On Thu, 18 Sep 2003, Christian Storch wrote:
Don't forget to try to find the potential hole first! Otherwise you could have a fast recurrence. [..]
in /etc/.rpn theres a .bash_history with the following content:
id mkdir /etc/.rpn ps -aux ps -aux | grep tbk kill -15292 pid kill 15292 netconf locate httpd.conf cd /etc/.rpn ls -al wget cd /var/www/cncmap/www/upload/renegade ls -al rm -rf phpshell.php
^__________^ was this the exploited hole ?
I think so. In fact the problem is that it got there...
regards Markus
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]