On Sun, Nov 16, 2003 at 05:19:06AM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > So what to do now? If /tmp was mounted ro, then none of the attacker's
> > tools could run (from this attack anyway)
>
> Read Only tmp? :) Now that is a funny idea. I can understand to
On Sun, Nov 16, 2003 at 05:19:06AM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > So what to do now? If /tmp was mounted ro, then none of the attacker's
> > tools could run (from this attack anyway)
>
> Read Only tmp? :) Now that is a funny idea. I can understand to
A quick analysis.
* After testing that the php hole works (id;uname -a) and (cd /tmp;ls),
the attacker downloads an executable 'c4'. This executable is then
run.
A quick reverse of this executable shows it to simply exec a shell and
bind to port 5678. Googling gives us this link to equi
A quick analysis.
* After testing that the php hole works (id;uname -a) and (cd /tmp;ls),
the attacker downloads an executable 'c4'. This executable is then
run.
A quick reverse of this executable shows it to simply exec a shell and
bind to port 5678. Googling gives us this link to equi
Hi all,
I'm not providing an answer, but rather asking another question on
this topic.
Which files do people exclude when using integrity checkers
(e.g. aide/tripwire etc)?
Under normal system use, certain files do change
(e.g. /etc/mtab, /dev/tty*). Including these files in the integrity
check
Hi all,
I'm not providing an answer, but rather asking another question on
this topic.
Which files do people exclude when using integrity checkers
(e.g. aide/tripwire etc)?
Under normal system use, certain files do change
(e.g. /etc/mtab, /dev/tty*). Including these files in the integrity
check
6 matches
Mail list logo
