easy to use
as soon as i get the 1.4 versaion with diffirent offset's i'll use that one
haven't tested it totally, but i guess it will work
if there are any bugs, PM me

you can chose if you want a reverse shell or a bind shell, and what offset you want to use

1 download= 1 reply
i know this won't happen, but the one that have the respect, thanks

I think you are supposed to scan for port 1023 not port 5554

lol is it port 1 or 65335 to scan for ?

this and the 1.4 has allready been posted , about 4000 times and its getting annoying NOW

thanks you very much it's a good work ;)

Thanks mate!

I scan port port 5554 mostly but you can also scan 1023 which for variant of the sasser worm

hmmz lemme take a look at this one, is it not the same as the other one?

thanks m8 good work gonna test my local with this one

Thanks for sharing your tools with the community m8, good work

cool

nice work

grate work i will take this.

thx, 4 work.

perhaps i might have more luck with this

hi nice work...it's now a bit easier then before thx!

tnx m8 will check it out

tks m8 will give it a try

thank ya gonna test it!

thx for that very useful

Boar yeah thats nice big thx

thx ok for try it

Thanks for your contribution ! Will have a look at that.

Thanks for the autohacker. Hopefully it'll work... seems as if this sploit is kinda dead... or n00bed rather Nonetheless, I'll try.

Thanks for the autohaxor.I will test it

thank you

thnx for this works perfect

thx

thx 2 times

nice work !! ;-)

sound good thank you for the public sharing

rgds

elbarto

nice work ... keep it on ;-)

I´ll try it. Many thanks

auto'hackers' are such crap, if you cant be bothered to work on one system at a time you shouldnt even be allowed to use the exploit.

^^^ this is true. however, many people use them in conjunction w/ scannets, to search for vulnerable machines faster, and get them before someone else might.

however, most of the autohackers on this site are not actual autohackers (those from back in the day), and just people using scripting languages to create a very havoc process.

thx i will test

Hi !

it don't works for me ....

securing this... ?? Anyone know...

removing sasser? lol what a question

I meant close the ports or something, to make it not expoiltable

ur funny why close ports if can remove the reason for the open ports ?

you can install a firewall on port 1023 or 5554 but why should u do this remove the damn worm and there is no exploitable ftpd...

ok... how? ... why is this so hard for u to understand? It sounds like u know what to do... so please tell us, we are here to learn.

[niceBoymodeOn]

Ok the program u r exploiting is the ftpd of sasser this is a worm that takes the lsass vuln to spread over the net(port 445)

This worm opens a ftpd on port 5554 sasser.a-e or port 1023 sasser.f so to 'secure' the vulnerability u have to remove this ftpd.

If u want to remove the ftpd u have to remove the worm - kill the task sasser is running.

Looking at some antivir-descriptions u will find out that the sasser-task calls mostly avserve.exe or avserve2.exe(sometimes other names but this is rare). Use some tool to view running tasks and kill this tasks.

At the end u have to modify the registry at -HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run - remove the entry to the wormfile.

That's all.
[/niceBoymodeOn]

And if u don't know how to do that ..lol

lol how much fun it always is.
people downloading the l33t autohaxxers and then asking "what to scan", "how to secure".
thats for all of you:
maybe it would be a good think to read about the exploit and its vulnerability?
you would safe us all some time

[eatScriptkidModeON]

Thanks to he dude who explained it, the rest of u smartass little kidz can suck a c**k

thanks for sharing this one, will be testing it for some days.