This video was taken from my desktop from honeypot. I copy this video over from my other account.

I have cut out most of the compiling because it goes on for several minutes.

Attacker logs in and uses a program called nexus which installs an ssh back door, a password stealer and a program to email the passwords to them.

the attacker eventually ended up breaking it because I did not use the default ssh port with honssh. when he restarts ssh, honssh cannot connect to the server, so he could not log back in.

Later i removed all of the malware that was installed, but then added the attackers backdoor password to the list of accepted passwords, so later if the attacker tries to log in, it seems like his backdoor is still active.

I will have the other video linked when the attacker comes back.