Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Interesting Backdoor

From: "Alfred Baroti" <marianalfred () gmail com>
Date: Mon, 08 Dec 2014 18:52:34 -0500
Hi,
I was wondering if someone found something similar with this. I didn't find anything similar with this before.


Here is:

root@pay1-test:~# ssh zimadmin@0
zimadmin@0's password:
-------;i------------------------------------------
-----.,if------------------------------------------
-----,tLE,--------------..:;ji---------------------
----;ittL;----------.;;;tjfGj.---------------------
---;tfGDK;--------,;;,tLEKKt-----------------:;,---
---ijLDKD.------:;,iLfiiGD;---------------.,ifj.---
--.;tGKKi------:tjLKWWEj;.--------------:;jLEE;----
---;iLEL::..:,;tjEW##Wf,--------------.,;tGKWf-----
---,,;t;,:,,ifi;LKELt:--------------.;;itiiLD:-----
---:iiLjGLfLGGDEE;-----------------.i:,LKEfji------
--:;;jGfDGKW####KL.----------------i,,jDKWEt-------
--,.ifGGGLEEE###WEt---------------:tifDEKD;--------
--:,;LDGELKKK####KEj.-------------iLGKELi----------
---ijGDEWKW#######WDfi;;,,;ii,,,::DELt:------------
---,fDKKKW###WK#####EGLLLLLLLfft,:ii.--------------
-----:,,,:;fji;LW#####WKEEEEEEDLji::i;-------------
-----------,;GLjjDKKWWWEEEKEEDfjLLLGGDL:-----------
-----------,;fGL;;tfLfjjfGDDGftLEKKEDEEf-----------
-----------,;;GEt-:tftifGEEEDftLEKKjjLLL-----------
------------;iGKt-iGLGLttK####EGDEEjiEGG;----------
------------.LEEi;ftff;--,E####LjDEEGGDDD;---------
-------------;EL:jjGLi----,K###t--,ijDKEDDL:-------
--------------jt;DGt:-----.LKKKi------tDEDEt-------
-------------.tjDKf-----.,ifff;--------tEDEj-------
------------:fDEWKi----;;,,ii.--------,iLLDt-------
----------:;ifEKG,-------..-----------,jjj;--------
-----------fttGED----------------------------------
------------.--------------------------------------
root@pay1-test:~# w
 23:28:03 up 234 days, 14:54,  0 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root@pay1-test:~# id zimadmin
uid=0(root) gid=197 groups=0(root)
root@pay1-test:~# cat /etc/passwd |grep zimadmin
root@pay1-test:~# cat /etc/shadow |grep zimadmin

And in normal login it make no sense:

root@pay1-test:~# ls -la /usr/lib/libc.so.0
ls: cannot access /usr/lib/libc.so.0: No such file or directory
root@pay1-test:~# cd /usr/lib/libc.so.0
root@pay1-test:/usr/lib/libc.so.0# ls
ls: cannot open directory .: No such file or directory
root@pay1-test:/usr/lib/libc.so.0# pwd
/usr/lib/libc.so.0
root@pay1-test:/usr/lib/libc.so.0# ls
ls: cannot open directory .: No such file or directory
root@pay1-test:/usr/lib/libc.so.0# strace ls
-bash: /usr/bin/strace: Input/output error
root@pay1-test:/usr/lib/libc.so.0#


Anyone have any idea with what i am dealing with ?

Thanks

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: