Between the PHP-as-cgi-bin problem, and shellshock, I\'ve seen 4 or 5 different

Question

Between the PHP-as-cgi-bin problem, and shellshock, I've seen 4 or 5 different Perl scripts that, when run, purport to make your machine part of some scary, heinous botnet.

What, specifically, would be the problem if you went through the Perl script, defanged it so that any eval or shell out or TCP or UDP or HTTP flooding or Google "dork" searching is removed, and then ran the script. Generally, the code is not confusing or complex, so I'm confident in my ability to defang.

Will the IDF Unit 8200 or PLA Unit 61398 or the FBI come and kick down my door? If my entry in the botnet doesn't send spam, or DDOS someone or whatever (because I neutered it), am I running afoul of anything?

Explanation / Answer

been there, did that, faced a massive DDOS against my company afterwards. i'd suggest: take the script, setup an aws-instance and run it there.

never ever run that script on a server that could be linked back to any production-system or your company. try to stay anonymous, because you dont know whom you deal with.

Related Questions

Navigate

• Browse (All)
• Browse B
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.