search

Manssizz / scriptvps

Cuma iseng recode
MIT License
11 stars 12 forks source link

WHY ARE YOU NOT HONEST?? WHY? #8

Closed ollyt3st closed 1 year ago

ollyt3st commented 1 year ago

You said wait 20 minutes and use port 39, Why ??? To finish injecting Backdoor scripts

NOT GOOD!!!!! VERY BAD MY FRIEND, IF YOU NEED MONEY ASK FOR DONATION NOT CHEAP WAY LIKE THIS:

WHATS ALL THIS: YOU TOOK CONTROL OF SERVER, CREATED MANY SECRET ROOT USERS AND OTHER USERS TO STEAL!! WHY???

PEOPLE! BE CAREFUL WITH THIS SCRIPT!!

Jul 3 21:08:41 localhost sshd[859]: pam_unix(sshd:session): session opened for user root by (uid=0) Jul 3 21:08:41 localhost systemd-logind[545]: New session 3 of user root. Jul 3 21:08:41 localhost systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0) Jul 3 21:09:09 localhost useradd[1028]: new group: name=vps, GID=1000 Jul 3 21:09:09 localhost useradd[1028]: new user: name=vps, UID=1000, GID=1000, home=/home/vps, shell=/bin/sh, from=/dev/pts/1 Jul 3 21:09:10 localhost usermod[1094]: change user 'vps' password Jul 3 21:09:10 localhost chage[1108]: changed password expiry for vps Jul 3 21:09:10 localhost usermod[1129]: add 'vps' to group 'sudo' Jul 3 21:09:10 localhost usermod[1129]: add 'vps' to shadow group 'sudo' Jul 3 21:09:10 localhost useradd[1150]: new group: name=cendrawasih, GID=1001 Jul 3 21:09:10 localhost useradd[1150]: new user: name=cendrawasih, UID=1001, GID=1001, home=/home/cendrawasih, shell=/bin/sh, from=/dev/pts/1 Jul 3 21:09:10 localhost usermod[1158]: add 'cendrawasih' to group 'sudo' Jul 3 21:09:10 localhost usermod[1158]: add 'cendrawasih' to group 'cendrawasih' Jul 3 21:09:10 localhost usermod[1158]: add 'cendrawasih' to shadow group 'sudo' Jul 3 21:09:10 localhost usermod[1158]: add 'cendrawasih' to shadow group 'cendrawasih'

Jul 3 21:12:02 localhost sudo: pam_unix(sudo:session): session opened for user root by root(uid=0) Jul 3 21:12:02 localhost sudo: pam_unix(sudo:session): session closed for user root Jul 3 21:12:18 localhost sudo: root : TTY=pts/1 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/apt update Jul 3 21:12:18 localhost sudo: pam_unix(sudo:session): session opened for user root by root(uid=0) Jul 3 21:12:20 localhost sudo: pam_unix(sudo:session): session closed for user root

