Cowrie observations
SSH reserve
Recent Sessions
| Last | Visitor | User | Sessions | Commands | Open |
|---|---|---|---|---|---|
| 06-30 00:33 | 64b0ac3b | root | 1 | 10 | no |
| 06-30 00:20 | 7632a529 | root | 1 | 10 | no |
| 06-29 23:48 | b7e53c5e | unknown | 1 | 0 | no |
| 06-29 23:39 | 9294a370 | unknown | 1 | 0 | no |
| 06-29 23:34 | 81030280 | unknown | 1 | 0 | no |
| 06-29 23:33 | 821e4f4c | root | 12 | 24 | no |
| 06-29 23:22 | b09fbba6 | admin | 6 | 0 | no |
| 06-29 23:21 | aa7a7d02 | unknown | 1 | 0 | no |
| 06-29 23:08 | 3d9e1bef | unknown | 1 | 0 | no |
| 06-29 23:02 | 5e9e180f | unknown | 1 | 0 | no |
| 06-29 22:55 | bbdd0d13 | AdminGPON | 2 | 0 | no |
| 06-29 22:53 | 2bd129d9 | unknown | 2 | 0 | no |
| 06-29 22:30 | 4e042435 | unknown | 1 | 0 | no |
| 06-29 22:28 | 78be552f | unknown | 2 | 0 | no |
| 06-29 22:19 | d31b78bf | unknown | 2 | 0 | no |
| 06-29 22:12 | bbdd0d13 | admin | 1 | 0 | no |
| 06-29 22:12 | 4e042435 | admin | 1 | 0 | no |
| 06-29 21:43 | 3bc31034 | unknown | 1 | 0 | no |
| 06-29 21:43 | bbdd0d13 | unknown | 1 | 0 | no |
| 06-29 21:33 | 821e4f4c | unknown | 1 | 0 | no |
| 06-29 21:18 | d673e0fc | root | 11 | 0 | no |
| 06-29 20:49 | d673e0fc | unknown | 1 | 0 | no |
| 06-29 19:42 | d3224194 | support | 3 | 2 | no |
| 06-29 19:42 | d3224194 | root | 164 | 155 | no |
| 06-29 19:42 | d3224194 | hduser | 1 | 0 | no |
| 06-29 19:42 | d3224194 | customer | 1 | 0 | no |
| 06-29 19:42 | d3224194 | test | 13 | 12 | no |
| 06-29 19:42 | d3224194 | fastuser | 4 | 3 | no |
| 06-29 19:42 | d3224194 | rdpuser | 4 | 0 | no |
| 06-29 19:42 | d3224194 | erp | 1 | 0 | no |
| 06-29 19:42 | d3224194 | user10 | 1 | 1 | no |
| 06-29 19:42 | d3224194 | installer | 1 | 0 | no |
| 06-29 19:42 | d3224194 | operator | 2 | 2 | no |
| 06-29 19:42 | d3224194 | claude | 10 | 9 | no |
| 06-29 19:41 | d3224194 | sam | 6 | 6 | no |
| 06-29 19:41 | d3224194 | deploy | 18 | 15 | no |
| 06-29 19:41 | d3224194 | prem | 1 | 0 | no |
| 06-29 19:41 | d3224194 | mysql | 4 | 3 | no |
| 06-29 19:41 | d3224194 | administrator | 3 | 2 | no |
| 06-29 19:41 | d3224194 | newuser | 4 | 3 | no |
| 06-29 19:41 | d3224194 | ec2-user | 3 | 2 | no |
| 06-29 19:41 | d3224194 | ubuntu | 20 | 18 | no |
| 06-29 19:41 | d3224194 | alex | 5 | 4 | no |
| 06-29 19:41 | d3224194 | bernard | 1 | 0 | no |
| 06-29 19:41 | d3224194 | openclaw | 7 | 6 | no |
| 06-29 19:41 | d3224194 | uploader | 1 | 0 | no |
| 06-29 19:41 | d3224194 | jellyfin | 3 | 2 | no |
| 06-29 19:41 | d3224194 | admin | 21 | 19 | no |
| 06-29 19:40 | d3224194 | cw | 1 | 0 | no |
| 06-29 19:40 | d3224194 | user2 | 4 | 3 | no |
Commands
| uname -s -v -n -r -m | 848 |
| echo SHELL_TEST | 18 |
| /bin/uname -s -v -n -m 2 > /dev/null | 10 |
| head -1 /proc/version | cut -d -f1 ) | 10 |
| ( [ -f /etc/os-release ] | 10 |
| nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null | 10 |
| busybox uname -s -v -n -m 2 > /dev/null | 10 |
| ( [ -f /proc/version ] | 10 |
| /usr/bin/uname -s -v -n -m 2 > /dev/null | 10 |
| uname -s -v -n -m 2 > /dev/null | 10 |
| [ -f /proc/version ] | 10 |
| [ -f /etc/os-release ] | 10 |
| export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" | 10 |
| LC_ALL=C rm -f /bin/c4nxvlrg4zf8ro3ai9bd5tlnzo | 3 |
| LC_ALL=C /bin/c4nxvlrg4zf8ro3ai9bd5tlnzo | 2 |
| /ip cloud print | 2 |
| ./CUzcxux0 | 2 |
| cd /tmp && chmod +x CUzcxux0 && bash -c ./CUzcxux0 | 2 |
| /bin/c4nxvlrg4zf8ro3ai9bd5tlnzo | 2 |
| scp -t /bin/c4nxvlrg4zf8ro3ai9bd5tlnzo | 2 |
Usernames
| root | 256 |
| admin | 45 |
| user | 26 |
| ubuntu | 21 |
| deploy | 20 |
| pi | 16 |
| claude | 16 |
| test | 14 |
| user1 | 11 |
| guest | 10 |
Passwords
| 123456 | 81 |
| 123 | 43 |
| 1234 | 38 |
| 1 | 28 |
| 12345678 | 27 |
| 12345 | 26 |
| root | 25 |
| password | 24 |
| 123456789 | 19 |
| (blank) | 13 |
Downloads
| f74a8b06db4f8f48f4a19ea5c01bade2a0dfb9290c4ed04a3f1a3eaa298a843d | 0 |
| e374a7ad447d2cf791ecae122894a51ba723901ea132e7fa16cd47c44e4a1769 | 0 |
| 6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b | 0 |
| 6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b | 0 |