Full Disclosure mailing list archives

RE: Automated SSH login attempts?

From: "Bill Roemhild" <broemhild () positiveplace org>
Date: Sun, 15 Aug 2004 01:57:58 -0700


Ohh great.. two different versions floating around.  Not sure where I
got the first one, but the second was from frauder.us.  



-rwxr-xr-x    1 root     root      1365263 Jul 12 11:10 sshf1*
-rwxr-xr-x    1 root     root      1369359 Aug  1 19:24 sshf2*

root@deepcycle:/usr/local/src/ssh/show# strings sshf1 > sshf1.strings
root@deepcycle:/usr/local/src/ssh/show# strings sshf2 > sshf2.strings
root@deepcycle:/usr/local/src/ssh/show# diff sshf1.strings sshf2.strings
4402a4403,4466

SQRVW
_^ZY[
SQR1
SQRV
H^ZY[
SQRVW
_^ZY[
_^ZY[
QSP1
QSP1
QSP1
QSP1
RQSP1
X[YZ
RQSP1
X[YZ
QSP1
SQRV1
^ZY[
/dev/hdx
SQRVW
ZY[=
ZY[=
_^ZY[
SQRVW
Y[_^ZY[
ZY[=
[SQRVW
tBSQR
ZY[=
ZY[=
[X_^ZY[
DOM`
/bin/sh
xxxxyyyyzzzz
Y[XXXXXX
GET /~telcom69/gov.php HTTP/1.0
ppp0
eth0
h/bin
PSQRVWP
[X_^ZY[X
SQRVWS
ZY[=
ZY[f
ZY[=
ZY[=
fAf;NH
ZY[=
YQSQR
ZY[=
ZY[=
ZY[fAf;NLr
ZY[=
ZY[=
F4SQR
ZY[=
[X_^ZY[
ZY[=
_WSQR
ZY[SQR
snortdos
tory
/lib/ld-linux.so.2


Bill

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Automated SSH login attempts? Aditya, ALD [Aditya Lalit Deshmukh] (Aug 01)
- <Possible follow-ups>
- RE: Automated SSH login attempts? Bill Roemhild (Aug 15)
- RE: Automated SSH login attempts? Bill Roemhild (Aug 15)