Security Incidents mailing list archives

Re: W2K Compromise - PipeCmdSrv

From: Erik Sperling Johansen <erik () sperling no>
Date: Sat, 5 Oct 2002 22:27:25 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 05 October 2002 01:38, Curt Wilson wrote:

system through the usual windows file sharing methods. The article also
talks about exporting the PipeCmdSrv.exe with VC (Visual C?) from
pipecmd.exe, although I don't understand this (clarification anyone)?


I'd guess PipeCmdServ.exe is embedded as a resource into PipeCmd.exe, using 
the native resource mechanism available for Win32 executables. 
Visual C++ has a resource editor, which can be used to extract such resources 
from any PE. A handy way to embed files into an EXE, allowing single file 
distribution.

- --Erik

- -- 
PGP Key: http://www.sperling.no/erik.key / pgpkeys.mit.edu
Fingerprint: 0745 BF47 DFCD 8A1F 1432  DCF3 76CF 66F6 E840 A1B0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9n0stds9m9uhAobARAjqWAJ0bmVf5c0yFmpE3mOlX4eOoQEnndgCdGFDV
shOX592TKRDGxgz2+PmlAUQ=
=knpp
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

W2K Compromise - PipeCmdSrv Philip (Oct 01)
- <Possible follow-ups>
- Re: W2K Compromise - PipeCmdSrv Curt Wilson (Oct 05)
  - Re: W2K Compromise - PipeCmdSrv Erik Sperling Johansen (Oct 05)
- Re: W2K Compromise - PipeCmdSrv woofz (Oct 07)
- Re: W2K Compromise - PipeCmdSrv woofz (Oct 08)
- Re: W2K Compromise - PipeCmdSrv sfuston (Oct 20)
  - Re: W2K Compromise - PipeCmdSrv H C (Oct 21)