Scovare processi nascosti con Unhide
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. http://www.unhide-forensics.info/ Installazione su Ubuntu:
|
1 |
sudo apt-get install unhide |
Esempio di utilizzo su Ubuntu:
|
1 2 |
sudo unhide-posix proc sudo unhide-posix sys |
Oppure:
|
1 2 3 |
sudo unhide-linux26 proc sudo unhide-linux26 sys sudo unhide-linux26 brute |
Di seguito un esempio di output generato dal comando unhide-linux26 sys:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Unhide 20100201 http://www.security-projects.com/?Unhide [*]Searching for Hidden processes through kill(..,0) scanning [*]Searching for Hidden processes through comparison of results of system calls [*]Searching for Hidden processes through getpriority() scanning [*]Searching for Hidden processes through getpgid() scanning [*]Searching for Hidden processes through getsid() scanning [*]Searching for Hidden processes through sched_getaffinity() scanning [*]Searching for Hidden processes through sched_getparam() scanning [*]Searching for Hidden processes through sched_getscheduler() scanning [*]Searching for Hidden processes through sched_rr_get_interval() scanning [*]Searching for Hidden processes through sysinfo() scanning HIDDEN Processes Found: 1 |
Un esempio per trovare eventuali porte nascoste:
|
1 |
sudo unhide-tcp |
E […]
Read More