Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Always practice safe software: a lesson from UnrealIRCd

From: Ron <ron () skullsecurity net>
Date: Sun, 13 Jun 2010 10:49:55 -0500
On Sun, 13 Jun 2010 16:35:38 +0200 Vlatko Kosturjak <kost () linux hr>
wrote:

On 06/13/2010 02:24 AM, Fyodor wrote:

Also, I think this calls out for an NSE script to detect the
backdoor! Any volunteers?  It is a really simple backdoor, and a
script would allow people to quickly scan their networks for
vulnerable servers. Maybe we should have a general backdoor
detection script which can start out with just Unreal but can be
later extended to handle other backdoors/trojans.


Quick'n'dirty NSE script is in attachment. Feel free to modify &
adapt it.

Note: script tries to shut down the IRC server to check if it is
vulnerable. Feel free to make it safer/better...

Kost


Will this work as an alternative to killing the process?
ping -c4 google.ca
ping -n4 google.ca

The first command will take 4 seconds on Linux, and the second will take 4 seconds on Windows. If the server takes 
approximately 4 seconds to respond, it's likely vulnerable. "sleep 4" is also an alternative to check for Linux, but 
ping -n4 is the closest you get to sleep on Windows. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: