Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: FreeBSD box compromised, ssh client trojanised

Re: FreeBSD box compromised, ssh client trojanised

From: dor <dor_at_VIRTUALMYSTIC.COM>
Date: Thu, 7 Dec 2000 03:31:22 -0800

Hi,

A FreeBSD box under my administration was compromised recently, we believe
via a sniffed admin account and the use of a fake "su" program, aside from
the "regular" trojans (login/sshd etc) there was also a trojanised ssh
client, aparrently designed to write encrypted logfiles to
/var/tmp/vi_restore/ - which was a root owned, world writeable
directory. inside were files owned by several users, with aparrently
random names, and appeared to contain encrypted data. I have posted the
binary at http://www.vitun.net/trojan-openssh.tar.gz if anyone would like
to look at it,
Making a test login using the trojanised ssh client to
another host.. appeared to write data into the /var/tmp/vi_restore/
directory, presumeably my login and password.
Received on Dec 09 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos