Changeset 435

Timestamp:

03/27/06 03:29:29 (3 years ago)

Author:

common

Message:

shellcode-signatures
- some mapping fixes in the signature file
- tweaked comments

Files:

• nepenthes/trunk/modules/shellcode-signatures/shellcode-signatures.sc (modified) (6 diffs)

nepenthes/trunk/modules/shellcode-signatures/shellcode-signatures.sc

@@ -9 +9 @@
-[n] [+]   4) GenericCMD generic CMD decoder
-[n] [+]   5) LinkTrans handles linkbot/linkshellcode connectback transfers
-+] [ 
+n] [+
-[n] [+]   7) Stuttgart handles "stuttgart" shellcode
-[s] [ ]   8) Wuerzburg handles "wuerzburg" shellcode
@@ -16 +16 @@
-[n] [ ]   11) KonstanzXOR Konstanz XOR decoder
-[n] [+]   12) GenericConnectTrans various csends
-?
+E
-[n] [+]   14) GenericWinExec generic WinExec decoder
-[n] [ ]   15) LeimbachUrlXOR generic XOR decoder
-[?] [ ]   16) Genericwget generic wget decoder
-[?] [ ]   17) ASN1IISBase64 handles oc192 dcom bindshell
-a] [ 
+n] [+
-[n] [+]   19) THCConnect handles thc iis connectbackshells
- 
+?
-[n] [+]   21) HODBind  handles oc192 dcom bindshell
-[n] [+]   22) HODConnect handles oc192 dcom bindshell
-n] [+
+s] [ 
-[n] [+]   24) HODBind  handles house of dabus netdde bindshells
-[n] [+]   25) HODConnect handles house of dabus netdde bindshells
@@ -33 +33 @@
-[n] [+]   28) HATSQUADConnect handles hat-squad wins connect
-[n] [+]   29) HATSQUADBind handles hat-squad wins bindshell
-+
+n
-   =--- 31 ShellcodeHandlers registerd  
-
@@ -202 +202 @@
-wuerzburgxor::wuerzburg
-{
-/*
-
-
+
+
+
-        pattern
-        "(.*\\xEB\\x27......)(\\x5D\\x33\\xC9\\x66\\xB9(..)\\x8D\\x75\\x05\\x8B\\xFE\\x8A"
@@ -832 +832 @@
-};
-
-
+
-// taken from shellcode-generic/sch_generic_link_bind_trans.cpp
-bindfiletransfer::bindlinktransfer
@@ -878 +878 @@
-        "\\xff\\xd0\\x57\\x68\\xef\\xce\\xe0\\x60\\xff\\xd6\\xff\\xd0";
-
-port,key
-
-
+none,port
+
+
-
-