RemotelyAnywhere detection

From: Michel Arboi (arboiat_private)
Date: Mon Mar 25 2002 - 01:20:06 PST

Next message: Noam Rathaus: "Re: BadBlue Directory Traversal"

Previous message: Sullo: "Re: asp_net_css.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://xwell.org/
"US Military Sweep for Compromises and Backdoors
The United States Army and Navy are doing a crash review of
unclassified Windows systems for RemotelyAnywhere, a commercial remote
system management tool that's been found on numerous compromised
systems. [...]"  
See also http://www.technews.com/news/02/175245.html

So... Here are two scripts for SSH and the web interface. Detecting
the Telnet server is not easy.
TBD: check for default account administrator / remotelyanywhere

multipart/mixed attachment: RemotelyAnywhere SSH detection

multipart/mixed attachment: RemotelyAnywhere WWW detection

Next message: Noam Rathaus: "Re: BadBlue Directory Traversal"
Previous message: Sullo: "Re: asp_net_css.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 25 2002 - 01:20:53 PST