Re: Tools to analyze...:SUMMARY and trojaned file attached

[achuvaki () IC SUNYSB EDU (Anton Chuvakin)]

Hi there!

This message is to summarize all of the responses I got and to send one of
the files (in.fingerd, ELF 32-bit LSB executable, Intel 80386, unstripped)
as I was asked. I am not that big in x86 assembly so I am still not sure
what "evil stuff" it is supposed to perform.

SUMMARY of tools (order of usage)

0. file
1. strings, grep
2. gdb, memprof, strace, ltrace, nm, ldd
3. objdump, reqt (uses several other tools like nasm, readelf, objdump)
4. lsof, packet sniffer

Attached is the finger daemon that attackers deployed.

Regards,

--
         Anton A. Chuvakin
> > Where is a will there is a way. <<
     http://www.chuvakin.org
          licq: 29034084


<HR NOSHADE>
<UL>
<LI>APPLICATION/OCTET-STREAM attachment: stored
</UL>