lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jsage at finchhaven.com (John Sage)
Subject: mydoom.c information

Now I'm confused...

On Sun, Mar 07, 2004 at 09:43:03AM -0800, morning_wood wrote:
> From: "morning_wood" <se_cur_ity@...mail.com>
> To: <full-disclosure@...ts.netsys.com>
> Subject: [Full-Disclosure] mydoom.c information
> Date: Sun, 7 Mar 2004 09:43:03 -0800
> 
> > > bascially looking for sync-src-1.00.tbz.  That message was
> > > posted to this
> > 
> > avail on infected hosts
> > 
> > > This is how I came to be in possession of it:
> > > 
> > > nc -l -p 3127 > doomjuice.dump
> > > 
> > >  You will probably want to write a loop to restart netcat
> > > because it exits after a successful transfer.
> > > 
>  
>  nc -L -p 3127 > out.txt note: " -L " will not exit your netcat, as
>  it is for a persistant listener.

/* snip */


[jsage@...rky /storage/virii] $ nc -h
GNU netcat 0.7.1, a rewrite of the famous networking tool.
Basic usages:
connect to somewhere:  nc [options] hostname port [port] ...
listen for inbound:    nc -l -p port [options] [hostname] [port] ...
tunnel to somewhere:   nc -L hostname:port -p port [options]
 
Mandatory arguments to long options are mandatory for short options too.
Options:
  -c, --close                close connection on EOF from stdin
  -e, --exec=PROGRAM         program to exec after connect
  -g, --gateway=LIST         source-routing hop point[s], up to 8
  -G, --pointer=NUM          source-routing pointer: 4, 8, 12, ...
  -h, --help                 display this help and exit
  -i, --interval=SECS        delay interval for lines sent, ports scanned
  -l, --listen               listen mode, for inbound connects
  -L, --tunnel=ADDRESS:PORT  forward local port to remote address

/* snip */


Does persistent listener == tunnel?


- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