Yeah, I am prolly gonna get flamed for this. I dont care. I have this giant belief of enacting countermeasures against attacks... so sue me. I basically took the rafa code that was just posted a bit ago, and combined it with a generic perl server... Ill paste the comments here.. #Code Red Counter Measures v1.0 by Digital Ebola <digiat_private> #Exploit ripped from rafaat_private #Breakdown: Basically this thing is going to sit on a port (80) and watch for incoming webrequests. When it receives one, it will attempt to contact that machine, and overflow via idq. This code is quite unfinished, and unrefined. I would like to add expect to it and have it create a c:\notworm file on the attacking host. These are features to come. The posted exploit by rafaat_private is untested by me, but I have tested this daemon, and it does make get .ida requests. TODO: 1. attack codered infections specifically 2. add expect module, and logic needed to automatically copy con the c:\notworm file. 3. test the damn thing. Yes, I do know this kind of setup can be used for evil. That was my first intention, as old habits die hard. Hopefully, this will stop alot of reoccuring infections, and I hope this shows the goodness of my beliefs in good countermeasures. Hacker A releases evil code, Hacker B releases good code to kill Hacker A's code. Digital Ebola www.legions.org www.legions.org/~digi/ "Network penetration is network engineering, in reverse."
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 12:17:47 PDT