Quote:
Originally Posted by alex79
yeah..is john the ripper.. but since they cold create a new user i asume that they got already the password in order to create this user.. why wold they need a brute force password cracker anymore then?
|
Oh man john is sooo old school, takes me back
The answer is, for when you patch whatever vulnerable daemon gave them shell access in the first place, they can simply login as a normal user (on a multiuser box most people won't change those passwords after a compromise) and run whatever rootshell they left planted around your system.
Box is fucked, get a new one and copy your sites over.