Date: Fri, 9 Jan 1998 14:11:43 -0800 From: John-Mark Gurney <gurney_j@efn.org> To: Nathan Dorfman <nathan@rtfm.net> Cc: fosters@dvalley.demon.co.uk, freebsd-bugs@FreeBSD.ORG Subject: Re: bin/5434 Message-ID: <19980109141143.58856@hydrogen.nike.efn.org> In-Reply-To: <19980109160240.12366@rtfm.net>; from Nathan Dorfman on Fri, Jan 09, 1998 at 04:02:40PM -0500 References: <199801090104.RAA05704@freefall.freebsd.org> <19980109160240.12366@rtfm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan Dorfman scribbled this message on Jan 9: > > telneting directly to 79 results in: > > hydrogen,ttyq3,~,501$telnet localhost 79 > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > `ls` > > finger: `ls`: no such user > > Connection closed by foreign host. > > I have a sneaking suspicion that the original tester of this "backdoor" > forgot to comment out the ` characters :-) also, did you assume that > the telnet * 79 trick worked, or did you actually perform it? read above... I did test it... as the above paste shows... of course I made sure that fingerd was nobody, which is was, before trying it.. fingerd doesn't even execute the command... it was simply a problem of the person not quoting the ``': hydrogen,ttyq1,~,502$finger '`ls`@localhost' [localhost] finger: `ls`: no such user -- John-Mark Gurney Modem/FAX: +1 541 683 6954 Cu Networking P.O. Box 5693, 97405 Live in Peace, destroy Micro$oft, support free software, run FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980109141143.58856>