Salve a tutti Nel log di nginx ho trovato questa riga ?\x00\x00\x00E\xAC^\x97\xDB\xCD6\x0F\xE7\xD4I\xAF\x83\xD9\xE4\xEFsQ\x8B\xE6\x00WUTqO\xB8Q*n\xFC\x13\xAEY\x06r\x14\xB6\xF1oS\xC9\xA51\x91\xAE\xB0Oj\xBE\x876\xFEx\xA6\x078\x14U\x06\x04\xA1\x88
ho provata a disassemblarla per identificare un eventuale shellcode, ma non sembra nulla di plausibile.
echo -ne "?\x00\x00\x00E\xAC^\x97\xDB\xCD6\x0F\xE7\xD4I\xAF\x83\xD9\xE4\xEFsQ\x8B\xE6\x00WUTqO\xB8Q*n\xFC\x13\xAEY\x06r\x14\xB6\xF1oS\xC9\xA51\x91\xAE\xB0Oj\xBE\x876\xFEx\xA6\x078\x14U\x06\x04\xA1\x88" | ndisasm -u -
00000000 3F aas 00000001 0000 add [eax],al 00000003 0045AC add [ebp-0x54],al 00000006 5E pop esi 00000007 97 xchg eax,edi 00000008 DBCD fcmovne st5 0000000A 36 ss 0000000B 0F db 0x0f 0000000C E7D4 out 0xd4,eax 0000000E 49 dec ecx 0000000F AF scasd 00000010 83D9E4 sbb ecx,byte -0x1c 00000013 EF out dx,eax 00000014 7351 jnc 0x67 00000016 8BE6 mov esp,esi 00000018 005755 add [edi+0x55],dl 0000001B 54 push esp 0000001C 714F jno 0x6d 0000001E B8512A6EFC mov eax,0xfc6e2a51 00000023 13AE59067214 adc ebp,[esi+0x14720659] 00000029 B6F1 mov dh,0xf1 0000002B 6F outsd 0000002C 53 push ebx 0000002D C9 leave 0000002E A5 movsd 0000002F 3191AEB04F6A xor [ecx+0x6a4fb0ae],edx 00000035 BE8736FE78 mov esi,0x78fe3687 0000003A A6 cmpsb 0000003B 07 pop es 0000003C 3814550604A188 cmp [edx*2-0x775efbfa],dl qualche idea su cosa possa essere? grazie ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
