Re: SSH bruteforce on its way...
From: Bryan Hatter (bryan.madhatter_at_gmail.com)
Date: 10/25/05
- Previous message: Lionel Ferette: "Re: SSH bruteforce on its way..."
- In reply to: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Oct 2005 15:22:21 -0500 To: "Michael.Lang@jackal-net.at" <Michael.Lang@jackal-net.at>
I've got a mirror of the ssh brute force script used to ruin the scans
if anyone's interested.
The files were pulled from the source website used to copy the files
to a compromised
system.
Regards,
Bryan
On 25 Oct 2005 07:29:26 -0000, Michael.Lang@jackal-net.at
<Michael.Lang@jackal-net.at> wrote:
> Hi Volker,
>
> ive started a honey Machine for your answer on, what are they doing with captured machines ...
>
> just after some hours the Machine was up the first attempts where made, probing for useable machines, only one attempt was a *human* login with interaction. I've used sudosh for logging the bash session and first assumption is that the person which was using the shell didnt know to much about Unix as log cleaning was made with scripts downloaded from geocities and the bash_history was forgotten.
> I've put the session data on a website (http://www.jackal-net.at/tiki-read_article.php?articleId=20) where you can see what i've setup and what the guys where doing. (currently only one session is online but i'm sure, others will follow :) ... )
>
> Kind regards
> Michael Lang
>
- Previous message: Lionel Ferette: "Re: SSH bruteforce on its way..."
- In reply to: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
