Comments (7)
Yeah I saw it too. With some Google search, I believe it is waiting for the specific responses of the content in dep2.sh. I am trying to the real content of dep2.sh, no luck as for now
Also, I saw there are always same credentials prior these fgrep attempts.
I will try to dig further
from glutton.
I did some research on this and found: https://github.com/k1p0d/h264_dvr_rce/blob/master/h264-dvr-rce.py and the article had some references to the dep2.sh file
I tried using the dep2.sh file from: http://qsee.custhelp.com/app/answers/detail/a_id/1275/~/qt446%3A-firmware-version-3.2.0-(latest)
And get no responses. That fgrep on the dep2.sh from the linked firmware will return cd /mnt/mtd && ./XDVRStart.hisi ./td3520 &
from glutton.
Ah, nice catch @wintermanc3r . Did you add that string to Glutton to see if we see further steps in that attack scenario?
from glutton.
I've actually been using my own honeypot (this is literally the only link on Google I could find that applies to this traffic!), but I've tried
cd /mnt/mtd && ./XDVRStart.hisi ./td3520 & and
cd /mnt/mtd && ./XDVRStart.hisi ./td3520a &
without any success. This is definitely the right track so I'm going to poke around some more and see if I can find any other versions of the firmware, and will let you know if I find the desired response. Between this and the bot I've ran into running crontab, passwd, reboot (that actually tried repeatedly to shut my honeypot down with forkbombs and /dev/urandom redirection) things get more curious every day...
from glutton.
Nice @wintermanc3r . I am adding to mine and testing it now. Will see what we can get later. Cheers!
from glutton.
@gento any success?
from glutton.
@glaslos I tried the same way as @wintermanc3r
cd /mnt/mtd && ./XDVRStart.hisi ./td3520 &
No luck for me as the moment
from glutton.
Related Issues (20)
- adding module to save traffic in pcap file HOT 2
- Error: multiple-value uuid.NewV4() in single-value context HOT 2
- Proxy and logging feature for Telnet HOT 6
- glutton as a sensor HOT 3
- Error while executing `go get github.com/mushorg/glutton` HOT 1
- Build error(s) HOT 5
- iptables, iptables-legacy, nft & buster HOT 5
- Glutton depends on lsof HOT 8
- Add a log message when a connection gets closed due to timeout HOT 1
- Set --var-dir on startup HOT 1
- 'build' failed HOT 4
- Store Malware Files
- Close connections after a set timeout HOT 3
- Support citrix (CVE-2019-19781)
- Is it possible to use images to teach how to install software HOT 1
- ARM64 support broken for latest master HOT 4
- SSH - intercept users with publickey authentication HOT 1
- double "msg" key blocks SIEM ingestion HOT 1
- Drop iptable rules before trying to shut down all connections HOT 1
- Use TPROXY instead of nfqueue HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from glutton.