Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #44545

Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error.

References <ad277b74-0fbd-456d-915e-e87743dc16df@googlegroups.com>
Date 2013-04-30 11:36 -0400
Subject Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error.
From Joel Goldstick <joel.goldstick@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.1179.1367336212.3114.python-list@python.org> (permalink)

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

On Tue, Apr 30, 2013 at 11:27 AM, <tromeo@mdlogix.com> wrote:

>
> Please help me to debug
>
> -------
> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
>                                                                    ^
> SyntaxError: invalid syntax
>
> If you google 0o666 python you see that if some version of python need 0666

It was unclear to me whether this changed after 2.6.  Does anyone else have
experience with this?

>
> ----
> here is the code
> Ref:
> http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
>
> ---
> #!/usr/bin/env python
> # -*- coding: utf-8 -*-
> #
> # This script dumps the content of a shared memory block
> # used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin
> # when the machine is infected.
> #
> # Some of the data is encrypted. If your server is infected and you
> # would like to help, please send the httpd_cdorked_config.bin
> # to our lab for analysis. Thanks!
> #
> # Marc-Etienne M.Léveillé <leveille@eset.com>
> #
>
> from ctypes import *
>
> SHM_SIZE = 6118512
> SHM_KEY = 63599
>
> OUTFILE="httpd_cdorked_config.bin"
>
> try:
>   rt = CDLL('librt.so')
> except:
>   rt = CDLL('librt.so.1')
>
> shmget = rt.shmget
> shmget.argtypes = [c_int, c_size_t, c_int]
> shmget.restype = c_int
> shmat = rt.shmat
> shmat.argtypes = [c_int, POINTER(c_void_p), c_int]
> shmat.restype = c_void_p
>
> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
> if shmid < 0:
>   print "System not infected"
> else:
>   addr = shmat(shmid, None, 0)
>
>   f = file(OUTFILE, 'wb')
>   f.write(string_at(addr,SHM_SIZE))
>   f.close()
>
>   print "Dumped %d bytes in %s" % (SHM_SIZE, OUTFILE)
>
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>



-- 
Joel Goldstick
http://joelgoldstick.com

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. tromeo@mdlogix.com - 2013-04-30 08:27 -0700
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Joel Goldstick <joel.goldstick@gmail.com> - 2013-04-30 11:36 -0400
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:37 +1000
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Tony Romeo <tromeo@mdlogix.com> - 2013-04-30 08:52 -0700
      Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:58 +1000
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Dave Angel <davea@davea.name> - 2013-04-30 11:43 -0400
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:49 +1000
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Dave Angel <davea@davea.name> - 2013-04-30 11:58 -0400
  Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 02:06 +1000
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Tony Romeo <tromeo@mdlogix.com> - 2013-04-30 11:10 -0700
      Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 07:51 +1000

csiph-web