[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SV: [cobalt-security] bindshell'... INFECTED (PORTS: 1524

Subject: Re: SV: [cobalt-security] bindshell'... INFECTED (PORTS: 1524
From: "Leo Janssen" <lja@xxxxxxx>
Date: Tue, 11 Dec 2001 14:00:43 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Michael,

just tried to backdoor myself by inserting below line
into /etc/inetd.conf. After restarting inetd, nmap
states port 2525 is open but I can't connect to 
that port via telnet ("Connection closed by foreign host").
Any idea?

Thx in adv
Leo


>Message: 4
>From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
>Organization: Stauber Multimedia Design
>Such a backdoor in inetd.conf could look like this:
>
>2525 stream tcp nowait root /bin/sh
>
>That line does bind a shell to port 2525 TCP. Upon connection by telnet to
>that port the attacker is directly in as user "root" without being
>prompted for a password.

Prev by Date: Re: [cobalt-security] New Exploit?
Next by Date: Re: [cobalt-security] MD5 checksums for RAQ4r
Previous by thread: Re: [cobalt-security] New Exploit?
Next by thread: [cobalt-security] Did not receive identification string

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index