Wednesday, July 8, 2009

OpenSSH 0day ?

Rumors are flying of an underground openssh exploit. After some digging we find the tool name and its group:

“./0pen0wn” or “./0penPWN” by the hacker group called “anti-sec.” Check the commands below:

anti-sec:~/pwn/xpl# ./openPWN -h -p 2222 -l=users.txt
[+] openPWN - anti-sec group
[+] Target:
[+] SSH Port: 2222
[+] List: users.txt



anti-sec: ~ / pwn / xpl # ./0pen0wn-h 22
[+] 0wn0wn – anti-sec group [+] 0wn0wn - anti-sec group
[+] Target: [+] Target:
[+] SSH Port: 22 [+] SSH Port: 22

Two attack logs exist on the net with this supposed exploit, both by this group. The first is an attack on an Astalavista Admin:

The second attack is the one the Internet Storm Center blogged on which can be seen in its entirety here:

and a Russian site has a play by play of the attack here:

There is also another attack posted to the Full Disclosure list that seems to be the same tool:

See More Info Here

No comments: