Re: [Fwd: [TH-research] Bagle remote uninstall]

["Charlie Harvey " <charlie () peopleandplanet org>]

...or to find and uninstall any instances of bagle running on your network:

for ip in `nmap -p6777 -P0 -n -oG '-' --host_timeout 2000 192.168.0.* \
| grep "open" | perl -ne '/\d+\.\d+\.\d+\.\d+ /; print "$&\n";'`; \
do perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
| nc $ip 6777; done

Getting a little big for a 1 liner though ;-).

Charlie

Picture the scene, it's 16:55 on 21 Jan 2004, and Gadi Evron says:
------------SNIP--------------------------
> For instance, using perl and netcat, you could send the uninstall
> command with the one-liner below:
> perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
> | nc infected_host_IP 6777
------------SNIP--------------------------

--

Charlie Harvey, 
IT Officer,
People & Planet 
----------------------------------------------
Email     : charlie () peopleandplanet org
On-line   : peopleandplanet.org
Address   : 51 Union Street, Oxford OX4 1JP
Telephone : 01865 245678

Please make a donation to People & Planet. People & Planet
campaigns on the most urgent social and environmental
issues facing the world today. With your support student
campaigning can help to create a more just and sustainable
world for all. To support us financially, visit:
http://peopleandplanet.org/donate/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html