HPE Community
Operating System - HP-UX
1830340 Members
2310 Online
110001 Solutions
New Discussion

HP-UX hacking program

 
SOLVED
Go to solution
Jojo Castro
Regular Advisor

‎02-04-2011 08:32 AM

‎02-04-2011 08:32 AM

Re: HP-UX hacking program

One more thing Dennis, can a normal ordinary user has a capable to set their UID and GID with setuid and setgid commands?
0 Kudos
Dennis Handly
Acclaimed Contributor

‎02-04-2011 08:38 AM

‎02-04-2011 08:38 AM

Re: HP-UX hacking program

>can a normal ordinary user has a capability to set their UID and GID with setuid and setgid syscalls?

No, that's why the program has setuid root< -rwsr-xr-x.
Once you remove that permission, "su -" will ask you for root's password.
0 Kudos
Jojo Castro
Regular Advisor

‎02-04-2011 08:41 AM

‎02-04-2011 08:41 AM

Re: HP-UX hacking program

Thanks Dennis. One last question, do you think he destroyed other "valid" executable files such us /usr/bin/su, etc...

# ll /usr/bin/su
-r-sr-x--- 1 root suers 51872 Aug 3 2005 /usr/bin/su
0 Kudos
Dennis Handly
Acclaimed Contributor

‎02-04-2011 09:32 AM

‎02-04-2011 09:32 AM

Re: HP-UX hacking program

>do you think he destroyed other "valid" executable files

Use swverify: swverify "*"

Of course if "swverify -F '*'" was used right after the file were modified, you could no longer check it that way. You could look for the swmodify.log for the past year.
0 Kudos
Bill Hassell
Honored Contributor

‎02-04-2011 09:51 AM

‎02-04-2011 09:51 AM

Re: HP-UX hacking program

> strings /usr/sbin/mhello

So the program is located in /sbin. This means that a root user created this program sometime in the past (unless the permissions on /usr and /usr/sbin have been hacked - should be 755). This is often called a backdoor program and may have been a novice sysadmin's attempt to survive a root password problem. You might want to consider installing/using sudo and not give out the root password to anyone.


Bill Hassell, sysadmin
0 Kudos
Jojo Castro
Regular Advisor

‎02-04-2011 10:17 AM

‎02-04-2011 10:17 AM

Re: HP-UX hacking program

thanks again dennis
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.