Jul 3 21:12:20 localhost sudo: pam_unix(sudo:session): session opened for user root by root(uid=0) Jul 3 21:13:01 localhost groupadd[4486]: group added to /etc/group: name=stunnel4, GID=117 Jul 3 21:13:01 localhost groupadd[4486]: group added to /etc/gshadow: name=stunnel4 Jul 3 21:13:01 localhost groupadd[4486]: new group: name=stunnel4, GID=117 Jul 3 21:13:01 localhost useradd[4492]: new user: name=stunnel4, UID=114, GID=117, home=/var/run/stunnel4, shell=/usr/sbin/nologin, from=/dev/pts/2 Jul 3 21:13:01 localhost chage[4500]: changed password expiry for stunnel4 Jul 3 21:13:02 localhost groupadd[4600]: group added to /etc/group: name=_chrony, GID=118 Jul 3 21:13:02 localhost groupadd[4600]: group added to /etc/gshadow: name=_chrony Jul 3 21:13:02 localhost groupadd[4600]: new group: name=_chrony, GID=118 Jul 3 21:13:02 localhost useradd[4606]: new user: name=_chrony, UID=115, GID=118, home=/var/lib/chrony, shell=/usr/sbin/nologin, from=/dev/pts/2 Jul 3 21:13:02 localhost usermod[4614]: change user '_chrony' password Jul 3 21:13:02 localhost chage[4621]: changed password expiry for _chrony Jul 3 21:13:02 localhost chfn[4625]: changed user '_chrony' information Jul 3 21:13:08 localhost groupadd[5492]: group added to /etc/group: name=ssl-cert, GID=119 Jul 3 21:13:08 localhost groupadd[5492]: group added to /etc/gshadow: name=ssl-cert Jul 3 21:13:08 localhost groupadd[5492]: new group: name=ssl-cert, GID=119 Jul 3 21:13:12 localhost groupadd[5785]: group added to /etc/group: name=vnstat, GID=120 Jul 3 21:13:12 localhost groupadd[5785]: group added to /etc/gshadow: name=vnstat Jul 3 21:13:12 localhost groupadd[5785]: new group: name=vnstat, GID=120 Jul 3 21:13:12 localhost useradd[5791]: new user: name=vnstat, UID=116, GID=120, home=/var/lib/vnstat, shell=/usr/sbin/nologin, from=/dev/pts/2 Jul 3 21:13:12 localhost usermod[5799]: change user 'vnstat' password Jul 3 21:13:12 localhost chage[5806]: changed password expiry for vnstat Jul 3 21:13:12 localhost chfn[5810]: changed user 'vnstat' information Jul 3 21:13:21 localhost groupadd[6955]: group added to /etc/group: name=msmtp, GID=121 Jul 3 21:13:21 localhost groupadd[6955]: group added to /etc/gshadow: name=msmtp Jul 3 21:13:21 localhost groupadd[6955]: new group: name=msmtp, GID=121 Jul 3 21:13:21 localhost useradd[6961]: new user: name=msmtp, UID=117, GID=121, home=/var/lib/msmtp, shell=/usr/sbin/nologin, from=none Jul 3 21:13:21 localhost usermod[6969]: change user 'msmtp' password Jul 3 21:13:21 localhost chage[6976]: changed password expiry for msmtp Jul 3 21:13:40 localhost sudo: pam_unix(sudo:session): session closed for user root Jul 3 21:13:40 localhost sudo: root : TTY=pts/1 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/apt-get autoremove -y Jul 3 21:13:40 localhost sudo: pam_unix(sudo:session): session opened for user root by root(uid=0) Jul 3 21:13:42 localhost sudo: pam_unix(sudo:session): session closed for user root Jul 3 21:15:01 localhost CRON[27924]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 3 21:15:01 localhost CRON[27924]: pam_unix(cron:session): session closed for user root Jul 3 21:15:11 localhost useradd[28036]: new group: name=rclone, GID=1002 Jul 3 21:15:11 localhost useradd[28036]: new user: name=rclone, UID=1002, GID=1002, home=/home/rclone, shell=/bin/sh, from=none Jul 3 21:15:11 localhost usermod[28047]: change user 'rclone' password Jul 3 21:15:11 localhost usermod[28054]: add 'rclone' to group 'sudo' Jul 3 21:15:11 localhost usermod[28054]: add 'rclone' to shadow group 'sudo' Jul 3 21:15:11 localhost chage[28061]: changed password expiry for rclone Jul 3 21:15:13 localhost useradd[28129]: new group: name=taibabi, GID=1003 Jul 3 21:15:13 localhost useradd[28129]: new user: name=taibabi, UID=1003, GID=1003, home=/home/taibabi, shell=/bin/sh, from=none Jul 3 21:15:13 localhost usermod[28140]: change user 'taibabi' password Jul 3 21:15:13 localhost usermod[28147]: add 'taibabi' to group 'sudo' Jul 3 21:15:13 localhost usermod[28147]: add 'taibabi' to shadow group 'sudo' Jul 3 21:15:13 localhost chage[28154]: changed password expiry for taibabi Jul 4 04:17:11 localhost dropbear[710]: Running in background Jul 4 04:17:11 localhost systemd-logind[642]: New seat seat0. Jul 4 04:17:11 localhost systemd-logind[642]: Watching system buttons on /dev/input/event0 (Power Button) Jul 4 04:17:11 localhost systemd-logind[642]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard) Jul 4 04:17:12 localhost sshd[833]: Server listening on 0.0.0.0 port 3939. Jul 4 04:17:12 localhost sshd[833]: Server listening on :: port 3939. Jul 4 04:17:12 localhost sshd[833]: Server listening on 0.0.0.0 port 39. Jul 4 04:17:12 localhost sshd[833]: Server listening on :: port 39. Jul 4 04:25:01 localhost CRON[914]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 4 04:25:01 localhost CRON[914]: pam_unix(cron:session): session closed for user root Jul 4 04:25:16 localhost sshd[925]:

WHY???? WHY??? WHY????

VERY BAD!!!

Manssizz commented 1 year ago

lmao. thanks for checking this script. i just editing from someone else and add some tweaking. preferred rclone script, i not and never touch rclone script. if you got some another backdoor, you can pull request or i will patch another time

Manssizz commented 1 year ago

@ollyt3st fixed. you can check it. if any backdoor or anything like this. tell me.

essoojay commented 1 year ago

Hi there,

do you have telegram we can chat and i show you some errors, like all xray shows offline. and the backdoors are still there..

thanks