Tag Archives: linux

Shell hiding in image files

One day, we noticed strange GET request towards our JBoss server:

From the request above, you’ll quickly noticed that this attack leveraging Apache Struts vulnerability from CVE-2017-5638.

The request tried to execute command below:

“-O” : writes the documents to file.
“-” : if is used as file, documents will be printed to standard output, disabling link conversion.
“-q” : quiet (no output)

As you see, it tried to fetch image (jpeg file) from 91.230.47.41. Seems normal right?
We fetch the file & take a look at the jpg file:

ASCII?? Not JPEG?? hmm..
Here’s whats inside the “logo.jpg” file:

We noticed there are several other file fetched; possibly a config file & bin file.
Let’s fetch those file!

Here is the config file:
http://91.230.47.41/pics/kworker.conf

Not sure it is. Maybe bin file to run a process:
http://91.230.47.41/pics/kworker

Lets see if the file is packed:

Yup. So lets unpacked the file using UPX:

http://91.230.47.41/pics/kworker_na

Overall, looks like the attacker want to hack our servers & turn it into his own crypto currency mining machine.
Typical behavior of attack we see in this time where the crypto currency is rising. People hack to make profit. 🙂

Here the MD5 for file above:

Upgrade Python packages at using pip

As you read in the title above; to update your python packages via pip:

for Linux/*nix:

p/s: you may need to run as sudo. Probably.

for Windows:

Credit: http://stackoverflow.com/questions/2720014/upgrading-all-packages-with-pip

Shell script fails: Syntax error: “(” unexpected

The error when executing the bash code:

The script does not begin with a shebang line, so the kernel executes it with /bin/sh. On Ubuntu, /bin/sh is dash, a shell designed for fast startup and execution with only standard features. When dash reaches the line, it sees a syntax error: that parenthesis doesn’t mean anything to it in context.

Since dash (like all other shells) is an interpreter, it won’t complain until the execution reaches the problematic line. So even if the script successfully started at some point in your testing, it would have aborted once the problematic line was reached.

The shebang line must be the very first thing in the file. Since you use bash features, the first line of the file must be #!/bin/bash or #!/usr/bin/env bash.

Credit: http://unix.stackexchange.com/questions/45781/shell-script-fails-syntax-error-unexpected

Fix Locale problem on Ubuntu

Recently, I saw this kind or error quite frequent. At first I thought that it was nothing.
But eventually, it’s kinda bothering me when I see the error message. :p

So, here is the solution to solve this problem.
First, run this command:

It updates /etc/default/locale with provided values.

If you see the /etc/default/locale file, it shows something like this:

If the problem still occur, maybe you can try this first before running the command above again:

Credit to http://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue/505424#505424

SNMP Cannot Find Module on Ubuntu 14.04

If you encounter error something like this:

Then, where are in the same path. Path where we searching for the answers. XD
So, here is the solution to solve this error.

First, edit this sources.list file:

add this line to the end of file:

:w to save and :q to exit vi editor

Then, install this packages:

And then run this:

Voila! Done. Hope it helps. 🙂

Ubuntu – Authentication token manipulation error

Authentication token manipulation error on Ubuntu

Authentication token manipulation error on Ubuntu

Recently, I forgot my “root” password for my Ubuntu (duh!). So I try attempting to change my “root” password by selecting recovery mode on the grub menu and dropped into a root shell prompt.

Everything works perfect until I try to change the password. The picture above is what I get when i try to change the password. 🙁

So, to solve this, just run this on the prompt:

Anddddd… Walla! Try to reset the password again and it works! 🙂

Hash sum mismatch error on Ubuntu

I think most of you will encounter with this kind of problem if you are using the previous version of Ubuntu.

The solution is to remove the content of /var/lib/apt/lists directory:

then run:

Credit to askubuntu.com

Disable IPv6 on Ubuntu

If you want to disable IPv6 on your server, below is the step to do it.

  1. Edit this file:

  1. Add these lines to the bottom of the file:

  1. Run this command on your terminal:

Done!

Enable graphical root login on ubuntu 12.04

In Ubuntu, user “root” won’t show up as an options to login, which you need to adjust the Ubuntu to allow login as “root”.

Run this command below in your terminal (as normal user with sudo):

Reboot and then you should be able to login as root using graphical user login.

Restore grub without live CD on Linux

If you start your Ubuntu and it display a grub shell to you, you can run this command below to fix it:


* Ensure that you entered correct partition (e.g. hd0,1) for hdX,Y. If not, than your grub will be messed.

References :
http://superuser.com/questions/181733/how-can-i-restore-grub-without-a-live-cd1
http://www.linux.com/learn/tutorials/776643-how-to-rescue-a-non-booting-grub-2-on-linux