Hi michael, raju:
On 5/26/05, michael <linux@networkingnewsletter.org.uk> wrote:
On Thu, 2005-05-26 at 17:16 -0400, kamaraju kusumanchi wrote:
Selva Nair wrote:
Looking through evidence left behind (bash_history etc..) I have
figured out that
the privilege escalation was achived using an executable that the
attacker downloaded
from the net. I have verified that this binary is indeed capable of
giving root shell to any user
and it works on two test systems I tried -- one woody and one redhat 7.2.
oh please send me a binary that promises to compromise my system....
Sure you can have it! I didn't want to post graphic details nor the binary to
the list as I only have the binary and no clue.
You can download the thingy from http://www.geocities.com/eas2lv/temp/
-- download
knl.uuencoded.html to disk and uudecode it to get the binary named knl.
I have no idea what all it does other than opening a root shell, so be careful
not to try it on any critical systems. strace did not show any potentially
damaging system calls, but YMMV.
Please do let me know anything that you find.
Thanks,
Selva