Quote:
Originally Posted by Mike Kostousov
I think - to replace passwd is better way. I created network profile with this quoted key and chosed this profile by default. Now, by pressing network button this script is being executed.
|
Wow!! Of course, it stores the key, and it uses it when you start a connection. I had not thought of it, because I thought that if the test fails it was not going to store the key.
Now, This seems a safe way to script execution by itself; if you do not want script execution anymore, you delete the profile and voila! It is somehow risky in the sense that if you change the connection and it really gets to contact iDS, it could update the system if you are not fast enough to remove the internet cable nor swicht your wifi router off.
A minor problem is that we do not know exactly at which point the hack is being executed. We can conjecture it is in the line "iwconfig $ethIf key $key" of the script wireless.sh, but on the other hand the authors of the script (Alexis, Matthijs and Edwin, some of them you know from iRex forums) took already some wrapping measures (namely, key="$4").
Quote:
So, I am just need to create script which will change /etc/passwd, start dropbeal and etc. But what happens if integrity check fails?
|
Let me to check the scripts and I will tell you in this same posting. (Back in a couple minutes.) (Here I am). It seems that the integrity checks are done in do_updates.sh in the /usr/bin directory. It checks
Code:
updates_done=0
new_password='Ko2IxrVVzZZT.'
echo -n 'Checking for patches:'
if [ -x /usr/sbin/dropbearmulti ]
then
echo -n ' rm_sshd'
/usr/bin/ipkg remove -force-depends dropbear
updates_done=1
fi
if [ "`grep '^root:' /etc/passwd | cut -d: -f2`" != "${new_password}" ]
then
echo -n ' passwd'
sed -i "s,^\\([^:]*\\):[^:]*:0:,\\1:${new_password}:0:," /etc/passwd
updates_done=1
fi
And it cheks also for registry modifications. As you see, if the check for the password fails, it just sets the password to the fixed one.