β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ FRESH PREM PROXIES 1 H DETAILED :
190.103.178.14 8080 1 hour ago
2266 ms 29% (66) us United States - Miami Gardens Anonymous -
182.160.104.213 8080 1 hour ago
3890 ms 24% (76) bd Bangladesh - Dhaka Transparent -
181.28.27.254 8080 1 hour ago
4006 ms 29% (73) ar Argentina Transparent -
181.188.166.74 8080 1 hour ago
3816 ms 26% (74) bo Bolivia Transparent -
185.21.217.20 3128 1 hour ago
453 ms 9% (67) au Australia - Sinnamon Park Elite -
181.49.103.246 999 1 hour ago
0 ms 0% (5) co Colombia Transparent -
181.113.225.114 8080 1 hour ago
3119 ms 29% (70) ec Ecuador - Guayaquil Transparent -
181.30.28.120 80 1 hour ago
2069 ms 69% (54) ar Argentina - Campana Transparent -
181.188.166.82 8080 1 hour ago
3108 ms 23% (61) bo Bolivia Transparent -
181.165.11.131 3128 1 hour ago
3689 ms 44% (60) ar Argentina - Buenos Aires Transparent -
181.30.28.120 8080 1 hour ago
1687 ms 64% (50) ar Argentina - Campana Transparent -
177.66.222.150 8081 1 hour ago
4746 ms 16% (63) br Brazil Transparent -
181.114.224.177 8080 1 hour ago
3814 ms 23% (71) ar Argentina - Mar del Plata Transparent -
176.235.80.104 9090 1 hour ago
3983 ms 8% (94) tr Turkey Transparent -
167.71.249.181 8888 1 hour ago
4736 ms 10% (96) us United States - Clifton Transparent -
178.250.92.18 8080 1 hour ago
2793 ms 21% (84) tr Turkey - Istanbul Transparent -
180.210.201.54 3128 1 hour ago
1706 ms 73% (48) sg Singapore - Singapore Transparent -
178.205.254.106 8080 1 hour ago
3000 ms 29% (71) ru Russia - Kazanβ Transparent -
177.185.157.146 8080 1 hour ago
2062 ms 50% (2) br Brazil Transparent -
178.57.106.6 8080 1 hour ago
0 ms 0% (2) ru Russia - Cherepovets Transparent -
177.93.96.100 8080 1 hour ago
3773 ms 12% (89) br Brazil Transparent -
178.176.240.49 8080 1 hour ago
4361 ms 12% (85) ru Russia Elite -
180.183.226.94 8080 1 hour ago
0 ms 0% (4) th Thailand - Chiang Mai Transparent -
177.5.221.66 8080 1 hour ago
4030 ms 14% (74) br Brazil - Dourados Transparent -
177.184.193.202 3128 1 hour ago
4413 ms 16% (76) br Brazil - Itu Transparent -
156.155.14.153 8080 1 hour ago
0 ms 0% (3) tz Tanzania Transparent -
170.233.164.192 8080 1 hour ago
3684 ms 30% (75) br Brazil - Cajobi Transparent -
177.152.143.74 8080 1 hour ago
2654 ms 27% (79) br Brazil - Barueri Transparent -
177.94.225.218 8080 1 hour ago
3638 ms 23% (72) br Brazil - JacareΓ Transparent -
177.130.49.201 8080 1 hour ago
2836 ms 22% (84) br Brazil - SantarΓ©m Transparent -
180.210.201.55 3129 1 hour ago
1764 ms 69% (61) sg Singapore - Singapore Transparent -
175.184.232.74 8080 1 hour ago
3905 ms 18% (75) id Indonesia - Jakarta Transparent -
174.32.139.218 87 1 hour ago
5074 ms 3% (94) us United States Transparent -
177.21.10.30 666 1 hour ago
3609 ms 25% (69) br Brazil - Salvador Transparent -
170.231.187.209 8091 1 hour ago
3961 ms 20% (76) br Brazil - Santa Rita do Sapucai Transparent -
@ Undercoders
