lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031124101453.GA10783@equinox.iq.pl>
From: zim at iq.pl (Robert Jaroszuk)
Subject: http://xfteam.net/fedor.c - Anyone seen this before??

On Mon, 24 Nov 2003, Dan wrote:

; Hi,
; Our Snort picked up an interesting attempt to download, compile and execute.
; Noting also the fact that the sub dir its attempting to access has not been
; there for over 4 months(/logjam/)?
; 
; Has anyone actually seen what this fedor.c is? I have done some google'ing but
; it comes up blank.

It's simply a bindshell with allocates tty for each session.
Bindshell is a program which binds to tcp port, and listen for incoming connections.
If one will connect to port defined within this bindshell program, (root) shell will be spawned.
Check this out -> http://hysteria.sk/sd/f/junk/bindshell/

-- 
..... Robert Jaroszuk - zim@iq,pl - [ IQ PL Sp. z o.o. ] .....
GCS/IT/O d? s: a-- C++ ULB++++$ P+ L++++$ E--- W- N+ w-- O- M-
V- PS+ PE Y(+) PGP-(+++) t-- 5? X- R* tv-- DI++ b++>+++ DI- D-
... The superior warrior wins without fighting -- Sun Tzu. ...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