Current location: home page > Record the past >Text content

Mantis catches cicada, yellow finch is behind

Dazzle Yi Three years ago (2017-11-12) Record the past one thousand one hundred and thirty-two

There is no free lunch in the world.

  The script of IOT vulnerability scanning has a back door, and the script boy is black out. JPG Mantis catches cicada, and yellow finch is in the rear

If you search the Internet for free hacking tools, be careful, because many of the free tools that claim to be hackers' Swiss Army knives are actually a trap.


For example, the Cobian rat and the Facebook hacking tool, which I mentioned earlier, can cause real attack time, but the victims are those who use the tools.


Recently, a security Researchers have found another such tool. This is a PHP script, which can be downloaded for free in many underground hacker forums. By scanning Goahead web server for vulnerabilities, it helps users find network video heads with vulnerabilities on the Internet.


However, after careful analysis of the scan script, Newsky security researcher Ankit anubhav found that the tool also contained a hidden back door. It allows script authors to attack people who use scripts to do bad things. "From the attacker's point of view, the users who attack these scripts (script kids, what we call toolkits) are very cost-effective," anubhav said.


"For example, if a script kid owns a botnet with 10000 Internet of things devices, if he is attacked by an attacker, the whole botnet will belong to the one who now controls the script child system The attacker. So by using one device, he can add thousands of botnets to his army. ".


With the rise of the Internet of things Botnet, as well as the emergence of the largest Internet of things based malicious last year Software Threats encourage malicious attackers to create their massive botnets to launch DDoS attacks against their targets, or rent them out to make money.


This paper analyzes the four parts of the script

First, it scans a set of IP addresses to try to find webcams with Goahead server authentication bypass vulnerability (cve-2017-8225).

It then creates a backdoor account (user name: VM, password: meme123) in the script user's system and gives root permission.

In addition, the script extracts the victim's IP address, allowing the script author to remotely access the infected system

Finally, it runs another payload on the script kid's system, eventually installing a famous botnet called kaiten.

This script is another hacking tool with a back door that is now widely spread in the underground hacker community



Welcome to participate in the discussion. Please express your views and exchange your views here.
Call for istwar