements. Unless they are really cocky. How do the programs
get run? And as which user? Are there any libs in the directory as well?
>
> I've had some problems in the past with users who've been compromised
> and some idiot script kiddies are getting into the systems as those
> users and running a key logger.
>
> What I need to find out is what that key logger can see, if it's only
> literally the keyboard or they can see a remote keyboard (pts/0,
> pts/1) in use by someone other than the user running the keylogger.
> My guess is no, but I'd like to be sure.
>
> I have the entire directory. Will have to rename it, they've gone to
> the extreme of naming the directory with a space (only).
>
> Any takers?
>
> TIA,
>
> David A. Bandel
+????????????????????????????+???????????????????????????????+
? Roger Oberholtzer ? E-mail: roger at opq.se ?
? OPQ Systems AB ? WWW: http://www.opq.se/ ?
? Kapellgr?nd 7 ? ?
? P. O. Box 4205 ? Phone: Int + 46 8 314223 ?
? 102 65 Stockholm ? Mobile: Int + 46 733 621657 ?
? Sweden ? Fax: Int + 46 8 314223 ?
+????????????????????????????+???????????????????????????????+
More information about the Linux-users
mailing list