More Code Red
Charles Steinkuehler
charles at steinkuehler.net
Wed Aug 8 22:57:41 CDT 2001
Slightly OT, but does anyone know how to shutdown a Windows 2K box from the
command line? The back-doors added by the code-red worm allow remote web
users to execute arbitrary programs on compromised machines, and just about
everyone connected to the net is being spammed with the IP's of compromised
systems, making it potentially possible to automatically shutdown any system
infected with code-red, preventing infections of additional machines, and
saving 'net bandwidth.
I can shutdown my NT4 machine by issuing:
shutdown /L /Y /C
Apparently, however, this undocumented command has been changed (removed)
for 2K. Anyone know how to do something similar in 2K?
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
P.S. For those who haven't read up on the several backdoor's left by
CodeRed, here's a handy one:
http://<ipaddr>/scripts/root.exe?/c+dir+c:
This URL will give you the directory contents of the C: drive. You can
replace dir with any arbitrary command you wish to execute on the remote
system (You'll need to use proper CGI argument escaping if you need to pass
arguments). The command will execute with system permissions, so can do
just about anything...
More information about the Kclug
mailing list