Vulnerability Development: Code Red Countermeasures

[Digital Ebola <digi () legions org>]

Yeah, I am prolly gonna get flamed for this. I dont care.

I have this giant belief of enacting countermeasures against attacks... so
sue me.

I basically took the rafa code that was just posted a bit ago, and
combined it with a generic perl server... Ill paste the comments here..

#Code Red Counter Measures v1.0 by Digital Ebola <digi () legions org>
#Exploit ripped from rafa () box sk

#Breakdown: Basically this thing is going to sit on a port (80) and watch
for incoming webrequests. When it receives one, it will attempt to contact
that machine, and overflow via idq. This code is quite unfinished, and
unrefined. I would like to add expect to it and have it create a
c:\notworm file on the attacking host. These are features to come.
The posted exploit by rafa () box sk is untested by me, but I have tested
this daemon, and it does make get .ida requests.


TODO: 1. attack codered infections specifically
      2. add expect module, and logic needed to automatically copy con the
         c:\notworm file.
      3. test the damn thing.

Yes, I do know this kind of setup can be used for evil. That was my first
intention, as old habits die hard. Hopefully, this will stop alot of
reoccuring infections, and I hope this shows the goodness of my beliefs in
good countermeasures. Hacker A releases evil code, Hacker B releases good
code to kill Hacker A's code.



Digital Ebola
www.legions.org
www.legions.org/~digi/

"Network penetration is network engineering, in reverse."

Attachment: cr-counter.pl
Description: