Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Automated ssh scanning

From: Gerry Eisenhaur <GEisenhaur () Cisco com>
Date: Thu, 26 Aug 2004 10:06:42 -0400
Yea I boned it, I missed the point. For some reason (read: lack of sleep and food), I miss-read/assumed that admin was an admin...stupid me... 

/gerry


Tig wrote:

On Wed, 25 Aug 2004 19:43:47 -0400
Gerry Eisenhaur <GEisenhaur () Cisco com> wrote:



I am confused, you said you knew about some SSH scanning going on,
then set up those accounts on a box. Now you are curious way that box
got rooted?
Maybe I am missing something, but it seems you already have a pretty good assumption of why it got rooted.
The software, as you seem to know, is a few exploits, a backdoor and some IRC stuff(bot and proxy). 

/gerry




I think you did miss the point (which was a very good one). Basically,
once you have unprivileged access to a currently patched Woody box, you
can quickly gain root access.

I would love to see this tested against other version of Linux and *BSD
with default (and updated) installations. Anyone have a spare box and a
few hours?

-Tig

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



--
Gerald Eisenhaur
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MASSACHUSETTS 01719
tel:    978.936.0465
geisenhaur () cisco com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: