Hey guys scan port 20168 its a new hole and its wery good!!
Greetz
you checking them witch program scanline or SL.exe(ist the same program) and you need to type
sl.exe -bhpt 20168 -f scan.txt -o vulnerable.txt
And then you got something like this!!!
PATH: ------------------------------------------------------------------------------- *.*.*.* Responds with ICMP unreachable: No TCP ports: 20168
TCP 20168: [Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. C:\WINNT\system32>]
if there is Windows XP its good to!!!
Anybody knows something about that? This one sounds really interesting, and looks that there is no need to exploit it, cause this gives shell immidiately.
So, anybody knows something more? I'm going to scan it, will be back when have some results.
philipnorth
Feb 11 2004, 10:45 AM
hmm sounds interesting, but am curious whats behind it (what exploit etc)
a worm is bummer, cause AV's will propably detect it.
Although if AV does not detect Lovegate, then it will not detect my stuff *evil smile*
jead99
Feb 11 2004, 11:04 AM
Did anyone try this with any luck?
mdk
Feb 11 2004, 12:45 PM
Some of my "friends" playd around with this. Scanned for open Port and tryt to connect via nc... But only some US Server seemed to be infected. So don't know if it is good.
Leonnetje
Feb 11 2004, 01:51 PM
This is NOT an exploit, cause you need no tools for this 'virus'
You scan on port 20168 and check the scans like mentioned in the start-posting.
then you simply connect to that IP with telnet...
It's NOT a new exploit, it's old (september 2003) and it's called after the virusses name --> LoveGate.
Pgame
Feb 11 2004, 03:40 PM
old but very interesting...
Alien
Feb 11 2004, 03:51 PM
this is virus ;] to connect use netcat:
nc -vv IP 20168
MysteryMan
Feb 11 2004, 11:38 PM
yep lovesun roxxxxx.....
hax hax hax ....
very good hole
WaZa
Feb 12 2004, 12:03 AM
i used this a while ago and i remember rooting quite a few servers with this, but now its pretty much useless. it has very low odds
oYost
Feb 12 2004, 12:39 AM
Huh, this worm is a benediction for us, very nice
adenek
Feb 12 2004, 01:43 PM
looks really great thx for the info m8
mathofaka
Feb 13 2004, 07:00 PM
i tried it and no luck i think its too old or maybe im doing it wrong
[QUOTE]Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand.
t00sTr0nG
Feb 16 2004, 12:37 PM
i have tested it yesterday and get 2 shells of ! I connect with telnet and it works fine
THX t00sTr0nG
jeroen
Feb 16 2004, 03:07 PM
it's not new anymore, knew like 2 weeks ago. Not much results with it anymore.
yes it's works , but ... i don't think that's so possible to scan for it. i've testing this hole over one week and i got lots of results with shell but the most of them were not faster than 2-3 mbit about 80% of my results were simple ADSL lines and home PCs. if you're happy with hacking adsl lines than try it. but tell me if i'm wrong
good luck
Acid-Burn
Feb 16 2004, 06:58 PM
ok M8 i will try
jeroen
Feb 16 2004, 09:51 PM
QUOTE (Planquadrat @ Feb 16 2004, 06:54 PM)
yes it's works , but ... i don't think that's so possible to scan for it. i've testing this hole over one week and i got lots of results with shell but the most of them were not faster than 2-3 mbit about 80% of my results were simple ADSL lines and home PCs. if you're happy with hacking adsl lines than try it. but tell me if i'm wrong
good luck
Lol..that's becoz you too late. Two weeks ago already did a lot with it and yes I did did have some 100 mbit with it. If you connect with telnet now and it says winsock ready, then it could be mine
RPC-3 Telnet Host Revision F 2.00, (C) 1997 Bay Technical Associates Unit ID: BURL-RPC-1
RPC-3 Menu:
1)...Outlet Control 2)...Configuration 3)...Unit Status 4)...Reset Unit 5)...Logout
Enter Selection:
But when I enter something it kick me.........
-fre4k
D3ADLiN3
Feb 18 2004, 09:36 AM
lol thats not the shell your ment to get, looks like some sort of adsl/cable router console
fre4k
Feb 18 2004, 12:04 PM
I DON´T think it is a shell LOL
wizy
Feb 18 2004, 04:54 PM
That RPC-3 telnet console is a power management system. For controlling big UPS's like for entire racks at colocation facilities, or something else along that size.
OKOK My english is not perfect.. but i have to answer of this st... question *sorry*
SuRFieR
Feb 19 2004, 08:37 AM
lol thnkz Dr i asked myself if the scanner will till if this port is open or not so i asked u in the forum i know what every line means but i just needed to know if the scanner have to tell me any more infos about this port like if this port is open or not that's all thnkx again for ur help peace
dongfangshuo
Feb 21 2004, 12:05 PM
it's very cool but the shell is not very perfect such as in the c:\winnt\system32 can't excute regedit if you want you must change to c:\winnt
smitterz
Feb 21 2004, 02:11 PM
haven't found any server yet still exploitable on port 20168.. maybe more luck in the future but not yet..
dongfangshuo
Feb 21 2004, 05:08 PM
i found most victim in our university's lan
MysteryMan
Feb 26 2004, 01:17 PM
i found very much ip in my cable :] ... but we have slow connection so i dont hack them ...
lovesun is very good hole and easy to learn try mayby you will success :]
Erra
Mar 3 2004, 05:54 AM
This one is mostly only on Dynamic IP accounts or slow broadband accounts now. Not much use really.
Feanor
Mar 3 2004, 01:44 PM
Now, i have found a few good server with 10-50 Mbit.
They are rare, but all other vulns too usually give you slow servers.
arn0ld
Mar 23 2004, 03:53 PM
edited : my mistake the lsass just moved to another port and i can't find the lovegate.worm ... ?
edited:
kk found it it's called FixlGate.com / FixlGate.exe (by Symantec)
