lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.58.0403071344400.27615@rosetta.temerity.net>
From: m.mohr at laposte.net (m.mohr@...oste.net)
Subject: mydoom.c information

See comments inserted in reply:

On Sun, 7 Mar 2004, morning_wood wrote:

> > bascially looking for sync-src-1.00.tbz.  That message was posted to this
>
> avail on infected hosts

The whole point is that I don't *want* to be infected.  I don't have an
infected host because I am a good admin.  I want to obtain a copy of the
source code, not the binary virus.

>
> > This is how I came to be in possession of it:
> >
> > nc -l -p 3127 > doomjuice.dump
> >
> >  You will probably want to write a
> > loop to restart netcat because it exits after a successful transfer.
> >
>
> nc -L -p 3127 > out.txt    note: " -L  " will not exit your listener,
> as it is for a persistant listener.

Okay.  Strangely enough, my version of netcat doesn't have an option "L":
nc [v1.10]
bash-2.05b$ nc -L
nc: invalid option -- L
nc -h for help
bash-2.05b$

Additionally, the whole point of writing a script is that I actually
*want* my listener to exit so that it can be called again and write to a
new file, thus separating infection attempts cleanly.  This removes the
need for me to comb through a huge dump and guess where each virus
begins and ends.  E.g.:

x=0; while true; do x=$((x+1)); nc -l -p 3127 > 3127.$x; done

>
> please see
> http://lists.netsys.com/pipermail/full-disclosure/2004-February/017126.html

Thanks for the link ... I wish I had been able to find this earlier, it
would have helped me quite a bit.  Although the bit about intentionally
infecting oneself doesn't exactly make me want to jump for joy.

>
> as i do not wish to type-iterate.
>
> Donnie Werner
> http://exploitlabs.com
>

In any case, thank you for your reply!

Regards,
Michael Mohr

P.S. I visited your website and it has some good information on it.  One
thing really needs to change though IMHO: Flash isn't cool.  If I can't
see it in lynx, I generally don't want to see it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