Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Re: [ GLSA 200501-36 ] AWStats: Remote codeexecuti

from [morning_wood] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Re: [ GLSA 200501-36 ] AWStats: Remote codeexecution
Date: Wed, 26 Jan 2005 19:16:28 -0800 
I don't have the time to investigate the "cgi" and "dc" binaries.
The "cgi" at least tries to daemonize and opens a TCP listening socket.
They also try to replace the index page on the vulnerable site.


cgi
00001495   00001495      0   /dev/tty
0000149E   0000149E      0   socket
000014AA   000014AA      0   listen
000014C0   000014C0      0   PsychoPhobia Backdoor is starting...

0000254E   0000254E      0   init.c


dc
000009C0   000009C0      0   Welcome to Data Cha0s Connect Back Shell
000009E9   000009E9      0   No More Damn Issue Commands
00000A20   00000A20      0   Data Cha0s Connect Back Backdoor
00000A42   00000A42      0   /bin/sh
00000A4D   00000A4D      0   XTERM=xterm
00000A59   00000A59      0   HISTFILE=
00000A63   00000A63      0   SAVEHIST=
00000A6D   00000A6D      0   Usage: %s [Host] <port>
00000A86   00000A86      0   [*] Dumping Arguments
00000A9C   00000A9C      0   [*] Resolving Host Name
00000AB4   00000AB4      0   [*] Connecting...
00000AC6   00000AC6      0   [*] Spawning Shell
00000AD9   00000AD9      0   [*] Detached

00004321   00004321      0   dc-connectback.c


cheers,
m.w

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] MDKSA-2005:024 - Updated evolution packages fix vulnerability, Mandrakelinux Security Team
Next by Date:  [Full-Disclosure] [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl), OpenPKG
Previous by Thread:  [Full-Disclosure] Re: [ GLSA 200501-36 ] AWStats: Remote code execution, Joao Victor A. Di Stasi
Next by Thread:  RE: [lists] [Full-Disclosure] Terminal Server vulnerabilities, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]