I got rooted
The purpose of this email is to see if anyone knew where the vulnerability was.
I got a cPanel generated error last week (that I just received
today) saying that "nobody" attempted to edit the files psybnc.conf,
ircd.motd and ircd.conf.
Here's a copy of psybnc.conf:
bash-2.05b# less psybnc.conf
PSYBNC.SYSTEM.PORT1=6669
A
A
D
D
D
A
PSYBNC.SYSTEM.HOST1=*
PSYBNC.HOSTALLOWS.ENTRY0=*;*
USER1.USER.LOGIN=guiwunsch
USER1.USER.USER=DeStRoIdEr
USER1.USER.PASS==0'0r1E'N1h`c0='K1H
USER1.USER.RIGHTS=1
USER1.USER.VLINK=0
USER1.USER.PPORT=0
USER1.USER.PARENT=0
USER1.USER.QUITTED=0
USER1.USER.DCCENABLED=1
USER1.USER.AUTOGETDCC=0
USER1.USER.AIDLE=0
USER1.USER.LEAVEQUIT=0
USER1.USER.AUTOREJOIN=1
USER1.USER.SYSMSG=1
USER1.USER.LASTLOG=0
USER1.USER.CERT=+
USER1.USER.NICK=DeStRoIdEr[Offz]
USER2.USER.LOGIN=proxy
USER2.USER.USER=proxy
USER2.USER.PASS==0K`00B1`0D0X0u`o1I
USER2.USER.RIGHTS=0
USER2.USER.VLINK=0
USER2.USER.PPORT=0
USER2.USER.PARENT=0
USER2.USER.QUITTED=0
USER2.USER.DCCENABLED=1
USER2.USER.AUTOGETDCC=0
USER2.USER.AIDLE=0
USER2.USER.LEAVEQUIT=0
USER1.USER.CERT=+
USER1.USER.NICK=DeStRoIdEr[Offz]
USER2.USER.LOGIN=proxy
USER2.USER.USER=proxy
USER2.USER.PASS==0K`00B1`0D0X0u`o1I
USER2.USER.RIGHTS=0
USER2.USER.VLINK=0
USER2.USER.PPORT=0
USER2.USER.PARENT=0
USER2.USER.QUITTED=0
USER2.USER.DCCENABLED=1
USER2.USER.AUTOGETDCC=0
USER2.USER.AIDLE=0
USER2.USER.LEAVEQUIT=0
USER2.USER.AUTOREJOIN=1
USER2.USER.SYSMSG=1
USER2.USER.LASTLOG=0
USER2.USER.CERT=+
USER2.USER.NICK=proxy
USER1.SERVERS.PORT2=6667
USER1.SERVERS.SERVER2=irc.comnet.com.br
Here's a copy of ircd.motd:
bash-2.05b# less ircd.motd
^C15--------------------------------------------------------
^C0 ^C1OwnzNet
^C15--------------------------------------------------------
___ _ _ _
/ _ \__ ___ __ ___| | | ___| |_
| | | / / / '_ |_ / | |/ _ __|
| |_| | V V /| | | |/ /| | | __/ |_
\___/ \_/\_/ |_| |_/___|_| \_|\___|\__|
n e t w o r k
2003 ownznet.********
^C15--------------------------------------------------------
^C0 ^C1Regras
^C15--------------------------------------------------------
^C1As regras esto no site ^C12^_http://ownznet.********/regras^_
^C1e a pessoa que desrespeit-las ser punida
^C15--------------------------------------------------------
^C0 ^C1Canais
^C15--------------------------------------------------------
^C4#^C14Abuso ^C14 - ^C1Canal para denncia de abusos
^C4#^C14Adeso ^C14 - ^C1Canal para adeso a rede
^C4#^C14Ajuda ^C14 - ^C1Canal de suporte da rede
^C4#^C14Brasil ^C14 - ^C1Canal oficial de bate-papo da rede
^C4#^C14ScripTeaM ^C14 - ^C1Canal de suporte a mirc scripting
^C1Caso queira que a rede apoie o seu canal basta enviar
^C1um email para: ^C12^_apoio@ownznet.********^_
^C15--------------------------------------------------------
^C0 ^C1www.ownznet.********
^C15--------------------------------------------------------
The permissions on ircd.conf are so screwed up, that I can't even do a
less on it.
IF you visit ownznet.********, it brings up a URL forwarder to
bittersweet16.net - a website that I host off the cPanel box.
