pr00f Posted March 28, 2016 Report Share Posted March 28, 2016 Quote A few days ago I stumbled upon a classic blog post covering common recommendations for hardening a fresh new Linux server: install fail2ban, disable SSH password authentication, randomize SSH port, configure iptables, etc. That got me thinking: what would happen if I did exactly the opposite? Of course the most common result is to fall victim to a botnet that is scanning a wide range of public IP addresses, hoping to find some poorly configured service to attack with brute force (SSH or Wordpress to name a few). But what actually happens when you are the victim of one of these simple attacks? What does an attacker do? This post tries to answer these questions by analyzing an actual attack on our servers, captured entirely with sysdig. So let’s go fishing! Source: https://sysdig.com/blog/fishing-for-hackers/ $ sysdig -r trace.scap.gz -A -c echo_fds fd.filename=.sloboz.pdf ------ Write 3.89KB to /run/shm/.sloboz.pdf #!/usr/bin/perl #################################################################################################################### #################################################################################################################### ## Undernet Perl IrcBot v1.02012 bY DeBiL @RST Security Team ## [ Help ] ######################################### ## Stealth MultiFunctional IrcBot Writen in Perl ##################################################### ## Teste on every system with PERL instlled ## !u @system ## ## ## !u @version ## ## This is a free program used on your own risk. ## !u @channel ## ## Created for educational purpose only. ## !u @flood ## ## I'm not responsible for the illegal use of this program. ## !u @utils ## #################################################################################################################### ## [ Channel ] #################### [ Flood ] ################################## [ Utils ] ######################### #################################################################################################################### ## !u !join <#channel> ## !u @udp1 <ip> <port> <time> ## !su @conback <ip> <port> ## ## !u !part <#channel> ## !u @udp2 <ip> <packet size> <time> ## !u @downlod <url+path> <file> ## ## !u !uejoin <#channel> ## !u @udp3 <ip> <port> <time> ## !u @portscan <ip> ## ## !u !op <channel> <nick> ## !u @tcp <ip> <port> <packet size> <time> ## !u @mail <subject> <sender> ## ## !u !deop <channel> <nick> ## !u @http <site> <time> ## <recipient> <message> ## ... 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted March 28, 2016 Report Share Posted March 28, 2016 E clasica asta cu "sloboz.pdf" 3 Quote Link to comment Share on other sites More sharing options...
quantum Posted March 31, 2016 Report Share Posted March 31, 2016 (edited) Dar mai exista undernet ? Edited March 31, 2016 by quantum Quote Link to comment Share on other sites More sharing options...
TheOne Posted March 31, 2016 Report Share Posted March 31, 2016 ahahaha ce lucreaza baieti Quote Link to comment Share on other sites More sharing options...
