Penetration Testing mailing list archives
Re: Exploiting a Worm
From: Craig Holmes <leusent () link-net org>
Date: Wed, 14 Sep 2005 19:12:47 -0400
I agree that this is probably an IRCBot worm/virus of some type, though not necessarily an agobot strain. On Monday 12 September 2005 19:54, Ian Gizak wrote:
Does anyone knows a way to exploit this worm to get access to the system?
My advice would be to try and download the virial binary from the port that you think is spitting it out. Set up a sand box and run the binary on that machine. At that point you pretty much have two options. You could analyze the binary and look for weaknesses (buffer overflows) and back doors that could be used to access the system through the worm. The second option would be to sniff the irc traffic generated, find the controlling channel, steal the password from the handler (whoever is controlling these bots) and use the password to control the bot that is installed on the system you wish to penetrate. I am not sure about the legality of option 1, but option 2 is almost certainly illegal. In either case you should try and report this botnet so that it is shut down. Craig ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Exploiting a Worm Ian Gizak (Sep 14)
- Re: Exploiting a Worm Paul Robertson (Sep 15)
- Re: Exploiting a Worm Craig Holmes (Sep 15)
- Re: Exploiting a Worm Marco Monicelli (Sep 15)
- <Possible follow-ups>
- Exploiting a Worm Ian Gizak (Sep 14)
- RE: [Full-disclosure] Exploiting a Worm Aditya Deshmukh (Sep 14)
- Re: [Full-disclosure] Exploiting a Worm Dave Dittrich (Sep 14)
- Re: [Full-disclosure] Exploiting a Worm Karma (Sep 14)
- RE: Exploiting a Worm Drage, Nick (Sep 16)