[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] DCOM Worm/scanner/autorooter !!!

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] DCOM Worm/scanner/autorooter !!!
From: Joey <joey2cool@yahoo.com>
Date: Sun, 10 Aug 2003 03:49:42 -0700 (PDT)

i looked at the code and it is NOT a worm.
It can be deployed on several computers very fast, but
it doesn't have the ability self replicate itself from
the target computer.

basically this exploit sends a command to create a
script for ftp.exe which it calls on by using "ftp -s
scriptfile". The script contains the hostname,
username, password, and file to download. then it runs
the file after its done downloading.

This can easily be modified to run multiple commands.
You can set it to download a Self extracting rar/zip
file and then run a batch file contained inside the
SFX file after its done extracting.

there is a very fine line between proof of concept
code and worms. worms are highly illegal and if you
publish the code you can be held responsible so make
sure you are aware of this when posting here. this
exploit is NOT a worm but the potential for it to be a
worm is there...

--- roman.kunz@juliusbaer.com wrote:
> hi folks,
> 
> already saw a re-edited one whitch has only two
> targets (just as the last 
> sploit by k-otik).
> 
> <cut>
> /* RPC DCOM WORM v 2.3  - 
>  * originally by volkam, fixed and beefed by
> uv/graff
>  * even more original concept by LSD-pl.net
>  * original code by HDM 
>  *
>  * --
>  * This code is in relation to a specific DDOS IRCD
> botnet project.
>  * You may edit the code, and define which ftp to
> login
>  * and which .exeutable file to recieve and run.
>  * I use spybot, very convienent
>  * -
>  * So basicly script kids and brazilian children,
> this is useless to you
>  * 
>  * -
>  * shouts: darksyn - true homie , giver of 0d4yz,
> and testbeds
>  *         volkam  - top sekret agent man 
>  *         ntfx    - master pupil 
>  *         jpahk   - true homie #2
>  *         k3r0m   - made that shit universal (2
> targets WinXP - Win2k)
>  *
>  * Legion2000 Security Research (c) 2003 
>  * - 
>  *  enjoy! 
> 
> 

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Re: DCOM Worm/scanner/autorooter !!!
  - From: Stephen <alf1num3rik@yahoo.com>

References:
- Re: [Full-Disclosure] DCOM Worm/scanner/autorooter !!!
  - From: roman.kunz@juliusbaer.com

Prev by Date: [Full-Disclosure] Cox is blocking port 135
Next by Date: [Full-Disclosure] Re: DCOM Worm/scanner/autorooter !!!
Prev by thread: Re: [Full-Disclosure] DCOM Worm/scanner/autorooter !!!
Next by thread: [Full-Disclosure] Re: DCOM Worm/scanner/autorooter !!!
Index(es):
- Date
- Thread