Maybe I don't have a clue but is it wise to be sending adm-nxt.c to everyone on the list? On Fri, 03 Mar 2000, Alexander Feldman wrote: > > Hello, > > I have subscribed for this list after I found (or not found) information > about the NXT Bug exploit in the BIND 8.2 from my RH6.0 package. > > Yesterday I was hacked and I am still trying to understand the exact way > this happened. I have not still reinstalled the OS of the exploited > server as I am still trying to understand the steps of the hacker. > > Is there anybody who can help me in doing this. > > I understood that I am hacked after I found a directory > /var/named/ADMROCKS. After that I found some system files replaced and a > trojan inetd started. In the /tmp directory I found a small ELF binary. I > started the started the binary (I know this is very risky) and then I searched the binary (I know this is very risky) and then I searched the > hackers' sites for similar programs. > > Then I found the adm-nxt.c program (I am attaching it here) which when > compiled matched the binary I found in /tmp. > > After that step I was trying to exploit my own server with the help of > this program but I have no success. > > Any ideas? > > Best regards: > > Alexander Feldman > ---------------------------------------- Content-Type: TEXT/PLAIN; name="adm-nxt.c" Content-Transfer-Encoding: BASE64 Content-Description: ---------------------------------------- -- Steve Gulick, Cornerstone Development, LLC. [EMAIL PROTECTED] AIM: gulicksteve Voice (203) 855-1501 Fax (203) 838-9597 -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
