|
Security Incidents
mailing list archives
Re: W2K Compromise - PipeCmdSrv
From: Erik Sperling Johansen <erik () sperling no>
Date: Sat, 5 Oct 2002 22:27:25 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 05 October 2002 01:38, Curt Wilson wrote:
system through the usual windows file sharing methods. The article also
talks about exporting the PipeCmdSrv.exe with VC (Visual C?) from
pipecmd.exe, although I don't understand this (clarification anyone)?
I'd guess PipeCmdServ.exe is embedded as a resource into PipeCmd.exe, using
the native resource mechanism available for Win32 executables.
Visual C++ has a resource editor, which can be used to extract such resources
from any PE. A handy way to embed files into an EXE, allowing single file
distribution.
- --Erik
- --
PGP Key: http://www.sperling.no/erik.key / pgpkeys.mit.edu
Fingerprint: 0745 BF47 DFCD 8A1F 1432 DCF3 76CF 66F6 E840 A1B0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9n0stds9m9uhAobARAjqWAJ0bmVf5c0yFmpE3mOlX4eOoQEnndgCdGFDV
shOX592TKRDGxgz2+PmlAUQ=
=knpp
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
