Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd)

[Niels Heinen <niels.heinen () UBIZEN COM>]

marc wrote:

> Recently a server of ours was compromised.  On it we found a script and
> some programs that were scanning other machines for statd, and then
> automatically rooting the ones it found.
>
> I've done some searches, but found no reference to this.  If it is new, I
> will post more details.  Does anyone recognize this?
>
> #!/usr/bin/perl
> #
> # std.pl v0.2+p3 by KraZee -  10.30.00 private
> # rpc.statd linux mass rooter         [epic]
> #
> # binds rootshell on port 24765 on exploited hosts
> # standard disclaimers apply
> #
> # DO NOT DISTRIBUTE !! DO NOT DISTRIBUTE
>
> I've sent similar msgs to sans and cert, but was unsure where else to
> share this.
>
> marc
>
> marc () zounds net

Yes i have a copy of an rpc automatic hacking tool. It also connects to the
rooted systems in order to see if they are running more then one processors.
If so then it will log the host as compromised if not then it will continue.
The code in the tool i managed to get my hand on was very crappy yours too ?
The tool i have goes by the same name only the name of the author is
different. It is a package with several perl scripts and statdx.c compiled.

Niels

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature