Posted by: Dan O'Connor
I have made some progress with ‘atack’ just attacking my local analysis machine. I still have lots of work to do but I have figured out some more of what it is up to.
Currently I still do not know the purpose of adding the digits when executing, but I am sure I will figure that out once I start static analysis of the file. Changing the number does not seem to do much, but it could be due to my limited environment and data files that I have created for it.
On my analysis machine I have created two users, and in the data file I am using the interface IP address and the local loopback address as a second system entry.
/unixcod$ cat data.conf
/unixcod$ cat ip.conf
The test user does not have a home directory created, and test1 does. While examining the strings of ‘atack’ there was mention of home directories but I have not been able to see any difference between the two when I am testing.
If the attempts are successful ‘atack’ respond on the console.
UnixCoD own ->test:test:IPAddress
It will also create a file in the working directory called vuln.txt with a similar list of usernames and addresses.
Currently it does not attempt to do anything with the compromised accounts, but these are also empty. I am wondering if it will go for any keys sitting in .ssh if they were to exist.