What hackers do on compromised hosts


  • Collect data and configuration settings.

  • Collect user password hashes to crack them later.

  • Install password sniffers. For example, SSH client with sniffer allows to collect user names, passwords, and destination host names where the users can login.

  • Install root kits to hide their trace and leave a back door open.

    There are application based and kernel based root kits. Application based root kits replace system files and commands, such as ls, ps, netstat, top, ..., change time stamps, clean logs, etc. Kernel based based root kits modify the kernel system calls by either writing into the kernel memory, /dev/kmem, or loading a module.

  • Craft a future attack on the other networked hosts to compromise them or cause a Denial of Service.
    Previous Pageprevious First Pagetop Next Pagenext