[code autolinks=”false”]
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMKIyBVbmlmaWVkIGRpZmYgKHBhdGNoIGZpbGUpIHRvIG1vZGlmeSBEaW9u
YWVhJ3MgaHR0cC5weSBtb2R1bGUgICAgICAgICMKIyB0byBlbmFibGUgaXQgdG8gcmVjb2duaXNl
IGFuZCBkb3dubG9hZCBmcm9tIFVSTHMgaW4gYSB3Z2V0L2N1cmwvICAgICMKIyBsd3AtZG93bmxv
YWQgY29tbWFuZCBsaW5lIGNvbnRhaW5lZCB3aXRoaW4gU2hlbGxTaG9jayBleHBsb2l0cyAgICAg
ICMKIyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICMKIyBBcHBsaWNhdGlvbiBpbnN0cnVjdGlvbnMgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMKIyAgIFtmcm9tIHRoZSBwYXJlbnQgZGly
ZWN0b3J5IG9mIERpb25hZWEncyBzb3VyY2UgZGlyZWN0b3J5XSAgICAgICAgICMKIyAgIFtpdCB3
aWxsIHBhdGNoIC4vZGlvbmFlYS9tb2R1bGVzL3B5dGhvbi9zY3JpcHRzL2h0dHAucHkgXSAgICAg
ICAgICMKIyAgIHBhdGNoIC1wMCA8IGRpb25hZWEtc2hlbGxzaG9jay5kaWZmICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICMKIyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMKIyBkaW9uYWVhLXNoZWxsc2hvY2su
ZGlmZiB2MjAxNS4wMS4yNiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMKIyBodHRw
Oi8vbWFsd2FyZW11c2luZ3MuY29tL3N1cHBvcnRpbmctZmlsZXMvZGlvbmFlYS1zaGVsbHNob2Nr
LWRpZmYvICMKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKCi0tLSAuL2Rpb25hZWEvbW9kdWxlcy9weXRob24vc2Ny
aXB0cy9odHRwLnB5LmRpc3QJMjAxNS0wMS0yNiAxMTozOToyMS41NDE3NTA1NzIgKzExMDAKKysr
IC4vZGlvbmFlYS9tb2R1bGVzL3B5dGhvbi9zY3JpcHRzL2h0dHAucHkJMjAxNS0wMS0yNiAxMToz
NDoxMy4wMDAwMDAwMDAgKzExMDAKQEAgLTM3LDYgKzM3LDcgQEAKIGltcG9ydCB1cmxsaWIucGFy
c2UKIGltcG9ydCByZQogaW1wb3J0IHRlbXBmaWxlCitpbXBvcnQgdHJhY2ViYWNrCiAKIGxvZ2dl
ciA9IGxvZ2dpbmcuZ2V0TG9nZ2VyKCdodHRwJykKIGxvZ2dlci5zZXRMZXZlbChsb2dnaW5nLkRF
QlVHKQpAQCAtODksNiArOTAsNzUgQEAKIAogCQlzZWxmLm1heF9yZXF1ZXN0X3NpemUgPSBtYXhf
cmVxdWVzdF9zaXplICogMTAyNAogCisKKwkjIyMKKwkjIHByb2Nlc3NfaGVhZGVycygpOiBsb29r
IGZvciBTaGVsbFNob2NrIGV4cGxvaXQKKwkjIyMKKworCWRlZiBwcm9jZXNzX2hlYWRlcnMoc2Vs
Zik6CisJCXRyeToKKwkJCWFsbGhlYWRlcnMgPSBzZWxmLmhlYWRlci5oZWFkZXJzCisKKwkJCSMK
KwkJCSMgcmVtZW1iZXIgVVJMcyB0aGF0IHdlJ3ZlIGFscmVhZHkgY3JlYXRlZCBhbiBpbmNpZGVu
dCBmb3IKKwkJCSMKKwkJCXN1Ym1pdHRlZHVybHMgPSBbXQorCisJCQlmb3IgaSBpbiBhbGxoZWFk
ZXJzOgorCQkJCSMKKwkJCQkjIGNvbnZlcnQgdGhlIGFycmF5cyBvZiBieXRlcyB0byBzdHJpbmdz
CisJCQkJIworCQkJCWhlYWRlcm5hbWUgPSBzdHIoaSxlbmNvZGluZz0idXRmLTgiKQorCQkJCWhl
YWRlcnZhbCA9IHN0cihhbGxoZWFkZXJzW2ldLGVuY29kaW5nPSJ1dGYtOCIpCisKKwkJCQkjCisJ
CQkJIyBjaGVjayBmb3IgU2hlbGxTaG9jayBleHBsb2l0CisJCQkJIworCQkJCWlmIHJlLm1hdGNo
KCJcKFwpIHtbIAldW159XSo7WyAJXSp9WyAJXSo7IixoZWFkZXJ2YWwpOgorCQkJCQkjcHJpbnQo
