Penetration Testing mailing list archives

Re: Exploiting a Worm

From: Paul Robertson <compuwar () gmail com>
Date: Wed, 14 Sep 2005 18:53:07 -0400

On 9/12/05, Ian Gizak <iangizak () hotmail com> wrote:

I have checked the open ports and no-one seems to be the worm ftp server or
something useful related to the worm. Some ports allow input but don't reply
anything...

Does anyone knows a way to exploit this worm to get access to the system?


Maybe it's just me, but I'd worry more about letting the client know
they have an infected and owned system on their network than trying to
figure out if I could further exploit it.  Especially if it's likely
that the infection is actively being used by someone.


Paul
-- 
www.compuwar.net

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Exploiting a Worm Ian Gizak (Sep 14)
- Re: Exploiting a Worm Paul Robertson (Sep 15)
- Re: Exploiting a Worm Craig Holmes (Sep 15)
- Re: Exploiting a Worm Marco Monicelli (Sep 15)
- <Possible follow-ups>
- Exploiting a Worm Ian Gizak (Sep 14)
  - RE: [Full-disclosure] Exploiting a Worm Aditya Deshmukh (Sep 14)
  - Re: [Full-disclosure] Exploiting a Worm Dave Dittrich (Sep 14)
  - Re: [Full-disclosure] Exploiting a Worm Karma (Sep 14)
- RE: Exploiting a Worm Drage, Nick (Sep 16)