Re: What could a regular user do with a .rpmdb directory uploaded?
On Wed, 06 Jun 2012 12:20:51 -0300, francis picabia wrote:
> I think I've found a compromised user account.
How they got into (unpatched application, password steal...)?
> This is on Debian but alien is installed. The attackers have not made a
> move yet, but have done some tests and kept their connections to
> scp/sftp to be unnoticed by last.
Kill them and correct the vulnerability >:-)
> There is a directory .rpmdb uploaded to their home directory. How could
> this be used to set up their software? I mean, is there a special angle
> they are aiming at which achieves a result they would not have realized
> by only using make on their sources?
That directory can be normal if you have alien installed. But if they
have access to a shell they can run the usual commands that are available
for a standard user.