[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] mydoom.c information
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] mydoom.c information
- From: m.mohr@xxxxxxxxxxx
- Date: Sun, 7 Mar 2004 14:01:01 -0800 (PST)
See comments inserted in reply:
On Sun, 7 Mar 2004, morning_wood wrote:
> > bascially looking for sync-src-1.00.tbz. That message was posted to this
>
> avail on infected hosts
The whole point is that I don't *want* to be infected. I don't have an
infected host because I am a good admin. I want to obtain a copy of the
source code, not the binary virus.
>
> > This is how I came to be in possession of it:
> >
> > nc -l -p 3127 > doomjuice.dump
> >
> > You will probably want to write a
> > loop to restart netcat because it exits after a successful transfer.
> >
>
> nc -L -p 3127 > out.txt note: " -L " will not exit your listener,
> as it is for a persistant listener.
Okay. Strangely enough, my version of netcat doesn't have an option "L":
nc [v1.10]
bash-2.05b$ nc -L
nc: invalid option -- L
nc -h for help
bash-2.05b$
Additionally, the whole point of writing a script is that I actually
*want* my listener to exit so that it can be called again and write to a
new file, thus separating infection attempts cleanly. This removes the
need for me to comb through a huge dump and guess where each virus
begins and ends. E.g.:
x=0; while true; do x=$((x+1)); nc -l -p 3127 > 3127.$x; done
>
> please see
> http://lists.netsys.com/pipermail/full-disclosure/2004-February/017126.html
Thanks for the link ... I wish I had been able to find this earlier, it
would have helped me quite a bit. Although the bit about intentionally
infecting oneself doesn't exactly make me want to jump for joy.
>
> as i do not wish to type-iterate.
>
> Donnie Werner
> http://exploitlabs.com
>
In any case, thank you for your reply!
Regards,
Michael Mohr
P.S. I visited your website and it has some good information on it. One
thing really needs to change though IMHO: Flash isn't cool. If I can't
see it in lynx, I generally don't want to see it.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html