http://www.getsmartnotary.net/cart/pub/ddd.jpg??
http://www.freewebmonitoring.com/)
http://husnu.dns1.us/boki13.jpg????
http://husnu.dns1.us/latas.jpg????
http://malesjomblo.com/plugins/logon.txt??
http://husnu.dns1.us/boki13.jpg?????
http://husnu.dns1.us/latas.jpg???????
http://www.njk.co.kr/board/icon/bb.gif??
http://www.njk.co.kr/board/icon/mysql.gif??
http://www.novusortusatlanta.com/georgiagames/vero.jpg?
http://www.mobile4style.com/define/response.txt?
http://www.furor-normannicus.de/maho/daster.jpg??
http://www.furor-normannicus.de/maho/topi.jpg??
http://www.furor-normannicus.de/maho/j1.txt??
http://www.furor-normannicus.de/maho/j2.txt??
http://www.tecfashion.com/editors/module/byroe.jpg??
http://www.tecfashion.com/editors/module/j1.txt??
http://www.fuerzatemporal.com.co/templates/robots.txt???
http://www.blu-nightclub.co.uk/main/images/idxml.txt??
http://www.blu-nightclub.co.uk/main/images/man.jpg??
http://www.blu-nightclub.co.uk/main/images/men.jpg??
http://turninpt.com/satu.txt???
http://drquyong.com/mambo/aisha.jpg??
http://www.fuerzatemporal.com.co/templates/robots.txt??%0D??
http://91.121.51.71/webmail/docs/cx/david.txt??
http://www.gigablast.com/spider.html)
http://91.121.51.71/webmail/docs/cx/sangatta.txt??
http://91.121.51.71/webmail/docs/cx/parepare.txt??
http://some.thesome.com/etc/jc.jpg??
http://some.thesome.com/etc/9991.jpg??
http://some.thesome.com/etc/byz9991.jpg??
http://www.zompakoyu.net/images/smilies/Fx29ID.txt??
http://www.kbvrc.org/bbs/files/HAN/cached.jpg??
http://www.go-fulda.de/e107_images/apache.jpg??
http://www.kbvrc.org/bbs/files/HAN/apache.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://itil.host.sc/gif?%0D?
http://www.fastindia.in/Policy/kir.jpg??
http://www.fastindia.in/Policy/rik.jpg??
http://www.menrs.gov.mg/coopuniv/ec.txt????
http://www.menrs.gov.mg/coopuniv/dor.txt????
http://www.zenithpropertymaintenance.co.uk/byz9991.jpg??
http://www.menrs.gov.mg/coopuniv/vero.txt?
http://dl.dropbox.com/u/35150150/edan.jpg??
http://dl.dropbox.com/u/35150150/scan.jpg??
http://www.ahhobby.dk/vcl/xajax/xajax_js/byroe.jpg??
http://www.ahhobby.dk/vcl/xajax/xajax_js/allnet.jpg??
http://www.kortech.cn/bbs/java.jpg??
http://www.sogou.com/docs/help/webmasters.htm#07)
http://www.kortech.cn/bbs/pbot.jpg??
http://www.messengersofmercy.org/images/paypal/byroe.jpg??
http://www.messengersofmercy.org/images/paypal/allnet.jpg??
http://berg.globaz.pt/download/id.txt???
http://berg.globaz.pt/download/id.txt??%0D??
http://www.vipekaem.ru/images/pandegaid.txt?
http://luzzer.jatekoldal.net/tmp/last.jpg??
http://luzzer.jatekoldal.net/tmp/banner.jpg??
http://www.bangkoklimo4u.com/image_post/id.txt??
http://yuken.fileave.com/id1.txt??x
http://fighterarcade.com/logic/id.jpg?
http://www.kudosmusic.co.uk/pdf/mic22.txt????
http://81.13.60.114/ddos.txt??
Friday, August 5, 2011
RFI's for 8/2/11 thru 8/5/11
How to hijack a php botnet
* COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to> <from> <subject> <msg> //send an email * .dns <IP|HOST> //dns lookup * .download <URL> <filename> //download a file * .exec <cmd> // uses exec() //execute a command * .sexec <cmd> // uses shell_exec() //execute a command * .cmd <cmd> // uses popen() //execute a command * .info //get system information * .php <php code> // uses eval() //execute php code * .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack * .udpflood <target> <packets> <packetsize> <delay> //udpflood attack * .raw <cmd> //raw IRC command * .rndnick //change nickname * .pscan <host> <port> //port scan * .safe // test safe_mode (dvl) * .inbox <to> // test inbox (dvl) * .conback <ip> <port> // conect back (dvl) * .uname // return shell's uname using a php function (dvl) *
Refer to previous posts and stay tuned for updates for more bots found in RFI logs
Subscribe to:
Posts (Atom)