|
So how was the hacker connected to the box once you "moved" it?
I'm sorry, but it seems to me you're just marketing your "supposed" work, while infact you're not sure what you're doing.
The 2 exploits you posted, one is local, needing to be first log'd into mysql (didn't check further), second is remote, but do you even know what it does? Or did you just go to google and typed "remote mysql exploit". Not only is it written in 2003 and patched with version 4.0.15, to exploit this you need the mysql root and remote access for that user to be allowed. Even after that, if the exploit works, you don't have root access, but rather the access of the mysqld user, which still wouldn't allow him to run you sniffer in /dev or /lib.
Please don't think we're all sheep here. There's 10000s of mysql exploits out there, very few are capable of gaining remote root (version specific), and you sure as hell don't know about them since you won't find them on google, where you seem to have found these obsolete codes.
__________________
agentGFY *at* gmail.com
|