|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ftp warez server snake ?
From: Bob User (bob
catch23.kicks-ass.net)
Date: Tue Dec 07 2004 - 19:30:09 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Most of the rootkits I run into that spread via IRC and shares seem to use
the Serv-U FTP server, for what it's worth. Most all IRC rootkits seem to
answer identd also, there are a million of 'em out there, probably it's a
typical ServU-mIRC modified kit.
----- Original Message -----
From: "Andreas Putzo" <andreasinferno.nadir.org>
To: <incidentssecurityfocus.com>
Sent: Tuesday, December 07, 2004 4:14 PM
Subject: ftp warez server snake ?
> Hello,
>
> today i found an ftp server listening on port 5800 on a windows box.
> Anonymous login is not allowed. I tried a few name/pass combos without
luck.
> I believe, it's a pubstro used for warez, but i don't have physical access
to
> confirm this.
>
> # ftp 194.xx.x.xx 5800
> Connected to 194.xx.x.xx.
> 220 Snake Server
> Name (194.xx.x.xx:root): snake
> 331 User name okay, need password.
> Password:
> 530 Not logged in.
> Login failed.
> Remote system type is habe.
> ftp>
>
> There is also an auth server listening, providing me this:
>
> # nc 194.xx.x.xxx 113
>
> : USERID : UNIX : ekwaxtjm
>
>
> I googled a bit, but found nothing useful.
>
> Anyone recognize this one?
>
>
> regards,
> Andreas
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]