Penetration Testing mailing list archives
RE: [Full-disclosure] Exploiting a Worm
From: "Aditya Deshmukh" <aditya.deshmukh () online gateway strangled net>
Date: Wed, 14 Sep 2005 07:58:35 +0530
Does anyone knows a way to exploit this worm to get access to the system?
Depends on what kind of worm is that. There could be plenty of things that you would have to look into It could be one or all of these things... 1. the worm might be anyone of the 900 versions of *bot family 2. someone might have made a custom compilation of the same worm Which means that it will never be detected by any antivirus 3. It might be using port knocking so you might not find anything to "access" the system 4. The contol connection to the "server" might be encrypted So the best action would be .... 1. bring the machine offline 2. image the drive 3. reinstall the original machine from a clean source 4. use the image that you made to setup a vmware or some other honeypot 5. keep a log of all the traffic and you will find what is happening. ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Exploiting a Worm Ian Gizak (Sep 14)
- Re: Exploiting a Worm Paul Robertson (Sep 15)
- Re: Exploiting a Worm Craig Holmes (Sep 15)
- Re: Exploiting a Worm Marco Monicelli (Sep 15)
- <Possible follow-ups>
- Exploiting a Worm Ian Gizak (Sep 14)
- RE: [Full-disclosure] Exploiting a Worm Aditya Deshmukh (Sep 14)
- Re: [Full-disclosure] Exploiting a Worm Dave Dittrich (Sep 14)
- Re: [Full-disclosure] Exploiting a Worm Karma (Sep 14)
- RE: Exploiting a Worm Drage, Nick (Sep 16)