• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Exploit code posted for MS04-29 "Please Read!!!"

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles

View previous topic :: View next topic  
Author Message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Tue Nov 02, 2004 4:18 pm    Post subject: Exploit code posted for MS04-29 "Please Read!!!" Reply with quote

If any of you downloaded the posted code on MS04-029 from user MaxLoad that was in the "Exploit/System Weaknesses" forum and run it you have now been trojaned. Upon execution of this code you will get a segfault. Right after that you will have a connection established to an Italian IRC server with an IP addy of 212.210.194.124:6667

If you have run this and not noticed the socket then do;
Code:

lsof -i

to see the connection. Needless to say you have more or less been owned. A good reason not to play with supposed 0 day code Very Happy Do as I did and run it on a lab box first and also read the source code!
Back to top
View user's profile Send private message Visit poster's website
Cass
Lurker
Lurker


Joined: 14 Aug 2003
Posts: 14
Location: Scotland

Offline

PostPosted: Tue Nov 02, 2004 5:50 pm    Post subject: Reply with quote

HI Alt.Don,

Thx for the heads up though i cant seem to find this code or indeed the author, the only reference i can find on MS04-029 in the forums is your post .... would you have a link to this ?? id be interested in a look at this "sploit"

Apologies if ive missed something somewhere .....

Cheers
Cass
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Tue Nov 02, 2004 5:55 pm    Post subject: Reply with quote

The post has been removed from the public forum least an inexperienced user finds themselves in trouble over tinkering with it. Very Happy

PCWriter
Back to top
View user's profile Send private message Visit poster's website
Cass
Lurker
Lurker


Joined: 14 Aug 2003
Posts: 14
Location: Scotland

Offline

PostPosted: Tue Nov 02, 2004 6:27 pm    Post subject: Reply with quote

lol i figured as much ... thanks for the explanation ...

Cass
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register