Oneday, someone just hack my server, and then he downloads some C codes(exploit) from internet, compile it and run it. Oh my gosh! my server become freeze & the load is very high. It took all the resources on my server. By using command "ps axuf", i can see where this exploit running from. But, it's strange to see the path of this exploit.
root@dns:# pwd
/ /ex/exploit
root@dns:# cd /
root@dns:# ls
boot etc initrd.img lib media opt root selinux sys usr vmlinuz webmin-setup.out
bin dev home initrd.img.old lost+found mnt proc sbin srv tmp var vmlinuz.old xen
There's a space on the path above. It seems that the hacker try to make a hidden directory with name " ", a space character, we can't see this directory since it was just a space. Let's see how this hacker make this space directory:
root@dns:# pwd
/root
root@dns:# mkdir " "
root@dns:# cd " "
root@dns:# pwd
/root/
root@dns:# mkdir a b c d
root@dns:# ls
a b c d
root@dns:# cd a
root@dns:# pwd
/root/ /a
No comments:
Post a Comment