Code Red Countermeasures

From: Digital Ebola (digiat_private)
Date: Thu Aug 02 2001 - 11:47:18 PDT

  • Next message: Haul: "RE: Suspicious joe.exe"

    Yeah, I am prolly gonna get flamed for this. I dont care.
    
    I have this giant belief of enacting countermeasures against attacks... so
    sue me.
    
    I basically took the rafa code that was just posted a bit ago, and
    combined it with a generic perl server... Ill paste the comments here..
    
    #Code Red Counter Measures v1.0 by Digital Ebola <digiat_private>
    #Exploit ripped from rafaat_private
    
    #Breakdown: Basically this thing is going to sit on a port (80) and watch
    for incoming webrequests. When it receives one, it will attempt to contact
    that machine, and overflow via idq. This code is quite unfinished, and
    unrefined. I would like to add expect to it and have it create a
    c:\notworm file on the attacking host. These are features to come.
    The posted exploit by rafaat_private is untested by me, but I have tested
    this daemon, and it does make get .ida requests.
    
    
    TODO: 1. attack codered infections specifically
          2. add expect module, and logic needed to automatically copy con the
             c:\notworm file.
          3. test the damn thing.
    
    Yes, I do know this kind of setup can be used for evil. That was my first
    intention, as old habits die hard. Hopefully, this will stop alot of
    reoccuring infections, and I hope this shows the goodness of my beliefs in
    good countermeasures. Hacker A releases evil code, Hacker B releases good
    code to kill Hacker A's code.
    
    
    
    Digital Ebola
    www.legions.org
    www.legions.org/~digi/
    
    "Network penetration is network engineering, in reverse."
    
    
    



    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 12:17:47 PDT