mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 12:43:23 +00:00
Update linux-forensics.md
fixes grammatical errors Signed-off-by: Yuvraj Saxena <ysaxenax@gmail.com>
This commit is contained in:
parent
c539bd7d2c
commit
dce6181884
1 changed files with 2 additions and 2 deletions
|
@ -223,7 +223,7 @@ Get Access Today:
|
||||||
|
|
||||||
## Recover Deleted Running Binaries
|
## Recover Deleted Running Binaries
|
||||||
|
|
||||||
Imagina a process taht was executed from /tmp/exec and deleted. It's possible to extract it
|
Imagine a process that was executed from /tmp/exec and then deleted. It's possible to extract it
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd /proc/3746/ #PID with the exec file deleted
|
cd /proc/3746/ #PID with the exec file deleted
|
||||||
|
@ -251,7 +251,7 @@ ls -l /usr/lib/cron/tabs/ /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Libra
|
||||||
|
|
||||||
### Services
|
### Services
|
||||||
|
|
||||||
Paths where a malware could be isntalled as a service:
|
Paths where a malware could be installed as a service:
|
||||||
|
|
||||||
* **/etc/inittab**: Calls initialization scripts like rc.sysinit, directing further to startup scripts.
|
* **/etc/inittab**: Calls initialization scripts like rc.sysinit, directing further to startup scripts.
|
||||||
* **/etc/rc.d/** and **/etc/rc.boot/**: Contain scripts for service startup, the latter being found in older Linux versions.
|
* **/etc/rc.d/** and **/etc/rc.boot/**: Contain scripts for service startup, the latter being found in older Linux versions.
|
||||||
|
|
Loading…
Reference in a new issue