[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Unpacking Sasser

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Unpacking Sasser
From: youssef ALAOUI <alaoui_o@xxxxxxxx>
Date: Mon, 3 May 2004 17:58:04 +0200 (CEST)

HI,

You can use PEiD to try to unpack Sasser (http://peid.has.it/)

you can also catch this worm by creating a shell script called catch.sh

catch.sh would contain two lines :

nc -l -p 445 > ~/catched.dump$$
./catch.sh &

then you just have to launch it : ./catch.sh &

that will create files with random names for each incomming connexion to
port 445 containing a dump of the trafic in your home directory.

Tek Rulez
------------------------------------

ALAOUI ABDELLAOUI Youssef alias ANALYSTE
Delegue Promo 2008
-{Epitech}- European Institute of Technology

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
  - From: Thomas Springer

Prev by Date: Re: [Full-Disclosure] Agobot/Gaobot/Phatbot
Next by Date: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
Previous by thread: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
Next by thread: RE: [Full-Disclosure] Sasser skips 10.x.x.x Why?
Index(es):
- Date
- Thread