[GTALUG] Fw: surprise!
Mauro Souza
thoriumbr at gmail.com
Sun Apr 9 20:11:14 EDT 2017
Not probable. There's a few remote exploits for wget, but none would
affect me, AFAIK. My /tmp is mounted with nodev noexec nosuid, and I create
a directory for every "client".
I usually download sites pretending to be my bank, or credit card, or some
other entity I am not related to, and they usually ask me for login
credentials, credit card information or to download and execute something.
They are targeting clueless Windows' users, not savvy Linux users hunting
malware sites.
Next time I will use telnet to the server from inside a chroot in a Docker
container, running on a virtual machine on a diskless computer booting
from DVD, connected to the Starbucks WiFi. Just to be safe.
On Apr 9, 2017 20:23, "Jamon Camisso via talk" <talk at gtalug.org> wrote:
> On 07/04/17 21:03, Mauro Souza via talk wrote:
> > One of my hobbies is to download those sites with wget and a fake user
> > agent string, and analyze them. If they are phishing, I like to flood it
> > with random fake logins and passwords.
> >
> > I once got a keylogger sending the logs by FTP. I connected to it,
> deleted
> > every log, and chmoded a-w the directory. The owner of the keylogger must
> > have been surprised to see his logger didn't worked.
>
> Or even more surprised that their wget honeypot worked and they got root
> on your system :D
>
> ---
> Talk Mailing List
> talk at gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20170409/3de9909a/attachment.html>
More information about the talk
mailing list