[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] http://xfteam.net/fedor.c - Anyone seen this before??
- To: Dan <dan@lockedbox.net>
- Subject: Re: [Full-Disclosure] http://xfteam.net/fedor.c - Anyone seen this before??
- From: Robert Jaroszuk <zim@iq.pl>
- Date: Mon, 24 Nov 2003 11:14:53 +0100
On Mon, 24 Nov 2003, Dan wrote:
; Hi,
; Our Snort picked up an interesting attempt to download, compile and execute.
; Noting also the fact that the sub dir its attempting to access has not been
; there for over 4 months(/logjam/)?
;
; Has anyone actually seen what this fedor.c is? I have done some google'ing but
; it comes up blank.
It's simply a bindshell with allocates tty for each session.
Bindshell is a program which binds to tcp port, and listen for incoming
connections.
If one will connect to port defined within this bindshell program, (root) shell
will be spawned.
Check this out -> http://hysteria.sk/sd/f/junk/bindshell/
--
..... Robert Jaroszuk - zim@iq,pl - [ IQ PL Sp. z o.o. ] .....
GCS/IT/O d? s: a-- C++ ULB++++$ P+ L++++$ E--- W- N+ w-- O- M-
V- PS+ PE Y(+) PGP-(+++) t-- 5? X- R* tv-- DI++ b++>+++ DI- D-
... The superior warrior wins without fighting -- Sun Tzu. ...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html