Saturday, January 25, 2014

32764/TCP Backdoor Scanning with NINJA PingU

Recently, it was discovered a backdoor that affects several routers. This backdoor, grants remote root shell access without authentication, an exploiting it is as easy as establishing a TCP connection against this port.

I released a new NINJA PingU plugin, called 32764Backdoor, that is aimed at scanning and identifying hosts affected by the 32764/TCP backdoor.

The plugin is already documented in its web page and the code has already been checked in its repository. NINJA PingU is a framework designed for easy plugin development. As we can see below, the logic of the plugin is only about 20 lines, most of the work is carried out by the framework.

// looks for 0x53634D4D and 0x4D4D6353
char *payload="ScMM"; 

// const for the results
const char *vuln = "vulnerable";
const char *patched = "patched";

void onInitPlugin()
{
    openServiceFile();
}

void onStopPlugin()
{
    closeServFile();
}

void getServiceInput(int port, char *msg)
{
    strncpy(msg, "randomdata\r\n\r\n", 22);
}

void provideOutput(char *host, int port, char *msg)
{
    if (strstr(msg, payload) != NULL && synScan == FALSE)
    {
        persistServ(host, port, vuln);
    } else {
        persistServ(host, port, patched);
    }
}

I have also modified the Makefile to build the plugin automatically in each execution. All the commands are paramatrized, to compile a new plugin you just need to modify the first line of the Makefile and include the name of the plugin as follows.

PLUGINS=Simple Service Backdoor32764

Running this plugin within NINJA PingU is very easy, you just need to specify the name of the plugin in the -m (module) flag as follows:

# ./bin/npingu -t 2 -p 32764 1.1.1.1-255.0.0.0 -m Backdoor32764

This will immediately start the scan. A screenshot of the UI running the plugin is shown in Figure 1.

Figure 1. 32764/TCP Backdoor scan.

An analysis was carried out where 11955970 hosts where scanned.  Among those, 7090 hosts where listening to the port 32764 and 61 vulnerable hosts where found. The analysis took about 15 minutes in a 100mbps dsl line. In Figure 2, we show the plot of this data.

Figure 2. Analysis Results.


Posted by Guifré Ruiz at 8:30 PM
Labels: , , , ,

14 comments:

  1. sam lioMarch 4, 2019 at 7:19 AM

    buy adderall online at the best price from our online pharmacy.
    visit us at https://www.bestpharmacyinusa.com/product-category/buy-adderall-online/

    ReplyDelete
  2. sam lioMarch 4, 2019 at 7:20 AM

    buy adderall online at the best price overnight

    ReplyDelete
  3. sam lioMarch 4, 2019 at 7:22 AM

    [url=https://www.bestpharmacyinusa.com/product-category/buy-adderall-online/]buy adderall online[/url] at the cheap price.

    ReplyDelete
  4. UnknownAugust 28, 2019 at 12:19 PM

    Buy Adderall online without prescription

    You can equally buy Adderall online cheap
    Our pharmacy is trusted supplier of Adderall and other ADHd products no need for a prescription when ordering .We do overnight and next day delivery and we deliver to all locations
    To buy call or text us at +1916-407-2673
    visit our website at www.authenticmeds.com

    ReplyDelete
  5. UnknownNovember 16, 2019 at 1:49 AM

    Best Article buy pain meds online Excellent post. I appreciate this site. Stick with it! Because the admin of this web page is working, no doubt very quickly it will be well-known, due to its quality contents.This website was how do you say it? Relevant!! Finally, I’ve found something that helped me.
    Best Article buy Roxicodone Online Excellent post
    buy Xanax Online
    buy Oxycodone Online

    Best Article buy medications online Excellent post. I appreciate this site. Stick with it! Because the admin of this web page is working, no doubt very quickly it will be well-known, due to its quality contents.This website was how do you say it? Relevant!! Finally, I’ve found something that helped me.
    buy Roxicodone Online

    ReplyDelete
  6. Buy Percocet OnlineMay 28, 2020 at 2:28 PM

    top Best Relevant Article buy oxycodone Excellent post. I appreciate this site. Stick with it! Because the admin of this web page is working.
    Best Article adderall for sale Excellent post


    buy xanax online
    tramadol for sale
    biphetamine
    buy female viagra
    sibutramine for sale
    buy research chemicals
    crystal meth
    buy mdma crystal online
    buy mephedrone online
    order mephedrone

