谁来攻击我的服务器。

delectate

爆破用户名比爆破密码更困难

delectate@delectate:~$ ssh -v -p 22 l_s@113.206.46.92
OpenSSH_5.8p2, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 113.206.46.92 [113.206.46.92] port 22.
debug1: Connection established.
debug1: identity file /home/delectate/.ssh/id_rsa type -1
debug1: identity file /home/delectate/.ssh/id_rsa-cert type -1
debug1: identity file /home/delectate/.ssh/id_dsa type -1
debug1: identity file /home/delectate/.ssh/id_dsa-cert type -1
debug1: identity file /home/delectate/.ssh/id_ecdsa type -1
debug1: identity file /home/delectate/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1-hpn13v10lpk
debug1: match: OpenSSH_5.8p1-hpn13v10lpk pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA a9:ca:24:cf:8e:4a:94:45:4b:6e:2c:92:9c:df:9a:38
debug1: Host '113.206.46.92' is known and matches the ECDSA host key.
debug1: Found key in /home/delectate/.ssh/known_hosts:12
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/delectate/.ssh/id_rsa
debug1: Trying private key: /home/delectate/.ssh/id_dsa
debug1: Trying private key: /home/delectate/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
Password:

delectate

cat ./power.sh
#!/bin/bash
zenity --question --text "你确定要关机吗？"
if (( $? == 0 ));then
shutdown -h now
else
zenity --warning --text "注意睡眠！"
fi


cat ./index.php
<?
echo phpinfo
?>

test@localhost /home/water $ cat ~/.bashrc
# /etc/skel/.bashrc
#
# This file is sourced by all *interactive* bash shells on startup,
# including some apparently interactive shells such as scp and rcp
# that can't tolerate any output.  So make sure this doesn't display
# anything or bad things will happen !


# Test for an interactive shell.  There is no need to set anything
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.
if [[ $- != *i* ]] ; then
        # Shell is non-interactive.  Be done now!
        return
fi


# Put your fun stuff here.

delectate

uptime
11:18:07 up  3:30,  4 users,  load average: 0.00, 0.14, 0.31

Linux localhost 2.6.37 #1 SMP PREEMPT Fri May 6 15:37:44 Local time zone must be set--s i686 Pentium(R) Dual-Core CPU E5300 @ 2.60GHz GenuineIntel GNU/Linux

l_s

。。。。厉害。。。。。你 太牛了。被你爆破了，破菊花了
我没有配置ssh 用的默认的。真被你破除来了。
root 用户我nologin 的。。难道你猜到我的guest,test 用户了
哈哈。。恭喜阿


如果是入侵到了guest ,test..现在guest,test 已被我 del 了。。:-),还好你没有拿到root

还好你没有看到A片

easior lars

Post by delectate;2138840
爆破用户名比爆破密码更困难

delectate@delectate:~$ ssh -v -p 22 l_s@113.206.46.92

看来SSH很强大，有必要认证的学习一下。

qiu_923

只会物理攻击的路过

gentlog

只会意识攻击的路过

qingxiaojin

只会围观攻击的路过

l_s

我现在已把服务关掉了.如果还有人 还感兴趣.像要练手的..可以留言..

i18n

给lz 发个女人和酒就解决了