Max Valdez wrote:
doesnt make any sense
That way you should have root on the first box to start exploiting others, kind of weird.
smells like rootkit downloader to me.
Anybody willing to make a strace of this program ??
Max
A previous poster mentioned that after exploiting a test/test or guest/guest account, an attacker downloaded SuckIt to his machine, got root using some unspecified local vuln (he said it was a very unpatched mcahine), and started from there.
The program IS linked against OpenSSL and appears to inintiate an ssh connection with the target(s) in a separate text file (uniq.txt). I can't follow the connection because of the encryption, but it seems to be trying a user and then disconnecting (as in, I see nothing really obviously out of the ordinary when I run it). Haven't got farther in disassembling it yet.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
