the-binary - Command 1 - agent status
Purpose:
This command is used to query the status of an agent process.
Format:
A handler sends the following command to query agent status (xxx = don't
care):
| 2 |
xxx |
xxx |
1 |
| > 176 bytes of padding |
NOTE: the shaded bytes must be encoded prior to transmission to the agent.
Response:
Upon receipt of a status request message, the agent will transmit the following
response
| 3 |
xxx |
xxx |
1
|
|
7
|
active
|
cmd
|
xxx
|
| 378-578 bytes of padding |
NOTE: The shaded fields are encoded by the agent and must be decoded by
the handler.
active: flag to indicate current status
0 - agent is not currently performing any tasks
1 - agent is performing the task indicated by cmd
cmd: if the agent is active, this is the command it is currently executing
4/9/12 - Executing a DNS flood
5 - Executing an ICMP or UDP flood
6 - A backdoor is available for a root shell on port 23281
9 - Executing a DNS flood
10/11 - Executing a TCP SYN flood