On Sat, Apr 20, 2002 at 01:09:36PM +1200, Zane Gilmore wrote:
> He appears to have got copies of some files then executed them then removed
> them.
>
> Can anyone tell me what that x4 thing is?
> I went and got a copy of it and theses are some of the files in it.
>
> stachel t0rnhestra t0rnp t0rns t0rnsb t0rnsniff x4
> patch system t0rnmf t0rnparse t0rnsauber t0rnscan targets
>
> It all looks very l33t h4x0r
> Any thoughts?
>
> I still need to work out how he got root.
mjb@relativity:~/scratch/x> strings x4
...
...
Usage: sshd-exploit -t# <options> host [port]
Options:
-t num (mandatory) defines target, use 0 for target list
-X string skips certain stages
SSHD deattack exploit. By Dvorak with Code from teso
(http://www.team-teso.net)
...
Upgrade your ssh. thats how he got in.
In general that tar file looks fairly dodgy. have a look at the "system"
file. looks like a network sniffer. Change all your passwords, and
reinstall that system. You have no guarantee that the person was a
script kiddie.
Folks, this is what "script kiddies" do.
Mike.
--
Michael Beattie <[EMAIL PROTECTED]>
yip yip yip yip yip yip yap yap yip *BANG* NO TERRIER
