Dionaea exploit analysis
We’ll using python bundled with Dionaea:
It will open a python console. Enter the code below line by line:
It will produce test.bin file in /tmp/ folder.
Now we analyze it and dump the output to another file:
You should see something like this:
As you can see, the malicious URL is hxxp://18.104.22.168:8147/kcfl