So a while back I was chatting on yahoo in hackers' lounge, and this dude was telling people he could hack anyone's computer. Then he started pming them and asking for IP's. Well when he pm'd me I started talking to him, and I gave him my IP cause I wasn't too worried. Luckily it didn't work on me. He ended up giving me the code and saying it was all secret and not to show anybody else. So I take part of the comment and put it in google and there's a bunch of hits for it as a proof of concept for a flaw in windows. Here is one of many (This was a while back, I know this is old)
http://security-protocols.com/module...ticle&sid=1911
So I decided I wanted to fool around with this. I have never coded in C before, so I had a hard time compiling the exploit, but with the help of some in IRC I got it compiled.

Anyway, just to be sure I was vulnerable I reinstalled windows and waited to start patching till after I messed with this thing. So I ended up running it against myself and it worked, and I also ran it against my older bro's box on the network. (he needs to run windows update :P). I have a few questions about this.

1. Does anyone else do this type of thing?
2. Is it considered skiddieish to test like this?
3. How is this type of thing detected on the computer being exploited? *
4. Is there any more extensive testing I can be doing?

* As I was doing my testing, I started to think that this sort of thing is hard to detect. In terms of the box the exploit was run against, I really couldn't think of any way other than being at the computer and typing netstat to tell if this is happening to you. If you happened to have an IDS between the computer and the internet, I'm sure that would pick it up, and if you had a firewall you probably wouldn't have the problem to begin with. So can it be traced by the casual admin?

Thanks fellas. Peace.