Full Disclosure mailing list archives
Interesting Backdoor
From: "Alfred Baroti" <marianalfred () gmail com>
Date: Mon, 08 Dec 2014 18:52:34 -0500
Hi, I was wondering if someone found something similar with this. I didn't find anything similar with this before. Here is: root@pay1-test:~# ssh zimadmin@0 zimadmin@0's password: -------;i------------------------------------------ -----.,if------------------------------------------ -----,tLE,--------------..:;ji--------------------- ----;ittL;----------.;;;tjfGj.--------------------- ---;tfGDK;--------,;;,tLEKKt-----------------:;,--- ---ijLDKD.------:;,iLfiiGD;---------------.,ifj.--- --.;tGKKi------:tjLKWWEj;.--------------:;jLEE;---- ---;iLEL::..:,;tjEW##Wf,--------------.,;tGKWf----- ---,,;t;,:,,ifi;LKELt:--------------.;;itiiLD:----- ---:iiLjGLfLGGDEE;-----------------.i:,LKEfji------ --:;;jGfDGKW####KL.----------------i,,jDKWEt------- --,.ifGGGLEEE###WEt---------------:tifDEKD;-------- --:,;LDGELKKK####KEj.-------------iLGKELi---------- ---ijGDEWKW#######WDfi;;,,;ii,,,::DELt:------------ ---,fDKKKW###WK#####EGLLLLLLLfft,:ii.-------------- -----:,,,:;fji;LW#####WKEEEEEEDLji::i;------------- -----------,;GLjjDKKWWWEEEKEEDfjLLLGGDL:----------- -----------,;fGL;;tfLfjjfGDDGftLEKKEDEEf----------- -----------,;;GEt-:tftifGEEEDftLEKKjjLLL----------- ------------;iGKt-iGLGLttK####EGDEEjiEGG;---------- ------------.LEEi;ftff;--,E####LjDEEGGDDD;--------- -------------;EL:jjGLi----,K###t--,ijDKEDDL:------- --------------jt;DGt:-----.LKKKi------tDEDEt------- -------------.tjDKf-----.,ifff;--------tEDEj------- ------------:fDEWKi----;;,,ii.--------,iLLDt------- ----------:;ifEKG,-------..-----------,jjj;-------- -----------fttGED---------------------------------- ------------.-------------------------------------- root@pay1-test:~# w 23:28:03 up 234 days, 14:54, 0 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root@pay1-test:~# id zimadmin uid=0(root) gid=197 groups=0(root) root@pay1-test:~# cat /etc/passwd |grep zimadmin root@pay1-test:~# cat /etc/shadow |grep zimadmin And in normal login it make no sense: root@pay1-test:~# ls -la /usr/lib/libc.so.0 ls: cannot access /usr/lib/libc.so.0: No such file or directory root@pay1-test:~# cd /usr/lib/libc.so.0 root@pay1-test:/usr/lib/libc.so.0# ls ls: cannot open directory .: No such file or directory root@pay1-test:/usr/lib/libc.so.0# pwd /usr/lib/libc.so.0 root@pay1-test:/usr/lib/libc.so.0# ls ls: cannot open directory .: No such file or directory root@pay1-test:/usr/lib/libc.so.0# strace ls -bash: /usr/bin/strace: Input/output error root@pay1-test:/usr/lib/libc.so.0# Anyone have any idea with what i am dealing with ? Thanks _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Interesting Backdoor Alfred Baroti (Dec 08)
- Re: Interesting Backdoor Brandon Vincent (Dec 09)
- Re: Interesting Backdoor Ed Tredgett (Dec 09)