Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: ftp warez server snake ?
From: Bob User (bobcatch23.kicks-ass.net)
Date: Tue Dec 07 2004 - 19:30:09 CST
Most of the rootkits I run into that spread via IRC and shares seem to use
the Serv-U FTP server, for what it's worth. Most all IRC rootkits seem to
answer identd also, there are a million of 'em out there, probably it's a
typical ServU-mIRC modified kit.
----- Original Message -----
From: "Andreas Putzo" <andreasinferno.nadir.org>
Sent: Tuesday, December 07, 2004 4:14 PM
Subject: ftp warez server snake ?
> today i found an ftp server listening on port 5800 on a windows box.
> Anonymous login is not allowed. I tried a few name/pass combos without
> I believe, it's a pubstro used for warez, but i don't have physical access
> confirm this.
> # ftp 194.xx.x.xx 5800
> Connected to 194.xx.x.xx.
> 220 Snake Server
> Name (194.xx.x.xx:root): snake
> 331 User name okay, need password.
> 530 Not logged in.
> Login failed.
> Remote system type is habe.
> There is also an auth server listening, providing me this:
> # nc 194.xx.x.xxx 113
> : USERID : UNIX : ekwaxtjm
> I googled a bit, but found nothing useful.
> Anyone recognize this one?