| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2f28d40c-44b4-47db-a6ba-411fed7998f6@getmailbird.com> Date: Mon, 08 Dec 2014 18:52:34 -0500 From: "Alfred Baroti" <marianalfred@...il.com> To: "" <fulldisclosure@...lists.org> Subject: [FD] Interesting Backdoor Hi, I was wondering if someone found something similar with this. I didn't find anything similar with this before. Here is: root@...1-test:~# ssh zimadmin@0 zimadmin@0's password: -------;i------------------------------------------ -----.,if------------------------------------------ -----,tLE,--------------..:;ji--------------------- ----;ittL;----------.;;;tjfGj.--------------------- ---;tfGDK;--------,;;,tLEKKt-----------------:;,--- ---ijLDKD.------:;,iLfiiGD;---------------.,ifj.--- --.;tGKKi------:tjLKWWEj;.--------------:;jLEE;---- ---;iLEL::..:,;tjEW##Wf,--------------.,;tGKWf----- ---,,;t;,:,,ifi;LKELt:--------------.;;itiiLD:----- ---:iiLjGLfLGGDEE;-----------------.i:,LKEfji------ --:;;jGfDGKW####KL.----------------i,,jDKWEt------- --,.ifGGGLEEE###WEt---------------:tifDEKD;-------- --:,;LDGELKKK####KEj.-------------iLGKELi---------- ---ijGDEWKW#######WDfi;;,,;ii,,,::DELt:------------ ---,fDKKKW###WK#####EGLLLLLLLfft,:ii.-------------- -----:,,,:;fji;LW#####WKEEEEEEDLji::i;------------- -----------,;GLjjDKKWWWEEEKEEDfjLLLGGDL:----------- -----------,;fGL;;tfLfjjfGDDGftLEKKEDEEf----------- -----------,;;GEt-:tftifGEEEDftLEKKjjLLL----------- ------------;iGKt-iGLGLttK####EGDEEjiEGG;---------- ------------.LEEi;ftff;--,E####LjDEEGGDDD;--------- -------------;EL:jjGLi----,K###t--,ijDKEDDL:------- --------------jt;DGt:-----.LKKKi------tDEDEt------- -------------.tjDKf-----.,ifff;--------tEDEj------- ------------:fDEWKi----;;,,ii.--------,iLLDt------- ----------:;ifEKG,-------..-----------,jjj;-------- -----------fttGED---------------------------------- ------------.-------------------------------------- root@...1-test:~# w 23:28:03 up 234 days, 14:54, 0 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root@...1-test:~# id zimadmin uid=0(root) gid=197 groups=0(root) root@...1-test:~# cat /etc/passwd |grep zimadmin root@...1-test:~# cat /etc/shadow |grep zimadmin And in normal login it make no sense: root@...1-test:~# ls -la /usr/lib/libc.so.0 ls: cannot access /usr/lib/libc.so.0: No such file or directory root@...1-test:~# cd /usr/lib/libc.so.0 root@...1-test:/usr/lib/libc.so.0# ls ls: cannot open directory .: No such file or directory root@...1-test:/usr/lib/libc.so.0# pwd /usr/lib/libc.so.0 root@...1-test:/usr/lib/libc.so.0# ls ls: cannot open directory .: No such file or directory root@...1-test:/usr/lib/libc.so.0# strace ls -bash: /usr/bin/strace: Input/output error root@...1-test:/usr/lib/libc.so.0# Anyone have any idea with what i am dealing with ? Thanks _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists