Wesley, [28 feb. 2017 10:11]: 501 cat /usr/local/sshdaemon/scripts/wpddos.sh

1. Wesley, [28 feb. 2017 10:11]:
2. 501 cat /usr/local/sshdaemon/scripts/wpddos.sh
3. 502 cat /etc/mysql-proxy.sh
4. 503 curl http://sshd.denkers-ict.nl/wpddosfilter
5. 504 cat /etc/mysql-proxy.sh
6. 505 cat /etc/mysql-proxy.cnf
7. 506 cat /etc/mysql-proxy2.cnf
8. 507 hostname -I
9. 508 cd /etc/ssh
10. 509 ls
11. 510 ls -al
12. 511 cat sshd_config
13. 512 ssh 159.253.5.23
14. 513 ssh 159.253.5.23 -p 8425
15. 514 cd /var/log
16. 515 ls -al
17. 516 cat secure-20170216 | grep Accept
18. 517 cat mysql-proxy2.log
19. 518 drwxr-xr-x. 2 root root 4096 Feb 18 03:19 proftpd
20. 519 tail -10 loadkillerlogging
21. 520 ls -al
22. 521 cat httprytitaniumraceparts.nl
23. 522 ls -al
24. 523 cd directadmin
25. 524 ls
26. 525 ls -al
27. 526 cat login.log | tail -10
28. 527 cat security.log
29. 528 su -a admin
30. 529 su - admin
31. 530 passwd
32. 531 cd /etc/ssh
33. 532 ls
34. 533 ls -al
35. 534 cat ssh_host_key
36. 535 PuTTYPuTTYPuTTYPuTTY6cPuTTYPuTTY
37. 536 ls -al
38. 537 cat sshd_config
39. 538 nano sshd_config
40. 539 nano /etc/passwd
41. 540 cat /etc/shadow | grep admin
42. 541 cat /etc/shadow | grep admin\|root
43. 542 cat /etc/shadow | grep admin|root
44. 543 cat /etc/shadow | grep "admin\|root"
45. 544 cd ~
46. 545 ls -al
47. 546 cd sqlrestore
48. 547 ls -al
49. 548 cd ..
50. 549 cat .bash_history
51. 550 cat /usr/local/directadmin/conf/mysql.conf
52. 551 mysql -uda_admin -p
53. 552 hostname -I
54. 553 ssh 10.3.1.151
55. 554 cat /usr/local/directadmin/scripts/setup.txt
56. 555 cd /usr/local/directadmin/scripts
57. 556 ls -al
58. 557 cat mysql.sh
59. 558 cd ..
60. 559 ls
61. 560 cd conf
62. 561 ls
63. 562 ls -al
64. 563 cat directadmin.conf
65. 564 ls
66. 565 cat my.cnf
67. 566 cat mysql.conf
68. 567 ssh 10.3.1.157
69. 568 ssh 10.3.1.171
70. 569 ssh 10.3.1.157
71. 570 ssh 10.3.1.155
72. 571 ssh 10.3.1.154
73. 572 ssh 10.3.1.160
74. 573 ssh 10.3.1.15
75. 574 ssh 10.3.1.191
76. 575 ssh 10.3.1.192
77. 576 ssh 10.3.1.198
78. 577 ssh 10.3.1.200
79. 578 ssh 10.3.1.199
80. 579 ssh 10.3.1.198
81. 580 ssh 10.3.1.197
82. 581 ssh 10.3.1.199
83. 582 curl http://vserver1.axc.nl/installrestore.sh
84. 583 curl http://vserver74.axc.nl/user_index.txt
85. 584 cat /usr/local/sshdaemon/scripts/wpddos.sh
86. 585 cd /usr/local/sshdaemon
87. 586 ls -al
88. 587 cat dsshdaemon
89. 588 ls -a
90. 589 lls -al
91. 590 ls -al
92. 591 cat commands.txt
93. 592 cat /usr/local/sshdaemon/scripts/purge.sh
94. 593 cat statusbackup.sh
95. 594 ls -al
96. 595 cd scripts
97. 596 ls -al
98. 597 cat cleanhome.sh
99. 598 cat top.sh
100. 599 cd ..
101. 600 ls
102. 601 cat commands.txt
103. 602 cat /usr/local/sshdaemon/scripts/set54.sh
104. 603 cat /usr/local/sshdaemon/scripts/wpddos.sh
105. 604 cat /usr/local/sshdaemon/scripts/leegvar.sh
106. 605 grep arpox.nl *
107. 606 ls
108. 607 cd sc*
109. 608 grep arpox.nl *
110. 609 ssh root@10.3.1.157
111. 610 exit
112. 611 last -10
113. 612 ls -al
114. 613 cd .ssh
115. 614 ls -al
116. 615 cat id_rsa
117. 616 ssh 10.3.1.157
118. 617 ssh 10.3.1.157 -i .ssh/id_rsa
119. 618 ls -a
120. 619 cat authorized_keys
121. 620 ssh 10.3.1.157 -i .ssh/id_rsa
122. 621 cat authorized_keys
123. 622 nano au*
124. 623 ls -al
125. 624 cat id_rsa.pub
126. 625 ssh
127. 626 ssh vserver142.axc.nl
128. 627 ssh vserver142.axc.nl 8425
129. 628 ssh vserver142.axc.nl -8425
130. 629 ssh vserver142.axc.nl -p 8425
131. 630 ssh vserver143.axc.nl -p 8425
132. 631 ls -al
133. 632 cat known_hosts
134. 633 ssh 10.3.1.157
135. 634 ssh localhost
136. 635 ssh localhost -p 8425
137. 636 ls -al
138. 637 history
139. 638 ssh 10.3.1.157
140. 639 ssh 10.3.1.156
141. 640 ssh 10.3.1.157
142. 641 ssh 10.3.1.155
143. 642 ls
144. 643 ls -al
145. 644 cat a*
146. 645 pwd
147. 646 cat /etc/passwd
148. 647 su - admin
149. 648 cd /root
150. 649 ls -al
151. 650 cat .mysql_history
152. 651 cat /usr/local/directadmin/conf/mysql.conf
153. 652 hostname -I
154. 653 ssh 10.3.1.157
155. 654 cat /usr/local/directadmin/conf/mysql.conf
156. 655 hostname -I
157. 656 ssh 10.3.1.171
158. 657 ssh 10.3.1.156
159. 658 hostname
160. 659 ssh 10.3.1.156
161. 660 ssh 10.3.1.155
162. 661 ssh 10.3.1.151
163. 662 ssh 10.3.1.140
164. 663 ssh 10.3.1.148
165. 664 ssh 159.253.5.23
166. 665 ssh 159.253.5.23 -p 8425
167. 666 nano /usr/local/directadmin/conf/mysql.conf
168. 667 nano /usr/local/directadmin/conf/directadmin.conf
169.  
170. 668 cat /usr/local/directadmin/data/admin/ip.list
171. 669 cat /etc/scripts/parseversions.sh
172. 670 ping arpox.nl
173. 671 mysql -h arpox.nl -pdAf4ASycD9ftW9BW -u versio
174. 672 uname -n
175. 673 cat /usr/local/sshdaemon/scripts/dns.sh
176. 674 host %var1%
177. 675 hostname
178. 676 cat /usr/local/sshdaemon/scripts/resetuser.sh
179. 677 cat /usr/local/directadmin/dataskq
180. 678 ssh 10.3.1.199
181. 679 history
182. 680 mysql -h arpox.nl -pdAf4ASycD9ftW9BW -u versio
183. 681 mysql -h 10.3.1.199 -pzjvtw8pj
184. 682 mysql -h 10.3.1.199 -pzjvtw8pj -u root
185. 683 w
186. 684 history
187. 685 free -m
188. 686 ps aux
189. 687 exit
190.  
191. Last login op root ook vanaf een gaar IP:
192.  
193. root pts/2 125.166.211.108 Sat Feb 18 18:44 - 21:21 (02:36)
194. root pts/2 125.166.211.108 Sat Feb 18 09:39 - 12:50 (03:11)
195. root pts/3 125.166.211.108 Sat Feb 18 08:00 - 08:56 (00:55)
196. root pts/2 125.166.211.108 Sat Feb 18 07:11 - 08:57 (01:46)
197. [root@vserver149 ~]#