Hunting the root kits

Within Linux mailing list there has been post on hacked Linux box. We have recommended root kit scan. There are two important tools on Linux now, rkhunter and chkrootkit. [root@box ~]# chkrootkit ROOTDIR is '/' Checking 'amd'... not found Checking 'basename'... not infected Checking 'biff'... not found Checking 'chfn'... not infected Checking 'chsh'... not infected Checking 'cron'... not infected Checking 'crontab'... not infected Checking 'date'... not infected Checking 'du'... not infected Checking 'dirname'. [Read More]

nmap to get web server info

I realized that nmap can be used to get info about web server. Informations about servers are easy to read via header. Admins tend to mask actual product or version the web is running on. So, then nmap comes to play with. [root@kremilek ~]# nmap -sV -P0 -p80 www.idnes.cz Starting Nmap 4.20 ( http://insecure.org ) at 2009-02-12 21:03 CET Interesting ports on c1.idnes.cz (194.79.52.192): PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS webserver 6. [Read More]