Now I'm confused...
On Sun, Mar 07, 2004 at 09:43:03AM -0800, morning_wood wrote:
From: "morning_wood" <se_cur_ity () hotmail com>
To: <full-disclosure () lists netsys com>
Subject: [Full-disclosure] mydoom.c information
Date: Sun, 7 Mar 2004 09:43:03 -0800
bascially looking for sync-src-1.00.tbz. That message was
posted to this
avail on infected hosts
This is how I came to be in possession of it:
nc -l -p 3127 > doomjuice.dump
You will probably want to write a loop to restart netcat
because it exits after a successful transfer.
nc -L -p 3127 > out.txt note: " -L " will not exit your netcat, as
it is for a persistant listener.
/* snip */
[jsage () sparky /storage/virii] $ nc -h
GNU netcat 0.7.1, a rewrite of the famous networking tool.
connect to somewhere: nc [options] hostname port [port] ...
listen for inbound: nc -l -p port [options] [hostname] [port] ...
tunnel to somewhere: nc -L hostname:port -p port [options]
Mandatory arguments to long options are mandatory for short options too.
-c, --close close connection on EOF from stdin
-e, --exec=PROGRAM program to exec after connect
-g, --gateway=LIST source-routing hop point[s], up to 8
-G, --pointer=NUM source-routing pointer: 4, 8, 12, ...
-h, --help display this help and exit
-i, --interval=SECS delay interval for lines sent, ports scanned
-l, --listen listen mode, for inbound connects
-L, --tunnel=ADDRESS:PORT forward local port to remote address
/* snip */
Does persistent listener == tunnel?