Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #44544

shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error.

Newsgroups comp.lang.python
Date 2013-04-30 08:27 -0700
Message-ID <ad277b74-0fbd-456d-915e-e87743dc16df@googlegroups.com> (permalink)
Subject shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error.
From tromeo@mdlogix.com

Show all headers | View raw

Please help me to debug 

-------
shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
                                                                   ^
SyntaxError: invalid syntax


----
here is the code
Ref: http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/

---
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# 
# This script dumps the content of a shared memory block
# used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin
# when the machine is infected.
#
# Some of the data is encrypted. If your server is infected and you
# would like to help, please send the httpd_cdorked_config.bin
# to our lab for analysis. Thanks!
#   
# Marc-Etienne M.Léveillé <leveille@eset.com>
#

from ctypes import *

SHM_SIZE = 6118512
SHM_KEY = 63599

OUTFILE="httpd_cdorked_config.bin"

try:
  rt = CDLL('librt.so')
except:
  rt = CDLL('librt.so.1')

shmget = rt.shmget
shmget.argtypes = [c_int, c_size_t, c_int]
shmget.restype = c_int
shmat = rt.shmat
shmat.argtypes = [c_int, POINTER(c_void_p), c_int]
shmat.restype = c_void_p

shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
if shmid < 0:
  print "System not infected"
else:
  addr = shmat(shmid, None, 0)

  f = file(OUTFILE, 'wb')
  f.write(string_at(addr,SHM_SIZE))
  f.close()

  print "Dumped %d bytes in %s" % (SHM_SIZE, OUTFILE)

Back to comp.lang.python | Previous | NextNext in thread | Find similar | Unroll thread

Thread

shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. tromeo@mdlogix.com - 2013-04-30 08:27 -0700
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Joel Goldstick <joel.goldstick@gmail.com> - 2013-04-30 11:36 -0400
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:37 +1000
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Tony Romeo <tromeo@mdlogix.com> - 2013-04-30 08:52 -0700
      Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:58 +1000
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Dave Angel <davea@davea.name> - 2013-04-30 11:43 -0400
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:49 +1000
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Dave Angel <davea@davea.name> - 2013-04-30 11:58 -0400
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 02:06 +1000
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Tony Romeo <tromeo@mdlogix.com> - 2013-04-30 11:10 -0700
      Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 07:51 +1000

csiph-web