Shell Person Help me keep the shell people alive.


Hacked – SSH Bruteforce

This isn't much of a surprise, as the box had an incredibly simple root password. Here's some info:

This was a brute force ssh attack. ssh root login was not disabled. Here are some of early attempts before success:

cat /var/log/auth.log.1 | grep "Invalid user" | cut -d ':' -f 4 | sort | uniq | tail -n 25
Invalid user wilson from
Invalid user windows from
Invalid user worthy from
Invalid user www123 from
Invalid user www from
Invalid user www from
Invalid user www from
Invalid user wwwrun from
Invalid user xam from
Invalid user xbitchx from
Invalid user xchat from
Invalid user xfs123 from
Invalid user xfs from
Invalid user ydnah from
Invalid user yoshida123 from
Invalid user yoshida321 from
Invalid user yoshida from
Invalid user yssor from
Invalid user z1x2c3 from
Invalid user zabbix from
Invalid user zachary from
Invalid user zoe from
Invalid user zuperman from
Invalid user zxcvb from
Invalid user zxcvbn from

The full list is at the bottom of the post.


ssh Shortcuts in Bash

Good and Evil by Abbie F (C) via Flickr

(The above photo is "Good and Evil", by Abbie F (C) via Flickr).

This is the bash script I use to ssh into my fileserver (without having to type the whole IP address, etc).  It works for simply logging in with ssh, or for sending a command only.  If you want to send a series of commands, you'll need to separate each command with \; or else it (a lone semi-colon) will be interpreted as an instruction to run the command on the local machine after the first command is sent via ssh (you're 'escaping' the semi-colon, so it gets sent through ssh as a regular character, instead of its typical role of separating commands).  This method works for me, but I'd love to learn a better way if there is one.

I name the script something short and put it in my path.  I also use it in conjunction with password-less login.  I know it's not such a big deal to write out:
ssh user@ipaddress "command -arguments"
but it saves time if you're constantly ssh'ing to that machine.

Here it is in a more-legible format, that shouldn't be copied and pasted (because of the way WordPress changes quotation marks):

SSH_ARGUMENTS=`while (($#)) ; do echo -n "$1 " ; shift ; done ; echo`
ssh administrator@ "$SSH_ARGUMENTS"

And here it is in a way that's easier to copy and paste (but harder to read, in my opinion):

SSH_ARGUMENTS=`while (($#)) ; do echo -n "$1 " ; shift ; done ; echo`
ssh administrator@ "$SSH_ARGUMENTS"

Also, here's a slight variation that's useful if you have multiple machines with a sequential naming scheme, where you can specify the machine number:

## for example:  comp 4 shutdown -r now
## note: in my setup, the username correlates with the computer's number
SSH_ARGUMENTS=`while (($#)) ; do echo -n "$1 " ; shift ; done ; echo`

Edit:  I suppose anyone who knows anything about BASH would know that the entire SSH_ARGUMENTS line could be removed and the variable $SSH_ARGUMENTS replaced with $*

...every day learning a little bit more.

Tagged as: , , , 1 Comment