Network Security: Detailed info on Re: [Full-Disclosure] Re: Automated SSH login attempts?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] Re: Automated SSH login attempts?

from [dmargoli] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] Re: Automated SSH login attempts?
Date:	Thu, 29 Jul 2004 18:18:01 -0400

Max Valdez wrote:

doesnt make any sense
That way you should have root on the first box to start exploiting others, kind of weird.
smells like rootkit downloader to me.
Anybody willing to make a strace of this program ??
Max

A previous poster mentioned that after exploiting a test/test or guest/guest account, an attacker downloaded SuckIt to his machine, got root using some unspecified local vuln (he said it was a very unpatched mcahine), and started from there.

The program IS linked against OpenSSL and appears to inintiate an ssh connection with the target(s) in a separate text file (uniq.txt). I can't follow the connection because of the encryption, but it seems to be trying a user and then disconnecting (as in, I see nothing really obviously out of the ordinary when I run it). Haven't got farther in disassembling it yet.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek Re: [Full-Disclosure] Re: Automated SSH login attempts?, dmargoli Re: [Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek Re: [Full-Disclosure] Re: Automated SSH login attempts?, Valdis . Kletnieks Re: [Full-Disclosure] Re: Automated SSH login attempts?, Jan Muenther Re: [Full-Disclosure] Re: Automated SSH login attempts?, Andrei Galca-Vasiliu Re: [Full-Disclosure] Re: Automated SSH login attempts?, Max Valdez Re: [Full-Disclosure] Re: Automated SSH login attempts?, Andrei Galca-Vasiliu Re: [Full-Disclosure] Re: Automated SSH login attempts?, Max Valdez Re: [Full-Disclosure] Re: Automated SSH login attempts?, dmargoli <= Re: [Full-Disclosure] Re: Automated SSH login attempts?, joe smith Re: [Full-Disclosure] Re: Automated SSH login attempts?, Ron DuFresne Re: [Full-Disclosure] Re: Automated SSH login attempts?, Dagur Valberg Johannsson Re: [Full-Disclosure] Re: Automated SSH login attempts?, andrewg Re: [Full-Disclosure] Re: Automated SSH login attempts?, nicolas vigier Re: [Full-Disclosure] Re: Automated SSH login attempts?, morning_wood [Full-Disclosure] Re: Automated SSH login attempts?, Dan Margolis

Previous by Date:	[Full-Disclosure] Re: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail, George Capehart
Next by Date:	RE: [Full-Disclosure] Cool Web Search, Richard Golodner
Previous by Thread:	Re: [Full-Disclosure] Re: Automated SSH login attempts?, Max Valdez
Next by Thread:	Re: [Full-Disclosure] Re: Automated SSH login attempts?, joe smith
Indexes:	[Date] [Thread] [Top] [All Lists]