[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] new openssh exploit in the wild!

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] new openssh exploit in the wild!
From: "gordon last" <glast@xxxxxxxxxxxx>
Date: Fri, 19 Sep 2003 00:11:57 +0200

hi readers,
while i was staying idle in an so called 0day release channel on one irc 
network some scriptkiddies were
talking about an new 0day release.

in my backlog i can see the following:
---cut
08:09 [R4lph]   *** r3t0r (r4lph@xxx) has joined channel #0dayz
08:09 [R4lph]   0day: http://www.anzwers.org/free/m0nkeyhack/0d/
---cut

i looked at this piece of exploit... it is binary so i'am not sure if this is a 
trojan or a backdoor or a virus. but i can't see anything strange while 
sniffing the exploit traffic. and i got root on serveral of my openbsd boxes 
with that. the bruteforcer seems to be very good.

i too looked at "strings theosshucksass" and found nothing suspicious.

this exploit seems to be in the wild (underground) since beginning of august.

thats quite a long time i hope most admins are patching the systems now... 
because the exploit is getting round faster and faster.

if anyone can reverse engineer this piece it would be great if he posts his 
resulsts on his list because iam really intressted on the exploiting technique 
used for that bug.

i cant get an idea on how to exploit this.

hmm...
regards,
glast

Follow-Ups:
- Re: [Full-Disclosure] new openssh exploit in the wild! * is FAKE AS SH@!*
  - From: KF

Prev by Date: Re: [Full-Disclosure] new ssh exploit?
Next by Date: Re: [Full-Disclosure] Get the Tools You Need to Compete With Linux
Previous by thread: Re: [Full-Disclosure] Get the Tools You Need to Compete With Linux
Next by thread: Re: [Full-Disclosure] new openssh exploit in the wild! * is FAKE AS SH@!*
Index(es):
- Date
- Thread