Security Incidents mailing list archives
Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd)
From: claymore <claymore () ADELPHIA NET>
Date: Thu, 14 Dec 2000 14:58:02 -0500
It is not a new script. It has been around a while in some variation or another. The reason for the different names is that the code is available on the web...usually with some minor disabling feature so that the pure script kiddies will not be able to use it. Each person who fixes the code and compiles it puts thier own name on it. I can provide links to the code if it would be helpful. Claymore the unprofound -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Niels Heinen Sent: Thursday, December 14, 2000 10:37 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) marc wrote:
Recently a server of ours was compromised. On it we found a script and some programs that were scanning other machines for statd, and then automatically rooting the ones it found. I've done some searches, but found no reference to this. If it is new, I will post more details. Does anyone recognize this? #!/usr/bin/perl # # std.pl v0.2+p3 by KraZee - 10.30.00 private # rpc.statd linux mass rooter [epic] # # binds rootshell on port 24765 on exploited hosts # standard disclaimers apply # # DO NOT DISTRIBUTE !! DO NOT DISTRIBUTE I've sent similar msgs to sans and cert, but was unsure where else to share this. marc marc () zounds net
Yes i have a copy of an rpc automatic hacking tool. It also connects to the rooted systems in order to see if they are running more then one processors. If so then it will log the host as compromised if not then it will continue. The code in the tool i managed to get my hand on was very crappy yours too ? The tool i have goes by the same name only the name of the author is different. It is a package with several perl scripts and statdx.c compiled. Niels
Current thread:
- possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) marc (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) Niels Heinen (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) claymore (Dec 15)
- weird DNS logs K 0 (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) Niels Heinen (Dec 15)