Someone tried to exploit the Shellshock vulnerability in Bash on lodash.com, likely as part of a mass-exploit attempt.
In this case, the exploit attempted to download a modified version of @schierlm’s pseudo-terminal Perl script that would connect to 72.167.37.182
on port 23
. The download URL contains the targeted host name (?h=lodash.com
) which gives the attacker an indication of which hosts might have the /tmp/a.pl
backdoor in place.
Wow, people are using old scripts of mine and are even too lazy to remove the copyright notice :)
Nowadays, in most cases you can use
script /dev/null
instead to allocate you a pseudo terminal. But I wouldn't use it in intiial exploitation (only where I have permission of course, I don't access random hosts on the 'net) anyway - just give me a "raw shell", I can later upgrade it if needed :)