Help me analysis what did hacker do?

Sam Halliday fommil at yahoo.ie
Thu Jul 17 06:09:02 PDT 2003


SINGODIWIRJO Hermantino wrote:
> > In / directory I find out a .bash_history file.
> What a strange "cracker" who leaves behind him a .bash_history in / ??? did
> you mean ~/
most root-cracks drop you in / with no envars set. so this is what i would
expect.

> Moreover It is a good Idea if this "cracker" got root to backup the original
> ~/.bash_history first to restore it afterwards.
the new history is added after you logout. you need only type `history -c` to
stop this from happenning. but in this case unsetting the history file is
better.

> Finally it is also handy to clear the log files >
well, we know YOU didnt crack his box... because we'd NEVER be able to find
YOU... ;-)

seriously though... if this guy is running a recent LFS, we should all be keen
to hear how his boxen was cracked. we could all be susceptible!

Ares Liu... what kernel are you running? i have a suspicion this may be the
ptrace exploit, simply from the fact that it was the last "big" expoit and the
code is publiclaly available; and the cracker clearly didnt have a clue what
he/she was doing...

Sam
-- 
Solutions are obvious if one only has the optical power to observe them over the
horizon.
-- K.A. Arsdall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20030717/64341991/attachment.sig>


More information about the lfs-security mailing list