1

A server (which has since been pulled offline and is scheduled to be wiped) was compromised through ssh brute force. No root/su/sudo access was gained but I started observing these errors (pasted below). I am curious if anyone has ever seen them, can make any sense of them, or point me in the right direction to where to learn more/understand the information being given to me here. 

[20973226.383007] i2[1348]: segfault at 18 ip 0804888c sp bfab9bf0 error 6 in i2[8048000+1000]
[20974086.029942] exp_wunderbar.s[2026]: segfault at 1 ip 00000001 sp bffdde44 error 4
[20974090.870364] exp_vmware.so[2028]: segfault at 1 ip 00000001 sp bfa71fc4 error 4
[20974096.668668] exp_therebel.so[2029]: segfault at 1 ip 00000001 sp bf815144 error 4
[20974102.532392] exploit.so[2031]: segfault at 1 ip 00000001 sp bfd326f4 error 4
[20974114.663857] exp_paokara.so[2034]: segfault at 1 ip 00000001 sp bfc55ba4 error 4
[20974121.799992] exp_powerglove.[2036]: segfault at 1 ip 00000001 sp bf8af024 error 4
[20975141.499026] exp_vmware[3334]: segfault at 1 ip 00000001 sp bfb7d054 error 4
[20975205.196685] exp_vmware[3450]: segfault at 1 ip 00000001 sp bfcdad04 error 4
[20975215.047235] exp_vmware[3455]: segfault at 1 ip 00000001 sp bfcc0054 error 4
[20975224.136751] exp_sieve[3466]: segfault at 1 ip 00000001 sp bfc7c654 error 4
[20975233.870688] exp_sieve[3469]: segfault at 1 ip 00000001 sp bf87ba54 error 4
[20975289.465236] exp_ingom0wnar[3478]: segfault at 1 ip 00000001 sp bfa101f4 error 4
[20975309.636332] exploit.so[3496]: segfault at 1 ip 00000001 sp bf8d1f14 error 4
[20975489.701613] exploit.so[3728]: segfault at 1 ip 00000001 sp bff26714 error 4
[20975756.745475] exploit[3937]: segfault at 4 ip b7ce1c54 sp bf8c31d0 error 6 in exp_moosecox.so[b7ce1000+2000]
[20975773.230485] exploit[3940]: segfault at 0 ip b7ee4712 sp bfeecc4c error 6 in exp_paokara.so[b7ee4000+1000]
[20975787.134348] exploit[3943]: segfault at 0 ip 0804a879 sp bfe17250 error 6 in exploit[8048000+7000]
[20975802.142913] exploit[3945]: segfault at 2c ip b7c9a615 sp bf8cd634 error 6 in exp_therebel.so[b7c9a000+1000]
[20975822.280139] exploit[3947]: segfault at 0 ip 0804a838 sp bfdd9050 error 6 in exploit[8048000+7000]
[20975837.831923] exploit[3958]: segfault at 0 ip b7f38712 sp bf801c6c error 6 in exp_paokara.so[b7f38000+1000]
[20975843.449875] exploit[3960]: segfault at 4 ip b7ca1c54 sp bf8147a0 error 6 in exp_moosecox.so[b7ca1000+2000]
[20975851.145318] exploit[3961]: segfault at 4 ip b7cb0c54 sp bfdded70 error 6 in exp_moosecox.so[b7cb0000+2000]
[20975857.549248] exploit[3965]: segfault at 4 ip b7d45c54 sp bfe517b0 error 6 in exp_moosecox.so[b7d45000+2000]
[20975863.392986] exploit[3967]: segfault at 4 ip b7ca4c54 sp bfcbd220 error 6 in exp_moosecox.so[b7ca4000+2000]
[20975894.696980] exploit[4149]: segfault at 4 ip b7d10c54 sp bfaeb730 error 6 in exp_moosecox.so[b7d10000+2000]
[20975908.736128] exploit[4241]: segfault at 0 ip b7f00712 sp bfc3f66c error 6 in exp_paokara.so[b7f00000+1000]
[20975918.124157] exploit[4331]: segfault at 0 ip 0804a879 sp bfd038e0 error 6 in exploit[8048000+7000]
b3nw
  • 13
  • 2

1 Answers1

0

Looks like Brad Spengler's enlightenment exploit collection - I guess they were trying to get root.

James
  • 7,553
  • 2
  • 24
  • 33
  • This is actually the conclusion I came too. But its good to know I am on the right page. Thanks! – b3nw Oct 12 '10 at 03:54