    ReplyDelete
  7. jessejamesAugust 2, 2020 at 10:33 PM

    BUY LSD ONLINE
    BUY VYVANSE ONLINE
    BUY ADDERALL ONLINE
    BUY PERCOCET ONLINE
    BUY BLUE DREAM DANK VAPE ONLINE
    BUY BLUE DREAM BANANA OG BRASS KNUCKLES ONLINE
    BUY BLUE DREAM WATERMELON DANK VAPE ONLINE
    BUY BLUE DREAM KINGPEN ONLINE
    BUY BLUE DREAM ONLINE
    BUY MOONROCK ONLINE
    BUY SOUR DIESEL ONLINE
    BUY GRAND DADDY PURPLE ONLINE
    BUY sunrocks ONLINE
    BUY WEED ONLINE
    pineapple express online cheap sale in usa
    buy nova og online
    buy afghan kush online
    buy nova-og-kush online
    buy valuim online
    buy ketamine rocks online
    buy nebutal online
    buy cocaine online
    iboga for sale
    buy ibogaine hcl online
    buy ibogaine hcl online
    buy ibogaine online
    buy iboga root barks online
    buy iboga powder online
    tabernanthe ibogaine hcl for sale
    ibogaine hcl research
    iboga for sale
    BUY WEED ONLINE
    BUY OXYCODONE ONLINE
    BUY IBOGAINE ONLINE
    BUY DANK VAPE ONLINE
    BUY PURPLE QUEEN ONLINE
    BUY IBOGAINE CAPSULES ONLINE
    BUY SUBUTEX 8MG ONLINE
    BUY GELATO DANK VAPE CARTRIDGE ONLINE

    ReplyDelete
  8. AdrienNovember 19, 2021 at 1:22 PM

    http://Buyxanaxonlinepharmacy.com
    buy xanax online,
    buy opana online,
    oxycodone for sale,
    buy adderall online,
    buy methаdоnе online,
    Buy percocet online,
    buy rohypnol online,
    clonazepam (Klonopin) generic for sale online,
    dexedrine order usa,
    concerta online,
    fentanyl pill for sale,
    buy lyrica online usa,
    order molly online,
    buy morphine online uk,
    buy norco online store,
    buy oxycodone online,
    buy oxycontin online,
    seconal for sale,
    tramadol for sale

    ReplyDelete
  9. AdrienNovember 19, 2021 at 10:51 PM

    http://Buyxanaxonlinepharmacy.com
    buy xanax online
    buy opana online
    oxycodone for sale
    buy adderall online
    buy methаdоnе online
    Buy percocet online
    buy rohypnol online
    clonazepam (Klonopin) generic for sale online
    dexedrine order usa
    concerta online
    fentanyl pill for sale
    buy lyrica online usa
    buy moon rocks online
    order molly online
    buy morphine online uk
    buy norco online store
    buy oxycodone online
    buy oxycontin online
    seconal for sale
    tramadol for sale

    ReplyDelete
  10. UnknownMarch 17, 2022 at 6:53 AM

    legit online dispensary shipping worldwide
    most trusted online dispensary ship all 50 states
    Order Marijuana online Shipping worldwide

    ReplyDelete
  11. UnknownMarch 17, 2022 at 6:58 AM

    legit online dispensary shipping worldwide
    legit online dispensary shipping worldwide
    most trusted online dispensary ship all 50 states

    ReplyDelete
  12. UnknownMarch 17, 2022 at 7:06 AM


    Where to Get COVID-19 Vaccine Card
    legit online dispensary shipping worldwide
    Order Marijuana online shipping worldwide

    ReplyDelete
  13. UnknownMarch 17, 2022 at 7:13 AM

    Buy Furniture online, ACCENT CHAIRS, DINING CHAIRS
    Where to Buy All Your Dream Vintage Furniture Online, STORAGE CABINETS
    furniture stores near me, SOFAS

    ReplyDelete
  14. UnknownMarch 17, 2022 at 7:14 AM

    How to get Covid-19 Vaccine Certificate without vaccine
    Best place to buy covid card online payment
    Buy covid-19 vaccine Certificate Online USA

    ReplyDelete

Subscribe to: Post Comments (Atom)