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ FRESH PREM PROXIES 1 H DETAILED :
190.103.178.14 8080 1 hour ago
2266 ms 29% (66) us United States - Miami Gardens Anonymous -
182.160.104.213 8080 1 hour ago
3890 ms 24% (76) bd Bangladesh - Dhaka Transparent -
181.28.27.254 8080 1 hour ago
4006 ms 29% (73) ar Argentina Transparent -
181.188.166.74 8080 1 hour ago
3816 ms 26% (74) bo Bolivia Transparent -
185.21.217.20 3128 1 hour ago
453 ms 9% (67) au Australia - Sinnamon Park Elite -
181.49.103.246 999 1 hour ago
0 ms 0% (5) co Colombia Transparent -
181.113.225.114 8080 1 hour ago
3119 ms 29% (70) ec Ecuador - Guayaquil Transparent -
181.30.28.120 80 1 hour ago
2069 ms 69% (54) ar Argentina - Campana Transparent -
181.188.166.82 8080 1 hour ago
3108 ms 23% (61) bo Bolivia Transparent -
181.165.11.131 3128 1 hour ago
3689 ms 44% (60) ar Argentina - Buenos Aires Transparent -
181.30.28.120 8080 1 hour ago
1687 ms 64% (50) ar Argentina - Campana Transparent -
177.66.222.150 8081 1 hour ago
4746 ms 16% (63) br Brazil Transparent -
181.114.224.177 8080 1 hour ago
3814 ms 23% (71) ar Argentina - Mar del Plata Transparent -
176.235.80.104 9090 1 hour ago
3983 ms 8% (94) tr Turkey Transparent -
167.71.249.181 8888 1 hour ago
4736 ms 10% (96) us United States - Clifton Transparent -
178.250.92.18 8080 1 hour ago
2793 ms 21% (84) tr Turkey - Istanbul Transparent -
180.210.201.54 3128 1 hour ago
1706 ms 73% (48) sg Singapore - Singapore Transparent -
178.205.254.106 8080 1 hour ago
3000 ms 29% (71) ru Russia - Kazanβ Transparent -
177.185.157.146 8080 1 hour ago
2062 ms 50% (2) br Brazil Transparent -
178.57.106.6 8080 1 hour ago
0 ms 0% (2) ru Russia - Cherepovets Transparent -
177.93.96.100 8080 1 hour ago
3773 ms 12% (89) br Brazil Transparent -
178.176.240.49 8080 1 hour ago
4361 ms 12% (85) ru Russia Elite -
180.183.226.94 8080 1 hour ago
0 ms 0% (4) th Thailand - Chiang Mai Transparent -
177.5.221.66 8080 1 hour ago
4030 ms 14% (74) br Brazil - Dourados Transparent -
177.184.193.202 3128 1 hour ago
4413 ms 16% (76) br Brazil - Itu Transparent -
156.155.14.153 8080 1 hour ago
0 ms 0% (3) tz Tanzania Transparent -
170.233.164.192 8080 1 hour ago
3684 ms 30% (75) br Brazil - Cajobi Transparent -
177.152.143.74 8080 1 hour ago
2654 ms 27% (79) br Brazil - Barueri Transparent -
177.94.225.218 8080 1 hour ago
3638 ms 23% (72) br Brazil - JacareΓ Transparent -
177.130.49.201 8080 1 hour ago
2836 ms 22% (84) br Brazil - SantarΓ©m Transparent -
180.210.201.55 3129 1 hour ago
1764 ms 69% (61) sg Singapore - Singapore Transparent -
175.184.232.74 8080 1 hour ago
3905 ms 18% (75) id Indonesia - Jakarta Transparent -
174.32.139.218 87 1 hour ago
5074 ms 3% (94) us United States Transparent -
177.21.10.30 666 1 hour ago
3609 ms 25% (69) br Brazil - Salvador Transparent -
170.231.187.209 8091 1 hour ago
3961 ms 20% (76) br Brazil - Santa Rita do Sapucai Transparent -
@ Undercoders
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is a botnet?
