you can do the same using php or jsp,
However you can wonder about the effectiveness. If the admin doesn't even
bother to install basic patches..
By the way i heard that debian uses a system that automaticly installs
hotfixes..
Might be nice to see a simmilar system incorporated into e-smith.
That way next time apache has some buffer overflow we'll be save from all 11
year old 31337 haxors
(not that apache has had many security issues)
-----Original Message-----
From: Rob Adams [mailto:[EMAIL PROTECTED]]
Sent: maandag 6 augustus 2001 8:49
To: e-smith Devinfo
Subject: [e-smith-devinfo] codered idea
here's an idea I found from a link on slashdot, wonder if its worth trying
to patch something like this into essg.
Rob.
#!/usr/bin/perl -w
#
# Script : default.ida
#
# Version : 0.1
#
# Author : [EMAIL PROTECTED]
#
# Usage : copy this to your root website directory
# make sure .ida is known as a cgi script in httpd.conf
#
# Description :
# This program will telnet to the mail port on the target ip
and
# send a mail to the administrator.
#
# This program is free software; you can redistribute it
and/or
# modify it under the terms of the GNU General Public License
as
# published by the Free Software Foundation; either version 2
of
# the License, or (at your option) any later version.
#
# Disclaimer :
# This is a little script I wrote to directly telnet to
infected
# boxes and notify their owner.
#
# Consider this script beta software.
#
# Use this script on your own responsibility.
# I am not responsible for any damages the use of this script
may
# cause.
#
use IO::Socket;
use IO::Select;
#($remote_host,$remote_port) = @ARGV;
print "Content-type: text/plain\n\n";
$remote_host = $ENV{'REMOTE_ADDR'};
$remote_port = "25";
$socket = IO::Socket::INET->new(PeerAddr => $remote_host,
PeerPort => $remote_port,
Proto => "tcp",
Type => SOCK_STREAM)
or die "Couldn't connect to $remote_host:$remote_port : $@\n";
$awnser = <$socket>;
print "$awnser";
print $socket "helo system\r\n";
print "helo system\r\n";
$awnser = <$socket>;
print "$awnser";
if ($awnser =~ /^250/) {
}
else {
exit;
}
print $socket "mail from:i_am_using_an_unpatched_iis\@microsoft.com\r\n";
print "mail from:i_am_using_an_unpatched_iis\@microsoft.com\r\n";
$awnser = <$socket>;
print "$awnser";
if ($awnser =~ /^250/) {
}
else {
exit;
}
print $socket "rcpt to:administrator\r\n";
print "rcpt to:administrator\r\n";
$awnser = <$socket>;
print "$awnser";
if ($awnser =~ /^250/) {
}
else {
exit;
}
print $socket "data\r\n";
print "data\r\n";
$awnser = <$socket>;
print "$awnser";
if ($awnser =~ /^354/) {
}
else {
exit;
}
print $socket "Subject: URGENT - your system is infected by the codered worm
!\r\n";
print $socket "Please install the Code Red patch. Your system is currently
infected with the worm.\r\n";
print $socket "You can download the patch here :\r\n";
print $socket
"http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/itsoluti
ons/security/topics/codealrt.asp\r\n";
print $socket ".\r\n";
$awnser = <$socket>;
print "$awnser";
close($socket);
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
