Help me analysis what did hacker do?
jschrod at uni-muenster.de
Thu Jul 17 06:19:35 PDT 2003
Sam Halliday wrote:
> SINGODIWIRJO Hermantino wrote:
>>>In / directory I find out a .bash_history file.
>>What a strange "cracker" who leaves behind him a .bash_history in / ??? did
>>you mean ~/
> most root-cracks drop you in / with no envars set. so this is what i would
>>Moreover It is a good Idea if this "cracker" got root to backup the original
>>~/.bash_history first to restore it afterwards.
> the new history is added after you logout. you need only type `history -c` to
> stop this from happenning. but in this case unsetting the history file is
>>Finally it is also handy to clear the log files >
> well, we know YOU didnt crack his box... because we'd NEVER be able to find
> YOU... ;-)
> seriously though... if this guy is running a recent LFS, we should all be keen
> to hear how his boxen was cracked. we could all be susceptible!
> Ares Liu... what kernel are you running? i have a suspicion this may be the
> ptrace exploit, simply from the fact that it was the last "big" expoit and the
> code is publiclaly available; and the cracker clearly didnt have a clue what
> he/she was doing...
But that would mean the cracker already had a local account. The ptrace
bug is a local not a remote exploit, so the box must have been cracked
by some other means as well, to get local access. Still interesting to
know how he got access.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security