I believe the script that they're using is called mscan (mass scan) and it can be found on rootshell . I have had alot of shell users / kids running this. morex .- http://morex.net http://www.worldnetworks.net On Mon, 28 Sep 1998, Dan Stromberg wrote: > We've had a lot of script kiddies running an exploit against our campus, > that checks for accounts that are passwordless by default in IRIX 6.2 - > like 4Dgifts, EZsetup, and so on. I've seen indications this isn't > limited to our campus... > > This script has been generating hoardes of syslog entries like: > > Sep 27 12:43:19 foo.bar login[16310]: failed: ?@warble.frob as 4Dgifts > > Amusingly, our suns, decs and linux machines run a fake tcpmux, so we > have lots of somewhat clueless kiddies checking for this vulnerability > on machines of the wrong OS :). > > Anyway, can anyone make this exploit available, so I don't need to > reinvent the wheel in order to check for this myself? It'd probably be > easy in python, but it'd be nice to have "the real thing", the script > the kiddies are using themselves. > > I checked rootshell.com, queried for sgi and 4Dgifts, but nothing > relevant popped up. > > I know, if I "were a white hat" I could check /etc/passwd (or > /etc/shadow) myself. It's complicated. And I am a white hat. Besides, > the list is full disclosure. >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:02 PDT