DAMPCROWD

[NoahGWood]

Dampcrowd appears to my untrained eyes to be a priv-esc attempt.
It creates a shell with setuid and guid set to 0 (root).
13: 080484fc 0 FUNC WEAK DEFAULT UND setuid
14: 080484ac 0 FUNC WEAK DEFAULT UND setgid
The exploit did not work on Linux Mint Serena; it just opened up a new /bin/sh shell.

[Tbone-grady]

Listen @JohnnyHobo if you don't know what the fuck your doing dont mess with the binaries

[Ekultek]

"It just opened a new shell" and a shit load of backdoors lol

…

On Apr 14, 2017, at 6:31 PM, Tdog21 ***@***.***> wrote: Listen johny if you don't know what the fuck your doing dont mess with the binaries — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[Tbone-grady]

@Ekultek lol

[NoahGWood]

Hey, if you can show me where it's installing backdoors I'm all ears. All I found was it tries to open a root shell.

Never take my word for anything though, if the NSA handed me enough money I'd just as soon turn around and tell you it's necessary to run all these scripts on every *nix based device you own :P
Now why's there a van parked outside my house?

[Atavic]

What a joke! VT hash search results for D01502934C089EA1316F659B5DBC80AE891DCA11
and 3A4BE0A37F98276B427F0EC2985475232B549B28 give detection ratios of 2/55