lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030810104942.35581.qmail@web20603.mail.yahoo.com>
From: joey2cool at yahoo.com (Joey)
Subject: DCOM Worm/scanner/autorooter !!!

i looked at the code and it is NOT a worm.
It can be deployed on several computers very fast, but
it doesn't have the ability self replicate itself from
the target computer.

basically this exploit sends a command to create a
script for ftp.exe which it calls on by using "ftp -s
scriptfile". The script contains the hostname,
username, password, and file to download. then it runs
the file after its done downloading.

This can easily be modified to run multiple commands.
You can set it to download a Self extracting rar/zip
file and then run a batch file contained inside the
SFX file after its done extracting.

there is a very fine line between proof of concept
code and worms. worms are highly illegal and if you
publish the code you can be held responsible so make
sure you are aware of this when posting here. this
exploit is NOT a worm but the potential for it to be a
worm is there...

--- roman.kunz@...iusbaer.com wrote:
> hi folks,
> 
> already saw a re-edited one whitch has only two
> targets (just as the last 
> sploit by k-otik).
> 
> <cut>
> /* RPC DCOM WORM v 2.3  - 
>  * originally by volkam, fixed and beefed by
> uv/graff
>  * even more original concept by LSD-pl.net
>  * original code by HDM 
>  *
>  * --
>  * This code is in relation to a specific DDOS IRCD
> botnet project.
>  * You may edit the code, and define which ftp to
> login
>  * and which .exeutable file to recieve and run.
>  * I use spybot, very convienent
>  * -
>  * So basicly script kids and brazilian children,
> this is useless to you
>  * 
>  * -
>  * shouts: darksyn - true homie , giver of 0d4yz,
> and testbeds
>  *         volkam  - top sekret agent man 
>  *         ntfx    - master pupil 
>  *         jpahk   - true homie #2
>  *         k3r0m   - made that shit universal (2
> targets WinXP - Win2k)
>  *
>  * Legion2000 Security Research (c) 2003 
>  * - 
>  *  enjoy! 
> 
> 

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