Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

[Intrusions] Linux SSH scanning - test/guest

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Incidents
Author Message
thedark
Second Lieutenant


Joined: 30 Jul 2005
Posts: 1074

PostPosted: Sun Jul 31, 2005 12:37 pm    Post subject: [Intrusions] Linux SSH scanning - test/guest Reply with quote
We got zapped by some hackers from, I think, Romania that have a
priv escalation exploit for Linux 2.4.20
http://sirzion.illusivecreations.com/loginxy


There is also a multithreaded SSH bruteforcer called "haita"
This attempts to login to machines using the accounts "test" and "guest",
with passwords "test" & "guest" respectively. It runs from a file
of addresses found by a synscan program. It identifies itself as
SSH-2.0-libssh-0.1


So, SSH login failures for test & guest are an indication of this
thing running at the remote end.


The two names & passwords appear to be hardcoded into the program.
Since Linux as I recall backs off after failed attempts there wouldn't be
much to gain by trying many more names, but variants may appear with other
defaults.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Incidents All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group