tar tvzf mass2.tgz drwxr-xr-x admist/admist 0 2003-01-08 15:20:35 mass2/ -rwxrwxr-x admist/admist 35666 2003-01-08 15:20:00 mass2/mass -rw-r--r-- admist/admist 69 2002-10-01 11:04:26 mass2/Makefile -rw-rw-r-- admist/admist 15952 2002-10-01 12:12:23 mass2/mass.c -rwxrwxr-x admist/admist 28087 2003-01-08 15:20:00 mass2/vuln -rw-rw-r-- admist/admist 5609 2002-10-01 11:23:24 mass2/vuln.c -rwxr-xr-x root/root 23039 2003-01-08 15:09:18 mass2/osslmass2 -rwxr-xr-x root/root 149595 2003-01-08 15:20:00 mass2/openssl-too -rw-r--r-- root/root 1 2003-01-08 15:20:35 mass2/mass.log -rw-r--r-- root/root 25265 2002-11-24 03:08:17 mass2/mass.pid
Virus | File |
---|---|
ELF_RST.B | mass2/mass |
ELF_RST.B | mass2/vuln |
ELF_RST.B | mass2/osslmass2 |
ELF_RST.B | mass2/openssl-too |
[kmaster@christophe mass2]$ strings mass ... mass.log : Mass scanner - by Phill : This is an SSL IP scanner that can be placed into background : it keeps logs of each ip found, and the apache/*nix version
[kmaster@christophe mass2]$ strings vuln ... : vuln.c - by Phill : vuln analizes a `mass.log' and displays the vulnerable IPs : and the server version
Source code of the two previous tools
[kmaster@christophe mass2]$ strings osslmass2 ... [01;31;31m: osslmass2.c - by Inkubus [00m, [00;34;35mthe credits goes to Solar Eclipse and Phill [00m [00;34;32m: osslmass2 tries to exploit a `mass.log' and attacks vulnerable IPs
[kmaster@christophe mass2]$ strings openssl-too ... : openssl-too-open : OpenSSL remote exploit by Solar Eclipse <solareclipse@phreedom.org>
The server may have been hacked using this exploit.