Mazuva mashoma apfuura chiziviso icho 11 mapakeji ane kodhi yakaipa akaonekwa muPyPI dhairekitori (Python package index).
Matambudziko asati aonekwa, mapakeji akatorwa kanokwana zviuru makumi matatu nesere muhuwandu Zvinofanira kucherechedzwa kuti mapaketi ane hutsinye akaonekwa akakosha pakushandisa nzira dzakaoma dzekuvanza nzira dzekutaurirana nemaseva evanorwisa.
Mapakeji akawanikwa ndeaya anotevera:
- yakakosha package (6305 downloads) e yakakosha-package (12897): mapakeji aya gadzira chinongedzo kune sevha yekunze pasi pechiratidziro chekubatanidza kune pypi.python.org kupa shell kuwana kune system (reverse shell) uye shandisa trevorc2 chirongwa kuvanza nzira yekutaurirana.
- pptest (10001) uye ipboards (946): yakashandisa DNS senzira yekutaurirana kutumira ruzivo nezve sisitimu (mune yekutanga packet, zita remugamuchiri, dhairekitori rekushanda, yemukati nekunze IP, mune yechipiri, zita rekushandisa uye zita remuenzi).
- owlmoon (3285), DiscordSafety (557) uye yiffparty (1859) - Ziva iyo Discord sevhisi tokeni pane system uye utumire kune wekunze muenzi.
- trrfab (287): Inotumira identifier, zita rekutambira, uye zvirimo zve / etc / passwd, / etc / mauto, / kumba kune wekunze muenzi.
- 10cent10 (490) - Yakagadzira reverse shell yekubatanidza kune wekunze muenzi.
yandex-yt (4183): yakaratidza meseji nezve system yakakanganiswa uye yakadzoserwa kune peji ine rumwe ruzivo nezve mamwe zviito, yakapihwa kuburikidza nda.ya.ru (api.ya.cc).
Zvichipiwa izvi, zvinonzi kunyanya kukoshesa kunofanira kubhadharwa kune nzira yekuwana mauto ekunze ayo anoshandiswa mumapakiti yakakosha package uye yakakosha-package, iyo inoshandisa iyo Fastly content delivery network inoshandiswa muPyPI catalogue kuvanza basa ravo.
Muchokwadi, zvikumbiro zvakatumirwa kune pypi.python.org server (kusanganisira kutsanangura zita repython.org muSNI mukati mekukumbira kweHTTPS), asi zita reseva inodzorwa neanorwisa rakaiswa mumusoro weHTTP "Host. ». Iyo yemukati yekutumira network yakatumira chikumbiro chakafanana kune server yeanorwisa, ichishandisa maparamendi eiyo TLS yekubatanidza kune pypi.python.org kana uchitumira data.
Zvivakwa zve PyPI inofambiswa neiyo Fastly Content Delivery Network, inoshandisa Varnish's transparent proxy kuchengetedza zvakajairwa zvikumbiro, uye inoshandisa CDN-level TLS chitupa kugadzirisa, pane endpoint maseva, kuendesa zvikumbiro zveHTTPS kuburikidza nemumiriri. Zvisinei nekwainoenda, zvikumbiro zvinotumirwa kumumiriri, iyo inozivisa mugadziri anodikanwa neHTTP "Host" musoro, uye mazita ezita remazita akabatana neCDN load balancer IP kero dzakajairwa nevatengi vese Fastly.
Sevha yevanorwisa inonyoresawo neCDN Nekukurumidza, iyo inopa munhu wese zvirongwa zvemahara uye inobvumira kusazivikanwa kunyoreswa. Noently chirongwa chinoshandiswawo kutumira zvikumbiro kune akabatwa pakugadzira "reverse shell", asi zvakatangwa nemurwiri. Kubva kunze, kudyidzana neanorwisa sevha inotaridzika sechikamu chepamutemo neiyo PyPI dhairekitori, yakavharidzirwa nePyPI TLS chitupa. Imwe nzira yakafanana, inozivikanwa se "domain fronting", yakamboshandiswa zvakasimba kuvanza zita remugamuchiri nekupfuura makiyi, uchishandisa sarudzo yeHTTPS yakapihwa pane mamwe maCDN network, ichitsanangura dummy host muSNI uye kupfuudza zita remugamuchiri. muHTTP host musoro mukati mechikamu cheTLS.
Kuvanza chiitiko chakashata, TrevorC2 package yakawedzera kushandiswa, izvo zvinoita kuti kudyidzana neserver kufanane neyakajairwa kubhurawuza pawebhu.
Iwo pptest uye ipboards mapaketi akashandisa nzira yakasiyana yekuvanza network chiitiko, zvichibva pakukodha ruzivo runobatsira muzvikumbiro kuDNS server. Iyo yakaipa software inotumira ruzivo nekuita DNS mibvunzo, iyo data inotumirwa kune yekuraira uye control server inoiswa encoded uchishandisa base64 fomati mune subdomain zita. Anorwisa anogashira mameseji aya nekudzora dhomeini's DNS server.
Chekupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.