>The botnet "botnet" is the vocabulary. "Bot" is the abbreviation of "robot", and "net" is "network connected by robots"; hackers who control other people's computers are called "bot herder".
>The device is infected by malicious programs and will become a "zombie computer" after being installed by "bot computer program", and then controlled by bot herder, through the command server (referred to as C & C or C2 server), to issue commands to the zombie computer to work. A botnet generally consists of hundreds or even millions of devices, including PCs, Macs, Linux servers, home routers, and smartphones.
The combination of these controlled devices, the power of the resources formed, can launch destructive and sophisticated attacks, such as sending hundreds of millions of spam emails, huge bandwidth distributed denial of service attacks (DDoS) and targeted Financial fraud.
>The botnet "botnet" is the vocabulary. "Bot" is the abbreviation of "robot", and "net" is "network connected by robots"; hackers who control other people's computers are called "bot herder".
>The device is infected by malicious programs and will become a "zombie computer" after being installed by "bot computer program", and then controlled by bot herder, through the command server (referred to as C & C or C2 server), to issue commands to the zombie computer to work. A botnet generally consists of hundreds or even millions of devices, including PCs, Macs, Linux servers, home routers, and smartphones.
The combination of these controlled devices, the power of the resources formed, can launch destructive and sophisticated attacks, such as sending hundreds of millions of spam emails, huge bandwidth distributed denial of service attacks (DDoS) and targeted Financial fraud.
A) Web server vulnerability
1) web server is a program that stores files (usually web pages) and accesses them through the network or the Internet. The web server requires hardware and software. Attackers usually target attacks in software to obtain authorization to enter the server. Let's take a look at some common vulnerabilities exploited by attackers.
2) Default settings-Attackers can easily guess these settings, such as the default user ID and password. The default settings may also allow certain tasks to be performed, such as running available commands on the server.
3) Misconfigured operating system and network-If the user does not have a good password, certain configurations (such as allowing the user to execute commands on the server) may be dangerous.
4) Errors in the operating system and web server-Errors found in the operating system or web server software can also be used to gain unauthorized access to the system.
1) web server is a program that stores files (usually web pages) and accesses them through the network or the Internet. The web server requires hardware and software. Attackers usually target attacks in software to obtain authorization to enter the server. Let's take a look at some common vulnerabilities exploited by attackers.
2) Default settings-Attackers can easily guess these settings, such as the default user ID and password. The default settings may also allow certain tasks to be performed, such as running available commands on the server.
3) Misconfigured operating system and network-If the user does not have a good password, certain configurations (such as allowing the user to execute commands on the server) may be dangerous.
4) Errors in the operating system and web server-Errors found in the operating system or web server software can also be used to gain unauthorized access to the system.
π¦The type of Web server
The following is a list of common Web servers
1) Apache-This is a commonly used web server on the Internet. It is cross-platform, but it is usually installed on Linux. Most PHP websites are hosted on Apache servers.
2) Internet Information Service (IIS)-developed by Microsoft. It runs on Windows and is the second most used web server on the Internet. Most asp and aspx websites are hosted on IIS servers.
3) Apache Tomcat-Most Java server page (JSP) websites are hosted on such web servers.
4) Other web servers-including Novell's web server and IBM's Lotus Domino server.
The following is a list of common Web servers
1) Apache-This is a commonly used web server on the Internet. It is cross-platform, but it is usually installed on Linux. Most PHP websites are hosted on Apache servers.
2) Internet Information Service (IIS)-developed by Microsoft. It runs on Windows and is the second most used web server on the Internet. Most asp and aspx websites are hosted on IIS servers.
3) Apache Tomcat-Most Java server page (JSP) websites are hosted on such web servers.
4) Other web servers-including Novell's web server and IBM's Lotus Domino server.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Types of attacks against Web server BY Undercode :
1)directory traversal attacks - such attacks take advantage of the Web server errors to unauthorized access not in the public domain files and folders. Once the attacker gains access, they can download sensitive information, execute commands on the server, or install malware.
2) Denial of service attacks-Through such attacks, the web server may crash or become unavailable to legitimate users.
