홈페이지 취약점 분석 이야기 파일 지도 사진 깨알






>> 목록보이기
#공격로그 #스캔로그 #phpMyAdmin #자동화 공격도구 #조르기 스캐너 #Jorgee Vulnerability Scanner #A9-Using Components with Known Vulnerabilities

오늘의 웹서버 취약점 스캔 로그: MySQL 관리자 인터페이스 전용 취약점 탐지 도구, 조르기 스캐너

해커들이 사용하는 취약점 스캐너 중 Jorgee Security Scanner는 phpMyAdmin과 같이 MySQL 관리자 애플리케이션을 탐지하는 도구이다. 2012년 이전부터 지속적으로 MySQL SQL 관리기능을 표적으로 하는 웹취약점스캐너라고 한다. User-Agent 문자열은 Mozilla/5.0 Jorgee를 사용한다. 그리고 HTTP 요청은 HEAD http://122.32.19.138:80/mysql/dbadmin/와 같이 GET이 아니라 HEAD를 사용하면 IP주소를 이용한다는 것이 특이하다.

2009년, 2010년에 보고된 바 있는 Revolt Scanner도 비슷한 로그를 남긴다. Jorgee와 Revolt Scanner는 뭔가 서로 관련이 있을 것 같다.

공격자의 IP주소는 188.34.2.17(이란 테헤란)이다.

188.34.2.17 - - [24/Jan/2017:17:29:23 +0900] "HEAD http://122.32.19.138:80/mysql/admin/ HTTP/1.1" 404 180 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:23 +0900] "HEAD http://122.32.19.138:80/mysql/dbadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:23 +0900] "HEAD http://122.32.19.138:80/mysql/sqlmanager/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:24 +0900] "HEAD http://122.32.19.138:80/mysql/mysqlmanager/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:24 +0900] "HEAD http://122.32.19.138:80/phpmyadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:24 +0900] "HEAD http://122.32.19.138:80/phpMyadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:25 +0900] "HEAD http://122.32.19.138:80/phpMyAdmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:25 +0900] "HEAD http://122.32.19.138:80/phpmyAdmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:26 +0900] "HEAD http://122.32.19.138:80/phpmyadmin2/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:26 +0900] "HEAD http://122.32.19.138:80/phpmyadmin3/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:27 +0900] "HEAD http://122.32.19.138:80/phpmyadmin4/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:27 +0900] "HEAD http://122.32.19.138:80/2phpmyadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:27 +0900] "HEAD http://122.32.19.138:80/phpmy/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:28 +0900] "HEAD http://122.32.19.138:80/phppma/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:28 +0900] "HEAD http://122.32.19.138:80/myadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:29 +0900] "HEAD http://122.32.19.138:80/shopdb/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:29 +0900] "HEAD http://122.32.19.138:80/MyAdmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:29 +0900] "HEAD http://122.32.19.138:80/program/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:30 +0900] "HEAD http://122.32.19.138:80/PMA/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:30 +0900] "HEAD http://122.32.19.138:80/dbadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:30 +0900] "HEAD http://122.32.19.138:80/pma/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:31 +0900] "HEAD http://122.32.19.138:80/db/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:31 +0900] "HEAD http://122.32.19.138:80/admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:31 +0900] "HEAD http://122.32.19.138:80/mysql/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:32 +0900] "HEAD http://122.32.19.138:80/database/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:32 +0900] "HEAD http://122.32.19.138:80/db/phpmyadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:32 +0900] "HEAD http://122.32.19.138:80/db/phpMyAdmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:33 +0900] "HEAD http://122.32.19.138:80/sqlmanager/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:33 +0900] "HEAD http://122.32.19.138:80/mysqlmanager/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:33 +0900] "HEAD http://122.32.19.138:80/php-myadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:34 +0900] "HEAD http://122.32.19.138:80/phpmy-admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:35 +0900] "HEAD http://122.32.19.138:80/mysqladmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:35 +0900] "HEAD http://122.32.19.138:80/mysql-admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:35 +0900] "HEAD http://122.32.19.138:80/admin/phpmyadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:36 +0900] "HEAD http://122.32.19.138:80/admin/phpMyAdmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:36 +0900] "HEAD http://122.32.19.138:80/admin/sysadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:37 +0900] "HEAD http://122.32.19.138:80/admin/sqladmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:37 +0900] "HEAD http://122.32.19.138:80/admin/db/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:37 +0900] "HEAD http://122.32.19.138:80/admin/web/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:38 +0900] "HEAD http://122.32.19.138:80/admin/pMA/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:38 +0900] "HEAD http://122.32.19.138:80/mysql/pma/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:38 +0900] "HEAD http://122.32.19.138:80/mysql/db/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:39 +0900] "HEAD http://122.32.19.138:80/mysql/web/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:39 +0900] "HEAD http://122.32.19.138:80/mysql/pMA/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:40 +0900] "HEAD http://122.32.19.138:80/sql/phpmanager/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:40 +0900] "HEAD http://122.32.19.138:80/sql/php-myadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:41 +0900] "HEAD http://122.32.19.138:80/sql/phpmy-admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:41 +0900] "HEAD http://122.32.19.138:80/sql/sql/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:41 +0900] "HEAD http://122.32.19.138:80/sql/myadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:42 +0900] "HEAD http://122.32.19.138:80/sql/webadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:42 +0900] "HEAD http://122.32.19.138:80/sql/sqlweb/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:42 +0900] "HEAD http://122.32.19.138:80/sql/websql/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:43 +0900] "HEAD http://122.32.19.138:80/sql/webdb/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:43 +0900] "HEAD http://122.32.19.138:80/sql/sqladmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:43 +0900] "HEAD http://122.32.19.138:80/sql/sql-admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:44 +0900] "HEAD http://122.32.19.138:80/sql/phpmyadmin2/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:44 +0900] "HEAD http://122.32.19.138:80/sql/phpMyAdmin2/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:44 +0900] "HEAD http://122.32.19.138:80/sql/phpMyAdmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:45 +0900] "HEAD http://122.32.19.138:80/db/myadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:45 +0900] "HEAD http://122.32.19.138:80/db/webadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:45 +0900] "HEAD http://122.32.19.138:80/db/dbweb/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:45 +0900] "HEAD http://122.32.19.138:80/db/websql/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:46 +0900] "HEAD http://122.32.19.138:80/db/webdb/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:46 +0900] "HEAD http://122.32.19.138:80/db/dbadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:46 +0900] "HEAD http://122.32.19.138:80/db/db-admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:47 +0900] "HEAD http://122.32.19.138:80/db/phpmyadmin3/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:47 +0900] "HEAD http://122.32.19.138:80/db/phpMyAdmin3/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:47 +0900] "HEAD http://122.32.19.138:80/db/phpMyAdmin-3/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:48 +0900] "HEAD http://122.32.19.138:80/administrator/phpmyadmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:48 +0900] "HEAD http://122.32.19.138:80/administrator/phpMyAdmin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:48 +0900] "HEAD http://122.32.19.138:80/administrator/db/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:49 +0900] "HEAD http://122.32.19.138:80/administrator/web/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:49 +0900] "HEAD http://122.32.19.138:80/administrator/pma/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:49 +0900] "HEAD http://122.32.19.138:80/administrator/PMA/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:50 +0900] "HEAD http://122.32.19.138:80/administrator/admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:50 +0900] "HEAD http://122.32.19.138:80/phpMyAdmin2/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:50 +0900] "HEAD http://122.32.19.138:80/phpMyAdmin3/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:51 +0900] "HEAD http://122.32.19.138:80/phpMyAdmin4/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:51 +0900] "HEAD http://122.32.19.138:80/phpMyAdmin-3/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:51 +0900] "HEAD http://122.32.19.138:80/php-my-admin/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:52 +0900] "HEAD http://122.32.19.138:80/PMA2012/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:52 +0900] "HEAD http://122.32.19.138:80/pma2012/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:52 +0900] "HEAD http://122.32.19.138:80/PMA2011/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:53 +0900] "HEAD http://122.32.19.138:80/pma2011/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"
188.34.2.17 - - [24/Jan/2017:17:29:53 +0900] "HEAD http://122.32.19.138:80/phpmanager/ HTTP/1.1" 404 179 "-" "Mozilla/5.0 Jorgee"

