Re: Visited by a cracker
From: Mike Zupan (mzupan_at_meso.com)
To: email@example.com Date: Mon, 12 Jul 2004 08:22:13 -0400
I just ran the first two against a fully patched RH9 system with no luck.
ptrace kept running in memory. The other is also the kernel exploit which has
been patched by every distro out there
[wind@wind0 wind]$ chmod +x egx
[wind@wind0 wind]$ ./egx
[-] Unable to change page protection: Cannot allocate memory
[-] Unable to exit, entering neverending loop.
+ Stopped ./egx
[wind@wind0 wind]$ uname -r
On Sunday 11 July 2004 10:45, Per Christian B. Viken wrote:
> I've had a rather disturbing evening.
> A friend of mine runs a small server for himself and some friends. It's
> running slackware 10.
> When I logged in, I noticed that the load was way over what's normal
> (around 1.36 now, usually it's under 0.10), so I run 'top'. I see a program
> called 'strace' running, hogging all the cpu power.
> So I get curious. I chdir to the users home, and looks around. It's empty.
> But, the 'smart' little cracker has forgotten about .bash_history, so here
> I can see everything that he has been doing.
> Aparently, he has downloaded and setup an eggdrop, removed it again, and
> then downloaded a psybnc, which he also removed shortly. Then things get