[NCLUG] Fun with Code Red zombie boxes
J. Paul Reed
preed at sigkill.com
Tue Aug 7 18:11:23 MDT 2001
I got bored watching all those Code Red zombies uselessly attack my Apache
box, so I hacked together the following... I'd be curious to see what it
does to a Code Red-infected box, if anything. Makes you wonder if the Code
Red code might have a buffer overflow itself somewhere...
If you want to play, obviously change your paths for you...
--
echo "AddHandler cgi-script .ida" >> /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd restart
echo "
#!/usr/bin/perl
print "Content-type:text/html\n\n";
open(A, "/dev/urandom");
while(sysread(A, $a, 1000)) {
if (! print("$a")) {
close(A);
exit;
}
}
close(A);
" > /home/httpd/html/default.ida
--
Then, watch the log fill up.
Hey, it's something to do on a... Tuesday afternoon... :-)
Later,
Paul
---------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
It's amazing what a little brain damage will do for your credibility.
-- Leonard Shelby, Memento
More information about the NCLUG
mailing list