[처음 작성한 날: 2017.01.25]    [마지막으로 고친 날: 2017.01.25] 


< 이전 글 : WH-WebEditor-CH 라이브 ISO: 이미지 검증 기능을 우회하여 PHP 웹쉘 생성 (2017.01.30)

> 다음 글 : WH-WebEditor-GM 라이브 ISO: 이미지 검증 기능을 우회하여 PHP 웹쉘 생성 (2017.01.23)


크리에이티브 커먼즈 라이선스 이 저작물은 크리에이티브 커먼즈 저작자표시 4.0 국제 라이선스에 따라 이용할 수 있습니다.
잘못된 내용, 오탈자 및 기타 문의사항은 j1n5uk{at}daum.net으로 연락주시기 바랍니다.
문서의 시작으로 컴퓨터 깨알지식 웹핵 누리집 대문
 __
/ C는 유별나고 결함이 있으며 엄청나게  \
| 성공했다.  |
|  |
| - 데니스 맥칼리스터 리치, C 프로그래밍  |
\ 언어 개발자  /
 --
    \               ,-----._
  .  \         .  ,'        `-.__,------._
 //   \      __\\'                        `-.
((    _____-'___))                           |
 `:='/     (alf_/                            |
 `.=|      |='                               |
    |)   O |                                  \
    |      |                               /\  \
    |     /                          .    /  \  \
    |    .-..__            ___   .--' \  |\   \  |
   |o o  |     ``--.___.  /   `-'      \  \\   \ |
    `--''        '  .' / /             |  | |   | \
                 |  | / /              |  | |   mmm
                 |  ||  |              | /| |
                 ( .' \ \              || | |
                 | |   \ \            // / /
                 | |    \ \          || |_|
                /  |    |_/         /_|
               /__/
.. -- -- | - .. .... | ... / .. .../ ... {] . .. .. .. ..| ...... .../ .../ .. ...... ... ... ] .. [ .../ ..../ ......./ .. ./// ../ ... .. ... .. -- -- | - .. .... | ... / .. .../ ... {] . .. .. .. ..| ...... .../ .../ .. ./// ../ ... .. ... ...| ..../ ./ ... / ..| ....| ........ / ... / .... ...... ... ... ] .. [ .../ ..../ ......./ .....| ..../ ./ ... / ..| ....| ........ / ... / .... ...| ..../ ./ ... / ..| ....| ........ / ... / .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .