Hello luggers....;)
Time for a little challenge for all of u....:)) Time to put on ur thinking caps nd start hackin @ that old mean gnu-linux b ox of urs.....
Attached below is a file..... or if the admin doesn't allow this to get thro, just download it frm the location as mentioned below.
-->http://www.qmailtheeasyway.com/rel/probably_mishap
--> Situation <--
A stock installation of RH7.2 with XFS running the followign daemons.
--> MySQLd --> Apache(Patched for latest exploits) --> SSHd(Unpatched but runnin on a very high port)
A binary running from /tmp called as .uubugtraq --> /tmp/.uubugtraq owned by apache:apache consuming abt 3-4% system resources. --> Runing for sometime as user apache, don't know if root has been compromised. --> /bin/ls nd /bin/ps r the same with no change to some basic imp system binaries. --> "ps eaxf" showed the following......."/tmp/.uubugtraq 130.111.61.232" with 2 threads spawned frm the main process.
Itz not very obvious watz the conclusion......but tell me wat u figure out from this nd watz is the binary doin connection to that dude's server.
Trevor
===== ( >- GNU/LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevor.w@media.mit.edu \ (/ | |_|_ \ Research Asst, MediaLab / _|_| ___________________________________/
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com