Re: Perl answer to the Microsoft IIS 'Code Red' infected admins

in reply to Perl answer to the Microsoft IIS 'Code Red' infected admins

Since you can run whatever you want by going to

http://IpOfHackedMachine/scripts/root.exe?c/+DIR+C:\

why not try something a bit more creative, like poping up a window on the local machine....

Comment on Re: Perl answer to the Microsoft IIS 'Code Red' infected admins

Replies are listed 'Best First'.
Re: Re: Perl answer to the Microsoft IIS 'Code Red' infected admins by echo (Pilgrim) on Aug 12, 2001 at 13:26 UTC
You cannot run whatever you want with that backdoor, it is running with web server privileges. Most interesting things you'd want to do will require higher privileges.	[reply]
Re (tilly) 2: Perl answer to the Microsoft IIS 'Code Red' infected admins by tilly (Archbishop) on Aug 11, 2001 at 18:44 UTC
Only Code Red II leaves that hole. The original Code Red does not.	[reply]
Re: Re: Perl answer to the Microsoft IIS 'Code Red' infected admins by Kickstart (Pilgrim) on Aug 11, 2001 at 03:31 UTC
I've checked all the machines hitting me with Code Red requests and tried your line. No success. I'd love to tell these people they are infected, or inversely, know that they've patched the hole. Is the above command/url correct? Kickstart	[reply]

In Section Cool Uses for Perl