UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
November
Su M Tu W Th F Sa
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30
Sponsored Links
Latest Postings
Latest Reviews
Page 2 of 2 < 1 2
Topic Options
Rate This Topic
#3259 - 08/22/03 09:04 PM Re: For 20 minutes I was owned by a lamer
unreal Offline



Registered: 03/01/02
Posts: 860
Loc: KCRQ
You hax0r it.

Top
Sponsored Links
      
#3260 - 08/22/03 10:29 PM Re: For 20 minutes I was owned by a lamer
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
The lamer I spoke of is the person who wrote the worm. I figured I was not specifically targetted.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#3261 - 08/25/03 05:20 AM Re: For 20 minutes I was owned by a lamer
Skull Offline
UGN Elder

Registered: 03/01/83
Posts: 55
Loc: Iowa
Mr. Rage,

Owned, who would have know. Though i am impressed on your skills to detect and remove it manually. Bravo

Regards,

Skull
_________________________
Trust me, if i started killing people, there'd None of you left

Top
#3262 - 08/26/03 02:10 AM Re: For 20 minutes I was owned by a lamer
MESELF Offline
Junior Member

Registered: 08/08/03
Posts: 68
Ah...yes the person who wrote it was definitely somebody with a pretty f**cked up life. lol

Top
#3263 - 08/26/03 02:16 AM Re: For 20 minutes I was owned by a lamer
dashocker Offline
Member

Registered: 03/05/02
Posts: 524
Loc: Cornfields everywhere...
NTD, read more carefully. Rage explained how the attack worked: The .EXE code was extracted from the HTML file, written to its own file, and then executed with the OBJECT tag.

Top
#3264 - 08/26/03 04:21 AM Re: For 20 minutes I was owned by a lamer
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
it is a shame I deleted it, so I do not remember. But the way they had it was a mime-type header in the file with a file location. It is an extension to HTML I believe. The file itself was embeded in the HTML file in the raw. The result was that IE saved the file to the specified location and afterward executed via the object tag.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#3265 - 08/28/03 05:30 AM Re: For 20 minutes I was owned by a lamer
Ntd Offline
Member

Registered: 01/21/03
Posts: 217
Loc: Melbourne, Victoria, Australia
So if i open an EXE in notepad and copy it's code to an HTML file and do what the "Lammer" did i could excute it through a HTML file?

Top
#3266 - 08/28/03 05:53 PM Re: For 20 minutes I was owned by a lamer
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
no because notepad converts some of the characters (most notably the null characters) to space characters for readability. You can not do it by hand. For instance, if you opened a EXE in notepad, and immediately saved as to another location the new exe won't work.

And no again cause the HTML mime trick does not execute the file. It just saves it. It is later that the object tag was used to execute it.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#3267 - 08/30/03 08:43 AM Re: For 20 minutes I was owned by a lamer
Ntd Offline
Member

Registered: 01/21/03
Posts: 217
Loc: Melbourne, Victoria, Australia
ok?, so how do you get the code? if it is just source code for lets say vb u would need to complie it before it was a exe? so how do u make a program then run it from an HTML file?

Top
#3268 - 08/30/03 10:01 PM Re: For 20 minutes I was owned by a lamer
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
I'd give you nitty gritty details if I had bothered to keep the thing. I just looked at it long enough to understand the technique - not so closely that I'd be able to do it myself.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
Page 2 of 2 < 1 2

Moderator:  Infinite 
Featured Member
Registered: 02/28/02
Posts: 7193
Forum Stats
2150 Members
46 Forums
35738 Topics
70908 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 28899
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
HushHush, golqm, Tim050, Gecko666, defghi795767
2150 Registered Users
Who's Online
0 registered (), 472 Guests and 290 Spiders online.
Key: Admin, Global Mod, Mod
Latest News
luxury goods sales at $405B by 2019
by golqm
10/28/14 05:19 AM


Donate
  Get Firefox!
Get FireFox!