Date: Tue, 05 Jan 99 08:31:24 -0500 From: FreeBSD Questions <freebsd@netsys.hn> To: Jim Mock <jim@corp.au.triax.com>, Mike Alich <hostmaster@cctinc.net> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: HACKED & SECURITY Message-ID: <199901051431.IAA27782@mail.netsys.hn>
next in thread | raw e-mail | index | archive | help
-- [ From: FreeBSD Questions * EMC.Ver #2.5.02 ] --
> Do a find for ... directories..
>
> find / -name "..." -print
I was reading this article when I Decide to try this tests and I found this:
8:23 mail: {132} find / -name "..." -print
/usr/home/ggmsa/etc/...
8:24 mail: {133}
Then I went into his directory and found:
8:27 mail: {134} more .history
logout
pine
ylogou^H^H
login jcisne
users
read
dir
cd
cat
gcc -c rdist-ex.c
more /etc/passwd
ezxi^H^H^H^H^Hexit
exit
finger
finger
who
finger qtaylor
ps alf
ps -alF
ps al
irc
BitchX
ircii
ircle
kill 5022
help
man
1
man
mail
pwd
cd
cd /
pwd
ls
cd /etc
ls
cat passwd
ls
cd passwd
pico
cat ^H^H^H^H^H^H^H
cat etc/passwsd
cat etc/passwd
cd cdup
cdup
help
erase set
cls
cat //etc/passwd
cat ///etc/p
cat ^H^H^H^H^H^H^H
cat ///etc
/cat
cat ///etc/p
8:27 mail: {135}
Then I did a more on /etc/p and that is the /etc/passwd file.
> --
> : Jim Mock | [jim@corp.au.triax.com] :
> : System Administrator | http://www.triax.com/ :
> : Triax Internet Services | ----------------------------- :
> : Portland, OR USA | FreeBSD: The Power to Serve :
> : Wagga Wagga, NSW Australia | http://www.freebsd.org/ :
How can I be sure this guy still not in getting our passwds?
We had a hack with a sniffer so we upgraded to qpopper 2.53, still risks?
Thanks
P. Quintana
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901051431.IAA27782>