Full Disclosure mailing list archives

Re: rpc/dcom -- de ja vu?

From: Shanphen Dawa <list () hardlined com>
Date: Sun, 3 Aug 2003 03:29:59 -0500

.bat files!! must be dat hax0r morning_w00d

On Sun, 3 Aug 2003 02:28:51 -0400
"Justin Shin" <zorkshin () tampabay rr com> wrote:

hi guys

Anyone recognize this directory listing (my guess is next to the name)

tftpd32.exe   < trivial ftp daemon
rpc.exe   < ?
r_server.exe   < radmin server
raddrv.dll    < include dll for radmin
AdmDll.dll    < include dll for radmin
rad.bat     < 1337 h4x0r b47ch file
rpc.bat     < another 1337 h4x0r b47ch file
cygwin1.dll    < duh
DCOM32.exe    < exploit
NC.exe     < netcat

I first saw this on my friend's computer ... I assumed it was justa guy with some spare time screwing around ... 
however, I have observed this on one of my client's computers as well.

-- Justin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



-- 
/*
"To avoid all evil, to cultivate good, 
and to cleanse one's mind  
this is the teaching of the Buddhas."

Martin Ekendahl
http://www.hardlined.com
martin () hardlined com
*/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

rpc/dcom -- de ja vu? Justin Shin (Aug 02)
- Re: rpc/dcom -- de ja vu? Shanphen Dawa (Aug 03)
  - Re: rpc/dcom -- de ja vu? morning_wood (Aug 03)