{"id":1008,"date":"2011-11-24T15:16:44","date_gmt":"2011-11-24T13:16:44","guid":{"rendered":"http:\/\/blog.sfsoft.it\/?p=1008"},"modified":"2011-11-24T15:19:41","modified_gmt":"2011-11-24T13:19:41","slug":"scovare-processi-nascosti-con-unhide","status":"publish","type":"post","link":"http:\/\/www.sfsoft.it\/blog\/2011\/11\/24\/scovare-processi-nascosti-con-unhide\/","title":{"rendered":"Scovare processi nascosti con Unhide"},"content":{"rendered":"<blockquote><p>Unhide is a forensic tool to find hidden processes and TCP\/UDP ports by rootkits \/ LKMs or by another hidden technique.<\/p><\/blockquote>\n<p><a href=\"Unhide is a forensic tool to find hidden processes and TCP\/UDP ports by rootkits \/ LKMs or by another hidden technique. http:\/\/www.unhide-forensics.info\/\" target=\"_blank\">http:\/\/www.unhide-forensics.info\/<\/a><\/p>\n<p>Installazione su Ubuntu:<\/p>\n<pre lang=\"bash\">sudo apt-get install unhide<\/pre>\n<p>Esempio di utilizzo su Ubuntu:<\/p>\n<pre lang=\"bash\">sudo unhide-posix proc\r\nsudo unhide-posix sys<\/pre>\n<p>Oppure:<\/p>\n<pre lang=\"bash\">sudo unhide-linux26 proc\r\nsudo unhide-linux26 sys\r\nsudo unhide-linux26 brute<\/pre>\n<p>Di seguito un esempio di output generato dal comando <em>unhide-linux26 sys<\/em>:<\/p>\n<pre lang=\"bash\">Unhide 20100201\r\nhttp:\/\/www.security-projects.com\/?Unhide\r\n[*]Searching for Hidden processes through kill(..,0) scanning\r\n[*]Searching for Hidden processes through  comparison of results of system calls\r\n[*]Searching for Hidden processes through getpriority() scanning\r\n[*]Searching for Hidden processes through getpgid() scanning\r\n[*]Searching for Hidden processes through getsid() scanning\r\n[*]Searching for Hidden processes through sched_getaffinity() scanning\r\n[*]Searching for Hidden processes through sched_getparam() scanning\r\n[*]Searching for Hidden processes through sched_getscheduler() scanning\r\n[*]Searching for Hidden processes through sched_rr_get_interval() scanning\r\n[*]Searching for Hidden processes through sysinfo() scanning\r\nHIDDEN Processes Found: 1<\/pre>\n<p>Un esempio per trovare eventuali porte nascoste:<\/p>\n<pre lang=\"bash\">sudo unhide-tcp<\/pre>\n<p>E un esempio di output generato:<\/p>\n<pre lang=\"bash\">Unhide 20100201\r\nhttp:\/\/www.security-projects.com\/?Unhide\r\nStarting TCP checking\r\nFound Hidden port that not appears in netstat: 1048\r\nFound Hidden port that not appears in netstat: 1049\r\nFound Hidden port that not appears in netstat: 1050\r\nStarting UDP checking<\/pre>\n<p>Esiste anche la versione per Windows.<\/p>\n<p>Fonte:\u00a0<a href=\"http:\/\/www.cyberciti.biz\/tips\/linux-unix-windows-find-hidden-processes-tcp-udp-ports.html\" target=\"_blank\"> Quick Tip: Find Hidden Processes and Ports [ Linux \/ Unix \/ Windows ]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unhide is a forensic tool to find hidden processes and TCP\/UDP ports by rootkits \/ LKMs or by another hidden technique. http:\/\/www.unhide-forensics.info\/ Installazione su Ubuntu: sudo apt-get install unhide Esempio di utilizzo su Ubuntu: sudo unhide-posix proc sudo unhide-posix sys Oppure: sudo unhide-linux26 proc sudo unhide-linux26 sys sudo unhide-linux26 brute Di seguito un esempio di [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[11,3,68,31],"tags":[12,8,70,35],"_links":{"self":[{"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/posts\/1008"}],"collection":[{"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/comments?post=1008"}],"version-history":[{"count":6,"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/posts\/1008\/revisions"}],"predecessor-version":[{"id":1013,"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/posts\/1008\/revisions\/1013"}],"wp:attachment":[{"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/media?parent=1008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/categories?post=1008"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.sfsoft.it\/blog\/wp-json\/wp\/v2\/tags?post=1008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}