After studying the following log entries, what is the attacker ultimately trying to achieve as inferred from the log sequence?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc
A.
Change password of user nobody
B.
Extract information from a local directory
C.
Change the files Modification Access Creation times
D.
Download rootkits and passwords into a new directory
Explanation:
:
I was very pleased to find your website.I wanted to thanks for your time for this nice article!!
I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you blog post.
Best regards Alex
I think its wrong and the answer is A and C.
Does “passwd username” not change the usernames password?
I’m not sure what -d does. Could that be the new password?
-d is to delete password. That will make user “nobody” password less. C is correct as touch is used to change time stamp also. Option details are given below
-a Change only the access time.
-c, –no-create Do not create any files.
-m Change only the modification time.
-r, –reference=FILE Use this FILE’s times instead of current time.
Regards,