lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <400FDBF8.31126.F2F1F6@localhost>
From: charlie at peopleandplanet.org (Charlie Harvey )
Subject: Re: [Fwd: [TH-research] Bagle remote uninstall]

...or to find and uninstall any instances of bagle running on your network:

for ip in `nmap -p6777 -P0 -n -oG '-' --host_timeout 2000 192.168.0.* \
| grep "open" | perl -ne '/\d+\.\d+\.\d+\.\d+ /; print "$&\n";'`; \
do perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
| nc $ip 6777; done

Getting a little big for a 1 liner though ;-).

Charlie

Picture the scene, it's 16:55 on 21 Jan 2004, and Gadi Evron says:
------------SNIP--------------------------
> For instance, using perl and netcat, you could send the uninstall
> command with the one-liner below:
> perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
> | nc infected_host_IP 6777
------------SNIP--------------------------

--

Charlie Harvey, 
IT Officer,
People & Planet 
----------------------------------------------
Email     : charlie@...pleandplanet.org
On-line   : peopleandplanet.org
Address   : 51 Union Street, Oxford OX4 1JP
Telephone : 01865 245678

Please make a donation to People & Planet. People & Planet
campaigns on the most urgent social and environmental
issues facing the world today. With your support student
campaigning can help to create a more just and sustainable
world for all. To support us financially, visit:
http://peopleandplanet.org/donate/



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