What's this? SSH hack?



Found this shell script on a server:

#!/bin/bash
# cracker ssh backdoor - by AppleJuice
if [ -f /usr/sbin/sshd ]; then
FILE=/usr/sbin/sshd
NR=`strings $FILE | grep --line-number "ssh_mpmzm_pow" | awk -F ":" '{print $1}'`
_SNF=`expr $NR + 1`
_PASS=`expr $NR + 2`
SNF=`strings $FILE | head -n $_SNF | tail -n 1`
PASS=`strings $FILE | head -n $_PASS | tail -n 1`
echo "first string: $SNF"
echo "second string: $PASS"
fi


The server was obviously hacked, but I don't understand how the script came on the server and its usage and purpose
.



Relevant Pages

  • Hacker to my Linux
    ... My server has been hacked by someone and unknow method.This hacker can ... echo "Compiling anti-noexec library " ... echo "Compiling suid shell " ... echo "Creating shell script" ...
    (comp.security.unix)
  • mysql - kern.maxfiles limit exceeded by uid 500 please see tuning(7)
    ... shell script as a cron job every 15 minutes. ... scripts enter some data in the mysql database. ... The server works fine for a few days, ... echo "CREATE TABLE Average (Time DATETIME, AverageBar TINYTEXT, ...
    (comp.unix.bsd.freebsd.misc)
  • Re: WEB SITE PROJECT DEPLOYMENT ~ Help please??
    ... ECHO When/If prompted with the question: ... The files are all now sitting on my Server, and when I load my web site, ... An error has occurred while establishing a connection to the server. ... The connection string specifies a local Sql Server Express instance using ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Script Need to check disk space on remote servers
    ... Is it possible to get SQL Server database and log information (like ... echo Checking drives on Server %%S... ... REM this part of the script generates an HTML file with all the ... REM and then launches it using the default browser. ...
    (microsoft.public.windows.server.scripting)
  • Re: Script Need to check disk space on remote servers
    ... Is it possible to keept the process running by skipping over remote computer ... Is it possible to get SQL Server database and log information (like ... echo Checking drives on Server %%S... ... REM and then launches it using the default browser. ...
    (microsoft.public.windows.server.scripting)