This is a revision of a previous paper, because the attack is reversed, In this condition I was move and extract cymothoa folder on desktop and I'll try to execute cymothoa from Backtrack as Attacker.
And this will connected with Attacker's computer
At this condition victim and attacker was connected at port 8888
With this posistion mean I was enter to cymothoa folder and execute cymothoa
Cymothoa active running in terminal attacker (Backtrack) on real position in Victim's system as remote
I type ps -axu to look service running on victim's system and choose bash with pid 1689 as root access, after choose to definetely application service I'll infect is by cymothoa
Cymothoa will infected process with pid 1689 on port 8888 as remote access's port and this is bash shell service
As look at above, that service application has infected by cymothoa with remote method from netcat.
This is so dangerous infection, cause cymothoa have same character with real cymothoa as parasite.
could you explain about cy in:
ReplyDelete> cy /bin/bash ..?
--thanks
First I saw the example in class, that tutorial use cy /bin/bash, after that I do it for try, I was try in several times like that, Each time I do I type c and press Tab it will to be cy.
ReplyDeleteFist I think cy is initial from cymothoa, so I suspect cy is cymothoa will run as bash