| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Alex Schultz wrote: |
| 5 |
|
| 6 |
| I'm not 100% sure, but after a quick look it appears that sshf opens up |
| 7 |
| the uniq.txt and then procedes to connect to every ip using test:test or |
| 8 |
| guest:guest. It then dumps out which of those accounts:ip worked to |
| 9 |
| vuln.txt. Then a person can just go through the vuln.txt and ssh and |
| 10 |
| perform whatever rooting they so choose. |
| 11 |
| |
| 12 |
| I wonder what the "ss" program does. It's got libpcap compiled into it |
| 13 |
| so maybe it's some sort of sniffer and/or ip generator (creates |
| 14 |
bios.txt?). |
| 15 |
|
| 16 |
I believe it's a portscanner. You give it a range with -b and it sends |
| 17 |
SYN packets (if I remember right...) in a simple scan of whatever port |
| 18 |
you specified (22). That's why the shell script first does that, then |
| 19 |
uses the results from that with sshf (first see if they run sshd, then |
| 20 |
see if test:test or guest:guest works, then log in and drop a rootkit). |
| 21 |
|
| 22 |
A poster on full disclosure claims to recognize it as a common portscanner. |
| 23 |
|
| 24 |
- -- |
| 25 |
Dan ("KrispyKringle") |
| 26 |
Gentoo Linux Security Coordinator |
| 27 |
-----BEGIN PGP SIGNATURE----- |
| 28 |
Version: GnuPG v1.2.4 (Darwin) |
| 29 |
|
| 30 |
iQEVAwUBQQl7FbDO2aFJ9pv2AQIXqAf+MoyssrpiqorrNoBLyZ+cQEEbkWJaiWQp |
| 31 |
cn1sTYqiPpWy+2VUG/lENQwsM7c2G5cx8sYWHejMly+RARKnGJo7EEQbmcO2Eu75 |
| 32 |
SHA/1donqQhzJl9yUY0oYIK/s7KbbG2Xh04mQJiTn77ZT/F3mJoKqQaDaMqdn4rH |
| 33 |
vdM2wSTVVVtUDZuczjPxTsDJnZ++qEmFudwIuDbUjXjX4h2u3tFcqsiA8gIFQU8N |
| 34 |
grLRAkG7NCXy1oaoLxuQpAfBAdqGyXmb97aBh7421nidkf1H8jlFMUUqu023fAlX |
| 35 |
/DhyitNq7AVW/JbBHpAE+bv4orix0EXcJn7R44F5fzJHo38ljGmurQ== |
| 36 |
=Z6Ud |
| 37 |
-----END PGP SIGNATURE----- |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-security@g.o mailing list |
Archives