Full Disclosure mailing list archives
Re: Re: Automated SSH login attempts?
From: dmargoli () stwing org
Date: Thu, 29 Jul 2004 18:18:01 -0400
Max Valdez wrote:
doesnt make any senseThat way you should have root on the first box to start exploiting others, kind of weird.smells like rootkit downloader to me. Anybody willing to make a strace of this program ?? Max
A previous poster mentioned that after exploiting a test/test or guest/guest account, an attacker downloaded SuckIt to his machine, got root using some unspecified local vuln (he said it was a very unpatched mcahine), and started from there.
The program IS linked against OpenSSL and appears to inintiate an ssh connection with the target(s) in a separate text file (uniq.txt). I can't follow the connection because of the encryption, but it seems to be trying a user and then disconnecting (as in, I see nothing really obviously out of the ordinary when I run it). Haven't got farther in disassembling it yet.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Automated SSH login attempts?, (continued)
- RE: Automated SSH login attempts? Todd Towles (Jul 30)
- Re: Automated SSH login attempts? Stefan Janecek (Jul 30)
- Re: Automated SSH login attempts? Jan Muenther (Jul 31)
- Re: Automated SSH login attempts? Andrew Farmer (Jul 30)
- Re: Automated SSH login attempts? Christian Fromme (Jul 30)
- Re: Automated SSH login attempts? Stefan Janecek (Jul 29)
- Re: Re: Automated SSH login attempts? Valdis . Kletnieks (Jul 29)
- Re: Re: Automated SSH login attempts? Jan Muenther (Jul 30)
- Re: Re: Automated SSH login attempts? Andrei Galca-Vasiliu (Jul 29)
- Re: Re: Automated SSH login attempts? Max Valdez (Jul 29)
- Re: Re: Automated SSH login attempts? dmargoli (Jul 29)
- Re: Re: Automated SSH login attempts? Ron DuFresne (Jul 29)
- Re: Re: Automated SSH login attempts? joe smith (Jul 29)
- Re: Re: Automated SSH login attempts? Valdis . Kletnieks (Jul 29)
- Re: Re: Automated SSH login attempts? Andrei Galca-Vasiliu (Jul 29)
- Re: Re: Automated SSH login attempts? Max Valdez (Jul 29)
- Re: Re: Automated SSH login attempts? Dagur Valberg Johannsson (Jul 29)
- Re: Re: Automated SSH login attempts? dmargoli (Jul 29)
- Re: Re: Automated SSH login attempts? Stefan Janecek (Jul 30)
- Re: Re: Automated SSH login attempts? andrewg (Jul 30)
- Re: Re: Automated SSH login attempts? nicolas vigier (Jul 30)
- Re: Re: Automated SSH login attempts? morning_wood (Jul 30)