similar to: Bindshell rootkit

Ok, typing: mount -t smbfs -o username=username,password=password //Share/File /mnt worked! It loaded the contents of the folder I wanted to acces into the mnt directory. This is goad, but I would like to store them all in one directory. I tired to do a ... /mnt/directoryname but it wouldn't work. Also, how do I set things up so that Linux will automatically load this share on startup

I still have not been able to mount a folder called New Stuff in smbfs. I have tried: mount -t smbfs -o username=tridge,password=foobar //MP3/New Stuff mount -t smbfs -o username=tridge,password=foobar //MP3/New_Stuff mount -t smbfs -o username=tridge,password=foobar //MP3/new_stuff Nothing seems to work. The computer is called MP3 and the folder I want to open is called New Stuff. Its right

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

I run chkrootkit daily. For the first time I've got reports of a problem - Checking `bindshell'... INFECTED (PORTS: 1008) The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected- ports-1008/ suggests that this might be a false positive, so I ran 'netstat - tanup' but unlike the report, it wasn't famd on the port. It was tcp 0 0 0.0.0.0:1008

I have just run chkrootkit on my server and have the following two suspicious entries.. Searching for suspicious files and dirs, it may take a while... /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist and further down.. Checking `bindshell'... INFECTED (PORTS: 465) Anyone have any advice for getting rid of it?? Later..

Damn I hate the way microsloth outlook wants to interprete one's text. Ingore the link text inserted into the examples below. -----Original Message----- From: Baxter, Lincoln [mailto:LBaxter@FLEETCC.COM] Sent: Tuesday, February 27, 2001 12:25 PM To: 'Mike Loiterman'; samba@lists.samba.org Subject: RE: (no subject) The key is to use the mount command... as in: mount -t smbfs -o

Hello. My server was hacked. The CPU has been loaded on 99 % by "sh -i" process. I found out that someone has started phpshell through a hole in one of phpbb forums. Also has filled in scripts for flud and spam and "vadim script" in "/tmp". I has made it noexec. Recently has found out the same process. May be i have left again /tmp opened, or other hole may

Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the

is turned on. Can anybody kind to confirm with me? Our network is using a mix of Win2k server, Win2k Pro, Win98, Win95 and WinMe machines, where the Win2k server is the domain controller and terminal service applications server and the Samba is a member fileserver of the domain. All workstations logon and mount the samba file services. We'd like to check if the problem could be solved by

When I run smbclient 1. smbclient //LINUX01//homes -U test password is requested, I enter the password, and I get in 2. smbclient //LINUX01//homes -U Jane password is requested, I enter the password, and I cannot get in (ERRSV - ERRbadpw (Bad Password - name/password pair in a Tree Connect or Session Setup are invalid) 3. smbclient

net use * \\samba\mgerdts Debug level 10 says: [2001/06/22 10:28:49, 1, pid=29656] smbd/password.c:pass_check_smb(554) Couldn't find user 'mgerdts' in smb_passwd file. [2001/06/22 10:28:49, 2, pid=29656] smbd/reply.c:reply_sesssetup_and_X(951) NT Password did not match for user 'mgerdts'! [2001/06/22 10:28:49, 2, pid=29656] smbd/reply.c:reply_sesssetup_and_X(961)

<-----------------------------------------------------------------------> Changes to user passwords are captured by a special DLL, which traps and then stores the password changes in encrypted form in a private area. On each synchronization schedule, the synchronization service first examines the SAM file for changes, and then checks this private area for passwords to be synchronized. Once