lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <001c01c5ec60$3b0b9ec0$6f64a8c0@RM1CE510011>
Date: Fri Nov 18 16:51:19 2005
From: fatb at security.zz.ha.cn (fatb)
Subject: ssh 3.2.9.1 backdoor could not log the login info

hi list:
    the aion ssh patch for ssh 3.2.9.1 from packetstorm
http://packetstormsecurity.org/UNIX/patches/apatch-ssh-3.2.9.1

modified the LEETPASS and SSH_LOG,and replace the orgin sshd2 with the trojaned one.

But when I loggin the server without the Magic Password,I could only find some strange stings
in the log file which looks like below
 ˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΖΗίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΖΗίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΖΗίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΖΗίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΖΗίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΖΗίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΖΗίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΞΟΙίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΞΟΙίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυˆ™’ΕίΝΞΞΡΞΘΝΡΝΚΞΡΞΟΛίφŠŒšΕߌ’ž›’–‘ίφžŒŒΕί™“Œ‘‹’‹“‹’‡žυ[

anybody has any idea about ssh trojan ? (not for openssh)

thx.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051119/54e59094/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