[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <400FDBF8.31126.F2F1F6@localhost>
Date: Thu, 22 Jan 2004 14:19:36 -0000
From: "Charlie Harvey " <charlie@...pleandplanet.org>
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Re: [Fwd: [TH-research] Bagle remote uninstall]
...or to find and uninstall any instances of bagle running on your network:
for ip in `nmap -p6777 -P0 -n -oG '-' --host_timeout 2000 192.168.0.* \
| grep "open" | perl -ne '/\d+\.\d+\.\d+\.\d+ /; print "$&\n";'`; \
do perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
| nc $ip 6777; done
Getting a little big for a 1 liner though ;-).
Charlie
Picture the scene, it's 16:55 on 21 Jan 2004, and Gadi Evron says:
------------SNIP--------------------------
> For instance, using perl and netcat, you could send the uninstall
> command with the one-liner below:
> perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
> | nc infected_host_IP 6777
------------SNIP--------------------------
--
Charlie Harvey,
IT Officer,
People & Planet
----------------------------------------------
Email : charlie@...pleandplanet.org
On-line : peopleandplanet.org
Address : 51 Union Street, Oxford OX4 1JP
Telephone : 01865 245678
Please make a donation to People & Planet. People & Planet
campaigns on the most urgent social and environmental
issues facing the world today. With your support student
campaigning can help to create a more just and sustainable
world for all. To support us financially, visit:
http://peopleandplanet.org/donate/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists