List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
I'm not 100% sure, but after a quick look it appears that sshf opens up
the uniq.txt and then procedes to connect to every ip using test:test or
guest:guest. It then dumps out which of those accounts:ip worked to
vuln.txt. Then a person can just go through the vuln.txt and ssh and
perform whatever rooting they so choose.
I wonder what the "ss" program does. It's got libpcap compiled into it
so maybe it's some sort of sniffer and/or ip generator (creates bios.txt?).
> Does anyone started to reverse-ingineer that damn soft 'sshf'? I'm
> sure we can learn some information about the exploit, if we
> look at this file.
> I'll start that tommorow. Hope to give you some informations from that
> firstname.lastname@example.org mailing list
email@example.com mailing list