« Home | I.T. Security Bootcamp 2009 » | Defconph.org's Bloggers Conference Meeting » | Globe Network Hacking » | The 0day will cost you.... » | Mail8 Vulnerability » | Put Up OR Shut Up (PUORSU) Conference » | Ethical Hacking Seminar » | Upcoming Security Cons / Gatherings in the Philipp... » | Mobile Pentesting Devices » | Pen Tester Wanted »

BDO ATM Cmd Shell

Great shot by Yugatech of a Banco De Oro ATM machine dropping to a cmd shell and executing an ftp script. The ip address shown is inside their local network and uploads are sent to a "backup" folder. Seems to be a backup script executed by the "at" service which is why the script is executed by svchost.exe. No idea why it would show the cmd window although unless the /interactive switch was included although that would be very weird on such a machine. Some exploits do execute a cmd shell through svchost though. =)

Posted by sujiru on Sunday, January 11, 2009 at 4:17 PM |

Post a Comment