3) Domain Name System Hijacking-With this type of attacker, the DNS settings will be changed to point to the attacker's web server. All traffic that should be sent to the web server is redirected to the wrong traffic.
Sniffing-Unencrypted data sent over the network may be intercepted and
used to gain unauthorized access to the web server.
4) Phishing-With this type of attack, the attack pretends to be a website and directs traffic to a fake website. Uninformed users may be tricked into submitting sensitive data, such as login details, credit card numbers, etc.
Domain spoofing-With this type of attack, an attacker can compromise a Domain Name System (DNS) server or user computer, thereby directing traffic to a malicious site.
5) Destruction-With this type of attack, the attacker replaces the organization's website with a different page that contains the hacker's name, image, and may include background music and messages.
written UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Types of attacks against Web server BY Undercode :
1)directory traversal attacks - such attacks take advantage of the Web server errors to unauthorized access not in the public domain files and folders. Once the attacker gains access, they can download sensitive information, execute commands on the server, or install malware.
2) Denial of service attacks-Through such attacks, the web server may crash or become unavailable to legitimate users.
3) Domain Name System Hijacking-With this type of attacker, the DNS settings will be changed to point to the attacker's web server. All traffic that should be sent to the web server is redirected to the wrong traffic.
Sniffing-Unencrypted data sent over the network may be intercepted and
used to gain unauthorized access to the web server.
4) Phishing-With this type of attack, the attack pretends to be a website and directs traffic to a fake website. Uninformed users may be tricked into submitting sensitive data, such as login details, credit card numbers, etc.
Domain spoofing-With this type of attack, an attacker can compromise a Domain Name System (DNS) server or user computer, thereby directing traffic to a malicious site.
5) Destruction-With this type of attack, the attacker replaces the organization's website with a different page that contains the hacker's name, image, and may include background music and messages.
written UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Impact of successful attack
1) If an attacker edits the content of the website and contains malicious information or links to pornographic websites, the reputation of the organization may be damaged
2) The web server can be used to install malware on compromised users who access the website. The malware downloaded to the visitor's computer may be a virus, Trojan horse, or botnet software.
3) Compromised user data may be used for fraudulent activities, which may result in business losses or file a lawsuit against users who delegate their details
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1) If an attacker edits the content of the website and contains malicious information or links to pornographic websites, the reputation of the organization may be damaged
2) The web server can be used to install malware on compromised users who access the website. The malware downloaded to the visitor's computer may be a virus, Trojan horse, or botnet software.
3) Compromised user data may be used for fraudulent activities, which may result in business losses or file a lawsuit against users who delegate their details
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Web server attack tools
Some common Web server attack tools include:
1) Metasploit-This is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in Web servers and write vulnerabilities that can be used to compromise servers.
2) MPack-This is a web development tool. It is written in PHP and supported by MySQL as the database engine. After using MPack to attack the web server, all traffic will be redirected to the malicious download site.
3) Zeus-This tool can be used to turn infected computers into zombie programs or zombies. Zombie programs are infected computers used to perform Internet-based attacks. A botnet is a collection of infected computers. The botnet can then be used for denial of service attacks or sending spam.
4) Neosplit-This tool can be used to install programs, delete programs, copy programs, etc.
> all posted on @UndercodeTesting and you can install new updates
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Some common Web server attack tools include:
1) Metasploit-This is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in Web servers and write vulnerabilities that can be used to compromise servers.
2) MPack-This is a web development tool. It is written in PHP and supported by MySQL as the database engine. After using MPack to attack the web server, all traffic will be redirected to the malicious download site.
3) Zeus-This tool can be used to turn infected computers into zombie programs or zombies. Zombie programs are infected computers used to perform Internet-based attacks. A botnet is a collection of infected computers. The botnet can then be used for denial of service attacks or sending spam.
4) Neosplit-This tool can be used to install programs, delete programs, copy programs, etc.
> all posted on @UndercodeTesting and you can install new updates
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to avoid attacks on Web servers
> Organizations such undercode can adopt the following strategies to protect themselves against Web server attacks.
