Help me analysis what did hacker do?

Heiko Vogel haaner at gmx.de
Thu Jul 17 07:26:12 PDT 2003


Dagmar d'Surreal wrote:

> Oh, and the hacker didn't _need_ to change the password for root, they
> already managed to get in.  j00 w3r3 0wn3d.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

What makes you believe that ?
Is it the case of the .bash_history lying around in / ?
Well, this could be a proof for a succesful hack, because only 
root has write access to /. 
(But the contents of the .bash_history are not a proof!!!)

So my question for the original poster: 
1. Did the .bash_history really lie around in /, or was it in a 
   subdirectory ?
2. Who was the owner of that file -- which group did it belong to ?

For me the whole looks like a UNIX-newbie who tried something he had 
read about in his brand-new "linux hackers guide".


greetz,
haaner
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list