Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Always practice safe software: a lesson from UnrealIRCd

From: Ron <ron () skullsecurity net>
Date: Sun, 13 Jun 2010 16:32:24 -0500
On Sun, 13 Jun 2010 10:49:55 -0500 Ron <ron () skullsecurity net> wrote:

Will this work as an alternative to killing the process?
ping -c4 google.ca
ping -n4 google.ca

The first command will take 4 seconds on Linux, and the second will
take 4 seconds on Windows. If the server takes approximately 4
seconds to respond, it's likely vulnerable. "sleep 4" is also an
alternative to check for Linux, but ping -n4 is the closest you get
to sleep on Windows. 


Attaching the first version that uses timing, I'd like to get comments on it -- I've only tried it against local 
targets, but it should work better against remote ones unless the lag goes really, really high. 

I'm working on "infecting" my windows system now, then I'll release a version that can detect infected Windows + Linux 
systems. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: irc-unrealircd-backdoor.nse
Description:

Attachment: _bin
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: