[TriLUG] code red the code red boxes with this script.

Andrew Perrin aperrin at email.unc.edu
Sun Aug 12 19:33:24 EDT 2001


Samba can send the message remotely:

smbclient -M -I <remote IP address> -M <NetBIOS Name> 'Hey bugger etc etc'

But unfortunately you do need the remote NetBIOS, not just the remote
IP.  So:

nujoma:~> nmblookup -A 192.168.0.4
Looking up status of 192.168.0.4
received 8 names
        JACOBI          <00> -         M <ACTIVE> 
        PERRINS         <00> - <GROUP> M <ACTIVE> 
        JACOBI          <03> -         M <ACTIVE> 
        JACOBI          <20> -         M <ACTIVE> 
        PERRINS         <1e> - <GROUP> M <ACTIVE> 
        PERRINS         <1d> -         M <ACTIVE> 
        ..__MSBROWSE__. <01> - <GROUP> M <ACTIVE> 
        EPERRIN         <03> -         M <ACTIVE> 
num_good_sends=0 num_good_receives=0


The first item returned (JACOBI <00>) is the machine's NetBIOS name.  
Works fine using FQDN as well as IP address. So how's this for a quick
hack (UNTESTED):

#!/usr/local/bin/perl -w

use strict;

my $smbclient = '/usr/bin/smbclient';
my $nmblookup = '/usr/bin/nmblookup';
my $msg = <<END
Hey bugger you've been bugged
go here: www.microsoft.com/wherevertheyputthecoderedpatch and if you want
asecure os go here www.linuxhq.com and a secure webserver go here
www.apache.org -- now get lost!
END

my $hostline = grep('<00>', `$nmblookup $ARGV[0]`);
my @nbn = split(/\s+/,$hostline,3);
system("$smbclient -M -I $ARGV[0] -M $nbn[1] '$msg'");




The code assumes the IP address or fully-qualified hostname as the first
argument to the program.

There is one more problem though: at least on my wife's win98 machine
(the only one I have access to) the whole net send thing seems to be
absent - can't send, can't receive.  Don't know about other such machines.

Cheers!

----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin at unc.edu - http://www.unc.edu/~aperrin
 Assistant Professor of Sociology, U of North Carolina, Chapel Hill
      269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA


On Sun, 12 Aug 2001, Andrew C. Oliver wrote:

> everyone who would like to get those code red buggers to stop bugging 
> you should take a look at:
> 
> http://www.dasbistro.com/default.ida
> 
> 
> I wish someone who remembered their lan manager (aka winnt command 
> prompt) commands better than I could figure out how to change the little 
>   shutdown command to a "net send"  -- "Hey bugger you've been bugged go 
> here: www.microsoft.com/wherevertheyputthecoderedpatch and if you want a 
> secure os go here www.linuxhq.com and a secure webserver go here 
> www.apache.org -- now get lost!"
> 
> I'd probably be able to do this but I don't have a winnt box to check 
> what the syntax for net send.  If you have one maybe type "help net 
> send" or "net send /?" and figure out how to send the message to all 
> users on the system.  The catch is we probably won't have the machine 
> name (or at least not realiably". .
> 
> 
> -Andy
> 
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> 




More information about the TriLUG mailing list