Rootkit Question

#1 DME

Private First Class

Group: Members
Posts: 25
Joined: 14-August 03

Posted 12 February 2004 - 09:21 AM

I've got a problem with the linux root kit "LNXkit v1.2" (better known as lnx.tar)
If i type in "./own my_pass 12345" (Usage:./own <pass> <port>) everything works fine and a shell is bound on port 12345 :) So far so fine, now i will connect to port 12345, and login succesfully.

login as: root
Sent username "root"
root@localhost's password:
Last login: Sat Feb 7 04:32:06 2004
You have new mail.
bash-2.05#

Here you can see the line "You have new mail". And my question is, - whats the reason of this message? Is there any method to disable ist? I want to disable it, because i fear that the admin see this line too.

Is there anybody who know this rootkit and a answer of my question? Or know a better rootkit, which can be installed same easy as this one.

Thx for your answers and sorry for my broken english.

#2 s54

Private First Class

Group: Members
Posts: 66
Joined: 15-January 04

Posted 12 February 2004 - 09:44 AM

Just remove the line from the rootkits source. I guess its only some fun from the author. Sounds better like others which sound like "h4x0r access gr4nted" :lol:
Don't worry, won't show when admin logs in.

#3 DME

Private First Class

Group: Members
Posts: 25
Joined: 14-August 03

Posted 12 February 2004 - 10:34 AM

Thank you that calms me.

#4 SCVirus

Private First Class

Group: Members
Posts: 125
Joined: 01-February 04

Posted 19 February 2004 - 09:05 PM

erm, that would be the mail you can send from one user to another on many *nixs. you should be able to ignore that. for example on redhat if you use their little 'up2date' then youll get 'mail' telling you of what was changed.

#5 Voxell

Private

Group: Members
Posts: 12
Joined: 10-February 04

Posted 20 February 2004 - 01:19 AM

There are a lot of internal mails sent to the root account...

When I take a look at our webserver i have thousands of email reports from cronjobs, errorlogs etc...

WHy not try mail and check ot out what's waiting for you?

#6 inferno-gwc

Private

Group: Members
Posts: 11
Joined: 06-January 04

Posted 06 July 2004 - 10:08 AM

i can't find this rootkit on internet.. does someone had a link where i can download it :) ? Thanks

#7 segv

Private First Class

Group: Members
Posts: 20
Joined: 22-January 04

Posted 09 July 2004 - 09:19 PM

Set CheckMail to no in your sshd conf.

#8 320X

Master Sergeant

Group: Members
Posts: 473
Joined: 13-December 03

Posted 07 November 2005 - 06:17 PM

LNXkit v1.2" (better known as lnx.tar) ? ... seems google not exist lnx.tar rootkit, or lnxkit v1.2... <_<

#9 hottzo

Private First Class

Group: Members
Posts: 78
Joined: 26-January 04

Posted 02 December 2005 - 08:38 AM

i don't believe this....

illegal? you should only be trying this on your own box.

DME, on Feb 12 2004, 07:21 PM, said:

I've got a problem with the linux root kit "LNXkit v1.2" (better known as lnx.tar)
If i type in "./own my_pass 12345" (Usage:./own <pass> <port>) everything works fine and a shell is bound on port 12345 :) So far so fine, now i will connect to port 12345, and login succesfully.

login as: root
Sent username "root"
root@localhost's password:
Last login: Sat Feb 7 04:32:06 2004
You have new mail.
bash-2.05#

Here you can see the line "You have new mail". And my question is, - whats the reason of this message? Is there any method to disable ist? I want to disable it, because i fear that the admin see this line too.

Is there anybody who know this rootkit and a answer of my question? Or know a better rootkit, which can be installed same easy as this one.

Thx for your answers and sorry for my broken english.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Forums: Rootkit Question - Forums