Re: Subseven 2.2 Server?

[dataspy <dataspy () dataspy net>]

Hello Nick et al,

Subseven 2.2 uses blowfish encryption to store the settings, at the
end of the server executable if i remember correctly. While in
subseven 2.1 the editserver was able to "open" and read from the
server, 2.2 did not have this feature (I think the author beleived it
added security).

I would reccomend using a packet sniffer on a machine and running the
server on that machine, and seeing if it pages an ICQ number, or joins an IRC
channel, or emails someone. Alternatively you can use something like
"memspy" or "winhex" to view the servers memory when its running :- i
think some of the settings are viewable in plain text there too.

Let me know how you go.

dataspy (dsinc)

--------------------------------------
Saturday, January 4, 2003, 5:11:21 AM, you wrote:

NJ> I am wondering if anyone has any pointers on how to access the configuration
NJ> data from a Subseven 2.2 server executable?  In 2.1, it was possible to open
NJ> the server in the editserver program, and see the settings, but that is no
NJ> longer an option in 2.2.

NJ> I have a client machine that was infected, and I am hoping to track down the
NJ> information on the person(s) who infected it.

NJ> Thank You,
NJ> Nick Jacobsen
NJ> Ethics Design
NJ> nick () ethicsdesign com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com