Level4.
Use "level4" Password "suck my brain" to access level4 account and check the hint.
Since a backdoor is in /etc/xinetd.d/ , I look up the this directory using the ls command.
The contents of the backdoor using the cat command are as follows.
You can see that backdoor uses level5 permissions to us the service finger to run /home/level4/tmp/backdoor. I have looked into the /etc/services file because I need to know which port finger is using.
Please refer to the picture. You can confirm that finger is using port 79. I checked that the port is open to the server so that it can be used.
Port 79 is open. Finally, I used the ls command to check if /home/level4/tmp/backdoor exists.
Since the file does not exists, So I created a new file for our purposes.
After that, I tried to run backdoor with finger service, so I could check password of level4.
No comments:
Post a Comment