how many user IDs can you identify that the attacker has tampered with?

seenagapeJuly 5, 2013

After studying the following log entries, how many user IDs can you identify that the attacker has
tampered with?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

A.
IUSR_

B.
acmr,dns

C.
nobody,dns

D.
nobody,IUSR_

Explanation:
Passwd is the command used to modify a user password and it has been used
together with the usernames nobody and dns.

One Comment on “how many user IDs can you identify that the attacker has tampered with?”

Mac says:

August 19, 2014 at 10:38 pm

How many? how about Which who writes this crap

Log in to Reply

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ECCouncil Exam Questions

Free EC-Council Study Guide

how many user IDs can you identify that the attacker has tampered with?

One Comment on “how many user IDs can you identify that the attacker has tampered with?”

Leave a Reply Cancel reply