mailing list archives
Re: Re: Automated SSH login attempts?
From: dmargoli () stwing org
Date: Thu, 29 Jul 2004 18:18:01 -0400
Max Valdez wrote:
doesnt make any sense
That way you should have root on the first box to start exploiting others,
kind of weird.
smells like rootkit downloader to me.
Anybody willing to make a strace of this program ??
A previous poster mentioned that after exploiting a test/test or
guest/guest account, an attacker downloaded SuckIt to his machine, got
root using some unspecified local vuln (he said it was a very unpatched
mcahine), and started from there.
The program IS linked against OpenSSL and appears to inintiate an ssh
connection with the target(s) in a separate text file (uniq.txt). I
can't follow the connection because of the encryption, but it seems to
be trying a user and then disconnecting (as in, I see nothing really
obviously out of the ordinary when I run it). Haven't got farther in
disassembling it yet.
Full-Disclosure - We believe in it.
Re: Automated SSH login attempts? Stefan Janecek (Jul 29)
Re: Re: Automated SSH login attempts? Andrei Galca-Vasiliu (Jul 29)
Re: Re: Automated SSH login attempts? Dagur Valberg Johannsson (Jul 29)
Re: Re: Automated SSH login attempts? dmargoli (Jul 30)
Re: Re: Automated SSH login attempts? andrewg (Jul 30)
Re: Re: Automated SSH login attempts? nicolas vigier (Jul 30)
Re: Re: Automated SSH login attempts? morning_wood (Jul 30)