Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Aug 2001 03:15:30 -0400 (EDT)
From:      Tony Collen <manero@yossman.com>
To:        Alfred Perlstein <bright@mu.org>
Cc:        Wilko Bulte <wkb@freebie.xs4all.nl>, "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>, freebsd-security@FreeBSD.ORG
Subject:   Re: Code Red is from default setup
Message-ID:  <Pine.BSF.4.21.0108200314130.6892-100000@yossman.com>
In-Reply-To: <20010820021249.A81307@elvis.mu.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Aug 2001, Alfred Perlstein wrote:

> * Wilko Bulte <wkb@freebie.xs4all.nl> [010820 01:53] wrote:
> > On Mon, Aug 20, 2001 at 08:50:57AM +0200, Carroll, D. (Danny) wrote:
> > 
> > This is *FreeBSD* security, not MickeySoft latest bugs..
> 
> Agreed.  Although it would be amusing to detect default.ida requests
> and reply with a similar request the difference being that the reply
> one reboots/shuts-down the infected box.
> 
> I'm suprised no one has suggested crafting such a tool.

Simple. Just request something like
/scripts/root.exe?/c+rundll.exe+user.exe,exitwindows

And the box should reboot.  You might have to encode the periods and the
commas though.
--
Anthony Collen
manero@manero.org
http://manero.org
--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108200314130.6892-100000>