[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: openbsd rumors
I'm not sure if you've seen this yet, but I thought I would pass it along
just in case.
From: Van Cloude Jandame [mailto:firstname.lastname@example.org]
Sent: Monday, June 17, 2002 4:38 AM
Subject: openbse rumours
Few days ago, while i was at the #darknet, i saw three ScRiPtKidIeZ (within
the rest of them) talking about the 7350-crocodile.c, 7350-obsdftpd.c and
the 7350-pf.c exploit code by team teso made with support of GOBBLES
Security, who gave them the advisories.
The good news:
the exploits aint that much spreaded and they've been kept on the
underground for about 1month. This ain't really a good new, but it is better
than the ones that follow.
The bad news:
- openbsd ftp/cvs have been compromised and backdoored by the kidies, that
hang mostly on #!hack.the.turkey at efnet.
- the technique is new and very obscure, the three exploits abuse em and is
applicable only on *BSD flavors (afaik).
the a really short part of the logs show this:
<m0rgan> 7350-crocodile - x86/OpenBSD apache/telnetd/sshd
*** pr0ix (email@example.com) has joined #darknet
<m0rgan> by lorian and scut / TESO
<m0rgan> ./7350-crocodile [options] [host] [port] [misc-option]
<m0rgan> -d <daemon> (1= apache, 2= telnetd, 3= sshd)
<m0rgan> -b bruteforce
<m0rgan> -c check only
<m0rgan> -s <0xaddr> start address
<m0rgan> -S shellcode (? to show the list)
<m0rgan> greetz: synnergy, GOBBLES Security, ElectronicSoulz, shiftee,
<m0rgan> sidenote: nasa.gov was really easy ;>
<m0rgan> muahah fear.
<xxx> could you send me that?
*** pr0ix sets mode: +b xxx!*@200.*
*** xxx was kicked by pr0ix (0day-lurker)
keep an eye open at your logs, as they said the exploit makes a lot of noise
on the system and "private" logs and thus it is easy to spot, put your ids