See comments inserted in reply: On Sun, 7 Mar 2004, morning_wood wrote:
> > bascially looking for sync-src-1.00.tbz. That message was posted to this > > avail on infected hosts The whole point is that I don't *want* to be infected. I don't have an infected host because I am a good admin. I want to obtain a copy of the source code, not the binary virus. > > > This is how I came to be in possession of it: > > > > nc -l -p 3127 > doomjuice.dump > > > > You will probably want to write a > > loop to restart netcat because it exits after a successful transfer. > > > > nc -L -p 3127 > out.txt note: " -L " will not exit your listener, > as it is for a persistant listener. Okay. Strangely enough, my version of netcat doesn't have an option "L": nc [v1.10] bash-2.05b$ nc -L nc: invalid option -- L nc -h for help bash-2.05b$ Additionally, the whole point of writing a script is that I actually *want* my listener to exit so that it can be called again and write to a new file, thus separating infection attempts cleanly. This removes the need for me to comb through a huge dump and guess where each virus begins and ends. E.g.: x=0; while true; do x=$((x+1)); nc -l -p 3127 > 3127.$x; done > > please see > http://lists.netsys.com/pipermail/full-disclosure/2004-February/017126.html Thanks for the link ... I wish I had been able to find this earlier, it would have helped me quite a bit. Although the bit about intentionally infecting oneself doesn't exactly make me want to jump for joy. > > as i do not wish to type-iterate. > > Donnie Werner > http://exploitlabs.com > In any case, thank you for your reply! Regards, Michael Mohr P.S. I visited your website and it has some good information on it. One thing really needs to change though IMHO: Flash isn't cool. If I can't see it in lynx, I generally don't want to see it. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
