maximilian attems wrote:
On Thu, 18 Sep 2003, Christian Storch wrote:
Don't forget to try to find the potential hole first!
Otherwise you could have a fast recurrence.
[..]
in /etc/.rpn theres a .bash_history with the following content:
id
mkdir /etc/.rpn
ps -aux
ps -aux | grep tbk
kill -15292 pid
kill 15292
netconf
locate httpd.conf
cd /etc/.rpn
ls -al
wget
cd /var/www/cncmap/www/upload/renegade
ls -al
rm -rf phpshell.php
^__________^
was this the exploited hole ?
I think so. In fact the problem is that it got there...
regards
Markus
