Fw: openbsd rumours

Has anybody else heard of this?! Are we talking serious here? (Certainly hope


P.S.: please cc: me on replies (had to unsubscribe...)

Deer readers,

Few days ago, while i was at the #darknet, i saw three ScRiPtKidIeZ (within
the rest of them) talking about the 7350-crocodile.c, 7350-obsdftpd.c and the
7350-pf.c exploit code by team teso made with support of GOBBLES Security, who
gave them the advisories.

The good news:

the exploits aint that much spreaded and they've been kept on the underground
for about 1month. This ain't really a good new, but it is better than the ones
that follow.

The bad news:

- openbsd ftp/cvs have been compromised and backdoored by the kidies, that
hang mostly on #!hack.the.turkey at efnet.
- the technique is new and very obscure, the three exploits abuse em and is
applicable only on *BSD flavors (afaik).

the a really short part of the logs show this:

<m0rgan> ./a.out
<m0rgan> 7350-crocodile - x86/OpenBSD apache/telnetd/sshd
*** pr0ix (pr0ix_(_at_)_def-con_(_dot_)_org) has joined #darknet
<m0rgan> by lorian and scut / TESO
<m0rgan> ./7350-crocodile [options] [host] [port] [misc-option]
<m0rgan> -d <daemon> (1= apache, 2= telnetd, 3= sshd)
<m0rgan> -b bruteforce
<m0rgan> -c check only
<m0rgan> -s <0xaddr> start address
<m0rgan> -S shellcode (? to show the list)
<pr0ix> wtf?
<m0rgan> greetz: synnergy, GOBBLES Security, ElectronicSoulz, shiftee, bnuts,
<m0rgan> sidenote: nasa.gov was really easy ;>
<m0rgan> muahah fear.
<xxx> could you send me that?
*** pr0ix sets mode: +b xxx!*_(_at_)_200_(_dot_)_*
*** xxx was kicked by pr0ix (0day-lurker)

keep an eye open at your logs, as they said the exploit makes a lot of noise
on the system and "private" logs and thus it is easy to spot, put your ids on.

Martin (VanCloudeJandame)
"The only people for me are the mad ones -- the ones who are mad to 
live, mad to talk, mad to be saved, desirous of everything at the same 
time, the ones who never yawn or say a commonplace thing, but burn, 
burn, burn like fabulous yellow Roman candles."
    -- Jack Kerouac, "On the Road"