Scovare processi nascosti con Unhide
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
http://www.unhide-forensics.info/
Installazione su Ubuntu:
|
1 |
sudo apt-get install unhide |
Esempio di utilizzo su Ubuntu:
|
1 2 |
sudo unhide-posix proc sudo unhide-posix sys |
Oppure:
|
1 2 3 |
sudo unhide-linux26 proc sudo unhide-linux26 sys sudo unhide-linux26 brute |
Di seguito un esempio di output generato dal comando unhide-linux26 sys:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Unhide 20100201 http://www.security-projects.com/?Unhide [*]Searching for Hidden processes through kill(..,0) scanning [*]Searching for Hidden processes through comparison of results of system calls [*]Searching for Hidden processes through getpriority() scanning [*]Searching for Hidden processes through getpgid() scanning [*]Searching for Hidden processes through getsid() scanning [*]Searching for Hidden processes through sched_getaffinity() scanning [*]Searching for Hidden processes through sched_getparam() scanning [*]Searching for Hidden processes through sched_getscheduler() scanning [*]Searching for Hidden processes through sched_rr_get_interval() scanning [*]Searching for Hidden processes through sysinfo() scanning HIDDEN Processes Found: 1 |
Un esempio per trovare eventuali porte nascoste:
|
1 |
sudo unhide-tcp |
E un esempio di output generato:
|
1 2 3 4 5 6 7 |
Unhide 20100201 http://www.security-projects.com/?Unhide Starting TCP checking Found Hidden port that not appears in netstat: 1048 Found Hidden port that not appears in netstat: 1049 Found Hidden port that not appears in netstat: 1050 Starting UDP checking |
Esiste anche la versione per Windows.
Fonte: Quick Tip: Find Hidden Processes and Ports [ Linux / Unix / Windows ]