Nuclei – Open-source project

79 x served & 1 x viewed

J’ai vu ce logs :

104.168.102.21 - - [17/Jan/2022:00:20:25 +0100] "GET /%0D%0ASet-Cookie:crlfinjection=crlfinjection HTTP/1.1" 302 5553 "-" "Nuclei - Open-source project (github.com/projectdiscovery/nuclei)"

Mon reflexe :

iptables -A INPUT -s 104.168.102.21 -j DROP

Martin Blachier, le rassuriste qui désinforme.

152 x served & 4 x viewed

Martin Blachier le 6 déc. 2021 : « Noël sera dans une phase descendante de l’épidémie » .

La courbe aujourd’hui : https://covidtracker.fr/

A voir aussi :

 

Logs d’une attaque IP de la Russie (45.146.165.37)

102 x served & 30 x viewed

C’est espacé dans le temps afin de ne pas être bloqué.
Voici les logs :

45.146.165.37 - - [04/Jan/2022:00:09:45 +0100] "GET / HTTP/1.1" 302 5557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:00:09:52 +0100] "GET /user/auth/login HTTP/1.1" 200 13390 "https://80.15.48.50:443/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:01:41:03 +0100] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 5635 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:03:24:01 +0100] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 302 218 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:03:24:01 +0100] "GET /user/auth/login HTTP/1.1" 200 8198 "http://80.15.48.50:80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:03:57:36 +0100] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:03:57:50 +0100] "GET /user/auth/login HTTP/1.1" 200 8198 "http://80.15.48.50:80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:04:14:43 +0100] "GET /solr/admin/info/system?wt=json HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:04:14:43 +0100] "GET /user/auth/login HTTP/1.1" 200 8198 "http://80.15.48.50:80/solr/admin/info/system?wt=json" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:04:59:21 +0100] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:04:59:22 +0100] "GET /user/auth/login HTTP/1.1" 200 8193 "http://80.15.48.50:80/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:05:56:50 +0100] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:05:56:51 +0100] "GET /user/auth/login HTTP/1.1" 200 8195 "http://80.15.48.50:80/?XDEBUG_SESSION_START=phpstorm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:07:45:21 +0100] "GET /_ignition/execute-solution HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:07:45:22 +0100] "GET /user/auth/login HTTP/1.1" 200 8194 "http://80.15.48.50:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:08:44:47 +0100] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:09:07:16 +0100] "GET / HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:09:07:17 +0100] "GET /user/auth/login HTTP/1.1" 200 8198 "http://80.15.48.50:80/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:09:47:57 +0100] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 302 5369 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:11:53:49 +0100] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 302 5557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:13:06:48 +0100] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 302 5557 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:13:07:05 +0100] "GET /user/auth/login HTTP/1.1" 200 13388 "https://80.15.48.50:443/?XDEBUG_SESSION_START=phpstorm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.37 - - [04/Jan/2022:13:52:16 +0100] "POST /mifs/.;/services/LogService HTTP/1.1" 302 5369 "https://80.15.48.50:443" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

Ce qu’il faut faire:

iptables -A INPUT -s 45.146.165.37 -j DROP

Migration d’un fichier PST (Outlook) vers Thunderbird Linux

60 x served & 10 x viewed

Etape 1 : Mettre en place le bon soft :

# sudo apt-get -y install pst-utils

Etape 2 : Conversion :

# readpst -u backup-2021.pst
# find out -type d | tac | grep -v '^out$' | xargs -d '\n' -I{} mv {} {}.sbd
# find out -name mbox -type f | xargs -d '\n' -I{} echo '"{}" "{}"' | sed -e 's/\.sbd\/mbox"$/"/' | xargs -L 1 mv
# find out -empty -type d | xargs -d '\n' rmdir
# find out -type d | egrep '*.sbd' | sed 's/.\{4\}$//' | xargs -d '\n' touch
# mv out/Boîte\ de\ réception.sbd/ ../snap/thunderbird/common/.thunderbird/zy3zk9ms.default/Mail/Local\ Folders/.
# touch ../snap/thunderbird/common/.thunderbird/zy3zk9ms.default/Mail/Local\ Folders/Boîte\ de\ réception
# touch ../snap/thunderbird/common/.thunderbird/zy3zk9ms.default/Mail/Local\ Folders/Boîte\ de\ réception.msf

A noter que le ID : zy3zk9ms n’est pas le même suivant les installations. Et aussi j’ai une installation sous snap, donc le répertoire n’est pas standard.

J’ai 42 Go d’email :

# du -sh ../snap/thunderbird/common/.thunderbird/zy3zk9ms.default/Mail/Local\ Folders/
42G	../snap/thunderbird/common/.thunderbird/zy3zk9ms.default/Mail/Local Folders/

Misère.