Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 03:41:58 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1211578583&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2FUNIX%2Fpenetration%2Frootkits%2Ffalcon-ssh-diffs.tar.gz%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1211578583.1338176518.1338176518.1338176518.1%3B%2B__utmz%3D32867617.1338176518.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/11540/falcon-ssh-diffs.tar.gz http://packetstormsecurity.org/files/11540/falcon-ssh-diffs.tar.gz http://packetstormsecurity.org/files/11540/falcon-ssh-diffs.tar.gz.html Fri, 05 Nov 1999 17:30:34 GMT Two rootkit / backdoor patches to ssh-1.2.27. The first diff turns ssh into a major backdoor. it will report itself as nscd in the process list, have ALL logging disabled, run on a different port, ignore all settings in the config file and allow a "magic word" login to all accounts, including root. The other patch simply adds a magic password to sshd, for use in patching an existing sshd.