[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What could a regular user do with a .rpmdb directory uploaded?



On Wed, 06 Jun 2012 12:20:51 -0300, francis picabia wrote:

> I think I've found a compromised user account.

Wow :-(

How they got into (unpatched application, password steal...)?

> This is on Debian but alien is installed.  The attackers have not made a
> move yet, but have done some tests and kept their connections to
> scp/sftp to be unnoticed by last.

Kill them and correct the vulnerability >:-)

> There is a directory .rpmdb uploaded to their home directory.  How could
> this be used to set up their software?  I mean, is there a special angle
> they are aiming at which achieves a result they would not have realized
> by only using make on their sources?

That directory can be normal if you have alien installed. But if they 
have access to a shell they can run the usual commands that are available 
for a standard user.

Greetings,

-- 
Camaleón


Reply to: