what is the attacker ultimately trying to achieve as inferred from the log sequence?

After studying the following log entries, what is the attacker ultimately trying to achieve as inferred
from the log sequence?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

After studying the following log entries, what is the attacker ultimately trying to achieve as inferred
from the log sequence?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

A.
Change password of user nobody

B.
Extract information from a local directory

C.
Change the files Modification Access Creation times

D.
Download rootkits and passwords into a new directory

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

dungctt

dungctt

Why C?
I think A

Reply

claudio

claudio

C, because the question is referred to last command

Reply