1) Patch management-This involves installing patches to help protect the server. Patches are updates that fix bugs in the software. Patches can be
2) applied to operating systems and Web server systems.
3) Safely install and configure the operating system
4) Safely install and configure Web server software
5) Vulnerability scanning system-including tools such as Snort, NMap,
6) Scanner Access Now Easy (SANE)
7) By blocking all traffic from the attacker's identified source IP address,
8) the firewall can be used to stop simple DoS attacks.
9) Antivirus software can be used to remove malware on the server
Disable remote management
10) The default account and unused accounts must be deleted from the system
11) The default port and settings (such as FTP for port 21) should be changed to custom ports and settings (FTP port is 5069)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to avoid attacks on Web servers
> Organizations such undercode can adopt the following strategies to protect themselves against Web server attacks.
1) Patch management-This involves installing patches to help protect the server. Patches are updates that fix bugs in the software. Patches can be
2) applied to operating systems and Web server systems.
3) Safely install and configure the operating system
4) Safely install and configure Web server software
5) Vulnerability scanning system-including tools such as Snort, NMap,
6) Scanner Access Now Easy (SANE)
7) By blocking all traffic from the attacker's identified source IP address,
8) the firewall can be used to stop simple DoS attacks.
9) Antivirus software can be used to remove malware on the server
Disable remote management
10) The default account and unused accounts must be deleted from the system
11) The default port and settings (such as FTP for port 21) should be changed to custom ports and settings (FTP port is 5069)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Information collected
1) We need to get the target's IP address, and find other sites that share the same IP address.
2) We will use an online tool to find the target IP address and other websites that share the IP address
3) Enter the URL http: // www. Yougetsignal.com/tools/ web-sites-on-web-server / in a web browser
Enter http: // www. Techpanda.orgAs a goal
π¦Information collected
1) We need to get the target's IP address, and find other sites that share the same IP address.
2) We will use an online tool to find the target IP address and other websites that share the IP address
3) Enter the URL http: // www. Yougetsignal.com/tools/ web-sites-on-web-server / in a web browser
Enter http: // www. Techpanda.orgAs a goal
Yougetsignal
Network Tools by YouGetSignal.com
A collection of uncomplicated, powerful network tools.
4) Based on the above results, the target's IP address is 69.195.124.112
5) We also found 403 domains on the same web server.
Our next step is to scan other sites for SQL injection vulnerabilities. Note: If we can find the vulnerable SQL on the target, then we will directly use it without considering other websites.
6) Enter the URL http: // www. Bing.com in a web browser. This only applies to Bing, so do nβt use other search engines such as Google or Yahoo
Enter the following search query
ip: 69.195.124.112.php? id =
5) We also found 403 domains on the same web server.
Our next step is to scan other sites for SQL injection vulnerabilities. Note: If we can find the vulnerable SQL on the target, then we will directly use it without considering other websites.
6) Enter the URL http: // www. Bing.com in a web browser. This only applies to Bing, so do nβt use other search engines such as Google or Yahoo
Enter the following search query
ip: 69.195.124.112.php? id =
7)
"Ip: 69.195.124.112" limits the search scope to all websites hosted on the web server with an IP address of 69.195.124.112
".Php? Id =" Search URL GET variable uses the parameters of the SQL statement.
You will get the following result
8) As can be seen from the above results, all websites that use GET variables as SQL injection parameters are listed.
9) The next logical step is to scan the listed websites for SQL injection vulnerabilities. You can use manual SQL injection or use the SQL injection tools listed in this article to do this.
10) When uploading PHP Shell (php Malaysia),
we will not scan any of the websites listed because this is illegal. We assume that we have managed to log into one of them. You must upload from http: // sourceforge.net/project s / icfdkshell /The downloaded PHP shell.
11) Open the URL to upload the dk.php file.
12) Clicking the symbolic link URL will allow you to access the file in the target domain.
13) Once you can access these files, you can get the login credentials of the database and perform any operations you want, such as defacement, downloading data such as emails, etc.
