You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Mirai scanners run the command "cat /bin/echo" in order to determine system architecture, after which the scanner will run a wget command to fetch the mirai malware.
The following response is sufficient to trigger the wget command: '\x7fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00\x00\x00\x00\x00'
Unfortunately, this string can't be included in the json "commands", since it includes control characters. If you would like to include this functionality, and have an idea for how to include it, I will put it in a pull request. In my local branch I just added a special check for this inside get_busybox_response(), but that is kind of a hacky/ugly solution.
The text was updated successfully, but these errors were encountered:
Correct me if I'm wrong but can't you just do this - "\\x7fELF\\x01\\x01\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x08\\x00\\x00\\x00\\x00\\x00"
Tested it locally via telnet and I got the correct response (didn't test if with actual Mirai scanner)
The Mirai scanners run the command "cat /bin/echo" in order to determine system architecture, after which the scanner will run a wget command to fetch the mirai malware.
The following response is sufficient to trigger the wget command: '\x7fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00\x00\x00\x00\x00'
Unfortunately, this string can't be included in the json "commands", since it includes control characters. If you would like to include this functionality, and have an idea for how to include it, I will put it in a pull request. In my local branch I just added a special check for this inside get_busybox_response(), but that is kind of a hacky/ugly solution.
The text was updated successfully, but these errors were encountered: