Install Honeypot pada Virtual Mesin di Cloud (Google Cloud Platfrom)

Posted by : Arifah Nur Ainia


 

Tugas Installasi Honeypot

1. Install Snare, Tanner, and Cowrie pada Virtual Machine di Cloud (AWS, Azure, or GCP)
2. Jalankan selama minimal 2 hari
3. Matikan semua VM
4. Analisis log yang didapatkan dan tulislah laporannya dan kumpulkan dalam format PDF

 Jadi disini saya menggunakan Google Cloud Platform

  1. Cloud
     Google Cloud merupakan salah satu provider layanan Cloud Computing 
    terbesar di dunia yang mengandalkan infrastruktur dari Google.

Untuk membuat akun GCP sangat mudah, kalian bisa melihat tutorialnya 
disitus lain/youtube. Untuk 90 hari pertama kalian akan mendapatkan Free trial credit
Out of IDR4,670,101.
Saat awal mendaftar anda wajib menginput credit card / debit card Anda, namun 
jangan khawatir, saldo anda tidak akan berkurang jika sudah disetting. 
Untuk penyettingan hal tersebut Anda bisa searching di Google ya....
Ok setelah berhasil mendaftar GCP, langkah selanjutnya adalah membuat
VM dengan Google Cloud Platform (GCP) caranya lihat pada gambar dibawah ini.
klik gambar untuk memperbesar

 Klik garis 3 dipojok kiri atas > klik Compute Engine > Klik VM Intances 
> Creat Intances.
Setelah itu setting VM sebagai berikut / sesuai kebutuhan kalian:
Name                         : kelompok2 (sesuai yang diinginkan)
Region                       : Las Vegas (sesuai yang diinginkan)
Zona                          : us-west4-b (sesuai yang diinginkan)
Series                        : E2
Machine type              : e2-micro (2 vCPU + 1 GB memory)
Operating System       : Ubuntu
Version                        : Ubuntu 18.04 LTS

Size                            : 10 GB

Firewall                        : Allow HTTP traffic& Allow HTTPS traffic (centang)

setelah  itu klik tombol create.

klik tombol SSH untuk menjalankan VM.

setelah VM muncul lanjut install phpox, tanner, snare, dan cowrie.


Installing Snare and its dependencies

•Open a terminal

•Type the following command:

namaVM@kelompok2:~$ sudo su
root@kelompok2:/home/namaVM# sudo apt install python3 python3-dev 
python3-pip git build-essential

(tunggu hingga proses install selesai)


Install PHP Sandbox 

•Type the following commands:

root@kelompok2:/home/namaVM# sudo apt install python3-aiohttp

root@kelompok2:/home/namaVM# git clone https://github.com/mushorg

/phpox.git

root@kelompok2:/home/namaVM# cd phpox

root@kelompok2:/home/namaVM/phpox# make

•Run sandbox.py:

root@kelompok2:/home/namaVM/phpox# sudo python3 sandbox.py 

klik gambar untuk memperbesar
Karena sudah kami install maka disini kami hanya masuk root > 

masuk directory phpox > lalu menjalankan sandbox.py dan tampilannya 

seperti gambar diatas.

Lalu diamkan terminal tersebut dan kita buka terminal baru lagi 

untuk menginstall tanner. 


Installing Tanner

(1. Redis)

buka terminal baru, dengan mengklik tombol SSH di VM GCP.

• Install Redis

namaVM@kelompok2:~$ sudo su

root@kelompok2:/home/namaVM# sudo apt install redis-server

•Run Redis Server

root@kelompok2:/home/namaVM# redis-server


(2. Setup Tanner)

•Download Tanner

root@kelompok2:/home/namaVM# git clone https://github.com/mushorg/tanner.git

•Go into the downloaded folde

root@kelompok2:/home/namaVM# cd tanner

•Install the requirements:

root@kelompok2:/home/namaVM/tanner# sudo pip3 install –r requirements.txt

•Install Tanner:

root@kelompok2:/home/namaVM/tanner# sudo python3 setup.py install

•Run Tanner (by default it uses port 8090)

root@kelompok2:/home/namaVM/tanner# sudo tanner

klik gambar untuk memperbesar
 Karena sudah kami install maka disini kami hanya masuk root 

> masuk directory tanner > lalu menjalankan tanner dan tampilannya 

seperti gambar diatas.

Lalu diamkan terminal tersebut dan kita buka terminal baru lagi untuk 

menginstall cowrie.


Installing Cowrie

Buka terminal baru, dengan mengklik tombol SSH di VM GCP.

  • Do the update and upgrade

root@kelompok2:/home/namaVM# sudo apt-get update && sudo apt-get upgrade -y

  • Install the Git, docker-compose and Docker at host machine

root@kelompok2:/home/namaVM# sudo apt-get install docker.io git docker-compose

  • Do the cloning of git csc-isac/Honeypot_docker

root@kelompok2:/home/namaVM# git clone https://github.com/csc-isac

/Honeypot_Docker.git

  • Go to Honeypot_Docker/HP folder and do some modification to Dockerfile

root@kelompok2:/home/namaVM#$ cd Honeypot_Docker

  • Do some modification for Cowrie with: 

root@kelompok2:/home/namaVM/Honeypot_Docker# nano Cowrie/Dockerfile

sesuaikan seperti gambar diatas. Hapus pagar (#) untuk mengaktifkan command 

dan tambahin pagar untuk mematikan command.

setelah sesuai, lalu klik Ctrl + X > tekan Y untuk menyimpan file yang telah diatur 

dan Enter.

  • Save the setting and then change the simpleRun.sh privilege to add execute 

    with chmod and run it

root@kelompok2:/home/namaVM/Honeypot_Docker# chmod +x simpleRun.sh && 

./simpleRun.sh

  • do ssh connection to your IP user root and port 22

root@kelompok2:/home/namaVM/Honeypot_Docker# ssh root@YourIP -p 22


Installing SNARE
buka terminal baru, dengan mengklik tombol SSH di VM GCP
•Download Snare

namaVM@kelompok2:~$ sudo su

root@kelompok2:/home/namaVM# git clone https://github.com/mushorg

/snare.git

root@kelompok2:/home/namaVM# cd snare

•Install the requirements:

root@kelompok2:/home/namaVM/snare# sudo pip3 install –r requirements.txt

•Install Snare:

root@kelompok2:/home/namaVM/snare# sudo python3 setup.py install

  • Clone a website

•Run the following command to clone a website:

root@kelompok2:/home/namaVM/snare# sudo clone --target http://example.com 

--path <path to base dir>

bagian yang harus diganti pada command diatas:
<path to base dir> menjadi /opt/local/snare

command yang telah kami ubah menjadi seperti ini : 

root@kelompok2:/home/namaVM/snare# sudo clone --target http://info.cern.ch 

--path /opt/local/snare

Hasil website yang telah diclone tampilannya seperti gambar diatas.


Running Snare

saat merunning snare pastikan tanner sudah berjalan. Jika tidak akan error. 

•Type the following command:

root@kelompok2:/home/namaVM/snare# sudo snare --port 80 --page-dir 

example.com --path path_to_base_dir --tanner localhost --host-ip 0.0.0.0


bagian yang harus diganti pada command diatas:
path_to_base_dir menjadi /opt/local/snare

command yang telah kami ubah menjadi seperti ini : 

root@kelompok2:/home/namaVM/snare# sudo snare --port 80 --page-dir 

 info.cern.ch --path /opt/local/snare --tanner localhost --host-ip 0.0.0.0


tampilan snare yang telah di run seperti pada gambar diatas.


Analysing attacker activities

•Open snare.log inside the Snare base directory

root@kelompok2:/home/namaVM/snare# cd /opt/local/snare/snare

root@kelompok2:/opt/local/snare/snare# ls

Hasil command ls:
clone.log  pages  snare.cfg  snare.err  snare.log  snare.pid  snare.uuid

root@kelompok2:/opt/local/snare/snare# nano snare.log



Versi ubuntu


Referensi jika terjadi error : 


VM GCP yang diatas merupakan percobaan yang ke 2. Awalnya kami membuat

 VM GCP dengan pengaturan yang berbeda dengan yang diatas. Perbedaan 

tersebut seperti tempat servernya yang di Jakarta, Machine Type nya e2-small, 

dan lain-lain. 

Error yang kami dapatkan tertulis : TypeError: function() argument 'code' must be 

code, not str

Tampilanya seperti pada gambar dibawah ini :


Karena keterbatasan kami dalam mengatasi maka solusi yang kami putuskan 

adalah mebuat VM cloud baru. Error tersebut muncul mungkin bisa jadi karena

 saat menginstal tidak di sudo su.


Hasil snare.log : 




  1. 2022-11-24 11:18:44 DEBUG:asyncio:_init_: Using selector: EpollSelector

  2. 2022-11-24 11:19:15 DEBUG:asyncio:_init_: Using selector: EpollSelector

  3. 2022-11-24 11:25:06 DEBUG:asyncio:_init_: Using selector: EpollSelector

  4. 2022-11-24 14:39:42 DEBUG:asyncio:_init_: Using selector: EpollSelector

  5. 2022-11-24 14:46:43 DEBUG:asyncio:_init_: Using selector: EpollSelector

  6. 2022-11-24 14:57:11 DEBUG:asyncio:_init_: Using selector: EpollSelector

#Message ini berasal dari library asyncio yang merupakan bawaan dari Python 3.

  1. 2022-11-24 14:57:11 DEBUG:git.cmd:execute: Popen(['git', 'fetch', '-v', 'origin'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=True, shell=None, istream=None)

  2. 2022-11-24 14:57:11 DEBUG:git.cmd:execute: Popen(['git', 'cat-file', '--batch-check'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=False, shell=None, istream=<v$

  3. 2022-11-24 15:34:32 DEBUG:asyncio:_init_: Using selector: EpollSelector

  4. 2022-11-24 15:34:32 DEBUG:git.cmd:execute: Popen(['git', 'fetch', '-v', 'origin'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=True, shell=None, istream=None)

  5. 2022-11-24 15:34:32 DEBUG:git.cmd:execute: Popen(['git', 'cat-file', '--batch-check'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=False, shell=None, istream=<v$

  6. 2022-11-24 15:50:22 DEBUG:asyncio:_init_: Using selector: EpollSelector

  7. 2022-11-24 15:50:22 DEBUG:git.cmd:execute: Popen(['git', 'fetch', '-v', 'origin'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=True, shell=None, istream=None)

  8. 2022-11-24 15:50:22 DEBUG:git.cmd:execute: Popen(['git', 'cat-file', '--batch-check'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=False, shell=None, istream=<v$

  9. 2022-11-24 18:42:31 DEBUG:asyncio:_init_: Using selector: EpollSelector

  10. 2022-11-24 18:42:31 DEBUG:git.cmd:execute: Popen(['git', 'fetch', '-v', 'origin'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=True, shell=None, istream=None)

  11. 2022-11-24 18:42:31 DEBUG:git.cmd:execute: Popen(['git', 'cat-file', '--batch-check'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=False, shell=None, istream=<v$

  12. 2022-11-24 19:22:54 DEBUG:asyncio:_init_: Using selector: EpollSelector

  13. 2022-11-24 19:24:58 DEBUG:asyncio:_init_: Using selector: EpollSelector

  14. 2022-11-24 19:24:58 DEBUG:git.cmd:execute: Popen(['git', 'fetch', '-v', 'origin'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=True, shell=None, istream=None)

  15. 2022-11-24 19:24:59 DEBUG:git.cmd:execute: Popen(['git', 'cat-file', '--batch-check'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=False, shell=None, istream=<v$

#Terdapat log dari IP 162.142.125.212 yang mencoba mengakses pada tanggal  24/Nov/2022:19:27:47 menggunakan metode GET

Cek IP 162.142.125.212 menggunakan https://whatismyipaddress.com


  1. 2022-11-24 19:27:47 INFO:snare.server:handle_request: Request path: /

  2. 2022-11-24 19:27:47 INFO:aiohttp.access:log: 162.142.125.212 [24/Nov/2022:19:27:47 +0000] "GET / HTTP/1.1" 200 872 "-" "-"

#Selanjutnya dapat dilihat pada log berikut hasil scan dari Censys. Adapun Censys dapat membantu mempelajari Internet secara akurat. Data yang dikumpulkan Censys terkadang digunakan untuk mendeteksi masalah keamanan dan memberi tahu tentang sistem yang rentan agar dapat diperbaiki.

Dari log ini dapat diketahui bahwa IP 162.142.125.212 mencoba mengakses menggunakan web browser Mozilla 5.0 

  1. 2022-11-24 19:27:47 INFO:snare.server:handle_request: Request path: /

  2. 2022-11-24 19:27:47 INFO:aiohttp.access:log: 162.142.125.212 [24/Nov/2022:19:27:47 +0000] "GET / HTTP/1.1" 200 872 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +http$

  3. 2022-11-24 19:27:47 INFO:snare.server:handle_request: Request path: /favicon.ico

  4. 2022-11-24 19:27:47 INFO:aiohttp.access:log: 162.142.125.212 [24/Nov/2022:19:27:47 +0000] "GET /favicon.ico HTTP/1.1" 404 372 "-" "Mozilla/5.0 (compatible; CensysInspect$

  5. 2022-11-24 19:38:42 INFO:snare.server:handle_request: Request path: /

#Dapat dilihat pada log tersebut IP 141.255.166.2 mencoba mengakses "Hello World" pada file index.php di folder /html/recordings/index.php

  1. 2022-11-24 19:38:42 INFO:aiohttp.access:log: 141.255.166.2 [24/Nov/2022:19:38:42 +0000] "GET / HTTP/1.1" 200 872 "-" "Hello World"

  2. 2022-11-24 20:01:34 INFO:snare.server:handle_request: Request path: /html/recordings/index.php

  3. 2022-11-24 20:01:34 INFO:aiohttp.access:log: 72.251.235.152 [24/Nov/2022:20:01:34 +0000] "GET /html/recordings/index.php HTTP/1.0" 404 353 "-" "xfa1"

#Dapat dilihat pada log berikut IP 192.241.193.136 mencoba melakukan login pada website menggunakan username dan password berikut

  1. 2022-11-24 20:23:55 INFO:snare.server:handle_request: Request path: /actuator/health

  2. 2022-11-24 20:23:55 INFO:aiohttp.access:log: 192.241.193.136 [24/Nov/2022:20:23:55 +0000] "GET /actuator/health HTTP/1.1" 404 353 "-" "Mozilla/5.0 zgrab/0.x"

  3. 2022-11-24 20:33:09 INFO:snare.server:handle_request: Request path: /hudson

  4. 2022-11-24 20:33:09 INFO:aiohttp.access:log: 192.241.201.68 [24/Nov/2022:20:33:09 +0000] "GET /hudson HTTP/1.1" 404 353 "-" "Mozilla/5.0 zgrab/0.x"

  5. 2022-11-24 20:38:04 INFO:snare.server:handle_request: Request path: /boaform/admin/formLogin

  6. 2022-11-24 20:38:04 INFO:snare.server:handle_request: POST data:

  7. 2022-11-24 20:38:04 INFO:snare.server:handle_request:   - username: admin

  8. 2022-11-24 20:38:04 INFO:snare.server:handle_request:   - psd: Feefifofum

  9. 2022-11-24 20:38:04 INFO:aiohttp.access:log: 185.246.221.138 [24/Nov/2022:20:38:04 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 404 353 "http://34.125.193.107:80/admi$

  10. 2022-11-24 20:41:56 INFO:snare.server:handle_request: Request path: /

  11. 2022-11-24 20:41:56 INFO:aiohttp.access:log: 3.235.76.241 [24/Nov/2022:20:41:56 +0000] "GET / HTTP/1.1" 200 891 "-" "Mozilla/5.0 (Linux; Android 4.4.2; GT-N8000) AppleWe$

  12. 2022-11-24 20:50:51 INFO:snare.server:handle_request: Request path: /

  13. 2022-11-24 20:50:51 INFO:aiohttp.access:log: 141.255.166.2 [24/Nov/2022:20:50:51 +0000] "GET / HTTP/1.1" 200 872 "-" "Hello World"

  14. 2022-11-24 21:08:47 INFO:snare.server:handle_request: Request path: /

  15. 2022-11-24 21:08:47 INFO:aiohttp.access:log: 193.47.61.60 [24/Nov/2022:21:08:47 +0000] "GET / HTTP/1.1" 200 872 "-" "-"

  16. 2022-11-24 21:27:45 INFO:snare.server:handle_request: Request path: /

  17. 2022-11-24 21:27:45 INFO:aiohttp.access:log: 3.235.76.241 [24/Nov/2022:21:27:45 +0000] "GET / HTTP/1.1" 200 891 "-" "Mozilla/5.0 (Linux; Android 9; LM-V405) AppleWebKit/$

  18. 2022-11-24 21:29:00 INFO:snare.server:handle_request: Request path: /cgit

  19. 2022-11-24 21:29:00 INFO:aiohttp.access:log: 179.43.177.154 [24/Nov/2022:21:29:00 +0000] "GET /cgit HTTP/1.1" 404 372 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5$

  20. 2022-11-24 23:09:10 INFO:snare.server:handle_request: Request path: /

  21. 2022-11-24 23:09:10 INFO:aiohttp.access:log: 130.211.54.158 [24/Nov/2022:23:09:10 +0000] "GET / HTTP/1.1" 200 872 "-" "python-requests/2.28.1"

  22. 2022-11-24 23:11:00 INFO:snare.server:handle_request: Request path: /

  23. 2022-11-24 23:11:00 INFO:aiohttp.access:log: 141.255.166.2 [24/Nov/2022:23:11:00 +0000] "GET / HTTP/1.1" 200 872 "-" "Hello World"

  24. 2022-11-24 23:32:12 INFO:snare.server:handle_request: Request path: /fpbx/recordings/index.php

  25. 2022-11-24 23:32:12 INFO:aiohttp.access:log: 72.251.235.152 [24/Nov/2022:23:32:12 +0000] "GET /fpbx/recordings/index.php HTTP/1.0" 404 353 "-" "xfa1"

  26. 2022-11-24 23:45:18 INFO:snare.server:handle_request: Request path: /.env

  27. 2022-11-24 23:45:18 INFO:aiohttp.access:log: 185.254.196.223 [24/Nov/2022:23:45:18 +0000] "GET /.env HTTP/1.1" 404 353 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/5$

  28. 2022-11-24 23:45:18 INFO:snare.server:handle_request: Request path: /

  29. 2022-11-24 23:45:18 INFO:snare.server:handle_request: POST data:

  30. 2022-11-24 23:45:18 INFO:snare.server:handle_request:   - 0x[]: Graber

  31. 2022-11-24 23:45:18 INFO:aiohttp.access:log: 185.254.196.223 [24/Nov/2022:23:45:18 +0000] "POST / HTTP/1.1" 200 872 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.$

  32. 2022-11-24 23:55:36 INFO:snare.server:handle_request: Request path: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

  33. 2022-11-24 23:55:36 INFO:snare.server:handle_request: POST data:

  34. 2022-11-24 23:55:36 INFO:snare.server:handle_request:   - <?: md5("phpunit")?>

  35. 2022-11-24 23:55:36 INFO:aiohttp.access:log: 152.89.196.211 [24/Nov/2022:23:55:36 +0000] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 372 "-" $

  36. 2022-11-24 23:57:12 INFO:snare.server:handle_request: Request path: /

  37. 2022-11-24 23:57:12 INFO:aiohttp.access:log: 141.255.166.2 [24/Nov/2022:23:57:12 +0000] "GET / HTTP/1.1" 200 872 "-" "Hello World"

  38. 2022-11-25 00:07:53 INFO:snare.server:handle_request: Request path: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

  39. 2022-11-25 00:07:53 INFO:aiohttp.access:log: 152.89.196.211 [25/Nov/2022:00:07:53 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 372 "-" "$

  40. 2022-11-25 00:14:24 INFO:snare.server:handle_request: Request path: /solr/admin/info/system?wt=json

  41. 2022-11-25 00:14:24 INFO:aiohttp.access:log: 152.89.196.211 [25/Nov/2022:00:14:24 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 404 372 "-" "Mozilla/5.0 (Windows$

  42. 2022-11-25 00:14:24 INFO:snare.server:handle_request: Request path: /

  43. 2022-11-25 00:14:24 INFO:aiohttp.access:log: 162.142.125.222 [25/Nov/2022:00:14:24 +0000] "GET / HTTP/1.1" 200 872 "-" "-"

  44. 2022-11-25 00:14:25 INFO:snare.server:handle_request: Request path: /

  45. 2022-11-25 00:14:25 INFO:aiohttp.access:log: 162.142.125.222 [25/Nov/2022:00:14:25 +0000] "GET / HTTP/1.1" 200 872 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +http$

  46. 2022-11-25 00:14:25 INFO:snare.server:handle_request: Request path: /favicon.ico

  47. 2022-11-25 00:14:25 INFO:aiohttp.access:log: 162.142.125.222 [25/Nov/2022:00:14:25 +0000] "GET /favicon.ico HTTP/1.1" 404 372 "-" "Mozilla/5.0 (compatible; CensysInspect$

  48. 2022-11-25 00:39:12 INFO:snare.server:handle_request: Request path: /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hel$

  49. 2022-11-25 00:39:12 INFO:aiohttp.access:log: 152.89.196.211 [25/Nov/2022:00:39:12 +0000] "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array$

  50. 2022-11-25 00:55:14 INFO:snare.server:handle_request: Request path: /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>

  51. 2022-11-25 00:55:14 INFO:aiohttp.access:log: 152.89.196.211 [25/Nov/2022:00:55:14 +0000] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1" 200 937 "-"$

  52. 2022-11-25 02:08:18 DEBUG:asyncio:__init__: Using selector: EpollSelector

  53. 2022-11-25 02:08:18 DEBUG:git.cmd:execute: Popen(['git', 'fetch', '-v', 'origin'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=True, shell=None, istream=None)

  54. 2022-11-25 02:08:18 DEBUG:git.cmd:execute: Popen(['git', 'cat-file', '--batch-check'], cwd=/home/arifah_nur_ainia/snare, universal_newlines=False, shell=None, istream=<v$

  55. 2022-11-25 02:15:18 INFO:snare.server:handle_request: Request path: /

  56. 2022-11-25 02:15:18 INFO:aiohttp.access:log: 152.89.196.211 [25/Nov/2022:02:15:18 +0000] "GET / HTTP/1.1" 200 891 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb$

  57. 2022-11-25 02:16:04 INFO:snare.server:handle_request: Request path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh

  58. 2022-11-25 02:16:04 INFO:snare.server:handle_request: POST data:

  59. 2022-11-25 02:16:04 INFO:snare.server:handle_request:   - A: |echo

  60. 2022-11-25 02:16:04 INFO:snare.server:handle_request:   - echo -n fQGdvAbHVC|md5sum:

# remote code execution 

  1. 2022-11-25 02:16:07 INFO:aiohttp.access:log: 152.89.196.211 [25/Nov/2022:02:16:04 +0000] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 200 935 "-" "Mozilla/5.0 (Wi$

  2. 2022-11-25 02:29:27 INFO:snare.server:handle_request: Request path: /

  3. 2022-11-25 02:29:27 INFO:aiohttp.access:log: 152.89.196.211 [25/Nov/2022:02:29:27 +0000] "GET / HTTP/1.1" 200 891 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb$

  4. 2022-11-25 02:45:36 INFO:snare.server:handle_request: Request path: /.env

  5. 2022-11-25 02:45:36 INFO:aiohttp.access:log: 185.254.196.223 [25/Nov/2022:02:45:36 +0000] "GET /.env HTTP/1.1" 404 353 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/5$

  6. 2022-11-25 02:45:37 INFO:snare.server:handle_request: Request path: /

  7. 2022-11-25 02:45:37 INFO:snare.server:handle_request: POST data:

  8. 2022-11-25 02:45:37 INFO:snare.server:handle_request:   - 0x[]: Graber

  9. 2022-11-25 02:45:37 INFO:aiohttp.access:log: 185.254.196.223 [25/Nov/2022:02:45:37 +0000] "POST / HTTP/1.1" 200 872 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.$

  10. 2022-11-25 03:14:42 DEBUG:asyncio:__init__: Using selector: EpollSelector

  11. 2022-11-25 03:14:42 DEBUG:asyncio:__init__: Using selector: EpollSelector

  12. 2022-11-25 03:14:42 DEBUG:git.cmd:execute: Popen(['git', 'fetch', '-v', 'origin'], cwd=/home/arifah_nur_ainia/snare, univer$

  13. 2022-11-25 03:14:42 DEBUG:git.cmd:execute: Popen(['git', 'cat-file', '--batch-check'], cwd=/home/arifah_nur_ainia/snare, un$

  14. 2022-11-25 03:17:01 INFO:snare.server:handle_request: Request path: /

  15. 2022-11-25 03:17:01 INFO:aiohttp.access:log: 205.210.31.159 [25/Nov/2022:03:17:01 +0000] "GET / HTTP/1.1" 200 872 "-" "Expa$

  16. 2022-11-25 03:40:52 INFO:snare.server:handle_request: Request path: /boaform/admin/formLogin

  17. 2022-11-25 03:40:52 INFO:snare.server:handle_request: POST data:

  18. 2022-11-25 03:40:52 INFO:snare.server:handle_request:   - username: admin

  19. 2022-11-25 03:40:52 INFO:snare.server:handle_request:   - psd: Feefifofum

  20. 2022-11-25 03:40:52 INFO:aiohttp.access:log: 141.255.166.2 [25/Nov/2022:03:40:52 +0000] "POST /boaform/admin/formLogin HTTP$

  21. 2022-11-25 04:52:46 INFO:snare.server:handle_request: Request path: /

  22. 2022-11-25 04:52:46 INFO:aiohttp.access:log: 31.220.3.140 [25/Nov/2022:04:52:46 +0000] "GET / HTTP/1.1" 200 872 "-" "-"















Leave a Reply

Subscribe to Posts | Subscribe to Comments

Translate

Mengenai Saya

Foto saya
Hajimemashite, watashi wa arifah desu, watashi wa surabaya ni sunde imasu, watashi wa daigakusei desu, watashi no shumi wa supottsu desu.

Popular Posts

- Copyright © Whatever I Don't Care - Hatsune Miku - Powered by Blogger - Designed by Johanes Djogan -