Re: Subseven 2.2 Server?

From: dataspy <dataspy(at)dataspy.net>
Date: Mon Jan 06 2003 - 16:04:58 EST

Hello Nick et al,

Subseven 2.2 uses blowfish encryption to store the settings, at the end of the server executable if i remember correctly. While in subseven 2.1 the editserver was able to "open" and read from the server, 2.2 did not have this feature (I think the author beleived it added security).

I would reccomend using a packet sniffer on a machine and running the server on that machine, and seeing if it pages an ICQ number, or joins an IRC channel, or emails someone. Alternatively you can use something like "memspy" or "winhex" to view the servers memory when its running :- i think some of the settings are viewable in plain text there too.

Let me know how you go.

dataspy (dsinc)

---

Saturday, January 4, 2003, 5:11:21 AM, you wrote:

NJ> I am wondering if anyone has any pointers on how to access the configuration
NJ> data from a Subseven 2.2 server executable?  In 2.1, it was possible to open
NJ> the server in the editserver program, and see the settings, but that is no
NJ> longer an option in 2.2.

NJ> I have a client machine that was infected, and I am hoping to track down the NJ> information on the person(s) who infected it.

NJ> Thank You,
NJ> Nick Jacobsen
NJ> Ethics Design
NJ> nick@ethicsdesign.com


----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Tue Jan 7 14:58:26 2003