Full Disclosure mailing list archives

Unpacking Sasser

From: youssef ALAOUI <alaoui_o () epita fr>
Date: Mon, 3 May 2004 17:58:04 +0200 (CEST)

HI,

You can use PEiD to try to unpack Sasser (http://peid.has.it/)

you can also catch this worm by creating a shell script called catch.sh

catch.sh would contain two lines :

nc -l -p 445 > ~/catched.dump$$
./catch.sh &

then you just have to launch it : ./catch.sh &

that will create files with random names for each incomming connexion to
port 445 containing a dump of the trafic in your home directory.

Tek Rulez
------------------------------------

ALAOUI ABDELLAOUI Youssef alias ANALYSTE
Delegue Promo 2008
-{Epitech}- European Institute of Technology

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

New LSASS-based worm finally here (Sasser) Ben Ryan (May 01)
- Re: New LSASS-based worm finally here (Sasser) Lee (May 01)
- Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 03)
  - Sasser skips 10.x.x.x Why? Shawn Cox (May 03)
    - Re: Sasser skips 10.x.x.x Why? Thomas Springer (May 03)
    - Unpacking Sasser youssef ALAOUI (May 03)
    - RE: Sasser skips 10.x.x.x Why? Warnich Rust (May 03)
    - Re: Sasser skips 10.x.x.x Why? Matt Wagenknecht (May 03)
    - Re: Sasser skips 10.x.x.x Why? Shawn Cox (May 03)
    - Re: Sasser skips 10.x.x.x Why? Eric Chien (May 03)
    - Re: Sasser skips 10.x.x.x Why? Frank Knobbe (May 03)
    - Re: Sasser skips 10.x.x.x Why? Eric Chien (May 03)
    - Re: Sasser skips 10.x.x.x Why? Rodrigo Barbosa (May 03)
    - Re: Sasser skips 10.x.x.x Why? Joe Stewart (May 03)
  - Re: Re: New LSASS-based worm finally here (Sasser) Jason (May 03)
    - Re: Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 04)

(Thread continues...)