Help me analysis what did hacker do?

Ares Liu gege at nst.pku.edu.cn
Sun Jul 13 11:33:19 PDT 2003


In / directory I find out a .bash_history file. I think it must be left by a
hacker. But I don't know how deep the hacker did. Who can help me analysis
the .bash_history? Did the hacker change the password of root successfully?
Thanks very much.

.bash_history:

vi /etc/passwd
passwd root
vi /etc/passwd
passwd root/
passwd root
passwd xyz
vi /etc/passwd
linuxconf
ls
vi group
passwd xyz
vi group
vi /etc/passwd
chpasswd --help
chpasswd -e
vi /etc/passwd
ls
man chpasswd
ls
checkgid --help
checkgid /?
man checkgid
checkgid
ls
vi /etc/passwd
linuxconf
clear
passwd xyz
vi /etc/passwd
passwd bbs
ls
man passwd
i /etc/pam.d/passwd
less /etc/pam.d/passwd
ls
cd /etc/
ls
ls -l sh*
cp shadow- shadow
ls -l sh*
more shadow
reboot


-Ares

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list