OpenSSH 0day ?
Page 1 of 1
OpenSSH 0day ?
Rumors are flying of an underground openssh exploit. After some digging we find the tool name and its group:
“./0pen0wn” or “./0penPWN” by the hacker group called “anti-sec.” Check the commands below:
anti-sec:~/pwn/xpl# ./openPWN -h 66.96.220.213 -p 2222 -l=users.txt
[+] openPWN - anti-sec group
[+] Target: 66.96.220.213
[+] SSH Port: 2222
[+] List: users.txt
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
and:
anti-sec: ~ / pwn / xpl # ./0pen0wn-h 66.197.143.133-p 22
[+] 0wn0wn – anti-sec group [+] 0wn0wn - anti-sec group
[+] Target: 66.197.143.133 [+] Target: 66.197.143.133
[+] SSH Port: 22 [+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
Two attack logs exist on the net with this supposed exploit, both by this group. The first is an attack on an Astalavista Admin:
http://romeo.copyandpaste.info/txt/nowayout.txt
The second attack is the one the Internet Storm Center blogged on which can be seen in its entirety here:
http://tinyurl.com/l8tzba
and a Russian site has a play by play of the attack here:
http://tinyurl.com/m7cqdh
There is also another attack posted to the Full Disclosure list that seems to be the same tool:
http://seclists.org/fulldisclosure/2009/Jul/0028.html
“./0pen0wn” or “./0penPWN” by the hacker group called “anti-sec.” Check the commands below:
anti-sec:~/pwn/xpl# ./openPWN -h 66.96.220.213 -p 2222 -l=users.txt
[+] openPWN - anti-sec group
[+] Target: 66.96.220.213
[+] SSH Port: 2222
[+] List: users.txt
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
and:
anti-sec: ~ / pwn / xpl # ./0pen0wn-h 66.197.143.133-p 22
[+] 0wn0wn – anti-sec group [+] 0wn0wn - anti-sec group
[+] Target: 66.197.143.133 [+] Target: 66.197.143.133
[+] SSH Port: 22 [+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
Two attack logs exist on the net with this supposed exploit, both by this group. The first is an attack on an Astalavista Admin:
http://romeo.copyandpaste.info/txt/nowayout.txt
The second attack is the one the Internet Storm Center blogged on which can be seen in its entirety here:
http://tinyurl.com/l8tzba
and a Russian site has a play by play of the attack here:
http://tinyurl.com/m7cqdh
There is also another attack posted to the Full Disclosure list that seems to be the same tool:
http://seclists.org/fulldisclosure/2009/Jul/0028.html
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Possible new MySQL 0day
» Microsoft IIS 0Day Vulnerability
» WordPress 0day exploit in all version
» Another 0day exploit in Adobe Flash player
» 0day Internet Explorer Exploit Released
» Microsoft IIS 0Day Vulnerability
» WordPress 0day exploit in all version
» Another 0day exploit in Adobe Flash player
» 0day Internet Explorer Exploit Released
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|