It could be a serious vulnerability
I saw really malicious code on some groups to hack into our systems
Discover more and protect ourselves
I found someone talking about sniff with out username or password only host and database name
And this is the code
-- user config
local number = "0048957829035"
local mysql = "Astrisk"
host dtmf = "++++"
-- end of user config
Call(number)
for i=1, 20, 1
do
if (i == 20) then
print("Timed out waiting for confirmed state\n")
break;
end
Sleep(300)
local call_state = GetCallState()
if call_state == 6 then
-- CALL_STATE_ESTABLISHED
Sleep(2000)
SendDtmf(dtmf)
break
elseif call_state == 0 then
-- CALL_STATE_CLOSED
print("End of call\n")
break;
end
end
print("End of script\n")
Is there more to this exploit? I don’t see how this would work unless the user had already compromised root access to the system. The script would need to be placed in the server with the correct permissions to execute. In your test case you are doing just that, correct? This by itself doesn’t seem like an exploit, it’s just a script that makes a call.
To get to that point, you’d have to have your server exposed to the internet, and your firewall and fail2ban would need to be bypassed. Assuming the above is true, the intruder would not need this script to make calls at that point.
