C
C
cicatrix2019-05-06 09:44:34
Burglary protection
cicatrix, 2019-05-06 09:44:34

Hacking attempt, what did the "hacker" want to achieve?

I looked through the logs today, drew attention to another hacking attempt, as I understand it.
Since there is no php interpreter on the asp.net server in principle, the attempts are miserable, but just curious what the person wanted to achieve and what is this "magic" combination 238947899389478923-34567343546345 ?
Here is an excerpt from the log:

[06.05.2019 06:44:14]	RQ from 163.232.57.44[CHR(0)]{${print(238947899389478923-34567343546345)}}, 5.135.230.129 url= ххх
[06.05.2019 06:44:14]	Session start for 163.232.57.44[CHR(0)]{${print(238947899389478923-34567343546345)}}, 5.135.230.129 sid=j4w2zjc1yuzenufjzd3u2akn
[06.05.2019 06:44:14]	RQ from 163.232.57.44[CHR(0)]<?php print(238947899389478923-34567343546345); ?>, 5.135.230.129 url= ххх
[06.05.2019 06:44:14]	Session start for 163.232.57.44[CHR(0)]<?php print(238947899389478923-34567343546345); ?>, 5.135.230.129 sid=lgjrfbv5q1f2biggvp1ckbrr
[06.05.2019 06:44:14]	RQ from 163.232.57.44[CHR(0)]'<?php print(238947899389478923-34567343546345); ?>', 5.135.230.129 url= ххх
[06.05.2019 06:44:14]	Session start for 163.232.57.44[CHR(0)]'<?php print(238947899389478923-34567343546345); ?>', 5.135.230.129 sid=5klmtftlo5bwz3k2mb5lj5vg
[06.05.2019 06:44:15]	RQ from 163.232.57.44[CHR(0)]"<?php print(238947899389478923-34567343546345); ?>", 5.135.230.129 url= ххх
[06.05.2019 06:44:15]	Session start for 163.232.57.44[CHR(0)]"<?php print(238947899389478923-34567343546345); ?>", 5.135.230.129 sid=svpmdxrsj1iukozmnpepqucl
[06.05.2019 06:44:15]	RQ from 163.232.57.44[CHR(0)]'{${print(238947899389478923-34567343546345)}}', 5.135.230.129 url= ххх
[06.05.2019 06:44:15]	Session start for 163.232.57.44[CHR(0)]'{${print(238947899389478923-34567343546345)}}', 5.135.230.129 sid=f5myywg5gjndhfpy3coixu3m
[06.05.2019 06:44:16]	RQ from 163.232.57.44[CHR(0)]"{${print(238947899389478923-34567343546345)}}", 5.135.230.129 url= ххх
[06.05.2019 06:44:16]	Session start for 163.232.57.44[CHR(0)]"{${print(238947899389478923-34567343546345)}}", 5.135.230.129 sid=c4k1pkvycjgjflcdct4ntdkb
[06.05.2019 06:44:16]	RQ from 163.232.57.44[CHR(0)]'];print(238947899389478923-34567343546345);//, 5.135.230.129 url= ххх
[06.05.2019 06:44:16]	Session start for 163.232.57.44[CHR(0)]'];print(238947899389478923-34567343546345);//, 5.135.230.129 sid=2vwvsavhbqk4nxdaqalqj0jo
[06.05.2019 06:44:17]	RQ from 163.232.57.44[CHR(0)]"];print(238947899389478923-34567343546345);//, 5.135.230.129 url= ххх
[06.05.2019 06:44:17]	Session start for 163.232.57.44[CHR(0)]"];print(238947899389478923-34567343546345);//, 5.135.230.129 sid=4ilglrkrlcvxv53hdobq1bw4
[06.05.2019 06:44:17]	RQ from 163.232.57.44[CHR(0)]');print(238947899389478923-34567343546345);//, 5.135.230.129 url= ххх
[06.05.2019 06:44:17]	Session start for 163.232.57.44[CHR(0)]');print(238947899389478923-34567343546345);//, 5.135.230.129 sid=ta5slw3vrxdi2r3tagsrh1ii
[06.05.2019 06:44:18]	RQ from 163.232.57.44[CHR(0)]");print(238947899389478923-34567343546345);//, 5.135.230.129 url= ххх
[06.05.2019 06:44:18]	Session start for 163.232.57.44[CHR(0)]");print(238947899389478923-34567343546345);//, 5.135.230.129 sid=hxpupmql5zfbfmhcws2nzujr
[06.05.2019 06:44:18]	RQ from 163.232.57.44[CHR(0)]}print(238947899389478923-34567343546345);{, 5.135.230.129 url= ххх
[06.05.2019 06:44:18]	Session start for 163.232.57.44[CHR(0)]}print(238947899389478923-34567343546345);{, 5.135.230.129 sid=fn0k00r2fw532fpty1lj4xrw

Answer the question

In order to leave comments, you need to log in

2 answer(s)
G
Gip, 2019-05-06
@Giperoglif

what did the server say? 404? otherwise in your aspnets something is not clear in the logs

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question