To test a OpenSSH trojaned server
Hi all, Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications?
Re: To test a OpenSSH trojaned server
Halil Demirezen [EMAIL PROTECTED] writes: Hi all, Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications? http://www.openssh.com/txt/trojan.adv should give you enough clue. HTH Siggy -- Siggy Brentrup - [EMAIL PROTECTED] - http://oss.winnegan.de/ ** ceterum censeo javascriptum esse restrictam ***
Re: To test a OpenSSH trojaned server
On Mon, Aug 05, 2002 at 07:40:36PM +0300, Halil Demirezen wrote: Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications? Remember that the trojan only exists during the build process. The ssh server itself is not modified at all, so you can't test for it on running sshd processes. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpd1OGPgrlv8.pgp Description: PGP signature
Re: To test a OpenSSH trojaned server
Well, as I understand it, the trojan run only when you compile the code ... it's not in the sshd program. So, you can only have it if you compiled the code yourself. If so, you can just check the md5 sums from the advisory. -rishi On Mon, 5 Aug 2002, Halil Demirezen wrote: Hi all, Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: To test a OpenSSH trojaned server
No that is not the way i wish. So think that there is a trojaned server. how can i test the connection.. something like, but not the exact way: #telnet foo.com 6667 Trying ... so what? as i read from the net.. it says Command D is for executing a command. On Mon, 5 Aug 2002, Rishi L Khan wrote: Well, as I understand it, the trojan run only when you compile the code ... it's not in the sshd program. So, you can only have it if you compiled the code yourself. If so, you can just check the md5 sums from the advisory. -rishi On Mon, 5 Aug 2002, Halil Demirezen wrote: Hi all, Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]