Nmap Development mailing list archives
Re: Always practice safe software: a lesson from UnrealIRCd
From: Ron <ron () skullsecurity net>
Date: Sun, 13 Jun 2010 10:49:55 -0500
On Sun, 13 Jun 2010 16:35:38 +0200 Vlatko Kosturjak <kost () linux hr> wrote:
On 06/13/2010 02:24 AM, Fyodor wrote:Also, I think this calls out for an NSE script to detect the backdoor! Any volunteers? It is a really simple backdoor, and a script would allow people to quickly scan their networks for vulnerable servers. Maybe we should have a general backdoor detection script which can start out with just Unreal but can be later extended to handle other backdoors/trojans.Quick'n'dirty NSE script is in attachment. Feel free to modify & adapt it. Note: script tries to shut down the IRC server to check if it is vulnerable. Feel free to make it safer/better... Kost
Will this work as an alternative to killing the process? ping -c4 google.ca ping -n4 google.ca The first command will take 4 seconds on Linux, and the second will take 4 seconds on Windows. If the server takes approximately 4 seconds to respond, it's likely vulnerable. "sleep 4" is also an alternative to check for Linux, but ping -n4 is the closest you get to sleep on Windows. -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Always practice safe software: a lesson from UnrealIRCd Fyodor (Jun 12)
- Re: Always practice safe software: a lesson from UnrealIRCd Gutek (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Vlatko Kosturjak (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Gutek (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Ron (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Ron (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Ron (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Fyodor (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Vlatko Kosturjak (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Ron (Jun 14)
- Re: Always practice safe software: a lesson from UnrealIRCd Gutek (Jun 14)
- Re: Always practice safe software: a lesson from UnrealIRCd Vlatko Kosturjak (Jun 13)
- Re: Always practice safe software: a lesson from UnrealIRCd Ron (Jun 14)
- Re: Always practice safe software: a lesson from UnrealIRCd Ron (Jun 14)
- Re: Always practice safe software: a lesson from UnrealIRCd Vlatko Kosturjak (Jun 14)