Recently, it was discovered a backdoor that affects several routers. This backdoor, grants remote root shell access without authentication, an exploiting it is as easy as establishing a TCP connection against this port.
I released a new NINJA PingU plugin, called 32764Backdoor, that is aimed at scanning and identifying hosts affected by the 32764/TCP backdoor.
The plugin is already documented in its web page and the code has already been checked in its repository. NINJA PingU is a framework designed for easy plugin development. As we can see below, the logic of the plugin is only about 20 lines, most of the work is carried out by the framework.
// looks for 0x53634D4D and 0x4D4D6353
char *payload="ScMM";
// const for the results
const char *vuln = "vulnerable";
const char *patched = "patched";
void onInitPlugin()
{
openServiceFile();
}
void onStopPlugin()
{
closeServFile();
}
void getServiceInput(int port, char *msg)
{
strncpy(msg, "randomdata\r\n\r\n", 22);
}
void provideOutput(char *host, int port, char *msg)
{
if (strstr(msg, payload) != NULL && synScan == FALSE)
{
persistServ(host, port, vuln);
} else {
persistServ(host, port, patched);
}
}
I have also modified the Makefile to build the plugin automatically in each execution. All the commands are paramatrized, to compile a new plugin you just need to modify the first line of the Makefile and include the name of the plugin as follows.
PLUGINS=Simple Service Backdoor32764
Running this plugin within NINJA PingU is very easy, you just need to specify the name of the plugin in the -m (module) flag as follows:
# ./bin/npingu -t 2 -p 32764 1.1.1.1-255.0.0.0 -m Backdoor32764
This will immediately start the scan. A screenshot of the UI running the plugin is shown in Figure 1.
Figure 1. 32764/TCP Backdoor scan.
An analysis was carried out where 11955970 hosts where scanned. Among those, 7090 hosts where listening to the port 32764 and 61 vulnerable hosts where found. The analysis took about 15 minutes in a 100mbps dsl line. In Figure 2, we show the plot of this data.
Figure 2. Analysis Results.
buy adderall online at the best price from our online pharmacy.
ReplyDeletevisit us at https://www.bestpharmacyinusa.com/product-category/buy-adderall-online/
buy adderall online at the best price overnight
ReplyDelete[url=https://www.bestpharmacyinusa.com/product-category/buy-adderall-online/]buy adderall online[/url] at the cheap price.
ReplyDeleteBuy Adderall online without prescription
ReplyDeleteYou can equally buy Adderall online cheap
Our pharmacy is trusted supplier of Adderall and other ADHd products no need for a prescription when ordering .We do overnight and next day delivery and we deliver to all locations
To buy call or text us at +1916-407-2673
visit our website at www.authenticmeds.com
Best Article buy pain meds online Excellent post. I appreciate this site. Stick with it! Because the admin of this web page is working, no doubt very quickly it will be well-known, due to its quality contents.This website was how do you say it? Relevant!! Finally, I’ve found something that helped me.
ReplyDeleteBest Article buy Roxicodone Online Excellent post
buy Xanax Online
buy Oxycodone Online
Best Article buy medications online Excellent post. I appreciate this site. Stick with it! Because the admin of this web page is working, no doubt very quickly it will be well-known, due to its quality contents.This website was how do you say it? Relevant!! Finally, I’ve found something that helped me.
buy Roxicodone Online