OpenBSD Journal

scanssh modifications for telnet and rsh versioning

Contributed by Dengue on from the jose dept.

floh writes :
"The fabulous tool scanssh by Niels Provos, has been modified by Jose Nazario to incorporate scanning for telnetd and rshd versions. Further explanations and the source code can be found here .

The monkeys will reign!!!!"

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    Is that before or after they have their distribution sites hacked and filled with trojaned source code?

    Comments
    1. By skull () skull@check.yo.md5s.or.else.your-screwed.org on file:///C:winntsystem32io.sys

      how do you think they'll reign if they don't backdoor you? You say "trojan" like it's a bad thing.

      Linux got penguins, we got monkeys.

      Comments
      1. By Anonymous Coward () on

        Yep, nothing like seeing the ps output from the OpenBSD CVS machine on an "underground zine" either.

        Comments
        1. By Anonymous Coward () on

          which one?

          Comments
          1. By Anonymous Coward () on

            sumth1ng l1k3 b4b0!

          2. By Anonymous Coward () on

            http://www.eurocompton.net/~fuk/el8.3.txt

            ,-._,-._ .----------------------------------.
            _,- o O_/; | OpenBSD! The proactively secure |
            / , ` `| | operating system! ... |
            | -.,___, / ` | FOR ME TO PISS ON! |
            `-.__/ / ,. `----------------------------------'
            / `-.__.-` ./ '
            / /| ___ ,/ `
            ( ( |.-"` '/ `
            / ,, | _
            | o/o / .
            , / /
            ( __`;-;'__`)
            `//'` `||` `
            _// || ;
            .-"-._,(__) .(__).-""-. `
            / / '
            / / `
            `'-------` `--------'` ;
            11:46PM up 2 days, 6:25, 22 users, load averages: 0.47, 0.27, 0.20
            USER TTY FROM LOGIN@ IDLE WHAT
            deraadt C0 - Wed05PM 5:57 emacs -nw -u deraadt -f zenicb
            mickey p0 versalo.lucifier Wed07PM 15 icb -n mickey -g hackers -s cvs
            millert p1 millert-gw.cs.co 3:37PM 2:48 tail -fn-100 /cvs/CVSROOT/ChangeLog
            deraadt p2 v.openbsd.org Thu11PM 1:06 -csh
            form p3 vell.nsc.ru Thu11PM 21:29 less /cvs/CVSROOT/ChangeLog
            pvalchev p4 dsl-dt-207-34-11 Thu05PM 15 tail -fn-50 /home/hack/pvalchev/chan
            deraadt p5 zeus.theos.com Wed05PM 0 systat vm 1
            deraadt p6 zeus.theos.com Wed05PM 2days tail -f /cvs/CVSROOT/ChangeLog
            deraadt p7 zeus.theos.com Wed05PM 3 -csh
            deraadt p8 zeus.theos.com Wed05PM 3 gv scanssh.ps
            deraadt p9 zeus.theos.com Wed05PM 1:26 emacs -nw -u deraadt -f mh-rmail
            deraadt pa zeus.theos.com Wed05PM 16 less machdep.c
            deraadt pb zeus.theos.com Wed05PM 16 -csh
            deraadt pc zeus.theos.com Wed05PM 5:57 -csh
            angelos pd coredump.cs.colu Thu02PM 2:48 icb -g hackers -h localhost -n angel
            deraadt pe zeus.theos.com Wed05PM 2:29 -csh
            provos pf ssh-mapper.citi. Wed05PM 27:21 tail -f I_AM_A_LUSER_AND_A_MORON
            brad q0 speedy.comstyle. Wed06PM 28:27 tail -f /cvs/CVSROOT/ChangeLog
            aaron q1 nic-131-c68-101. 8:43AM 15 icb -scvs -ghackers
            lebel q2 modemcable093.15 Thu09PM 2:48 -bash
            wvdputte q3 reptile.rug.ac.b 5:45AM 12:56 tail -f 2001-09
            jason q4 24-168-200-128.w Thu08AM 1day -ksh
            deraadt q5 hackphreak.org 4:20AM 0 w

            Comments
            1. By skull () on

              ouch

            2. By skull () on

              ouch

            3. By Anonymous Coward () on

              Who cares moron.

              Comments
              1. By jizzmopper () on

                Oh, probably not too many people. Just those of us who would like to run software with some assurance that it hasn't been backdoored or creatively modified. So you don't care about the security of your system or youre 31337 enough to audit the source of *EVERY* file you download, yay for you. The rest of us would prefer to see machines like the CVS site be kept reasonably secure and/or if its compromised, we'd like to see that announcement someplace other than el8 magazine. Moron.

                Comments
                1. By Anonymous Coward () on

                  i agree.

                  and on that note.. do we have any assurance this is really or fake? Has theo responded to this zine in any way?

                  Comments
                  1. By Anonymous Coward () on

                    That was my point. Someone posts something like that and everyone starts freaking out that CVS has been broken into and we're all backdoored now. That is exactly what people like GOBBLES and these other antisocials want you to do. You do not even know if that is forged or not. I refuse to get all hyped up over this stuff and I calmly fix problems when the problem is verified instead of acting like the whole world might end. And, if you are telling me that you don't know how to or don't audit what is going on in your system even a little bit, then I don't feel bad for you if you do get backdoored. You don't have to know how to code to keep an eye out for unusual things going on. So, I revise my above statement. Instead of WHO cares, MORON it will now become I DON'T care, MORON.

                    Comments
                    1. By Anonymous Coward () on

                      fuckin A.

                      first of all, chill out.
                      just simply having a discussion.
                      didn't know asking questions was illegal.


                      Comments
                      1. By Anonymous Coward () on

                        My comment was not directed to you. You brought up a good point about the validity of that ps output. It was directed to the person who mops up jizz.

            4. By manwithnoname () on

              How can a system with an uptime of little more than just 2 days display the same day of the week with different dates (e.g. Wednesday 05 _and_ 06)?

              BTW, this is the output of 'w', not 'ps'.

              Comments
              1. By Anonymous Coward () on

                huh? That is not date, it's the time of initial login. Wed05PM --> Wednesday, 5:00pm

                Comments
                1. By manwithnoname () on

                  There's two kinds of people in this world. Those who had coffee before posting and those who didn't. I obviously didn't.

                  You're damn right. I was dead wrong. Bummer. I still don't believe that output to be real, though.

                2. By skull () on

                  it doesn't really matter.

                  the future belongs to more secure implementations, whether or not it's openbsd, but open will have a leading position as things move in that direction. everyone is focusing on security, even MS.

                  so openbsd can be broken into, the CVS repository can be trojanned, theos keys can be hijacked, and that will only cause them to recover, patch and move forward.

                  A break-in isnt' the end of the world. If anything from the recent announcements about ssh priv sep, ntp hooks being removed, s/key being de-priveleged, apache chroot, etc, we should thank these people for forcing an even more stingent anaalysis of openbsd.

                  Thanks!

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]