Full Disclosure mailing list archives
Re: http://xfteam.net/fedor.c - Anyone seen this before??
From: Robert Jaroszuk <zim () iq pl>
Date: Mon, 24 Nov 2003 11:14:53 +0100
On Mon, 24 Nov 2003, Dan wrote: ; Hi, ; Our Snort picked up an interesting attempt to download, compile and execute. ; Noting also the fact that the sub dir its attempting to access has not been ; there for over 4 months(/logjam/)? ; ; Has anyone actually seen what this fedor.c is? I have done some google'ing but ; it comes up blank. It's simply a bindshell with allocates tty for each session. Bindshell is a program which binds to tcp port, and listen for incoming connections. If one will connect to port defined within this bindshell program, (root) shell will be spawned. Check this out -> http://hysteria.sk/sd/f/junk/bindshell/ -- ..... Robert Jaroszuk - zim@iq,pl - [ IQ PL Sp. z o.o. ] ..... GCS/IT/O d? s: a-- C++ ULB++++$ P+ L++++$ E--- W- N+ w-- O- M- V- PS+ PE Y(+) PGP-(+++) t-- 5? X- R* tv-- DI++ b++>+++ DI- D- ... The superior warrior wins without fighting -- Sun Tzu. ... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- http://xfteam.net/fedor.c - Anyone seen this before?? Dan (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? Robert Jaroszuk (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? gml (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? Dan (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? kang () insecure ws (Nov 24)
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? gml (Nov 24)
- <Possible follow-ups>
- Re: http://xfteam.net/fedor.c - Anyone seen this before?? root (Nov 24)