Ii0tLSBTaGVsbFNob2NrIC0tLSIpCisJCQkJCSNwcmludChpICsgYiI6ICIgKyBhbGxoZWFkZXJz
W2ldKQorCisJCQkJCSMKKwkJCQkJIyB3ZSBoYXZlIHNoZWxsc2hvY2suIGV4dHJhY3QgVVJMcyBm
cm9tIHdnZXQvY3VybC9sd3AtZG93bmxvYWQgY29tbWFuZCBsaW5lcworCQkJCQkjCisJCQkJCXVy
bG1hdGNoID0gcmUuZmluZGFsbCgiKD86d2dldHxjdXJsfGx3cC1kb3dubG9hZCkoPzogfCg/OiBb
XjtcIl0qICkpKCg/Oig/Omh0dHBzP3xmdHApOi8vKT8oPzpbMC05QS1aYS16XStcLil7Mix9WzAt
OUEtWmEtel0rKD86L1teIDtcXFwiXSopKikiLHN0cihhbGxoZWFkZXJzW2ldKSkKKworCQkJCQkj
CisJCQkJCSMgZm9yIGVhY2ggVVJMIHRoYXQgd2UgZXh0cmFjdGVkCisJCQkJCSMgdGhlICc/Oicg
bW9kaWZpZXIgbWVhbnMgdGhhdCB3ZSBkb24ndCBnZXQgYWxsIG9mIHRoZSBncm91cGVkIGJpdHMg
cmV0dXJuZWQsIGJ1dCBqdXN0IGFueSBtYXRjaGluZyBVUkxzCisJCQkJCSMKKwkJCQkJZm9yIGRs
dXJsIGluIHVybG1hdGNoOgorCQkJCQkJIworCQkJCQkJIyBjaGVjayB0aGF0IHdlIGhhdmVuJ3Qg
YWxyZWFkeSBjcmVhdGVkIGFuIGluY2lkZW50IGZvciBpdAorCQkJCQkJIworCQkJCQkJaWYgbm90
IChkbHVybCBpbiBzdWJtaXR0ZWR1cmxzKToKKwkJCQkJCQkjcHJpbnQoIiAgICBGb3VuZCBVUkw6
ICVzIiAlIGRsdXJsKQorCisJCQkJCQkJIworCQkJCQkJCSMgY3JlYXRlIGEgRGlvbmFlYSBkb3du
bG9hZCBvZmZlciBpbmNpZGVudAorCQkJCQkJCSMKKwkJCQkJCQlpID0gaW5jaWRlbnQoImRpb25h
ZWEuZG93bmxvYWQub2ZmZXIiKQorCisJCQkJCQkJIworCQkJCQkJCSMgbGluayBpdCB0byB0aGlz
IGNvbm5lY3Rpb24sIGFuZCBzZXQgdGhlIFVSTAorCQkJCQkJCSMKKwkJCQkJCQlpLmNvbiA9IHNl
bGYKKwkJCQkJCQlpLnVybCA9IGRsdXJsCisKKwkJCQkJCQkjCisJCQkJCQkJIyBkbyBzdHVmZiB3
aXRoIGl0CisJCQkJCQkJIworCQkJCQkJCWkucmVwb3J0KCkKKworCQkJCQkJCSMKKwkJCQkJCQkj
IGFwcGVuZCB0aGUgVVJMIHRvIGEgbGlzdCBvZiBVUkxzIHRoYXQgd2UndmUgYWxyZWFkeSBzdWJt
aXR0ZWQKKwkJCQkJCQkjIHRoaXMgc3RvcHMgdXMgZnJvbSBjcmVhdGluZyBtdWx0aXBsZSBkb3du
bG9hZCBvZmZlcnMgZm9yIHRoZSBzYW1lIFVSTAorCQkJCQkJCSMgaWYgaXQgYXBwZWFycyBtb3Jl
IHRoYW4gb25lIGluIGEgc2luZ2xlIEhUVFAgcmVxdWVzdCAoaXQgb2Z0ZW4gZG9lcykKKwkJCQkJ
CQkjCisJCQkJCQkJc3VibWl0dGVkdXJscy5hcHBlbmQoZGx1cmwpCisJCWV4Y2VwdDoKKwkJCXRy
YWNlYmFjay5wcmludF9leGMoKQorCiAJZGVmIGhhbmRsZV9vcmlnaW4oc2VsZiwgcGFyZW50KToK
IAkJc2VsZi5yb290ID0gcGFyZW50LnJvb3QKIAkJc2VsZi5yd2NodW5rc2l6ZSA9IHBhcmVudC5y
d2NodW5rc2l6ZQpAQCAtMTE2LDYgKzE4Niw3IEBACiAJCQloZWFkZXIgPSBkYXRhWzA6ZW9oXQog
CQkJZGF0YSA9IGRhdGFbc29jOl0KIAkJCXNlbGYuaGVhZGVyID0gaHR0cHJlcShoZWFkZXIpCisJ
CQlzZWxmLnByb2Nlc3NfaGVhZGVycygpCiAJCQlzZWxmLmhlYWRlci5wcmludCgpCiAJCQogCQkJ
aWYgc2VsZi5oZWFkZXIudHlwZSA9PSBiJ0dFVCc6Cg==
[/code]
One comment on “dionaea-shellshock.diff (base64)”
Leave a Reply
You must be logged in to post a comment.
Pingback: Capturing ShellShock Downloads with Dionaea | Malware Musings