From Darkreading

MX Logic last week reported a worm that had generated over 8 million spam messages in an apparent attempt to recruit bots for Srizbi. (See New Worm Spawns More Than 8M Spam Messages.)

Srizbi still hasn’t captured the same amount of attention as Storm, even though it’s been quietly gaining steam. Last month, Marshal reported that Srizbi was sending over 60 billion spam messages (malicious and non-malicious) each day, more than all other botnets put together.

I’ve definitely seen an increase. I completely disregard anything in my gmail spam folder but my emh account for hamsterswheel has been averaging 6 SPAM messages per day. I’m only used to getting around 1 or 2 so this has been a significant increase this week. I wonder if this new botnet has anything to do with it!

Ive been taking it easy this week, I’ve been hit with some type of bug and can’t seem to get rid of it. I’ve also been working on expanding business so I haven’t had much attention on the blog.. Sorries!

Over at EH.net there was some chatter about a webcast presented by Core, featuring Ed skoudous. Ok, cool I read one of his books, but the selling point of the webcast was
“Do you know how to create an automated, iterative reverse DNS lookup tool in a
single Windows command? How about a ping sweeper in a single Windows command?
A password guesser?”

For the record, I didn’t attent because I read that and was like wtf, I hope that isnt going to be the focus of the webcast. After all, I feel as though that block should be common knowledge. Then I started reading the eh.net forum and realized not many people have the command line f00. So, I want everyone to purchase this book:
http://search.barnesandnoble.com/Microsoft-Windows-Command-Line- Administrators-Pocket-Consultant/William-R-Stanek/e/9780735620384/? itm=1

this book will provide you so much more info than any Administering Windows Server book will ever give you. Remember, when you are popping shells you don’t have a gui… Unless you use the VNC payload, or crakc a password and Term serv in… But wheres the fun in any of that?

So let’s get started shall we? The first topic is reverse dns, which chrisg answered no and yes to in the forum over at eh.net. He knows how in bash, but not in windows…. Ok, lets see

———————————————————————
nope but i can do it in bash…

#!/bin/bash

cat iprange.txt | while read IP;
do echo ${IP} && host ${IP} nameserverIP;
done >> hostoutput.txt
 

——————————————————————–
First, I wouldnt even bother with this.

$ UNSET HISTFILE
$ for addr in `cat iprange.txt`; do echo $addr && host $addr >> output.txt; done


 

That’s besides the point, we are talking about windows!

for /F %host in (c:iplist.txt) do echo %host && nslookup %host >> output.txt

 

NEXT!!!!!!!

ping sweep

one of two ways
with a target list:

generate a target list:

for /l %i in (1,1,254) do echo 192.168.1.%i >> targetlist.txt
for /F %addr in (c:targets.txt) do echo %addr && ping -n 1 -w 2 %addr >> output.txt
 

without target list :

for /l %i in (1,1,254) do ping -n 1 -w 2 192.168.1.%i >> output.txt
 

what about a larger network?

for /l %i in (1,1,254) do ping -n 1 -w 2 10.10.%i.%i >> biglist.txt
 

next up is a password guesser

this one is easy!

for /F %passwd in (c:passwdlist.txt) do net use localhostipc$ %passwd /u:"administrator"
 

There’s your Windows cmd line f00 for the day