Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: mydoom.c information
From: m.mohr () laposte net
Date: Sun, 7 Mar 2004 14:01:01 -0800 (PST)

See comments inserted in reply:

On Sun, 7 Mar 2004, morning_wood wrote:

bascially looking for sync-src-1.00.tbz.  That message was posted to this

avail on infected hosts

The whole point is that I don't *want* to be infected.  I don't have an
infected host because I am a good admin.  I want to obtain a copy of the
source code, not the binary virus.


This is how I came to be in possession of it:

nc -l -p 3127 > doomjuice.dump

 You will probably want to write a
loop to restart netcat because it exits after a successful transfer.


nc -L -p 3127 > out.txt    note: " -L  " will not exit your listener,
as it is for a persistant listener.

Okay.  Strangely enough, my version of netcat doesn't have an option "L":
nc [v1.10]
bash-2.05b$ nc -L
nc: invalid option -- L
nc -h for help
bash-2.05b$

Additionally, the whole point of writing a script is that I actually
*want* my listener to exit so that it can be called again and write to a
new file, thus separating infection attempts cleanly.  This removes the
need for me to comb through a huge dump and guess where each virus
begins and ends.  E.g.:

x=0; while true; do x=$((x+1)); nc -l -p 3127 > 3127.$x; done


please see
http://lists.netsys.com/pipermail/full-disclosure/2004-February/017126.html

Thanks for the link ... I wish I had been able to find this earlier, it
would have helped me quite a bit.  Although the bit about intentionally
infecting oneself doesn't exactly make me want to jump for joy.


as i do not wish to type-iterate.

Donnie Werner
http://exploitlabs.com


In any case, thank you for your reply!

Regards,
Michael Mohr

P.S. I visited your website and it has some good information on it.  One
thing really needs to change though IMHO: Flash isn't cool.  If I can't
see it in lynx, I generally don't want to see it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]