Help me analysis what did hacker do?

Heiko Vogel haaner at
Thu Jul 17 07:26:12 PDT 2003

Dagmar d'Surreal wrote:

> Oh, and the hacker didn't _need_ to change the password for root, they
> already managed to get in.  j00 w3r3 0wn3d.

What makes you believe that ?
Is it the case of the .bash_history lying around in / ?
Well, this could be a proof for a succesful hack, because only 
root has write access to /. 
(But the contents of the .bash_history are not a proof!!!)

So my question for the original poster: 
1. Did the .bash_history really lie around in /, or was it in a 
   subdirectory ?
2. Who was the owner of that file -- which group did it belong to ?

For me the whole looks like a UNIX-newbie who tried something he had 
read about in his brand-new "linux hackers guide".

Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list