Re: Visited by a cracker

From: Mike Zupan (mzupan_at_meso.com)
Date: 07/12/04

  • Next message: Eric Paynter: "Re: Visited by a cracker"
    To: focus-linux@securityfocus.com
    Date: Mon, 12 Jul 2004 08:22:13 -0400
    
    

    I just ran the first two against a fully patched RH9 system with no luck.
    ptrace kept running in memory. The other is also the kernel exploit which has
    been patched by every distro out there

    [wind@wind0 wind]$ chmod +x egx
    [wind@wind0 wind]$ ./egx
    [-] Unable to change page protection: Cannot allocate memory
    [-] Unable to exit, entering neverending loop.

    [1]+ Stopped ./egx
    [wind@wind0 wind]$
    [wind@wind0 wind]$ uname -r
    2.4.20-30.9smp

    Mike

    On Sunday 11 July 2004 10:45, Per Christian B. Viken wrote:
    > Hello
    >
    > I've had a rather disturbing evening.
    > A friend of mine runs a small server for himself and some friends. It's
    > running slackware 10.
    > When I logged in, I noticed that the load was way over what's normal
    > (around 1.36 now, usually it's under 0.10), so I run 'top'. I see a program
    > called 'strace' running, hogging all the cpu power.
    >
    > So I get curious. I chdir to the users home, and looks around. It's empty.
    > But, the 'smart' little cracker has forgotten about .bash_history, so here
    > I can see everything that he has been doing.
    > Aparently, he has downloaded and setup an eggdrop, removed it again, and
    > then downloaded a psybnc, which he also removed shortly. Then things get
    > interesting.
    >
    > <SNIP>


  • Next message: Eric Paynter: "Re: Visited by a cracker"

    Relevant Pages

    • Re: why linux cant see my memory
      ... On 01/05/2014 05:00 PM, Long Wind wrote: ... I have google and someone says changing BIOS option about memory hole ...
      (Debian-User)
    • Re: OT: Memory Prices
      ... is memory going to stay at these low prices for awhile or is it destined to go up again soon. ... if the wind blows from the East yes from the West no ...
      (uk.adverts.computer)