π¦ So we secure our servers in undercode using those tips + few more as summary i will present :
1) Web servers store valuable information and can be accessed by public domains. This makes them targets for attackers.
2) Commonly used Web servers include Apache and Internet Information Service IIS
3) Attacks on the web server take advantage of errors and misconfigurations in the operating system, web server and network
Popular web server hacking tools include Neosploit, MPack and ZeuS.
4) Good security strategy can reduce the possibility of being attacked
π¦Now we prepare a new hosting services in undercode, for online users with good prices, 2 months and will send site details..
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
"Ip: 69.195.124.112" limits the search scope to all websites hosted on the web server with an IP address of 69.195.124.112
".Php? Id =" Search URL GET variable uses the parameters of the SQL statement.
You will get the following result
8) As can be seen from the above results, all websites that use GET variables as SQL injection parameters are listed.
9) The next logical step is to scan the listed websites for SQL injection vulnerabilities. You can use manual SQL injection or use the SQL injection tools listed in this article to do this.
10) When uploading PHP Shell (php Malaysia),
we will not scan any of the websites listed because this is illegal. We assume that we have managed to log into one of them. You must upload from http: // sourceforge.net/project s / icfdkshell /The downloaded PHP shell.
11) Open the URL to upload the dk.php file.
12) Clicking the symbolic link URL will allow you to access the file in the target domain.
13) Once you can access these files, you can get the login credentials of the database and perform any operations you want, such as defacement, downloading data such as emails, etc.
π¦ So we secure our servers in undercode using those tips + few more as summary i will present :
1) Web servers store valuable information and can be accessed by public domains. This makes them targets for attackers.
2) Commonly used Web servers include Apache and Internet Information Service IIS
3) Attacks on the web server take advantage of errors and misconfigurations in the operating system, web server and network
Popular web server hacking tools include Neosploit, MPack and ZeuS.
4) Good security strategy can reduce the possibility of being attacked
π¦Now we prepare a new hosting services in undercode, for online users with good prices, 2 months and will send site details..
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS DockerKiller:
>Recently, the Alibaba Cloud security team discovered the first instance of Docker batch attacks and utilization. After the attack, the attacker used IRC backdoors and webshell to achieve persistence, and performed mining, DDoS and other malicious actions on the host. With the gradual increase in the cost of attack and defense confrontation, the use of such attacks in the future may become more and more direct, and its use of cash out methods will also become multiple. It is recommended that enterprises strengthen the management of their edge applications and prevent threats caused by improper configuration.
> Docker is an open source application container engine that allows developers to package their applications and dependent packages into a portable container and publish it to any popular Linux machine for virtualization. Due to its very good portability, Docker is widely used in simplified configuration, rapid deployment, multi-tenant environment, and gradually used in production environment, and widely deployed on the cloud.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
>Recently, the Alibaba Cloud security team discovered the first instance of Docker batch attacks and utilization. After the attack, the attacker used IRC backdoors and webshell to achieve persistence, and performed mining, DDoS and other malicious actions on the host. With the gradual increase in the cost of attack and defense confrontation, the use of such attacks in the future may become more and more direct, and its use of cash out methods will also become multiple. It is recommended that enterprises strengthen the management of their edge applications and prevent threats caused by improper configuration.
> Docker is an open source application container engine that allows developers to package their applications and dependent packages into a portable container and publish it to any popular Linux machine for virtualization. Due to its very good portability, Docker is widely used in simplified configuration, rapid deployment, multi-tenant environment, and gradually used in production environment, and widely deployed on the cloud.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The function execution sequence is:
1)Clean up related files: Delete old versions of mining, DDoS Trojans, services and their configuration files
2) Download related files: download webshell backdoor, DDoS Trojan, mining program and execute
3) Open related services: open mining, DDoS Trojan services
1)Clean up related files: Delete old versions of mining, DDoS Trojans, services and their configuration files
2) Download related files: download webshell backdoor, DDoS Trojan, mining program and execute
3) Open related services: open mining, DDoS Trojan services