RE: wefa

You are viewing a single comment's thread from:

wefa

in security •  8 years ago 

Copying/Pasting full texts is frowned upon by the community. Sharing content by itself adds no original content and no value.

Share content and add value by:

  • Using a few sentences from your source in “quotes.” Use HTML tags or Markdown.

For example this part of your text:

"there is a shell script file and a directory. There is also something suspicious shell script file, let's open it.

The script means that The writable.sh executes all script files in the writable.d directory with Bash shell and removes it after 5 seconds. The script seems to be repeatedly executed.

Let's induce crontab to create an executable file with SetUID authority. This file will execute Bash shell.

We need a binary executable file because SetUID authority does not operate in a shell script"

  • Include your own original thoughts and ideas on what you have shared.

Repeated copy/paste posts are considered spam. Spam is discouraged by the community, and may result in action from the cheetah bot.

Thank You!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!