shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) - syntax error.

[tromeo]

Please help me to debug

-------
shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
^
SyntaxError: invalid syntax


----
here is the code
Ref: http://www.welivesecurity.com/2013/...apache-backdoor-in-the-wild-serves-blackhole/

---
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# This script dumps the content of a shared memory block
# used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin
# when the machine is infected.
#
# Some of the data is encrypted. If your server is infected and you
# would like to help, please send the httpd_cdorked_config.bin
# to our lab for analysis. Thanks!
#
# Marc-Etienne M.Léveillé <[email protected]>
#

from ctypes import *

SHM_SIZE = 6118512
SHM_KEY = 63599

OUTFILE="httpd_cdorked_config.bin"

try:
rt = CDLL('librt.so')
except:
rt = CDLL('librt.so.1')

shmget = rt.shmget
shmget.argtypes = [c_int, c_size_t, c_int]
shmget.restype = c_int
shmat = rt.shmat
shmat.argtypes = [c_int, POINTER(c_void_p), c_int]
shmat.restype = c_void_p

shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)
if shmid < 0:
print "System not infected"
else:
addr = shmat(shmid, None, 0)

f = file(OUTFILE, 'wb')
f.write(string_at(addr,SHM_SIZE))
f.close()

print "Dumped %d bytes in %s" % (SHM_SIZE, OUTFILE)

 

[Chris Angelico]

Please help me to debug

In Python 2, just use 0666.

ChrisA

 

[Dave Angel]

Please help me to debug

0o666 is indeed a syntax error. What is that value supposed to be? If
it's intended to be an int that's equal to octal 666, just use 438

 

[Chris Angelico]

0o666 is indeed a syntax error. What is that value supposed to be? If it's
intended to be an int that's equal to octal 666, just use 438

Without checking docs, I would guess that to be Unix file permissions,
which make most sense in octal.

ChrisA

 

[Tony Romeo]

Thank you for the response.

Results after using 0666:


Traceback (most recent call last):
File "dump_cdorked_config.py", line 15, in ?
from ctypes import *
ImportError: No module named ctypes

 

[Dave Angel]

Without checking docs, I would guess that to be Unix file permissions,
which make most sense in octal.

So put the octal description in the comment. I think the Python 2.x
syntax for octal is a travesty. And of course it's non-portable to
Python 3. I would not intentionally leave 0666 in my source code,
unless there was some other overriding reason for it. And then I'd
surround it with snide remarks.

 

[Chris Angelico]

Thank you for the response.

Results after using 0666:


Traceback (most recent call last):
File "dump_cdorked_config.py", line 15, in ?
from ctypes import *
ImportError: No module named ctypes

You really need to offer a lot more information about your environment
What operating system, what Python version, etc, etc? The ctypes
module is listed in the docs as "new in 2.5", so my crystal ball is
saying you quite probably are on Red Hat.

http://docs.python.org/2/library/ctypes.html

ChrisA

 

[Chris Angelico]

So put the octal description in the comment. I think the Python 2.x syntax
for octal is a travesty. And of course it's non-portable to Python 3. I
would not intentionally leave 0666 in my source code, unless there was some
other overriding reason for it. And then I'd surround it with snide
remarks.

Here's a stupid way to convert octal to decimal in Python:
438

Because backslash escapes in strings are, per convention, done in
octal. And actually, on the extremely rare occasions when they're
NOT octal, it's highly confusing.

http://rosuav.blogspot.com.au/2012/12/i-want-my-octal.html

ChrisA

 

[Tony Romeo]

Updating to 2.5+ resolved the error.


Thank you
---



Here is the old info ....:
[mongrel@crms-demo ~]$ rpm -qi python
Name : python Relocations: (not relocatable)
Version : 2.4.3 Vendor: CentOS
Release : 56.el5 Build Date: Wed 09 Jan 2013 06:54:47 AM EST
Install Date: Tue 30 Apr 2013 09:34:22 AM EDT Build Host: builder10.centos.org
Group : Development/Languages Source RPM: python-2.4.3-56.el5.src.rpm
Size : 73121 License: PSF - see LICENSE
Signature : DSA/SHA1, Wed 09 Jan 2013 03:35:41 PM EST, Key ID a8a447dce8562897
URL : http://www.python.org/
Summary : An interpreted, interactive, object-oriented programming language.
Description :
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems (X11, Motif, Tk,
Mac and MFC).

Programmers can write new built-in modules for Python in C or C++.
Python can be used as an extension language for applications that need
a programmable interface. This package contains most of the standard
Python modules, as well as modules for interfacing to the Tix widget
set for Tk and RPM.

Note that documentation for Python is provided in the python-docs
package.

 

[Chris Angelico]

Updating to 2.5+ resolved the error.

Here is the old info ....:
Version : 2.4.3 Vendor: CentOS

Yup, that would be it!

Did you get as far as 2.7? Once you're there, you'll never have to
worry about upgrading Python 2 again (there'll be bugfix releases but
no feature changes). Of course, upgrading to 3.3 would be even better,
but that's likely to involve a lot more work updating your code

ChrisA