| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <400FDBF8.31126.F2F1F6@localhost> From: charlie at peopleandplanet.org (Charlie Harvey ) Subject: Re: [Fwd: [TH-research] Bagle remote uninstall] ...or to find and uninstall any instances of bagle running on your network: for ip in `nmap -p6777 -P0 -n -oG '-' --host_timeout 2000 192.168.0.* \ | grep "open" | perl -ne '/\d+\.\d+\.\d+\.\d+ /; print "$&\n";'`; \ do perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \ | nc $ip 6777; done Getting a little big for a 1 liner though ;-). Charlie Picture the scene, it's 16:55 on 21 Jan 2004, and Gadi Evron says: ------------SNIP-------------------------- > For instance, using perl and netcat, you could send the uninstall > command with the one-liner below: > perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \ > | nc infected_host_IP 6777 ------------SNIP-------------------------- -- Charlie Harvey, IT Officer, People & Planet ---------------------------------------------- Email : charlie@...pleandplanet.org On-line : peopleandplanet.org Address : 51 Union Street, Oxford OX4 1JP Telephone : 01865 245678 Please make a donation to People & Planet. People & Planet campaigns on the most urgent social and environmental issues facing the world today. With your support student campaigning can help to create a more just and sustainable world for all. To support us financially, visit: http://peopleandplanet.org/donate/
Powered by blists - more mailing lists