Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #44544 > unrolled thread

shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error.

Back to article view | Back to comp.lang.python

Contents

  shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. tromeo@mdlogix.com - 2013-04-30 08:27 -0700
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Joel Goldstick <joel.goldstick@gmail.com> - 2013-04-30 11:36 -0400
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:37 +1000
      Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Tony Romeo <tromeo@mdlogix.com> - 2013-04-30 08:52 -0700
        Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:58 +1000
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Dave Angel <davea@davea.name> - 2013-04-30 11:43 -0400
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 01:49 +1000
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Dave Angel <davea@davea.name> - 2013-04-30 11:58 -0400
    Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 02:06 +1000
      Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Tony Romeo <tromeo@mdlogix.com> - 2013-04-30 11:10 -0700
        Re: shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error. Chris Angelico <rosuav@gmail.com> - 2013-05-01 07:51 +1000

#44544 — shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error.

Please help me to debug 

-------
shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
                                                                   ^
SyntaxError: invalid syntax


----
here is the code
Ref: http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/

---
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# 
# This script dumps the content of a shared memory block
# used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin
# when the machine is infected.
#
# Some of the data is encrypted. If your server is infected and you
# would like to help, please send the httpd_cdorked_config.bin
# to our lab for analysis. Thanks!
#   
# Marc-Etienne M.Léveillé <leveille@eset.com>
#

from ctypes import *

SHM_SIZE = 6118512
SHM_KEY = 63599

OUTFILE="httpd_cdorked_config.bin"

try:
  rt = CDLL('librt.so')
except:
  rt = CDLL('librt.so.1')

shmget = rt.shmget
shmget.argtypes = [c_int, c_size_t, c_int]
shmget.restype = c_int
shmat = rt.shmat
shmat.argtypes = [c_int, POINTER(c_void_p), c_int]
shmat.restype = c_void_p

shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
if shmid < 0:
  print "System not infected"
else:
  addr = shmat(shmid, None, 0)

  f = file(OUTFILE, 'wb')
  f.write(string_at(addr,SHM_SIZE))
  f.close()

  print "Dumped %d bytes in %s" % (SHM_SIZE, OUTFILE)

[toc] | [next] | [standalone]

#44545

[Multipart message — attachments visible in raw view] — view raw

On Tue, Apr 30, 2013 at 11:27 AM, <tromeo@mdlogix.com> wrote:

>
> Please help me to debug
>
> -------
> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
>                                                                    ^
> SyntaxError: invalid syntax
>
> If you google 0o666 python you see that if some version of python need 0666

It was unclear to me whether this changed after 2.6.  Does anyone else have
experience with this?

>
> ----
> here is the code
> Ref:
> http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
>
> ---
> #!/usr/bin/env python
> # -*- coding: utf-8 -*-
> #
> # This script dumps the content of a shared memory block
> # used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin
> # when the machine is infected.
> #
> # Some of the data is encrypted. If your server is infected and you
> # would like to help, please send the httpd_cdorked_config.bin
> # to our lab for analysis. Thanks!
> #
> # Marc-Etienne M.Léveillé <leveille@eset.com>
> #
>
> from ctypes import *
>
> SHM_SIZE = 6118512
> SHM_KEY = 63599
>
> OUTFILE="httpd_cdorked_config.bin"
>
> try:
>   rt = CDLL('librt.so')
> except:
>   rt = CDLL('librt.so.1')
>
> shmget = rt.shmget
> shmget.argtypes = [c_int, c_size_t, c_int]
> shmget.restype = c_int
> shmat = rt.shmat
> shmat.argtypes = [c_int, POINTER(c_void_p), c_int]
> shmat.restype = c_void_p
>
> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
> if shmid < 0:
>   print "System not infected"
> else:
>   addr = shmat(shmid, None, 0)
>
>   f = file(OUTFILE, 'wb')
>   f.write(string_at(addr,SHM_SIZE))
>   f.close()
>
>   print "Dumped %d bytes in %s" % (SHM_SIZE, OUTFILE)
>
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>



-- 
Joel Goldstick
http://joelgoldstick.com

[toc] | [prev] | [next] | [standalone]

#44546

On Wed, May 1, 2013 at 1:27 AM,  <tromeo@mdlogix.com> wrote:
>
> Please help me to debug
>
> -------
> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
>                                                                    ^
> SyntaxError: invalid syntax

In Python 2, just use 0666.

ChrisA

[toc] | [prev] | [next] | [standalone]

#44549

Thank you for the response.

Results after using 0666:


Traceback (most recent call last):
  File "dump_cdorked_config.py", line 15, in ?
    from ctypes import *
ImportError: No module named ctypes

[toc] | [prev] | [next] | [standalone]

#44551

On Wed, May 1, 2013 at 1:52 AM, Tony Romeo <tromeo@mdlogix.com> wrote:
> Thank you for the response.
>
> Results after using 0666:
>
>
> Traceback (most recent call last):
>   File "dump_cdorked_config.py", line 15, in ?
>     from ctypes import *
> ImportError: No module named ctypes

You really need to offer a lot more information about your environment
:) What operating system, what Python version, etc, etc? The ctypes
module is listed in the docs as "new in 2.5", so my crystal ball is
saying you quite probably are on Red Hat.

http://docs.python.org/2/library/ctypes.html

ChrisA

[toc] | [prev] | [next] | [standalone]

