Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ftp warez server snake ?

from [Bob User] Network Security [Permanent Link]
Subject: Re: ftp warez server snake ?
Date: Tue, 7 Dec 2004 20:30:09 -0500 
Most of the rootkits I run into that spread via IRC and shares seem to use
the Serv-U FTP server, for what it's worth. Most all IRC rootkits seem to
answer identd also, there are a million of 'em out there, probably it's a
typical ServU-mIRC modified kit.


----- Original Message ----- 
From: "Andreas Putzo" <andreas@inferno.nadir.org>
To: <incidents@securityfocus.com>
Sent: Tuesday, December 07, 2004 4:14 PM
Subject: ftp warez server snake ?



Hello,

today i found an ftp server listening on port 5800 on a windows box.
Anonymous login is not allowed. I tried a few name/pass combos without

luck.

I believe, it's a pubstro used for warez, but i don't have physical access

to

confirm this.

# ftp 194.xx.x.xx 5800
Connected to 194.xx.x.xx.
220 Snake Server
Name (194.xx.x.xx:root): snake
331 User name okay, need password.
Password:
530 Not logged in.
Login failed.
Remote system type is habe.
ftp>

There is also an auth server listening, providing me this:

# nc 194.xx.x.xxx 113

 : USERID : UNIX : ekwaxtjm


I googled a bit, but found nothing useful.

Anyone recognize this one?


regards,
Andreas
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PHP injection attempt from 200.222.244.154, Jez Hancock
Next by Date:  Re: ftp warez server snake ?, Andrew Smith
Previous by Thread:  Re: ftp warez server snake ?, M. Shirk
Next by Thread:  Re: ftp warez server snake ?, H Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]