[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Automated ssh scanning
- To: VeNoMouS <venom@xxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Automated ssh scanning
- From: Tremaine <tremaine@xxxxxxxxx>
- Date: Fri, 27 Aug 2004 08:22:23 -0600
On Fri, 27 Aug 2004 13:40:01 +1200, VeNoMouS <venom@xxxxxxxxxxx> wrote:
> lol the amount of people still trying to work out what these binarys are is
> amusing, i already broke down what each package was and mailed it to full
> disclosure over 24hrs ago, dont you people read threads?
>
> I'll post it again.....
>
> www.bo2k-rulez.net/a
> kernel do_brk exploit by isec -
> http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php, infected with rst.b
> , which when run tries to connect to 207.66.155.21 on port 80
> requesting /~telecom69/gov.php which is offline.
>
>
> www.corbeanu.as.ro/t.gz
> Ptrace/kmod kernel exploit by isec -
> http://www.k-otik.com/exploits/03.30.kernel.c.php
>
> http://roarmy.com/god.tgz
> root kit with backdoor'd ssh listens on port 26000 which replaces smbd
> binary, loggin of the ssh connections goes to /usr/include/iceconf.h , also
> has a crappy tcp sniffer which logs to /usr/lib/libice.log,and a syn flooder
>
> ***** backdoor password for this ssh door is ice4budu
>
> www.generatiapro.go.ro/fast.tgz
> emech setup for undernet to join #tty.
Yep, some of us saw this ;) Thanks for having taken the time,
duplication of effort is so boring!
Cheers,
--
Tremaine
IT Security Consultant
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html