#44547

On 04/30/2013 11:27 AM, tromeo@mdlogix.com wrote:
>
> Please help me to debug
>
> -------
> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
>                                                                     ^
> SyntaxError: invalid syntax
>

0o666 is indeed a syntax error.  What is that value supposed to be?  If 
it's intended to be an int that's equal to octal 666, just use 438



-- 
DaveA

[toc] | [prev] | [next] | [standalone]

#44548

On Wed, May 1, 2013 at 1:43 AM, Dave Angel <davea@davea.name> wrote:
> On 04/30/2013 11:27 AM, tromeo@mdlogix.com wrote:
>>
>>
>> Please help me to debug
>>
>> -------
>> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
>>                                                                     ^
>> SyntaxError: invalid syntax
>>
>
> 0o666 is indeed a syntax error.  What is that value supposed to be?  If it's
> intended to be an int that's equal to octal 666, just use 438

Without checking docs, I would guess that to be Unix file permissions,
which make most sense in octal.

ChrisA

[toc] | [prev] | [next] | [standalone]

#44550

On 04/30/2013 11:49 AM, Chris Angelico wrote:
> On Wed, May 1, 2013 at 1:43 AM, Dave Angel <davea@davea.name> wrote:
>> On 04/30/2013 11:27 AM, tromeo@mdlogix.com wrote:
>>>
>>>
>>> Please help me to debug
>>>
>>> -------
>>> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
>>>                                                                      ^
>>> SyntaxError: invalid syntax
>>>
>>
>> 0o666 is indeed a syntax error.  What is that value supposed to be?  If it's
>> intended to be an int that's equal to octal 666, just use 438
>
> Without checking docs, I would guess that to be Unix file permissions,
> which make most sense in octal.
>
>

So put the octal description in the comment.  I think the Python 2.x 
syntax for octal is a travesty.  And of course it's non-portable to 
Python 3.  I would not intentionally leave 0666 in my source code, 
unless there was some other overriding reason for it.  And then I'd 
surround it with snide remarks.


-- 
DaveA

[toc] | [prev] | [next] | [standalone]

#44552

On Wed, May 1, 2013 at 1:58 AM, Dave Angel <davea@davea.name> wrote:
> On 04/30/2013 11:49 AM, Chris Angelico wrote:
>>
>> On Wed, May 1, 2013 at 1:43 AM, Dave Angel <davea@davea.name> wrote:
>>>
>>> On 04/30/2013 11:27 AM, tromeo@mdlogix.com wrote:
>>>>
>>>>
>>>>
>>>> Please help me to debug
>>>>
>>>> -------
>>>> shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
>>>>                                                                      ^
>>>> SyntaxError: invalid syntax
>>>>
>>>
>>> 0o666 is indeed a syntax error.  What is that value supposed to be?  If
>>> it's
>>> intended to be an int that's equal to octal 666, just use 438
>>
>>
>> Without checking docs, I would guess that to be Unix file permissions,
>> which make most sense in octal.
>>
>>
>
> So put the octal description in the comment.  I think the Python 2.x syntax
> for octal is a travesty.  And of course it's non-portable to Python 3.  I
> would not intentionally leave 0666 in my source code, unless there was some
> other overriding reason for it.  And then I'd surround it with snide
> remarks.

Here's a stupid way to convert octal to decimal in Python:

>>> ord("\666")
438

Because backslash escapes in strings are, per convention, done in
octal. :) And actually, on the extremely rare occasions when they're
NOT octal, it's highly confusing.

http://rosuav.blogspot.com.au/2012/12/i-want-my-octal.html

ChrisA

[toc] | [prev] | [next] | [standalone]

#44560

Updating  to 2.5+ resolved the error.


Thank you
---



Here is the old info ....:
[mongrel@crms-demo ~]$ rpm -qi python
Name        : python                       Relocations: (not relocatable)
Version     : 2.4.3                             Vendor: CentOS
Release     : 56.el5                        Build Date: Wed 09 Jan 2013 06:54:47 AM EST
Install Date: Tue 30 Apr 2013 09:34:22 AM EDT      Build Host: builder10.centos.org
Group       : Development/Languages         Source RPM: python-2.4.3-56.el5.src.rpm
Size        : 73121                            License: PSF - see LICENSE
Signature   : DSA/SHA1, Wed 09 Jan 2013 03:35:41 PM EST, Key ID a8a447dce8562897
URL         : http://www.python.org/
Summary     : An interpreted, interactive, object-oriented programming language.
Description :
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems (X11, Motif, Tk,
Mac and MFC).

Programmers can write new built-in modules for Python in C or C++.
Python can be used as an extension language for applications that need
a programmable interface. This package contains most of the standard
Python modules, as well as modules for interfacing to the Tix widget
set for Tk and RPM.

Note that documentation for Python is provided in the python-docs
package.

[toc] | [prev] | [next] | [standalone]

#44568

On Wed, May 1, 2013 at 4:10 AM, Tony Romeo <tromeo@mdlogix.com> wrote:
> Updating  to 2.5+ resolved the error.
>
> Here is the old info ....:
> Version     : 2.4.3                             Vendor: CentOS

Yup, that would be it!

Did you get as far as 2.7? Once you're there, you'll never have to
worry about upgrading Python 2 again (there'll be bugfix releases but
no feature changes). Of course, upgrading to 3.3 would be even better,
but that's likely to involve a lot more work updating your code :)

ChrisA

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web