A hacker broke into one of my systems using a consultants weak password and installed a root kit. Fortunately they did not do much damage before being caught. I do not think they had yet hacked the root account, so the damage was minimum.
For those interested, I saved a copy of all of the installation files (much of it includes source code) that he was using.
They are at:
http://INET-consulting.com/ROOT-INFO.tar.bz2 (1,573,286 bytes)
Some files did not have source code, they are compiled programs. (So you might NOT want to run time!) Also is a file called WHAT-HE-DID.txt that is a copy of the .bash_history file he had left behind.
My guess is that he did not have that much experience as he failed to remove log and history files.
--
Doug Royer | http://INET-Consulting.com -------------------------------|----------------------------- Doug@xxxxxxxxx | Office: (208)612-4638 http://Royer.com/People/Doug | Fax: (866)594-8574 | Cell: (208)520-4044
We Do Standards - You Need Standards
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf