Hacked

By Arcterex on August 13, 2003 11:01 AM | | Comments (2)


Way #8,428 to tell if your server has been hacked: the sshd binary is a 4 meg executable with perms of 777.

Way #8,429: there is an account in /etc/passwd that has a shell of "cd /usr/bin; ftp <ip>".

Yes, a fun day at work.

Categories:

2 Comments

raskal said:

i ass-ume we'll get more details when ya got time?
system attacked, etc

have fun!

August 14, 2003 3:28 AM
Arcterex said:

Not really. A server at work, still not sure how they got in (if they got it). Due to the non-working-ness of the sshd binary I'm going to guess they didn't actually get shell on the box (hell, *we* couldn't even get shell on the box without being on the console :)

August 14, 2003 7:30 AM

Leave a comment

Search

About this Entry

This page contains a single entry by Arcterex published on August 13, 2003 11:01 AM.

On the State of the World was the previous entry in this blog.

Out Pimpin' the PimperZ is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.23-en