Random Ip Connected to my NC listener

I was working on a box, i had a NC listener open on 4444 for a little while i forgot about it probably 20 minutes. I was using pwnbox and SSH’ed into that pwnbox instance.

I noticed something randomly connected to that NC session. Ip address

I quickly killed my instance and ssh stuff. I was on a VPN also.

Is there anyway we know of someone breaking into a pwnsession? IM sure maybe but i should be alright ? Not sure, just kinda freaked me out lol.


A while ago I read your comment in order to find someone who has experienced something similar to what happened to me, with the supposed combo of trying to execute commands on the system and a malicious file. I have also published it so that everyone knows. It’s been a little surreal :grimacing: