The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Private Remote Root Exploit for Cpanel

Discussion in 'General Discussion' started by Mortekai, Mar 2, 2006.

  1. Mortekai

    Mortekai Member

    Joined:
    Nov 28, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Had my server hacked by some nasty individual and I found 2 script files for remote root exploit for Cpanel and I am wondering if this is something that is already known or if I should send it to someone at Cpanel so they can look at it?
     
  2. randomuser

    randomuser Well-Known Member

    Joined:
    Jun 25, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    It's pretty hard to know if it's new or old since you didn't provide any details whatsoever.

    What exactly do the scripts exploit?
     
  3. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    What are the name of the files? Where were they located? Is there any identifying information in the file (i.e. "Written by L33tHax0r 2004"). Any idea how they were injected into your server (SSH, FTP, Web etc)?
     
  4. Mortekai

    Mortekai Member

    Joined:
    Nov 28, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Sorry, was a bit tired this morning :)

    The following is found in the script:
    /* Private Remote Root Exploit for Cpanel <= 9.x, by Tal0n of NixSec 03-13-04 */
    /* Will open a rootshell on port 5190, press enter once to get sh-2.05b# */
    /* Please do not distribute, keep it very private if it falls into your hands */

    Figure its an old exploit...
     
  5. monoxide

    monoxide Member

    Joined:
    Jun 14, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Maybe you need to upgrade your cpanel install? That exploit is damn old.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you're running the latest release of cPanel and they were able to use the exploits then you should contact security@cpanel.net and work with them to investigate it further.
     
Loading...

Share This Page