Full Disclosure mailing list archives
Re: [Fwd: [TH-research] Bagle remote uninstall]
From: "Charlie Harvey " <charlie () peopleandplanet org>
Date: Thu, 22 Jan 2004 14:19:36 -0000
...or to find and uninstall any instances of bagle running on your network: for ip in `nmap -p6777 -P0 -n -oG '-' --host_timeout 2000 192.168.0.* \ | grep "open" | perl -ne '/\d+\.\d+\.\d+\.\d+ /; print "$&\n";'`; \ do perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \ | nc $ip 6777; done Getting a little big for a 1 liner though ;-). Charlie Picture the scene, it's 16:55 on 21 Jan 2004, and Gadi Evron says: ------------SNIP--------------------------
For instance, using perl and netcat, you could send the uninstall command with the one-liner below: perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \ | nc infected_host_IP 6777
------------SNIP-------------------------- -- Charlie Harvey, IT Officer, People & Planet ---------------------------------------------- Email : charlie () peopleandplanet org On-line : peopleandplanet.org Address : 51 Union Street, Oxford OX4 1JP Telephone : 01865 245678 Please make a donation to People & Planet. People & Planet campaigns on the most urgent social and environmental issues facing the world today. With your support student campaigning can help to create a more just and sustainable world for all. To support us financially, visit: http://peopleandplanet.org/donate/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: [TH-research] Bagle remote uninstall] Gadi Evron (Jan 21)
- Re: [Fwd: [TH-research] Bagle remote uninstall] Dinesh Nair (Jan 21)
- Re: [Fwd: [TH-research] Bagle remote uninstall] Gadi Evron (Jan 21)
- Re: [Fwd: [TH-research] Bagle remote uninstall] Charlie Harvey (Jan 22)
- Re: [Fwd: [TH-research] Bagle remote uninstall] Dinesh Nair (Jan 21)