Bogdan Stoica
Bogdan Stoica
Thank you. Is there other method to remotely connect to a server where the rk was installed except for the ssh? I mean like connectin from my linux box to...
Btw until the ssh/pam backdoor is fixed, how can I connect to the the sever where the rk was installed using netcat supposing low port is 10000 and high port...
Not sure if you have changed anything in the rootkit but know the error changed (I have used the latest version from github a new fresh centos 6 vps minimal...
root@pve1:/opt# sh ssh.sh sweed29 172.16.100.51 8197 Connecting to PAM backdoor @ host 172.16.100.51 on hidden PAM port 8197 as sweed29 Press enter to continuessh.sh: 15: read: arg count root@pve1:/opt# [email protected]'s...
Yeah well, in the end it is still not working on centos 6. Can authenticate via the ssh backdoor! I will try on a fresh centos installed, re-install vlany and...
After a new fresh install, this is the result: root@pve1:/opt# ./ssh.sh sweed29 172.16.100.54 65534 Connecting to PAM backdoor @ host 172.16.100.54 on hidden PAM port 65534 as sweed29 Press enter...
On the vm where the rootkit is installed: Jan 15 04:40:54 centos sshd[1226]: Server listening on 0.0.0.0 port 22. Jan 15 04:42:51 centos sshd[1226]: error: accept: Software caused connection abort...
So it is not related to a lxc container, the behavior is the same on both lxc vm snd kvm vm
Any updates on this?!
I am still unable to login via ssh using the backdoor username. I can login with a real regular user or root account though. Is there anyway that the connections...