Re: Re: Automated SSH login attempts?

[dmargoli () stwing org]

Max Valdez wrote:

> doesnt make any sense
>
> That way you should have root on the first box to start exploiting others, 
> kind of weird.
>
> smells like rootkit downloader to me.
>
> Anybody willing to make a strace of this program ??
>
> Max

A previous poster mentioned that after exploiting a test/test or 
guest/guest account, an attacker downloaded SuckIt to his machine, got 
root using some unspecified local vuln (he said it was a very unpatched 
mcahine), and started from there.

The program IS linked against OpenSSL and appears to inintiate an ssh 
connection with the target(s) in a separate text file (uniq.txt). I 
can't follow the connection because of the encryption, but it seems to 
be trying a user and then disconnecting (as in, I see nothing really 
obviously out of the ordinary when I run it). Haven't got farther in 
disassembling it yet.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html