Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: TuxKit1.0 and other rootkits
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Mon, 11 Feb 2002 12:02:25 -0500 (EST)
On Mon, 11 Feb 2002, Rune Henssel wrote:


Anybody know a RootKit called TuxKit1.0 and another kit that creates
the following files:


i have seen several of those components installed on an ssh compromised
machine (ssh 1.2) from late january, 2002. the pieces were installed in
/var/preserve/vbox and /dev/ida/.inet. several of the same pieces.

basically r00t is a collection of several older (well known, with bugs
fixed) exploits. if you wanna trade MD5 sums, i'd be happy, but this
appears to be a pretty run of the mill set of exploits.

included, of course, were ssh, sshd and various other trojans.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]