Howdy, I basically have *no* time at the moment, so I just had a very very quick look at these things.
> The biggest file you can find on this machine in this directory is a > gzipped file which probably contains a rootkit of some sort. The SuSE > list is still trying to figure out what the rest does/is and how this > fits into the "big picture". 'i' is a statically linked version of the do_brk() local root exploit. Both i.txt and ii.txt appear to be some php injection 'exploits'. 'n' is a statically linked version of netcat. 'rhs' appears to be a statically linked version of the 'rs.c' thingy, which kicks back a shell to a host/port that you specify. The perl scripts are amazingly lame backdoors. I have too much work to look at the rootkit, sorry. Hope that helps, J. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
