Re: Bind 9.2.X exploit???

From: Muhammad Faisal Rauf Danka (mfrdat_private)
Date: Wed Jul 24 2002 - 23:04:58 PDT

Next message: Patrick Andry: "Re: Bind 9.2.X exploit???"

Previous message: pjat_private: "Increasing compromises of NT servers with Serv-U and Unicode ?"
Maybe in reply to: ilker : "Bind 9.2.X exploit???"
Next in thread: Sebastian: "Re: Bind 9.2.X exploit???"
Next in thread: Patrick Andry: "Re: Bind 9.2.X exploit???"
Reply: Sebastian: "Re: Bind 9.2.X exploit???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes i also found the very same tool like back in April on one of my  client's compromised RH machine.

I think the comments/* */ portion contains a copyright by teso.
So probably, you cannot just distributed it like that, or maybe you can 
I'm not too sure, there have been some scene before regarding such 
issues with the freebsd remote telnet exploit by the same teso people.

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk


--- ilker "güvercin" <holyat_private> wrote:
>
>
>I found a tool on my compramised machine called 
>bind9 and the source code is still there.
>its made by team teso  bind9 Exploit by by scut of 
>teso [http://teso.scene.at/]...
>Usage: ./bind remote_addr domainname target_id
>Targets:
> 0 - Linux RedHat 6.0 (9.2.x)
> 1 - Linux RedHat 6.2 (9.2.x)
> 2 - Linux RedHat 7.2 (9.2.x)
> 3 - Linux Slackware 8.0 (9.2.x)
> 4 - Linux Debian (all) (9.2.x)
> 5 - FreeBSD 3.4 (8.2.x)
> 6 - FreeBSD 3.5 (8.2.x)
> 7 - FreeBSD 4.x (8.2.x)
>
> Example usage:
>$ host -t ns domain.com
>domain.com name server dns1.domain.com
>$ ./bind9 dns1.domain.com domain.com 0
> [..expl output..]
>I didnt test it; its workin or not.
>Anybody have knowlegde about this.Sorry for my 
>poor english:)
>if anyone wanna test it I can send the source code.
>holyat_private
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management 
>and tracking system please see: http://aris.securityfocus.com

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with emailat_private by Everyone.net  http://www.everyone.net/?btn=tag

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Patrick Andry: "Re: Bind 9.2.X exploit???"
Previous message: pjat_private: "Increasing compromises of NT servers with Serv-U and Unicode ?"
Maybe in reply to: ilker : "Bind 9.2.X exploit???"
Next in thread: Sebastian: "Re: Bind 9.2.X exploit???"
Next in thread: Patrick Andry: "Re: Bind 9.2.X exploit???"
Reply: Sebastian: "Re: Bind 9.2.X exploit???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 08:18:18 PDT